Method and system achieving individualized protected space in an operating system

Abstract

Aspects for achieving individualized protected space in an operating system are provided. The aspects include performing on demand hardware instantiation via an ACE (an adaptive computing engine), and utilizing the hardware for monitoring predetermined software programming to protect an operating system.

Description

FIELD OF THE INVENTION[0001]The present invention relates to robust operating system protection.BACKGROUND OF THE INVENTION[0002]As is generally understood in computing environments, an operating system (O / S) acts as the layer between the hardware and the software providing several important functions. For example, the functionality of an O / S includes device management, process management, communication between processes, memory management, and file systems. Further, certain utilities are standard for operating systems that allow common tasks to be performed, such as file access and organization operations and process initiation and termination.[0003]Within the O / S, the kernel is responsible for all other operations and acts to control the operations following the initialization functions performed by the O / S upon boot-up. The traditional structure of a kernel is a layered system. Some operating systems use a micro-kernel to minimize a size of the kernel while maintaining a layered ...

AI Technical Summary

Benefits of technology

[0008]Through the present invention, all elements outside a system's own code for operating, e.g., all the stacks, abstraction layers, and device drivers, can be readily and reliably monitored. In this manner, the vulnerability present in most current operating systems due to unchecked access below the demarcation line is successfully overcome. Further, the reconfigurability of the ACE architecture allows the approach to adjust as desired with additions / changes to an operating system environment. These and other advantages will become readily apparent from the following detailed description and accompanying drawings.

Problems solved by technology

While the typical structure provides a well-understood model for an operating system, some problems remain.

One such problem is the potential for crashing the machine once access below the demarcation line 60 is achieved.

For example, bugs in programs that are written for performing processes below the demarcation line, e.g., device drivers that interact with the hardware abstraction layer, protocol stacks between the kernel and the applications, etc., can bring the entire machine down.

While some protection is provided in operating systems with the generation of exceptions in response to certain illegal actions, such as memory address violations or illegal instructions, which trigger the kernel and kill the application raising the exception, there exists an inability by operating systems to protect against the vulnerability to fatal access.

Relying on software to perform such checks reduces the ability to limit the amount of software that is trusted.

A hardware solution would be preferable, but, heretofore, has been prohibitive due to the level of instantaneous hardware machine generation that would be necessary.

Images