CN105205013A - High-security memory allocation method for kernel object - Google Patents
High-security memory allocation method for kernel object Download PDFInfo
- Publication number
- CN105205013A CN105205013A CN201510586611.3A CN201510586611A CN105205013A CN 105205013 A CN105205013 A CN 105205013A CN 201510586611 A CN201510586611 A CN 201510586611A CN 105205013 A CN105205013 A CN 105205013A
- Authority
- CN
- China
- Prior art keywords
- memory
- kernel objects
- kernel
- allocation method
- objects
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention particularly relates to a high-security memory allocation method for a kernel object. The high-security memory allocation method for the kernel object comprises the steps: adding a driving authentication and detection mechanism in HAL (Hardware Abstraction Layer) codes of a device driver, carrying out authentication and detection on a driver module to be loaded, and normally loading the driver when the driver module passes through authentication and detection; not loading the driver when the driver module does not pass through authentication and detection. According to the high-security memory allocation method for the kernel object, the authentication and monitoring on the HAL driver module in an Android operating environment are realized, the driver module is prevented from doing some things beyond the scope of official duty, particularly illegal activities, the system security is maintained, and loss to users is avoided.
Description
Technical field
The present invention relates to computing machine Microkernel field, particularly a kind of high safe kernel objects memory allocation method.
Background technology
Kernel objects is operating system is some data structures that some system-level objects (as process, thread, semaphore) are safeguarded.These data structures save the system level information relevant to system-level object.
Such as: all kernel objects all can preserve the reference count of this object, and process object can preserve process ID, and file object can preserve current byte side-play amount, and shared model opens pattern etc.
In operating system, all kernel objects are to being be kept in one piece of memory headroom, and processes all in system all shares this part memory headroom.
These kernel objects can not be employed program and directly access, and the API that application program can only be provided by operating system operates them.And in the access process of operating system API, operating system can ensure the security of access.Application program is avoided to operate kernel objects and cause system errors like this.
In addition, multiple process can the same kernel objects of share and access.
When application program creates or open a new kernel objects, system API can return to application program handle, and this handle is process-level, just can use this handle in the application to specify afterwards to operate this kernel objects.
The handle returning to application program due to system API is process-level, and therefore the handle of same kernel objects in two different processes can not be the same.If can make mistakes when a process uses the handle of kernel objects in other processes to visit kernel objects.
Each kernel objects can have the concept of a reference count, and time kernel objects is created, this value is 1.Each new process obtains and accesses this kernel objects afterwards, then reference count adds 1.After each obtains the process release right to access of access (process closes the handle of kernel objects), reference count can be subtracted 1.After reference count is reduced to 0, operating system will destroy this kernel objects fall.
The advantage of page cache is: 1) access the speed of disk well below the speed of access memory, therefore from internal storage access data than fast from disk access speeds.2) data are once accessed, just probably again had access in a short time.This central access is in a short time referred to as interim local principle temporallocality with the principle of a slice data.Interim local principle ensures: if when first time visit data buffer memory it, that is just very likely cached hit in a short time again.
Micro-kernel (Microkernel) is to provide the compact version of the kernel of operating system kernel function, and it is designed to increase transplantability in very little memory headroom, provides modular design, with the interface making user installation different.Therefore, alternatively micro-kernel is the lease core of operating system (OS).The new operating system such as IBM, Microsoft, Open Software Foundation (OSF) and unix system laboratory (USL) all have employed the advantage of this achievement in research.
The subset that what it presented is today one of usual imputed operating system is very little.The definition of micro-kernel is provided by Li Teke: a concept only can be tolerated under the following conditions and is placed on micro-kernel, and that, exactly when it being moved on to kernel and being outer, such as, allows the realization of competition, by the realization of anti-locking system required function.
Therefore, micro-kernel does not provide high-level abstract (file, process, socket etc.) on hardware, as most of modern operating system Linux or Windows do.On the contrary, it providing minimum mechanism for controlling physical address space access, interrupting and the processor time.The structure using any higher level of these mechanism is based upon on micro-kernel.The inevitable assembly strategy of service of such higher level.Strategy is freely a key character of a well-designed micro-kernel.
Micro-kernel is a kind of operating system nucleus that can provide essential service, and wherein the service of these necessity comprises task, thread, IPC (IPC, Inter-ProcessCommunication) and memory management etc.All services (comprising device drives) run in the user mode, and it is the same with any one program processing other to process these services.Because each service just runs at the address space of oneself.So all receive protection each other between these services.
Micro-kernel has obviously advantage.First, micro-kernel can make different API, file system, and the characteristic of even not same operating system coexists in a system.
Secondly, micro-kernel system is very flexible.When an operation application program, only selected system service need be loaded in system.And can be tested by online after have modified service; Do not need to rebuild or start a new kernel, the operation of their not influential system.
3rd, the system service of micro-kernel or device drives fault and the operation task relevant with them are isolated.
4th, the server system of dependence can be limited, and makes as security-critical can be cut down to the application of closing the calculating basis of trusting.
5th, the structure (IPC, multithreading) determined by micro-kernel can be applied in all application programs and service.The micro-kernel interface of a refining can have the system architecture of deducing into more multimode.
Summary of the invention
The present invention, in order to make up the defect of prior art, provides one and has wide range of applications, safety and stability, the kernel objects memory allocation method of high safety easy to use.
The present invention is achieved through the following technical solutions:
A kind of high safe kernel objects memory allocation method, it is characterized in that: when application program creates new kernel objects, first enough memory headrooms are judged whether, if there are enough memory headrooms, then micro-kernel is not kernel objects storage allocation dynamically, successfully create kernel objects, accurately the size of controlling application program free physical memory, the physical memory access between isolates application; If there is no enough memory headrooms, then think and create new kernel objects failure by low memory.
Described kernel objects clearly must be employed programme controlled region of memory by creating without type memory controlling functions.
In order to create new kernel objects, application program must point to the core position of described kernel objects by typeless Memory control definite functions, the stock number of all kernel objects consumption must once create complete.
The invention has the beneficial effects as follows: the kernel objects memory allocation method of this high safety, can be used for the size of accurately controlling application program free physical memory, and can physical memory access between isolates application.
Accompanying drawing explanation
Accompanying drawing 1 is the kernel objects memory allocation method schematic diagram of the high safety of the present invention.
Embodiment
Accompanying drawing is a kind of specific embodiment of the present invention, and below in conjunction with accompanying drawing, the present invention is described in detail.
The kernel objects memory allocation method of this high safety, when application program creates new kernel objects, first enough memory headrooms are judged whether, if there are enough memory headrooms, then micro-kernel is not kernel objects storage allocation dynamically, successfully create kernel objects, accurately the size of controlling application program free physical memory, the physical memory access between isolates application; If there is no enough memory headrooms, then think and create new kernel objects failure by low memory.
Described kernel objects clearly must be employed programme controlled region of memory by creating without type memory controlling functions.
In order to create new kernel objects, application program must point to the core position of described kernel objects by typeless Memory control definite functions, the stock number of all kernel objects consumption must once create complete.
Claims (3)
1. one kind high safe kernel objects memory allocation method, it is characterized in that: when application program creates new kernel objects, first enough memory headrooms are judged whether, if there are enough memory headrooms, then micro-kernel is not kernel objects storage allocation dynamically, successfully create kernel objects, accurately the size of controlling application program free physical memory, the physical memory access between isolates application; If there is no enough memory headrooms, then think and create new kernel objects failure by low memory.
2. the kernel objects memory allocation method of high safety according to claim 1, is characterized in that: described kernel objects clearly must be employed programme controlled region of memory by creating without type memory controlling functions.
3. the kernel objects memory allocation method of high safety according to claim 1, it is characterized in that: in order to create new kernel objects, application program must point to the core position of described kernel objects by typeless Memory control definite functions, the stock number of all kernel objects consumption must once create complete.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510586611.3A CN105205013A (en) | 2015-09-15 | 2015-09-15 | High-security memory allocation method for kernel object |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510586611.3A CN105205013A (en) | 2015-09-15 | 2015-09-15 | High-security memory allocation method for kernel object |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105205013A true CN105205013A (en) | 2015-12-30 |
Family
ID=54952707
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510586611.3A Pending CN105205013A (en) | 2015-09-15 | 2015-09-15 | High-security memory allocation method for kernel object |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105205013A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112965846A (en) * | 2021-02-26 | 2021-06-15 | 张洪庆 | Control method for avoiding continuous blue screen of terminal equipment, terminal equipment and readable storage medium |
| USRE49334E1 (en) | 2005-10-04 | 2022-12-13 | Hoffberg Family Trust 2 | Multifactorial optimization system and method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1570855A (en) * | 2004-04-30 | 2005-01-26 | 浙江大学 | Micro-kernel design method for ARM processor framework |
| US20080262893A1 (en) * | 2005-10-04 | 2008-10-23 | Hoffberg Steven M | Multifactorial Optimization System and Method |
| CN101303647A (en) * | 2008-03-20 | 2008-11-12 | 中科院嘉兴中心微系统所分中心 | Design method of wireless sensor network special-purpose operating system |
-
2015
- 2015-09-15 CN CN201510586611.3A patent/CN105205013A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1570855A (en) * | 2004-04-30 | 2005-01-26 | 浙江大学 | Micro-kernel design method for ARM processor framework |
| US20080262893A1 (en) * | 2005-10-04 | 2008-10-23 | Hoffberg Steven M | Multifactorial Optimization System and Method |
| CN101303647A (en) * | 2008-03-20 | 2008-11-12 | 中科院嘉兴中心微系统所分中心 | Design method of wireless sensor network special-purpose operating system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| USRE49334E1 (en) | 2005-10-04 | 2022-12-13 | Hoffberg Family Trust 2 | Multifactorial optimization system and method |
| CN112965846A (en) * | 2021-02-26 | 2021-06-15 | 张洪庆 | Control method for avoiding continuous blue screen of terminal equipment, terminal equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10810309B2 (en) | Method and system for detecting kernel corruption exploits | |
| EP1939754B1 (en) | Providing protected access to critical memory regions | |
| US9244712B2 (en) | Virtualizing performance counters | |
| US10515023B2 (en) | System for address mapping and translation protection | |
| US7748037B2 (en) | Validating a memory type modification attempt | |
| KR102189296B1 (en) | Event filtering for virtual machine security applications | |
| EP2962240B1 (en) | Performing security operations using binary translation | |
| US8127098B1 (en) | Virtualization of real mode execution | |
| US8359422B2 (en) | System and method to reduce trace faults in software MMU virtualization | |
| US9218302B2 (en) | Page table management | |
| KR101955189B1 (en) | Page fault injection in virtual machines to cause mapping of swapped-out memory pages into vm virtualized memory | |
| US8806104B2 (en) | Enabling virtualization of a processor resource | |
| US7769964B2 (en) | Technique to perform memory reference filtering | |
| CN105723348A (en) | Detection of unauthorized memory modification and access using transactional memory | |
| US9891936B2 (en) | Method and apparatus for page-level monitoring | |
| DE102014003540A1 (en) | GENERATING AN ISOLATED EMBODIMENT ENVIRONMENT IN A CO-DESIGNED PROCESSOR | |
| US20130326519A1 (en) | Virtual machine control structure shadowing | |
| CN103699498A (en) | Application key data protection system and protection method | |
| US11354047B2 (en) | Memory protection in virtualized computer systems using shadow page tables | |
| US9904567B2 (en) | Limited hardware assisted dirty page logging | |
| CN105205013A (en) | High-security memory allocation method for kernel object | |
| KR20200013049A (en) | Apparatus and method for controlling the change of the instruction set | |
| TWI787451B (en) | Method, apparatus, computer program, and storage medium for data processing | |
| KR20230017832A (en) | TAG checking device and method | |
| CN117688552B (en) | Stack space protection method, electronic device, storage medium and computer program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20151230 |
|
| RJ01 | Rejection of invention patent application after publication |