CN107103257A - computer intrusion prevention method - Google Patents

computer intrusion prevention method Download PDF

Info

Publication number
CN107103257A
CN107103257A CN201710342719.7A CN201710342719A CN107103257A CN 107103257 A CN107103257 A CN 107103257A CN 201710342719 A CN201710342719 A CN 201710342719A CN 107103257 A CN107103257 A CN 107103257A
Authority
CN
China
Prior art keywords
credible platform
kernel
safe
addressed area
block
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710342719.7A
Other languages
Chinese (zh)
Other versions
CN107103257B (en
Inventor
许驰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHAANXI GUOBO ZHENGTONG INFORMATION TECHNOLOGY Co.,Ltd.
Original Assignee
CHENGDU DINGZHIHUI SCIENCE AND TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CHENGDU DINGZHIHUI SCIENCE AND TECHNOLOGY Co Ltd filed Critical CHENGDU DINGZHIHUI SCIENCE AND TECHNOLOGY Co Ltd
Priority to CN201710342719.7A priority Critical patent/CN107103257B/en
Publication of CN107103257A publication Critical patent/CN107103257A/en
Application granted granted Critical
Publication of CN107103257B publication Critical patent/CN107103257B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a kind of computer intrusion prevention method, this method includes:When application is interacted with kernel, the credible platform of safe addressed area is first into, credible platform preserves application context, then switches to kernel addressed area, is performed into kernel;When kernel, which is returned, to be applied, the credible platform of safe addressed area is returned first, and credible platform recovers application context, and the application returned again in safe addressed area is continued executing with.The present invention proposes a kind of computer intrusion prevention method, completely isolated with insincere operating system, it is to avoid frequent poorly efficient encrypting and decrypting, and provides and comprehensively protect for application.

Description

Computer intrusion prevention method
Technical field
The present invention relates to computer security, more particularly to a kind of computer intrusion prevention method.
Background technology
With the development of information technology, computer system is widely used in the weights such as politics, economic, culture, national defence and safety Want field.Wherein, operating system nucleus is the basis of whole computer working and safety.Kernel runs on whole system Highest authority layer, management and control bottom hardware resource, the Resource Abstract and access interface of security isolation are provided for topmost paper. Increasing safety message shows that operating system nucleus remains substantial amounts of leak and mistake, and attacker results in most High authority, within Nuclear Authorization implement any attack, including any generation in malicious operation bottom hardware, execution system Arbitrary data on code, read/write memory and disk etc..Prior art is based on VMM, and internal Nuclear Authorization operation is intercepted and captured and tested Card, realizes comprehensive protection to file.But on the other hand, VMM runs on higher authority layer, operating system nucleus with Frequently interlayer switching also results in higher performance cost between VMM.
The content of the invention
To solve the problems of above-mentioned prior art, the present invention proposes a kind of computer intrusion prevention method, bag Include:
When application is interacted with kernel, the credible platform of safe addressed area is first into, it is upper that credible platform preserves application Hereafter, kernel addressed area is then switched to, is performed into kernel;
When kernel, which is returned, to be applied, the credible platform of safe addressed area is returned first, and credible platform recovers application context, The application returned again in safe addressed area is continued executing with.
Preferably, all entrances for entering safe addressed area of credible platform control, are addressed once CPU enters safety Area, credible platform obtains system control;The software of only safe addressed area being capable of modified block table, all block tables renewal operations It can only be completed by credible platform;When kernel needs to update block table, request can only be sent to credible platform, credible platform is intercepted and captured simultaneously All block tables of checking update operation, realize that internal memory is protected;
Credible platform completes the execution flow of itself in safe addressed area, in returning to external component, CPU is switched back into interior The 3rd layer of core addressed area or safe addressed area, it is ensured that there was only credible platform operation in safe addressed area, external module can not be destroyed The data code of credible platform in safe addressed area;
Enter from entrance behind safe addressed area, credible platform is in whole implementation procedure, and interruption is prohibited, perform stream nothing Method is kidnapped by external module;Only when returning to external component, credible platform just recovers to interrupt;When generation in credible platform can not When shielding is interrupted, the credible platform temporary block not maskable interrupts prevent external module from being kidnapped using not maskable interrupts can Letter platform performs stream;When returning to kernel, credible platform again by this not maskable interrupts be transmitted to kernel and handled.
Preferably, described piece of table is made up of 4 level structure L1, L2, L3 and L4, and control register points to the L4 blocks of safe block table Table is referred to as S-L4, and the switching of block table is realized by integrally copying the L4 blocks table of file destination to S-L4;S-L4 can only be pacified Credible platform modification in full addressed area;During process switching, kernel can only send request to credible platform, be switched by credible platform File block table;
When using generation interruption, into credible platform, credible platform is preserved and applies security context, and the interruption is forwarded To the kernel in kernel addressed area, the particular content that block table updates is placed in a shared drive, all places are completed to kernel Reason, when operating system completes interrupt processing, distributes corresponding physical block;Credible platform reads renewal from shared drive please Ask, complete block table and update, be then back to kernel;Kernel completes remaining interrupt processing work, finally returns that credible platform;It is credible Platform recovers to apply security context, returns to application.
Preferably, the credible platform is intercepted and captured and verifies all I/O orders for being sent to disk peripheral hardware in system, will distribute I/O internal memories to disk administrator are mapped as read-only.When kernel needs to send I/O orders to disk, the order can only be turned Credible platform is issued, I/O internal memories are accessed by credible platform, when system starts, the BIOS pci configuration spaces set are tested Card, forbids kernel to access whole pci configuration space in system operation;Forbidden using hardware virtualization in general mode This section of I/O port of softward interview;The Installed System Memory that this section retains is mapped as invisible in addressed area, forbids kernel to access.
The present invention compared with prior art, with advantages below:
The present invention proposes a kind of computer intrusion prevention method, completely isolated with insincere operating system, it is to avoid frequency Numerous poorly efficient encrypting and decrypting, and provide comprehensively protection for application.
Brief description of the drawings
Fig. 1 is the flow chart of computer intrusion prevention method according to embodiments of the present invention.
Embodiment
Retouching in detail to one or more embodiment of the invention is hereafter provided together with illustrating the accompanying drawing of the principle of the invention State.The present invention is described with reference to such embodiment, but the invention is not restricted to any embodiment.The scope of the present invention is only by right Claim is limited, and the present invention covers many replacements, modification and equivalent.Described in being described below many details with Thorough understanding of the present invention is just provided.These details are provided for exemplary purposes, and without in these details Some or all details can also realize the present invention according to claims.
An aspect of of the present present invention provides a kind of computer intrusion prevention method.Fig. 1 is meter according to embodiments of the present invention Calculation machine intrusion defense method flow diagram.
The present invention safe addressed area introduce credible platform, using run on credible platform protection security context in.Will Insincere kernel is separately operable in two different addressed areas from application, is referred to as kernel addressed area and safe addressed area.It is interior The block table that the block table used in core addressed area is referred to as using in core blocks table, safe addressed area is referred to as safe block table.When safety is sought When the application in location area is interacted with kernel, using the credible platform for being first into safe addressed area, it is upper that credible platform preserves application Hereafter, kernel addressed area is then switched to, is performed into kernel.When kernel, which is returned, to be applied, it is necessary to return to safety addressing first The credible platform in area, credible platform recovers application context, and the application returned again in safe addressed area is continued executing with.
Desired value of the credible platform using hardware virtualization directly to control register is limited;Meanwhile, credible platform Intercept and capture and verify that block tables all in system update operation, realize that internal memory is protected.Ensure that whole system is (interior using hardware virtualization Core, using and credible platform) can only run in kernel addressed area and safe addressed area.Set in control register object listing The desired value of fixed most 4 control registers.When software modification control register, and desired value is control register object listing In one when, the control register modification can be done directly.2 desired values are used only in the present invention, by kernel addressed area The base address write-in control register object listing of safe block table in core blocks table and safe addressed area, therefore, whole system Control register can only be revised as to the two values in the process of running.If attempting to be revised as other desired values enters CPU Enter to safe mode, it is any in the present invention to cause the operation for entering safe mode to be considered as malice, and can cause whole Individual system reboot.In kernel addressed area, whole block table is mapped as read-only.If any software run in kernel addressed area When changing some block list item, it is necessary to be first mapped as the block list item writeable.Software in kernel addressed area attempts to release block Table locking mode be:1) modification control register, switching addressed area.2) the mode flags position of modification control register, makes block The read-only shielding failure of table.For this mode, the present invention forbids all software modifications of general mode using hardware virtualization The mode flags position of control register, the operation of any modification mode flags position makes system enter safe mode, and then leads Cause system reboot.
In safe addressed area, the software of only the 0th layer of present invention limitation being capable of modified block table.Block table is reflected in other layers Penetrate to be invisible.Therefore, only have the software of safe addressed area being capable of modified block table in whole system.All block tables update operation It can only be completed by credible platform.When kernel needs to update block table, request can only be sent to credible platform, credible platform can be cut Obtain and verify that all block tables update operation, realize that internal memory is protected.Therefore the present invention is based on control register control and block table lock Determine technology, eliminate the authority of the kernel modifications block table of kernel addressed area.
All entrances for entering safe addressed area of credible platform control, it is ensured that once CPU enters safe addressed area, and it is credible Platform obtains system control.Credible platform completes the execution flow of itself in safe addressed area, in returning to external component, will CPU switches back into the 3rd layer of kernel addressed area or safe addressed area, it is ensured that there was only credible platform operation in safe addressed area.Therefore, External module can only be run in the 3rd layer of kernel addressed area or safe addressed area all the time, it is impossible to which destroying can in safe addressed area Believe the data code of platform.
Enter from entrance behind the 0th layer of safe addressed area, credible platform is in whole implementation procedure, and interruption is prohibited, and holds Row stream can not be kidnapped by external module:Only when returning to external component, credible platform just recovers to interrupt.Meanwhile, credible platform CPU is switched back into the 3rd layer of kernel addressed area or safe addressed area, it is ensured that there was only credible platform fortune in the 0th layer of safe addressed area OK.When not maskable interrupts occur in credible platform, the credible platform temporary block not maskable interrupts prevent external module Credible platform, which is kidnapped, using not maskable interrupts performs stream.When returning to kernel, credible platform is again by the not maskable interrupts Kernel is transmitted to be handled.Run on the kernel of kernel addressed area or the application of the 3rd layer of safe addressed area can not destroy can Believe platform data code integrity, also can not modified block table, the data code progress malice mapping to credible platform.
Block table is made up of (L1, L2, L3 and L4 are represented) 4 level structures, and the L4 blocks table that control register points to safe block table (claims For S-L4), the switching of block table is what is realized by integrally copying the L4 blocks table of file destination to S-L4.With other block tables one Sample, S-L4 can only be changed by the credible platform in safe addressed area.Therefore, during process switching, kernel can only be sent out to credible platform Go out request, file block table is switched by credible platform.
When interruption occurs for application, into credible platform, credible platform is preserved and applies security context, and the interruption is transmitted to Kernel in kernel addressed area, the particular content that block table updates is placed in a shared drive, and all processing are completed to kernel, When operating system completes interrupt processing, corresponding physical block is distributed.Credible platform reads renewal request from shared drive, complete Blocking table updates, and is then back to kernel.Kernel completes remaining interrupt processing work, finally returns that credible platform.Credible platform Security context is applied in recovery, returns to application.
Credible platform is intercepted and captured and verifies all I/O orders for being sent to disk peripheral hardware in system, and whole I/O verification process exists Realized in general mode.Present invention only requires intercept and capture memory-mapped I/O, it is possible to intercepts and captures the I/O orders for being sent to disk peripheral hardware. Specifically, the I/O internal memories for distributing to disk administrator are mapped as by the internal memory protection mechanism based on credible platform, credible platform It is read-only.When kernel needs to send I/O orders to disk, it can only forward the command to credible platform, be visited by credible platform I/O internal memories are asked, when system starts, the BIOS pci configuration spaces set are verified, forbidden in system operation interior Core accesses whole pci configuration space.Forbid this section of I/O port of softward interview in general mode using hardware virtualization;By this The Installed System Memory that section retains is mapped as invisible in addressed area, forbids kernel to access.
It is detailed below how credible platform is protected using the internal memory in addressed area, realizes addressed area isolation and integrality Protection.In order to realize isolating using addressed area and kernel, credible platform carrys out each physics in tracking system using an array The mapping situation of block.Each block can be defined as 3 kinds of mapping statuses:Normally, isolate and occupy.The block of normal condition is by core blocks Both table and safe block table map, thus kernel and credible platform can access them.The block of isolation is only by safe block table Mapping, can only be accessed by credible platform.Block where credible platform and block table is all mapped as isolation.The block of possession state Some application is already allocated to, is only mapped by safe block table with it using the safe block table of holder, consequently only that credible platform Them can be accessed with its holder.Credible platform identifies the holder for occupying block using unique secure identifier SID.SID In process creation each process is assigned by credible platform.
Below by taking application A block distribution as an example, the conversion process of description block mapping status and addressed area isolation.When a block When being distributed to by kernel using A, credible platform requires that kernel can only use the block of isolation.When credible platform maps the block To A safe block table when, the mapping status of the block is verified, refuses all non-isolated blocks.Then, the block is by point of safety Dispensing A, labeled as possession state and be employed A SID mark.Credible platform forbids the block of possession state by verifying SID Mapped by core blocks table or the safe block table of other application, it is ensured that A internal memory isolation.Application block is forbidden to be addressed in application simultaneously It is remapped in area.
Credible platform describes the addressed area mapping status of itself by applying one chained list of self maintained.The chained list and application Other data of addressed area are the same, it is impossible to by kernel modifications.When credible platform updates application block table, Check is seen into the chained list.Such as The addressed area mapping status that the block table of fruit kernel updates request with the chained list is described is inconsistent, and credible platform will refuse the request. Below by taking File Mapping function as an example, this mechanism is described.
On disk, different files are marked by different modes, and the different pieces of information block of identical file is marked by document misregistration, table Show the position of the data block hereof.When application call File Mapping function, while updating the addressed area shape of self maintained State chained list, including the corresponding ID of file to be read and skew.When credible platform, which carries out block table, updates checking, the chain can be checked Table.If the corresponding addressed area mapped file of the renewal, credible platform is by the ID in the chained list and skew and the ID of file in itself It is compared with skew.The file or deviation post needed if not application, credible platform refusal is by File Mapping to seeking Location area simultaneously notifies application.
In the present invention, the application data of application enters kernel in the form of plaintext, and credible platform passes through in insincere kernel One trusted application data flow of middle structure carrys out transmitting user data, prevents application data to be stolen or distort.The present invention is based on can In the access control model for believing platform, application data is that SUID is identified by secured user ID.Each user occupies itself SUID is assigned and applied when starting the application of itself by SUID, user.Credible platform is by verifying that SUID ensures application data only It can be accessed by its owner.SUID can one user's group of mark, for the file-sharing between user;SUID can be specified not Same read-write and execution authority.
Application data is copied into the cache blocks of kernel from the block of application addressed area, and block transfer of then postponing is to disk Block.Trusted application data flow ensures that when application data is transmitted in kernel, application data is isolated with kernel, it is impossible to visited by kernel Ask.First, blocks of files is mapped as possession state, and application data therein can not be accessed by kernel.When kernel needs to apply Data from blocks of files copy cache blocks to when, request can only be sent to credible platform, data copy is completed by credible platform.It is credible Platform Requirements kernel can only provide the cache blocks of isolation, and for the cache blocks of non-isolated state, credible platform copies refusal Shellfish application data.
Credible platform defines the state i.e. free time of two kinds of disk blocks and taken, and (is referred to as disk block using an array Array) carry out status tracking.In disk block array, the state of a position one disk block of correspondence of internal memory.Credible platform pair All I/O orders for being sent to disk are verified.If the order is that application data is write into disk block, credible platform ensures The disk block being written into can only be idle condition.After the data transfer is complete, the disk block is changed into seizure condition, SUID and application Data are collectively stored on disk block, the owner for identifying the disk block.Then, credible platform only allows with identical SUID memory block carries out data transmission with the occupancy disk block, thus application data isolation and access control are obtained on disk block Ensure.
When reading file, credible platform only allows the application data taken on disk block to be transferred to the caching of isolation Block, while the cache blocks are endowed the SUID for taking disk block.Hereafter, credible platform only allows the data copy of the cache blocks to arrive Blocks of files with identical SUID, is accessed by its file owners.
The user's checking of credible platform is realized based on checking user cipher.Credible platform further using public key/ Private key is to ensureing that insincere kernel can not steal user cipher.The present invention is encrypted and decrypted using the storage key in TPM can Believe the private key of platform.When user starts the application of itself, the user cipher of itself is placed on to the executable file of application, and It is encrypted using the public key of credible platform.Credible platform obtains user cipher from application executable file, and uses itself Private key be decrypted.Then, credible platform identifies the body of application by verifying that user cipher assigns this using corresponding SUID Part.In whole authentication process itself, this invention ensures that chain-of-trust:TPM storage key → credible platform private key → users are close Code → SUID.
In summary, the present invention proposes a kind of computer intrusion prevention method, completely isolated with insincere operating system, Frequently poorly efficient encrypting and decrypting is avoided, and comprehensively protection is provided for application.
Obviously, can be with general it should be appreciated by those skilled in the art, above-mentioned each module of the invention or each step Computing system realize that they can be concentrated in single computing system, or be distributed in multiple computing systems and constituted Network on, alternatively, the program code that they can be can perform with computing system be realized, it is thus possible to they are stored Performed within the storage system by computing system.So, the present invention is not restricted to any specific hardware and software combination.
It should be appreciated that the above-mentioned embodiment of the present invention is used only for exemplary illustration or explains the present invention's Principle, without being construed as limiting the invention.Therefore, that is done without departing from the spirit and scope of the present invention is any Modification, equivalent substitution, improvement etc., should be included in the scope of the protection.In addition, appended claims purport of the present invention Covering the whole changes fallen into scope and border or this scope and the equivalents on border and repairing Change example.

Claims (4)

1. a kind of computer intrusion prevention method, it is characterised in that including:
When application is interacted with kernel, the credible platform of safe addressed area is first into, credible platform preserves application context, Kernel addressed area is then switched to, is performed into kernel;
When kernel, which is returned, to be applied, the credible platform of safe addressed area is returned to first, credible platform recovers application context, then returns The application returned in safe addressed area is continued executing with.
2. according to the method described in claim 1, it is characterised in that the safe addressed area of all entrance of the credible platform control Entrance, once CPU enters safe addressed area, credible platform obtains system control;The software of only safe addressed area can Modified block table, all block tables, which update operation, to be completed by credible platform;, can only be to credible when kernel needs to update block table Platform sends request, and credible platform is intercepted and captured and verifies that all block tables update operation, realizes that internal memory is protected;
Credible platform completes the execution flow of itself in safe addressed area, in returning to external component, and CPU is switched back into kernel and sought Location area or the floor of safe addressed area the 3rd, it is ensured that there was only credible platform operation in safe addressed area, external module can not destroy safety The data code of credible platform in addressed area;
Enter from entrance behind safe addressed area, credible platform is in whole implementation procedure, and interruption is prohibited, performing stream can not be by External module is kidnapped;Only when returning to external component, credible platform just recovers to interrupt;It is not maskable when occurring in credible platform During interruption, the credible platform temporary block not maskable interrupts prevent external module from kidnapping not credible flat using maskable interrupts Platform performs stream;When returning to kernel, credible platform again by this not maskable interrupts be transmitted to kernel and handled.
3. method according to claim 2, it is characterised in that described piece of table is made up of 4 level structure L1, L2, L3 and L4, control The L4 block tables that register processed points to safe block table are referred to as S-L4, and the switching of block table is by the way that the L4 blocks table of file destination is integrally copied Realized to S-L4;S-L4 can only be changed by the credible platform in safe addressed area;During process switching, kernel can only be put down to credible Platform sends request, and file block table is switched by credible platform;
Occur to interrupt when application, into credible platform when, credible platform preserves and applies security context, and in the interruption is transmitted to Kernel in core addressed area, the particular content that block table updates is placed in a shared drive, and all processing are completed to kernel, when When operating system completes interrupt processing, corresponding physical block is distributed;Credible platform reads renewal request from shared drive, completes Block table updates, and is then back to kernel;Kernel completes remaining interrupt processing work, finally returns that credible platform;Credible platform is extensive Security context is applied again, returns to application.
4. method according to claim 3, it is characterised in that the credible platform is intercepted and captured and verifies all transmissions in system To the I/O orders of disk peripheral hardware, the I/O internal memories for distributing to disk administrator are mapped as read-only.When kernel needs to send out to disk When sending I/O orders, credible platform can only be forwarded the command to, I/O internal memories are accessed by credible platform, it is right when system starts The pci configuration space that BIOS is set is verified, forbids kernel to access whole pci configuration space in system operation;Profit Forbid this section of I/O port of softward interview in general mode with hardware virtualization;By the Installed System Memory of this section of reservation in addressed area In be mapped as invisible, forbid kernel to access.
CN201710342719.7A 2017-05-16 2017-05-16 Computer intrusion prevention method Active CN107103257B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710342719.7A CN107103257B (en) 2017-05-16 2017-05-16 Computer intrusion prevention method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710342719.7A CN107103257B (en) 2017-05-16 2017-05-16 Computer intrusion prevention method

Publications (2)

Publication Number Publication Date
CN107103257A true CN107103257A (en) 2017-08-29
CN107103257B CN107103257B (en) 2020-06-16

Family

ID=59668928

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710342719.7A Active CN107103257B (en) 2017-05-16 2017-05-16 Computer intrusion prevention method

Country Status (1)

Country Link
CN (1) CN107103257B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20140111943A (en) * 2013-03-12 2014-09-22 삼성전자주식회사 Secure environment apparatus and method thereof
CN104392188A (en) * 2014-11-06 2015-03-04 三星电子(中国)研发中心 Security data storage method and system
CN105279021A (en) * 2015-10-16 2016-01-27 华为技术有限公司 Method and device for executing non-maskable interrupt
CN106203082A (en) * 2016-06-29 2016-12-07 上海交通大学 The system and method efficiently isolating kernel module based on virtualization hardware characteristic

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20140111943A (en) * 2013-03-12 2014-09-22 삼성전자주식회사 Secure environment apparatus and method thereof
CN104392188A (en) * 2014-11-06 2015-03-04 三星电子(中国)研发中心 Security data storage method and system
CN105279021A (en) * 2015-10-16 2016-01-27 华为技术有限公司 Method and device for executing non-maskable interrupt
CN106203082A (en) * 2016-06-29 2016-12-07 上海交通大学 The system and method efficiently isolating kernel module based on virtualization hardware characteristic

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CHEN_CHUANG: "对Linux内核进程上下文和中断上下文的理解", 《CHINAUNIX博客》 *

Also Published As

Publication number Publication date
CN107103257B (en) 2020-06-16

Similar Documents

Publication Publication Date Title
US9989043B2 (en) System and method for processor-based security
RU2679721C2 (en) Attestation of host containing trusted execution environment
CN110928646B (en) Method, device, processor and computer system for accessing shared memory
US11520906B2 (en) Cryptographic memory ownership table for secure public cloud
US7073059B2 (en) Secure machine platform that interfaces to operating systems and customized control programs
US7380049B2 (en) Memory protection within a virtual partition
CN105184147B (en) User safety management method in cloud computing platform
CN1581073B (en) Projection method and system of trustworthiness from a trusted environment to an untrusted environment
JP4556144B2 (en) Information processing apparatus, recovery apparatus, program, and recovery method
US10095862B2 (en) System for executing code with blind hypervision mechanism
CN105184164B (en) A kind of data processing method
CN107667350A (en) Platform protection technique based on virtualization
CN107454958A (en) Use multiple nested page table isolation client codes and data
CN109766165A (en) A kind of memory access control method, device, Memory Controller Hub and computer system
KR101425621B1 (en) Method and system for sharing contents securely
CN107092495A (en) Platform firmware armouring technology
CN103620613A (en) System and method for virtual machine monitor based anti-malware security
KR102105760B1 (en) Heterogeneous isolated execution for commodity gpus
CN109446799B (en) Memory data protection method, security component, computer equipment and storage medium
CN107169375A (en) The safe Enhancement Method of system data
Dubrulle et al. Blind hypervision to protect virtual machine privacy against hypervisor escape vulnerabilities
CN108345804B (en) Storage method and device in trusted computing environment
Zhao et al. Gracewipe: Secure and Verifiable Deletion under Coercion.
CN107087003A (en) Network system anti-attack method
CN107103257A (en) computer intrusion prevention method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200509

Address after: 710000 Shaanxi Xi'an high tech Zone three new road 8 West BD new world second building 1 unit 5 floor 10508 room.

Applicant after: SHAANXI GUOBO ZHENGTONG INFORMATION TECHNOLOGY Co.,Ltd.

Address before: The middle Tianfu Avenue in Chengdu city Sichuan province 610000 No. 1388 1 7 storey building No. 772

Applicant before: CHENGDU DINGZHIHUI TECHNOLOGY Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: Computer intrusion prevention method

Effective date of registration: 20220325

Granted publication date: 20200616

Pledgee: Xi'an investment and financing Company limited by guarantee

Pledgor: SHAANXI GUOBO ZHENGTONG INFORMATION TECHNOLOGY Co.,Ltd.

Registration number: Y2022610000107

PE01 Entry into force of the registration of the contract for pledge of patent right
PC01 Cancellation of the registration of the contract for pledge of patent right

Date of cancellation: 20230801

Granted publication date: 20200616

Pledgee: Xi'an investment and financing Company limited by guarantee

Pledgor: SHAANXI GUOBO ZHENGTONG INFORMATION TECHNOLOGY Co.,Ltd.

Registration number: Y2022610000107

PC01 Cancellation of the registration of the contract for pledge of patent right