CN107103257B - Computer intrusion prevention method - Google Patents
Computer intrusion prevention method Download PDFInfo
- Publication number
- CN107103257B CN107103257B CN201710342719.7A CN201710342719A CN107103257B CN 107103257 B CN107103257 B CN 107103257B CN 201710342719 A CN201710342719 A CN 201710342719A CN 107103257 B CN107103257 B CN 107103257B
- Authority
- CN
- China
- Prior art keywords
- trusted platform
- kernel
- application
- addressing area
- block table
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention provides a computer intrusion prevention method, which comprises the following steps: when the application interacts with the kernel, the application firstly enters a trusted platform of the secure addressing area, the trusted platform stores the application context, then the application context is switched to the kernel addressing area, and the application enters the kernel for execution; when the kernel returns the application, the kernel returns the trusted platform of the secure addressing area, the trusted platform recovers the application context, and then returns the application in the secure addressing area to continue execution. The invention provides a computer intrusion prevention method which is completely isolated from an untrusted operating system, avoids frequent and low-efficiency encryption and decryption, and provides comprehensive protection for application.
Description
Technical Field
The invention relates to computer security, in particular to a computer intrusion prevention method.
Background
With the development of information technology, computer systems are widely used in important fields such as politics, economy, culture, national defense, and security. The operating system kernel is the basis for the work and security of the whole computer system. The kernel runs on the highest authority layer of the whole system, manages and controls bottom hardware resources, and provides a safe and isolated resource abstraction and access interface for upper files. More and more security reports show that a large number of bugs and errors still exist in the kernel of the operating system, and an attacker can obtain the highest authority and implement any attack behavior in the kernel authority, including malicious operation of underlying hardware, execution of any code in the system, reading and writing of any data on a memory and a disk, and the like. In the prior art, based on the VMM, the kernel permission operation is intercepted and verified, and the file is comprehensively protected. On the other hand, however, the VMM runs at a higher privilege level, and frequent inter-layer switching between the operating system kernel and the VMM also results in higher performance overhead.
Disclosure of Invention
In order to solve the problems existing in the prior art, the invention provides a computer intrusion prevention method, which comprises the following steps:
when the application interacts with the kernel, the application firstly enters a trusted platform of the secure addressing area, the trusted platform stores the application context, then the application context is switched to the kernel addressing area, and the application enters the kernel for execution;
when the kernel returns the application, the kernel returns the trusted platform of the secure addressing area, the trusted platform recovers the application context, and then returns the application in the secure addressing area to continue execution.
Preferably, the trusted platform controls all entry points into the secure addressing area, and once the CPU enters the secure addressing area, the trusted platform obtains system control; only the software of the safe addressing area can modify the block table, and all the block table updating operations can be completed only by the trusted platform; when the kernel needs to update the block table, the kernel can only send a request to the trusted platform, and the trusted platform intercepts and verifies all block table update operations to realize memory protection;
the trusted platform completes the execution flow of the trusted platform in the secure addressing area, and when returning to an external component, the CPU is switched back to the kernel addressing area or the layer 3 of the secure addressing area, so that only the trusted platform in the secure addressing area operates, and the external component cannot damage the data code of the trusted platform in the secure addressing area;
after entering the safe addressing area from the entry point, the trusted platform prohibits interruption in the whole execution process, and the execution stream cannot be hijacked by an external component; the trusted platform resumes interrupts only when returning to the external component; when the unmasked interrupt occurs in the trusted platform, the trusted platform temporarily blocks the unmasked interrupt, and prevents an external component from hijacking the execution flow of the trusted platform by using the unmasked interrupt; when returning to the kernel, the trusted platform forwards the unmasked interrupt to the kernel for processing.
Preferably, the block table consists of a 4-level structure of L1, L2, L3 and L4, the L4 block table of the control register pointing to the safe block table is called S-L4, and the block table switching is realized by copying the L4 block table of the target file to S-L4 in its entirety; S-L4 can only be modified by trusted platforms in the secure addressing area; when the process is switched, the kernel can only send a request to the trusted platform, and the trusted platform switches the file block table;
when the application is interrupted and enters the trusted platform, the trusted platform stores the application security environment, forwards the interruption to the kernel in the kernel addressing area, places the specific content updated by the block table in a shared memory until the kernel completes all processing, and allocates a corresponding physical block when the operating system completes the interruption processing; the trusted platform reads the update request from the shared memory, completes the update of the block table and then returns to the kernel; the kernel completes the rest interrupt processing work and finally returns to the trusted platform; and the trusted platform recovers the application security environment and returns the application.
Preferably, the trusted platform intercepts and verifies all I/O commands sent to the disk peripheral in the system, and maps the I/O memory allocated to the disk manager as read-only. When the kernel needs to send an I/O command to the disk, the command can only be forwarded to the trusted platform, the trusted platform accesses an I/O memory, when the system is started, the PCI configuration space set by the BIOS is verified, and the kernel is prohibited from accessing the whole PCI configuration space in the running process of the system; disabling software in the normal mode from accessing the segment of the I/O port by using hardware virtualization; mapping the address area existing in the reserved system to be invisible, and forbidding kernel access.
Compared with the prior art, the invention has the following advantages:
the invention provides a computer intrusion prevention method which is completely isolated from an untrusted operating system, avoids frequent and low-efficiency encryption and decryption, and provides comprehensive protection for application.
Drawings
Fig. 1 is a flowchart of a computer intrusion prevention method according to an embodiment of the present invention.
Detailed Description
A detailed description of one or more embodiments of the invention is provided below along with accompanying figures that illustrate the principles of the invention. The invention is described in connection with such embodiments, but the invention is not limited to any embodiment. The scope of the invention is limited only by the claims and the invention encompasses numerous alternatives, modifications and equivalents. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. These details are provided for the purpose of example and the invention may be practiced according to the claims without some or all of these specific details.
One aspect of the invention provides a computer intrusion prevention method. FIG. 1 is a flowchart of a method for preventing computer intrusion according to an embodiment of the present invention.
The invention introduces a trusted platform in the secure addressing area, and the application runs in the secure environment protected by the trusted platform. The untrusted kernel and the application are respectively operated in two different addressing areas, namely a kernel addressing area and a safe addressing area. The block table used in the kernel addressing area is referred to as a kernel block table, and the block table used in the secure addressing area is referred to as a secure block table. When the application in the safe addressing area interacts with the kernel, the application firstly enters a trusted platform of the safe addressing area, the trusted platform stores the application context, and then the application context is switched to the kernel addressing area to enter the kernel for execution. When the kernel returns the application, the kernel must first return to the trusted platform in the secure addressing area, and the trusted platform recovers the application context and then returns to the application in the secure addressing area to continue executing.
The trusted platform directly limits the target value of the control register by using hardware virtualization; meanwhile, the trusted platform intercepts and verifies all block table updating operations in the system, and memory protection is realized. The use of hardware virtualization ensures that the entire system (kernel, applications and trusted platform) can only run in the kernel addressing area and the secure addressing area. Target values of a maximum of 4 control registers are set in the control register target list. When software modifies a control register and the target value is one of the control register target lists, the control register modification may be done directly. The invention only uses 2 target values to write the kernel block table in the kernel addressing area and the base address of the safety block table in the safety addressing area into the control register target list, therefore, the whole system can only modify the control register into two values in the operation process. If attempts to modify other target values cause the CPU to enter a secure mode, any operation that causes entry into the secure mode is considered malicious and can cause a reboot of the entire system. In the kernel addressing area, the entire block table is mapped as read-only. Any software running in the kernel addressing area must first map a block entry as writable if it is to be modified. The way software in the kernel-addressed area tries to unlock the block table is: 1) modifying the control register and switching the addressing area. 2) And modifying the mode flag bit of the control register to disable the read-only protection of the block table. Aiming at the mode, the invention uses hardware virtualization to prohibit all software in the common mode from modifying the mode flag bit of the control register, and any operation of modifying the mode flag bit enables the system to enter the safe mode, thereby causing the system to restart.
In the secure addressing area, the invention limits that only layer 0 software can modify the block table. The block table is mapped as invisible at other layers. Therefore, only the software of the secure addressing area in the whole system can modify the block table. All block table update operations can only be done by the trusted platform. When the kernel needs to update the block table, the kernel can only send a request to the trusted platform, and the trusted platform can intercept and verify all block table update operations, so that memory protection is realized. Therefore, the invention eliminates the authority of modifying the block table by the kernel of the kernel addressing area based on the control register control and block table locking technology.
The trusted platform controls all entry points entering the secure addressing area, and ensures that once the CPU enters the secure addressing area, the trusted platform obtains system control right. The trusted platform completes the execution flow of the trusted platform in the secure addressing area, and when the trusted platform returns to an external component, the CPU is switched back to the kernel addressing area or the layer 3 of the secure addressing area, so that only the trusted platform in the secure addressing area is ensured to run. Therefore, the external component can only run in the kernel addressing area or the layer 3 of the safe addressing area at all times, and the data code of the trusted platform in the safe addressing area cannot be damaged.
After entering the layer 0 of the secure addressing area from the entry point, the trusted platform is prohibited from interruption in the whole execution process, and the execution stream cannot be hijacked by an external component: the trusted platform resumes interrupts only when the external component is returned. Meanwhile, the trusted platform switches the CPU back to the kernel addressing area or the layer 3 of the safe addressing area, and only the trusted platform in the layer 0 of the safe addressing area is ensured to run. When the unmasked interrupt occurs in the trusted platform, the trusted platform temporarily blocks the unmasked interrupt, and prevents an external component from hijacking the trusted platform execution stream by using the unmasked interrupt. When returning to the kernel, the trusted platform forwards the unmasked interrupt to the kernel for processing. The kernel running in the kernel addressing area or the application running in the layer 3 of the secure addressing area cannot damage the integrity of the data codes of the trusted platform, and cannot modify the block table and perform malicious mapping on the data codes of the trusted platform.
The block table is composed of a 4-level structure (denoted by L1, L2, L3, and L4), the control register points to the L4 block table of the secure block table (referred to as S-L4), and block table switching is achieved by copying the L4 block table of the target file to S-L4 in its entirety. Like other block tables, S-L4 can only be modified by trusted platforms in the secure addressing area. Therefore, when the process is switched, the kernel can only send a request to the trusted platform, and the trusted platform switches the file block table.
When the application is interrupted and enters the trusted platform, the trusted platform stores the application security environment, forwards the interruption to the kernel in the kernel addressing area, places the specific content updated by the block table in a shared memory, completes all processing until the kernel completes all processing, and allocates the corresponding physical block when the operating system completes the interruption processing. And the trusted platform reads the update request from the shared memory, completes the update of the block table and then returns to the kernel. And the kernel completes the rest interrupt processing work and finally returns to the trusted platform. And the trusted platform recovers the application security environment and returns the application.
The trusted platform intercepts and verifies all I/O commands sent to the disk peripheral in the system, and the whole I/O verification process is realized in a common mode. The invention can intercept the I/O command sent to the disk peripheral only by intercepting the memory mapping I/O. Specifically, based on the memory protection mechanism of the trusted platform, the trusted platform maps the I/O memory allocated to the disk manager as read-only. When the kernel needs to send an I/O command to the disk, the kernel can only forward the command to the trusted platform, the trusted platform accesses the I/O memory, when the system is started, the PCI configuration space set by the BIOS is verified, and the kernel is prohibited from accessing the whole PCI configuration space in the running process of the system. Disabling software in the normal mode from accessing the segment of the I/O port by using hardware virtualization; mapping the address area existing in the reserved system to be invisible, and forbidding kernel access.
How the trusted platform protects the memory in the application addressing area to achieve the isolation and integrity protection of the addressing area is described in detail below. In order to isolate the application addressing area from the kernel, the trusted platform uses an array to track the mapping of each physical block in the system. Each block can be defined as 3 mapping states: normal, isolated and occupied. Blocks in the normal state are mapped by both the kernel block table and the secure block table so that both the kernel and trusted platforms can access them. The blocks in the isolated state are only mapped by the secure block table and can only be accessed by the trusted platform. The blocks where the trusted platform and the block table are located are both mapped to an isolated state. Blocks of possession status have been allocated to an application, mapped only by the secure block table and the secure block table of its application owner, so that only trusted platforms and their owners have access to them. The trusted platform uses a unique security identifier SID to identify the occupants of the possession block. SIDs are assigned to each process by the trusted platform at process creation time.
The following describes the transformation process of the block mapping status and the address area isolation, taking the block allocation of application a as an example. When a block is assigned to application a by the kernel, the trusted platform requires that the kernel can only use blocks in the isolated state. When the trusted platform maps the block to the secure block table of A, the mapping state of the block is verified, and all non-isolated blocks are rejected. The block is then securely assigned to a, marked as in possession, and marked with the SID of a. And the trusted platform prohibits the block in the holding state from being mapped by the kernel block table or the safety block table of other applications by verifying the SID, so that the memory isolation of the A is ensured. While prohibiting the application blocks from being remapped in the application addressing area.
The trusted platform maintains a linked list by the application itself, describing the mapping state of the addressing area of the trusted platform itself. This linked list, like the other data of the application-addressed area, cannot be modified by the kernel. When the trusted platform updates the application block table, the linked list is checked. If the block table update request of the kernel is inconsistent with the mapping state of the addressing area described by the linked list, the trusted platform rejects the request. This mechanism is described below using a file mapping function as an example.
On the disk, different files are marked differently, and different data blocks of the same file are marked by file offsets, indicating the location of the data block in the file. When the application calls the file mapping function, the state linked list of the addressing area maintained by the application is updated at the same time, and the state linked list comprises the ID and the offset corresponding to the file to be read. The linked list is checked when the trusted platform performs a block table update verification. If the corresponding addressing area mapping file is updated, the trusted platform compares the ID and the offset in the linked list with the ID and the offset of the file. If not, the trusted platform refuses to map the file to the addressing area and notifies the application.
In the invention, the application data of the application enters the kernel in a plaintext form, and the trusted platform transmits the application data by constructing a trusted application data stream in the untrusted kernel, so that the application data is prevented from being stolen or tampered. In the access control model based on the trusted platform, the application data is identified by the safety user ID, namely the SUID. Each user possesses its own SUID, and when starting its own application, the user gives the SUID to the application. The trusted platform ensures that the application data can only be accessed by its owner by verifying the SUID. The SUID may mark a group of users for file sharing among the users; the SUID may specify different read and write and execution rights.
Application data is copied from blocks of the application addressing area to cache blocks of the kernel and then transferred from the cache blocks to disk blocks. The trusted application data flow ensures that when the application data is transmitted in the kernel, the application data is isolated from the kernel and cannot be accessed by the kernel. First, the file blocks are mapped to an occupied state in which application data is not accessible by the kernel. When the kernel needs to copy the application data from the file block to the cache block, only a request can be sent to the trusted platform, and the trusted platform finishes data copying. The trusted platform requires that the kernel can only provide cache blocks in an isolated state, and for cache blocks in a non-isolated state, the trusted platform will refuse to copy application data.
The trusted platform defines the states of two disk blocks, free and occupied, and uses an array (called disk block array) for state tracking. In an array of disk blocks, one bit of memory corresponds to the state of one disk block. The trusted platform validates all I/O commands sent to disk. If the command is to write application data to a disk block, the trusted platform ensures that the disk block being written can only be in an idle state. After the data transfer is complete, the disk block is changed to an occupied state, and the SUID is stored on the disk block with the application data to identify the owner of the disk block. Then, the trusted platform only allows the memory block with the same SUID to perform data transmission with the occupied disk block, so that application data isolation and access control on the disk block are guaranteed.
When reading a file, the trusted platform only allows application data on occupied disk blocks to be transferred to cache blocks in the sequestered state, while the cache blocks are given SUIDs that occupy the disk blocks. Thereafter, the trusted platform only allows the data of the cache block to be copied to file blocks with the same SUID, accessed by its file owner.
User authentication of the trusted platform is achieved based on authenticating a user password. The trusted platform further uses a public/private key pair to ensure that the untrusted kernel cannot steal the user password. The present invention uses the storage key in the TPM to encrypt and decrypt the private key of the trusted platform. When the user starts the application of the user, the user password of the user is placed in an executable file of the application, and the public key of the trusted platform is used for encryption. The trusted platform obtains the user password from the application executable file and decrypts the user password by using the private key of the trusted platform. And then, the trusted platform gives the corresponding SUID to the application by verifying the user password to identify the identity of the application. In the whole identity verification process, the invention ensures the credible chain: TPM storage key → trusted platform private key → user password → SUID.
In summary, the present invention provides a computer intrusion prevention method, which is completely isolated from an untrusted operating system, thereby avoiding frequent and inefficient encryption and decryption, and providing comprehensive protection for applications.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented in a general purpose computing system, centralized on a single computing system, or distributed across a network of computing systems, and optionally implemented in program code that is executable by the computing system, such that the program code is stored in a storage system and executed by the computing system. Thus, the present invention is not limited to any specific combination of hardware and software.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.
Claims (3)
1. A computer intrusion prevention method, comprising:
when the application interacts with the kernel, the application firstly enters a trusted platform of the secure addressing area, the trusted platform stores the application context, then the application context is switched to the kernel addressing area, and the application enters the kernel for execution;
when the kernel returns the application, firstly returning to the trusted platform of the secure addressing area, recovering the application context by the trusted platform, and then returning to the application in the secure addressing area for continuous execution;
the trusted platform controls all entry points entering the safe addressing area, and once the CPU enters the safe addressing area, the trusted platform obtains system control right; only the software of the safe addressing area can modify the block table, and all the block table updating operations can be completed only by the trusted platform; when the kernel needs to update the block table, the kernel can only send a request to the trusted platform, and the trusted platform intercepts and verifies all block table update operations to realize memory protection;
the trusted platform completes the execution flow of the trusted platform in the secure addressing area, and when returning to an external component, the CPU is switched back to the kernel addressing area or the layer 3 of the secure addressing area, so that only the trusted platform in the secure addressing area operates, and the external component cannot damage the data code of the trusted platform in the secure addressing area;
after entering the safe addressing area from the entry point, the trusted platform prohibits interruption in the whole execution process, and the execution stream cannot be hijacked by an external component; the trusted platform resumes interrupts only when returning to the external component; when the unmasked interrupt occurs in the trusted platform, the trusted platform temporarily blocks the unmasked interrupt, and prevents an external component from hijacking the execution flow of the trusted platform by using the unmasked interrupt; when returning to the kernel, the trusted platform forwards the unmasked interrupt to the kernel for processing.
2. The method of claim 1, wherein the block table consists of a 4-level structure of L1, L2, L3, and L4, the L4 block table whose control register points to the secure block table is called S-L4, and the block table switch is implemented by copying the L4 block table of the target file to S-L4 in its entirety; S-L4 can only be modified by trusted platforms in the secure addressing area; when the process is switched, the kernel can only send a request to the trusted platform, and the trusted platform switches the file block table;
when the application is interrupted and enters the trusted platform, the trusted platform stores the application security environment, forwards the interruption to the kernel in the kernel addressing area, places the specific content updated by the block table in a shared memory until the kernel completes all processing, and allocates a corresponding physical block when the operating system completes the interruption processing; the trusted platform reads the update request from the shared memory, completes the update of the block table and then returns to the kernel; the kernel completes the rest interrupt processing work and finally returns to the trusted platform; and the trusted platform recovers the application security environment and returns the application.
3. The method of claim 2, wherein the trusted platform intercepts and verifies all I/O commands sent to the disk peripheral in the system, and maps the I/O memory allocated to the disk manager as read-only; when the kernel needs to send an I/O command to the disk, the command can only be forwarded to the trusted platform, the trusted platform accesses the I/O memory, when the system is started, the PCI configuration space set by the BIOS is verified, and the kernel is prohibited from accessing the whole PCI configuration space in the running process of the system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710342719.7A CN107103257B (en) | 2017-05-16 | 2017-05-16 | Computer intrusion prevention method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710342719.7A CN107103257B (en) | 2017-05-16 | 2017-05-16 | Computer intrusion prevention method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107103257A CN107103257A (en) | 2017-08-29 |
| CN107103257B true CN107103257B (en) | 2020-06-16 |
Family
ID=59668928
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710342719.7A Active CN107103257B (en) | 2017-05-16 | 2017-05-16 | Computer intrusion prevention method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107103257B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104392188A (en) * | 2014-11-06 | 2015-03-04 | 三星电子(中国)研发中心 | Security data storage method and system |
| CN105279021A (en) * | 2015-10-16 | 2016-01-27 | 华为技术有限公司 | Method and device for executing non-maskable interrupt |
| CN106203082A (en) * | 2016-06-29 | 2016-12-07 | 上海交通大学 | The system and method efficiently isolating kernel module based on virtualization hardware characteristic |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20140111943A (en) * | 2013-03-12 | 2014-09-22 | 삼성전자주식회사 | Secure environment apparatus and method thereof |
-
2017
- 2017-05-16 CN CN201710342719.7A patent/CN107103257B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104392188A (en) * | 2014-11-06 | 2015-03-04 | 三星电子(中国)研发中心 | Security data storage method and system |
| CN105279021A (en) * | 2015-10-16 | 2016-01-27 | 华为技术有限公司 | Method and device for executing non-maskable interrupt |
| CN106203082A (en) * | 2016-06-29 | 2016-12-07 | 上海交通大学 | The system and method efficiently isolating kernel module based on virtualization hardware characteristic |
Non-Patent Citations (1)
| Title |
|---|
| 对Linux内核进程上下文和中断上下文的理解;chen_chuang;《ChinaUnix博客》;20140724;第1页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107103257A (en) | 2017-08-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230128711A1 (en) | Technologies for trusted i/o with a channel identifier filter and processor-based cryptographic engine | |
| CN109522754B (en) | Core control method for trusted isolation environment of mobile terminal | |
| CN111651778B (en) | Physical memory isolation method based on RISC-V instruction architecture | |
| US7380049B2 (en) | Memory protection within a virtual partition | |
| Jin et al. | Architectural support for secure virtualization under a vulnerable hypervisor | |
| CN105184147B (en) | User safety management method in cloud computing platform | |
| US20040205203A1 (en) | Enforcing isolation among plural operating systems | |
| CN105184164B (en) | A kind of data processing method | |
| CN103907101A (en) | System and method for kernel ROOTKIT protection in a hypervisor environment | |
| KR20100084180A (en) | Method and apparatus for delegation of secure operating mode access privilege from processor to peripheral | |
| EP3867763B1 (en) | Trusted intermediary realm | |
| CN111400702A (en) | Virtualized operating system kernel protection method | |
| EP3867783B1 (en) | Parameter signature for realm security configuration parameters | |
| Schneider et al. | Sok: Hardware-supported trusted execution environments | |
| CN104318176A (en) | Terminal and data management method and device thereof | |
| WO2014153635A1 (en) | Method and system for platform and user application security on a device | |
| Jin et al. | Secure MMU: Architectural support for memory isolation among virtual machines | |
| KR102579861B1 (en) | In-vehicle software update system and method for controlling the same | |
| CN107169375B (en) | System data security enhancement method | |
| CN107087003B (en) | System anti-attack method based on network | |
| CN107103257B (en) | Computer intrusion prevention method | |
| WO2017168016A1 (en) | Method and system for protecting a computer file against possible malware encryption | |
| CN111949995B (en) | Host CPU architecture system and method for safely managing hardware resources | |
| Vaduva et al. | Observations over SPROBES mechanism on the TrustZone architecture | |
| WO2021238294A1 (en) | Data processing method and data processing apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200509 Address after: 710000 Shaanxi Xi'an high tech Zone three new road 8 West BD new world second building 1 unit 5 floor 10508 room. Applicant after: SHAANXI GUOBO ZHENGTONG INFORMATION TECHNOLOGY Co.,Ltd. Address before: The middle Tianfu Avenue in Chengdu city Sichuan province 610000 No. 1388 1 7 storey building No. 772 Applicant before: CHENGDU DINGZHIHUI TECHNOLOGY Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Computer intrusion prevention method Effective date of registration: 20220325 Granted publication date: 20200616 Pledgee: Xi'an investment and financing Company limited by guarantee Pledgor: SHAANXI GUOBO ZHENGTONG INFORMATION TECHNOLOGY Co.,Ltd. Registration number: Y2022610000107 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20230801 Granted publication date: 20200616 Pledgee: Xi'an investment and financing Company limited by guarantee Pledgor: SHAANXI GUOBO ZHENGTONG INFORMATION TECHNOLOGY Co.,Ltd. Registration number: Y2022610000107 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |