CN108073411A - A kind of kernel loads method and device of patch - Google Patents
A kind of kernel loads method and device of patch Download PDFInfo
- Publication number
- CN108073411A CN108073411A CN201711311849.0A CN201711311849A CN108073411A CN 108073411 A CN108073411 A CN 108073411A CN 201711311849 A CN201711311849 A CN 201711311849A CN 108073411 A CN108073411 A CN 108073411A
- Authority
- CN
- China
- Prior art keywords
- patch
- kernel
- memory
- symbol table
- symbol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the present invention provides a kind of kernel loads method and device of patch, to realize the kernel loads of patch in the case of independent of LKM.This method includes:Patch from User space program is obtained by shared section key;The patch is verified, and is the patch application memory in kernel memory field after verifying successfully;The symbol table and Kernel Symbol Table carried according to the patch, internal nuclear symbol are redefined;Refresh the memory applied, and run the initialization function of the patch so that the patch is loaded into the memory applied after refreshing.
Description
Technical field
The present invention relates to field of computer technology more particularly to a kind of kernel loads method and devices of patch.
Background technology
In linux system, transfer kernel dynamic load and depend on UV-Vis spectra (LKM, Loadable
Kernel Modules), this is a kind of system level program for being different from and being normally applied program, it is mainly used for extending linux's
Core functions.Because LKM can be dynamically loaded into memory, without recompility kernel.
But since LKM provides public kernel module loading interface, thus expose very big risk, hacker
Meeting idea tries to perform during the rogue program of oneself is loaded into kernel, and user can also load unintentionally some malice or incompatible
Module to oneself mobile phone, can not ensure the safety of user information.
So in the prior art there is no the kernel loads methods of relatively reasonable patch.
The content of the invention
In view of the above problems, the present invention provides a kind of kernel loads method and device of patch, with independent of LKM's
In the case of realize patch kernel loads.
In a first aspect, the present invention provides a kind of kernel loads method of patch, including:It is come from by shared section key acquisition
The patch of User space program;The patch is verified, and is the patch Shen in kernel memory field after verifying successfully
It please memory;The symbol table and Kernel Symbol Table carried according to the patch, internal nuclear symbol are redefined;Refresh what is applied
Memory, and run the initialization function of the patch so that the patch is loaded into the memory applied.
Second aspect, the embodiment of the present invention provide a kind of kernel loads device of patch, including:Acquiring unit, for leading to
It crosses shared section key and obtains the patch from User space program;Verification unit, for being verified to the patch;Request slip
Member, for being the patch application memory in kernel memory field after verifying successfully;Unit is redefined, for according to
The symbol table and Kernel Symbol Table that patch carries, internal nuclear symbol are redefined;Execution unit, for refresh applied in
It deposits, and runs the initialization function of the patch so that the patch is loaded into the memory applied.
The third aspect, the embodiment of the present invention provide a kind of kernel loads engine, including:Memory and processor, wherein, it deposits
Storage is wherein stored with one or more program instruction, the processor perform described program instruction to realize such as said one or
Method and step described in the multiple technical solutions of person.
Fourth aspect, the embodiment of the present invention provide a kind of computer readable storage medium, are deposited on the readable storage medium storing program for executing
Program is contained, said one or the method and step described in multiple technical solutions are realized when described program is executed by processor.
A kind of kernel loads method and device of patch provided in an embodiment of the present invention, first, is obtained by shared section key
The patch from User space program is fetched, then, patch is verified, and is benefit in kernel memory field after verifying successfully
Fourth application memory, then, the symbol table and Kernel Symbol Table carried according to patch, internal nuclear symbol are redefined, finally, brush
The new memory applied, and run the initialization function of patch so that patch is loaded into the memory applied after refreshing.It can
See, in embodiments of the present invention, be not rely on LKM for the kernel loads of patch, but use a set of new kernel loads
Patch is loaded into kernel by method, in this way, hot repair can be carried out to kernel loophole, and independent of kernel setup.
Description of the drawings
It in order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is attached drawing needed in technology description to make simply to introduce, it should be apparent that, the accompanying drawings in the following description is this hair
Some bright embodiments, for those of ordinary skill in the art, without creative efforts, can be with root
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the flow diagram of the LKM loading methods in correlation technique;
Fig. 2 is the flow diagram of the loading method of the patch in the embodiment of the present invention;
Fig. 3 is the flow diagram of the discharging method of the patch in the embodiment of the present invention;
Fig. 4 is the structure diagram of the kernel loads engine in the embodiment of the present invention.
Specific embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, the technical solution in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
Part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
All other embodiments obtained without creative efforts belong to the scope of protection of the invention.
In the related art, shown in Figure 1, the main flow of LKM loadings is as follows:
S101:The signature check of load-on module;
S102:Load-on module can perform with that can link form (ELF, Executable and Linkable Format) head
It examines;
S103:Arrangement module simultaneously distributes relevant memory, and load-on module associated section area is copied in final memory;
S104:Enquiry module (modules) chained list, and this module object is added in modules chained lists;
S105:To save area pcpu (per-CPU variables) allocation space, for multiprocessor;
S106:All section regional address of load-on module are found, initialize module object associated pointers;
S107:Check license and version;
S108:According to .modiufo sections of setup module information;
S109:Symbolic address parses, and according to the symbol table of module, searches system symbol table, updates symbolic address;
S110:It redefines, redefine section area in the block to mould redefines operation;
S111:Optional parameters is copied to kernel spacing from user's space, processing saves area for debug;
S112:It is confirmed whether to redefine symbol, and setup module state is to be currently running;
S113:It discharges interim memory, do_init_module is called to bring into operation module.
So far, the loading procedure of LKM is completed.But since LKM provides public kernel module loading interface, so
Very big risk is just exposed, hacker understands idea and tries to perform during the rogue program of oneself is loaded into kernel, and user also can nothing
Some malice or incompatible module are loaded in meaning to oneself mobile phone, can not ensure the safety of user information.
To solve the above-mentioned problems, the embodiment of the present invention provides a kind of kernel loads method of patch, and this method is applied to
Linux system or other systems based on Linux are installed, such as the kernel loads engine of android system.
In our embodiment of the present invention, proprietary data structure can be set, proprietary data structure include patch content,
The kernel MD5 check values of patch, signature check data of patch etc., this proprietary data is exactly obtained by attacker, can not
Any useful information is analyzed and acquired by, and attacker also can not forge such data, because we have multiple safe school
Mechanism is tested, ensures that the patch of loading is safe, credible and reliable.
Shown in Figure 2, the kernel loads method of the patch may comprise steps of:
S201:Patch from User space program is obtained by shared section key;
S202:Patch is verified, and is patch application memory in kernel memory field after verifying successfully;
S203:The symbol table and Kernel Symbol Table carried according to patch, internal nuclear symbol are defined;
S204:Refresh the memory applied, and run the initialization function of patch so that patch is loaded into after refreshing
In the memory of application.
Wherein, in S201, patch is handed down to kernel loads engine by server, by the User space in kernel loads engine
The patch is write shared section key by program, and then, operating system can directly read above-mentioned patch from shared section key.
It should be noted that in embodiments of the present invention, kernel state program is set with character in User space procedure sharing kernel
Standby memory space, i.e. shared section key, the shared section key carry out ground with kernel state memory field and User space memory field respectively
Location maps so that a shared physical address in shared section key is corresponding with the first virtual address in kernel state memory field respectively
With the second virtual address in User space memory field.
Next, performing S202, hot patch Kernel security verification scheme is performed, patch is verified, at this point, kernel adds
Mark of the engine according to patch is carried, whether detection patch has loaded;When detecting that patch does not load, sign to patch
Verification;After signature check success, patch is decrypted, obtains the symbol table that patch carries;According to symbol table, patch is verified
Whether the MD5 of kernel is consistent with kernel intermediate value, wherein, if unanimously, performing loading, conversely, then terminating to load.In this way,
To realize the accurate of patch and be safely loaded with.
Specifically, magic, class and machine field of ELF files are verified, only all fields match
It just performs and is safely loaded with.
Further, after whether the MD5 of verification patch kernel is consistent with kernel intermediate value, the above method can also wrap
It includes:After the MD5 of inspection patch kernel is consistent with kernel intermediate value, whether verification patch meets executable with that can link form ELF.
In practical applications, traditional kernel dynamic load safety check only includes signature check and ELF file verifications, this
Kind verification scheme lacks the verification to system compatibility, also lacks and file self-information is hidden, hacker can carry out easily
Conversed analysis restores source file, analyzes module logic, and system is attacked.So, service packs signature check machine is passed through
System realizes patch controllably and specifies loading, while signature also realizes the anti-of patch and distorts and anti-repudiation indirectly, for responsibility below
Division provides foundation.In addition, burst by verifying the symbol table of patch to ensure that loaded patch will not cause system to be run quickly, and hand
Symbol table only saves export symbolic address in machine, and LKM modules cannot parse not derived symbolic address, is mended for this class function
Fourth cannot be loaded by LKM, symbol table is carried in patch, can solve the problems, such as to can not find the parsing of symbol in system.
Meanwhile we prevent reverse cyclic loadings from attacking by verifying patch ID, prevent hackers from attacking by verifying loading parameter
Behavior.
It can be seen from the above, the hot patch Kernel security verification scheme involved in the present invention ensures loaded hot patch safety
Reliably, the difficulty of dynamic load attack is added, while provides the function point do not supported in LKM loadings, is had preferably logical
With property and applicability.
It can include for the step of patch application memory in kernel memory field in S202:For patch application memory, and
By the content copy of patch to the memory applied from shared section key;All section regional address of load-on module are found, and it is initial
Change module (module) object associated pointers;To save area's pcup allocation spaces.
In practical applications, the program loaded into kernel is not that the address loading arbitrarily applied is entered, this is not
Capable, each CUP, such as ARM machines, he has the jump instruction space of oneself, when his instruction redirects, such as ARM,
His memory space is 32M, then, it can only just be redirected within 32M address spaces, if loaded beyond 32M spaces, so
If, it results in redirecting to pass by, just directly have failed, mobile phone is caused just to crash.If it is intended to forcing to realize, must just add
Enter long jump, but add in long jump to increase development difficulty, exactly instruction must be converted into long jump instruction.Because ARM machines
Typically short to redirect, it is front and rear 16M that the short address space redirected, which redirects, thus if, loading must be in kernel entire generation
Code area.Maximum cannot be left within 32M spaces.So we have actually used for reference LKM modules, Android kernel is in kernel starting point
Location, kernel initial address have reserved 16M spaces, can apply for memory in 16M spaces to load.
Next, performing S203, can include:System symbol table is searched, the symbol table that verification patch carries is accorded in system
Whether number table is consistent;If consistent, operation is redefined to redefining section area.
Finally, S204 is performed, refreshes the memory applied, and runs the initialization function of patch.Apply for example, refreshing
Memory, patch is added in into list of patches;The initialization function of patch is run, and clears up interim memory.
So far, the kernel for just completing patch records process.
In embodiments of the present invention, the present invention also provides a kind of kernel discharging method of patch, shown in Figure 3, the party
Method can include:
S301:Parameter verification;
S302:The patch to be carried is searched according to ID;
S303:Judge whether patch has unloaded;
S304:Unloading operation is performed to the patch not unloaded.
A kind of kernel loads method of patch provided in an embodiment of the present invention first, is come from by shared section key acquisition
Then the patch of User space program, verifies patch, and be patch application in kernel memory field after verifying successfully
Memory, then, the symbol table and Kernel Symbol Table carried according to patch, internal nuclear symbol are redefined, and finally, refresh Shen
Memory please, and run the initialization function of patch so that patch is loaded into the memory applied after refreshing.As it can be seen that
In the embodiment of the present invention, for patch kernel loads not since in LKM, but using a set of new kernel loads method come
Patch is loaded into kernel, in this way, hot repair can be carried out to kernel loophole, and independent of kernel setup.
Based on same inventive concept, the embodiment of the present invention provides a kind of kernel loads device of patch, as shown in figure 4, should
Loading device 400, including:Acquiring unit 401, for obtaining the patch from User space program by shared section key;Verification
Unit 402, for being verified to patch;Application unit 403, for being patch in kernel memory field after verifying successfully
Apply for memory;Unit 404 is redefined, for the symbol table and Kernel Symbol Table carried according to patch, internal nuclear symbol carries out weight
Definition;Execution unit 405 for refreshing the memory applied, and runs the initialization function of patch so that patch is loaded into brush
In the memory applied after new.
In embodiments of the present invention, verification unit, for the mark according to patch, whether detection patch has loaded;When
When detecting that patch does not load, signature check is carried out to patch;After signature check success, patch is decrypted, obtains and mends
The symbol table that fourth carries;According to symbol table, verify whether the MD5 of patch kernel is consistent with kernel intermediate value, wherein, if unanimously,
Loading is performed, conversely, then terminating to load.
In embodiments of the present invention, whether verification unit is additionally operable to consistent with kernel intermediate value in the MD5 for verifying patch kernel
Afterwards, method further includes:Examine patch kernel MD5 it is consistent with kernel intermediate value after, verification patch whether meet it is executable with
Form ELF can be linked.
In embodiments of the present invention, application unit, for for patch application memory, and by patch from shared section key
Content copy is to the memory applied;Find all section regional address of load-on module, and initialization module object associated pointers;For section
Area's pcup allocation spaces.
In embodiments of the present invention, redefine unit, for searching system symbol table, symbol table that verification patch carries in
Whether system symbol table is consistent;If consistent, operation is redefined to redefining section area.
In embodiments of the present invention, patch for refreshing the memory applied, is added in list of patches by execution unit;Fortune
The initialization function of row patch, and clear up interim memory.
It is to be herein pointed out the description of Yi Shang kernel loads device embodiment, with above-mentioned loading method embodiment
Description is similar, has the advantageous effect similar with loading method embodiment.For kernel loads device embodiment of the present invention
In the technical detail that does not disclose, refer to the description of loading method embodiment of the present invention and understand.
Based on same inventive concept, the embodiment of the present invention provides a kind of kernel loads engine, including:Memory and processing
Device, wherein, storage is wherein stored with one or more program instruction, and processor executes program instructions to realize such as foregoing implementation
Example any one of them method and step.
Based on same inventive concept, the embodiment of the present invention provides to have program stored therein on a kind of readable storage medium storing program for executing, program quilt
Such as previous embodiment any one of them method and step is realized when processor performs.
It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program
Product.Therefore, the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware can be used in the present invention
Apply the form of example.Moreover, the computer for wherein including computer usable program code in one or more can be used in the present invention
The computer program production that usable storage medium is implemented on (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The present invention be with reference to according to the method for the embodiment of the present invention, the flow of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that it can be realized by computer program instructions every first-class in flowchart and/or the block diagram
The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided
The processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that the instruction performed by computer or the processor of other programmable data processing devices is generated for real
The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction generation being stored in the computer-readable memory includes referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or
The function of being specified in multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to generate computer implemented processing, so as in computer or
The instruction offer performed on other programmable devices is used to implement in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, but those skilled in the art once know basic creation
Property concept, then can make these embodiments other change and modification.So appended claims be intended to be construed to include it is excellent
It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
God and scope.In this way, if these modifications and changes of the present invention belongs to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising including these modification and variations.
Claims (10)
1. a kind of kernel loads method of patch, which is characterized in that including:
Patch from User space program is obtained by shared section key;
The patch is verified, and is the patch application memory in kernel memory field after verifying successfully;
The symbol table and Kernel Symbol Table carried according to the patch, internal nuclear symbol are redefined;
Refresh the memory applied, and run the initialization function of the patch so that the patch is loaded into after refreshing
In the memory of application.
2. according to the method described in claim 1, it is characterized in that, described verify the patch, including:
According to the mark of the patch, detect whether the patch has loaded;
When detecting that the patch does not load, signature check is carried out to the patch;
After signature check success, the patch is decrypted, obtains the symbol table that the patch carries;
According to the symbol table, verify whether the MD5 of the patch kernel is consistent with kernel intermediate value, wherein, if unanimously, performing
Loading, conversely, then terminating to load.
3. according to the method described in claim 2, it is characterized in that, in the MD5 and kernel of the verification patch kernel
After whether value is consistent, the method further includes:
Examine the patch kernel MD5 it is consistent with kernel intermediate value after, verify the patch whether meet it is executable with can chain
Meet form ELF.
4. according to the method described in claim 1, which is characterized in that described is in patch application in kernel memory field
It deposits, including:
For the patch application memory, and from the shared section key by the content copy of the patch in having applied
It deposits;
Find all section regional address of load-on module, and initialization module object associated pointers;
For section area's pcup allocation spaces.
5. it according to the method described in claim 1, it is characterized in that, the symbol table carried according to the patch and interior verifies
Number table, internal nuclear symbol are redefined, including:
System symbol table is searched, it is whether consistent in the system symbol table to verify the symbol table that the patch carries;
If consistent, operation is redefined to redefining section area.
6. according to the method described in claim 1, it is characterized in that, the initialization function of the operation patch, including:
The patch is added in into list of patches;
The initialization function of the patch is run, and clears up interim memory.
7. a kind of kernel loads device of patch, which is characterized in that including:
Acquiring unit, for obtaining the patch from User space program by shared section key;
Verification unit, for being verified to the patch;
Application unit, for being the patch application memory in kernel memory field after verifying successfully;
Unit is redefined, for the symbol table and Kernel Symbol Table carried according to the patch, internal nuclear symbol is redefined;
Execution unit for refreshing the memory applied, and runs the initialization function of the patch so that the patch loading
Into the memory applied.
8. device according to claim 7, which is characterized in that the verification unit, for the mark according to the patch,
Detect whether the patch has loaded;When detecting that the patch does not load, signature check is carried out to the patch;It is signing
After name verifies successfully, the patch is decrypted, obtains the symbol table that the patch carries;According to the symbol table, verification
Whether the MD5 of the patch kernel is consistent with kernel intermediate value, wherein, if unanimously, performing loading, conversely, then terminating to load.
9. a kind of kernel loads engine, which is characterized in that including:Memory and processor, wherein, there are one storage wherein storages
Or multiple program instructions, the processor perform described program instruction to realize such as claim 1 to 6 any one of them side
Method step.
10. a kind of computer readable storage medium, have program stored therein on the readable storage medium storing program for executing, which is characterized in that the journey
It is realized when sequence is executed by processor such as any one of claim 1 to 6 the method step.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711311849.0A CN108073411A (en) | 2017-12-11 | 2017-12-11 | A kind of kernel loads method and device of patch |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711311849.0A CN108073411A (en) | 2017-12-11 | 2017-12-11 | A kind of kernel loads method and device of patch |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108073411A true CN108073411A (en) | 2018-05-25 |
Family
ID=62158162
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711311849.0A Pending CN108073411A (en) | 2017-12-11 | 2017-12-11 | A kind of kernel loads method and device of patch |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108073411A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109472148A (en) * | 2018-11-15 | 2019-03-15 | 百度在线网络技术(北京)有限公司 | Load the method, apparatus and storage medium of hot patch |
CN112906008A (en) * | 2018-11-15 | 2021-06-04 | 百度在线网络技术(北京)有限公司 | Kernel vulnerability repairing method, device, server and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7913243B2 (en) * | 2005-06-21 | 2011-03-22 | International Business Machines Corporation | Method and system for generating and applying patches to a computer program concurrently with its execution |
CN103345412A (en) * | 2013-07-10 | 2013-10-09 | 华为技术有限公司 | Patching method and device |
CN105893085A (en) * | 2016-03-30 | 2016-08-24 | 百度在线网络技术(北京)有限公司 | Method and device for loading kernel module |
CN105893850A (en) * | 2016-03-30 | 2016-08-24 | 百度在线网络技术(北京)有限公司 | Bug fixing method and device |
-
2017
- 2017-12-11 CN CN201711311849.0A patent/CN108073411A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7913243B2 (en) * | 2005-06-21 | 2011-03-22 | International Business Machines Corporation | Method and system for generating and applying patches to a computer program concurrently with its execution |
CN103345412A (en) * | 2013-07-10 | 2013-10-09 | 华为技术有限公司 | Patching method and device |
CN105893085A (en) * | 2016-03-30 | 2016-08-24 | 百度在线网络技术(北京)有限公司 | Method and device for loading kernel module |
CN105893850A (en) * | 2016-03-30 | 2016-08-24 | 百度在线网络技术(北京)有限公司 | Bug fixing method and device |
Non-Patent Citations (3)
Title |
---|
孙胜方: "《嵌入式Linux操作系统内核热补丁研究与实现》", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
程友清: "《嵌入式网络设备软件热补丁技术研究》", 《微电子学与计算机》 * |
胡勇其等: "《Linux目标代码内核补丁的机理和应用》", 《计算机工程与应用》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109472148A (en) * | 2018-11-15 | 2019-03-15 | 百度在线网络技术(北京)有限公司 | Load the method, apparatus and storage medium of hot patch |
CN109472148B (en) * | 2018-11-15 | 2021-04-02 | 百度在线网络技术(北京)有限公司 | Method, device and storage medium for loading hot patch |
CN112906008A (en) * | 2018-11-15 | 2021-06-04 | 百度在线网络技术(北京)有限公司 | Kernel vulnerability repairing method, device, server and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11687645B2 (en) | Security control method and computer system | |
CN107679393B (en) | Android integrity verification method and device based on trusted execution environment | |
Dureuil et al. | From code review to fault injection attacks: Filling the gap using fault model inference | |
CN108628743B (en) | Application program testing method, device, equipment and storage medium | |
KR101434860B1 (en) | Method for Verifying Integrity of Dynamic Code Using Hash | |
CN103279712B (en) | The method, calibration equipment and the security system that enhance system security | |
CN105760787B (en) | System and method for the malicious code in detection of random access memory | |
CN105205413B (en) | A kind of guard method of data and device | |
CN104217139B (en) | Processing system | |
CN105723348A (en) | Detection of unauthorized memory modification and access using transactional memory | |
CN103049293B (en) | A kind of startup method of embedded credible system | |
CN106096418B (en) | SELinux-based startup security level selection method and device and terminal equipment | |
CN109960903A (en) | A kind of method, apparatus, electronic equipment and storage medium that application is reinforced | |
CN109271789B (en) | Malicious process detection method and device, electronic equipment and storage medium | |
CN107861793A (en) | Virtual hardware platform starts method, apparatus, equipment and computer-readable storage medium | |
CN109388946A (en) | Malicious process detection method, device, electronic equipment and storage medium | |
US20190197216A1 (en) | Method, apparatus, and computer-readable medium for executing a logic on a computing device and protecting the logic against reverse engineering | |
CN107273769A (en) | The guard method of a kind of electronic equipment and device | |
CN108073411A (en) | A kind of kernel loads method and device of patch | |
CN110245495A (en) | BIOS method of calibration, configuration method, equipment and system | |
CN113448681B (en) | Registration method, equipment and storage medium of virtual machine monitor public key | |
KR101482700B1 (en) | Method For Verifying Integrity of Program Using Hash | |
US20160092313A1 (en) | Application Copy Counting Using Snapshot Backups For Licensing | |
CN103258164A (en) | Starting method of embedded trusted system | |
WO2023096726A1 (en) | Vulnerability analysis of a computer driver |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180525 |
|
RJ01 | Rejection of invention patent application after publication |