CN109002706A - Data isolation guard method and system in a kind of process based on user class page table - Google Patents

Data isolation guard method and system in a kind of process based on user class page table Download PDF

Info

Publication number
CN109002706A
CN109002706A CN201810589291.0A CN201810589291A CN109002706A CN 109002706 A CN109002706 A CN 109002706A CN 201810589291 A CN201810589291 A CN 201810589291A CN 109002706 A CN109002706 A CN 109002706A
Authority
CN
China
Prior art keywords
page table
user
page
user class
physical
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810589291.0A
Other languages
Chinese (zh)
Other versions
CN109002706B (en
Inventor
赵阳洋
陈明宇
朱晓静
洪宗会
郭云格
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Computing Technology of CAS
Original Assignee
Institute of Computing Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Computing Technology of CAS filed Critical Institute of Computing Technology of CAS
Priority to CN201810589291.0A priority Critical patent/CN109002706B/en
Publication of CN109002706A publication Critical patent/CN109002706A/en
Application granted granted Critical
Publication of CN109002706B publication Critical patent/CN109002706B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/1009Address translation using page tables, e.g. page table structures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)
  • Memory System Of A Hierarchy Structure (AREA)

Abstract

The present invention relates to data isolation guard method and systems in the process based on user class page table, including the Virtual Space of consumer process is marked off a part as user's Self management region.It is user class page table region and user's Self management data area by user's Self management region division, the shielded sensitive data for being stored in user's Self management data area is only managed by the page table in the user class page table region.The user class page table could be accessed by the program object for limiting specified, the isolation of data in realization process.The physical page range that can be mapped by limiting the user class page table simultaneously, guarantees that the isolation of inter-process data is unaffected.The user class page table completes actual situation address of cache, page table initialization and processing of skipping leaf in Virtual Space;When interrupting, which carries out the customized interrupt processing of user, avoids falling into kernel, guarantees operational efficiency.The present invention can promote the efficiency of virtual memory system, and provide security protection in fine-grained process.

Description

Data isolation guard method and system in a kind of process based on user class page table
Technical field
The present invention relates to computer fields, and data isolation is protected in particular to a kind of process based on user class page table Method and system.
Background technique
Traditional computer system does not provide effective salvo for the data access inside process.General feelings Under condition, the data space in code random access process in processor hardware permission process, this is just that buffer overflow etc. is attacked The method of hitting provides potential attack approach.Attacker can obtain entire process by code vulnerabilities local in process The access authority of address space, the data and code for further controlling entire process execute.Many consumer-elcetronics devices all use The security module of extension ensures data safety, and mode common at present has:
1. outside mounts hardware security module.
The processing of data transfers to external security module to realize, these modules can protect the number such as oneself resource and key According to safety, such as SIM card, various smart cards or be connected to external hardware enciphering and deciphering module, but it is the same as the communication of master chip Route is exposed to outside, is easy monitored crack.In addition, the rate of communication is relatively low.
2. being internally integrated hardware security module.
The function of external security module is integrated into chip, therefore at least two cores on a chip, one common Core and a safe kernel.Advantage is communication portion's realization in the chip between core and core, is no longer exposed to outside.The disadvantage is that core it Between communication speed it is still lower, and individually safe kernel limited capacity can also occupy SoC area, higher cost.
The secure subsystems such as 3.ARM Trustzone, Intel SGX.
Trustzone safe practice introduces ARM framework specification since the ARMv6 version.Conceptually by the hardware of SoC and Software resource is divided into safety (Secure World) and non-security (Normal World) two worlds, all need for confidentiality Operation executes (such as fingerprint recognition, Cipher Processing, data encrypting and deciphering, safety certification) in safer world, remaining operation is in non-peace The whole world executes (such as operating system of user, various application programs), and safer world and the non-security world pass through regulatory format (MonitorMode) it is converted.Equally exist performance cost when pattern switching.
Intel SGX is the abbreviation of Intel Software Guard Extension.SGX is Intel instruction set architecture (ISA) extension mainly provides some instructions for creating a credible performing environment (Trusted Execution Environment, TEE, also known as Enclave).User space application program can execute safely in Enclave, without by malice Operating system (Operating System, OS) or management program (Hypervisor) attacked.Intel SGX technology provides The isolation of application layer needs to guarantee that the security sensitive code of confidentiality and integrity only trusts CPU, hardware, OS, using journey Sequence etc. cannot all influence the safety of this partial code execution.The main purpose of SGX technology is to protect the safety of application program quick Code is felt not by the high priority software interrupt of malice or destroys execution.
The technology of the above partition security subsystem only protects the data safety of a closed subsystem internal, for multiple Miscellaneous large size application program, cannot achieve the effective protection of data.Above-mentioned complex large-sized application program, refers in a process and includes Multiple threads, the memory headroom of shared routing between each thread;Or refer to the memory that program and data in a process occupy Space is GB magnitude.
Data Protection Technologies in the processes such as 4.Intel MPK, MPX.
Intel MPK (Memory ProtectionKey, memory protect keyword), be the page of memory is divided into it is more In a domain.Each page belongs to one of N number of domain, is specified by M bit in page table, this M bit is known as protecting keyword (protection key).Wherein N=2M.The guard method of MPK technology is that, when process accesses memory, hardware, which can check, works as Whether the protection keyword of preceding process and the protection keyword for the memory block to be accessed, different, can trigger exception.Together When, it is also necessary to meet the permission of the page represented by page table permission bits itself, both of which satisfaction is only legal accessing operation.
Intel MPX (Memory Protection eXtensions, memory protection extension), is in pointer access It deposits address range to be checked, assists realizing by hardware, be supported since the 6th generation Core processor (Skylake).It is compiling Under the support of device, library and operating system, MPX judges intention when its normal compilation by checking pointer reference, if because of buffering Malicious exploitation when area overflows and causes operation, to improve the safety of software.
PULP (ProtectionbyUser Level Partition, user class partition protecting) is a kind of based on processing The method of data isolation and protection in device program counter and memory access address information realization process.Inside the same process, limit Insincere code is made to destroy caused by security sensitive data and out-of-bounds access.
For three of the above for the technology of data protection in process, MPK is the isolation based on domain, MPX be based on address every It is the data isolation based on user class subregion from, PULP, the shortcomings that MPX is to need to modify to all address access, is increased Add decision instruction, expense is bigger.MPK and PULP common disadvantage is that data protection, domain can only be carried out as unit of the area Yu Huo Or area generally comprises several pages, therefore is the data protection of coarseness, cannot achieve the fine-grained process as unit of page Interior data isolation.
Summary of the invention
The present invention is the fine granularity protection of data in realization process, proposes and a kind of the page table of consumer process is placed on void The method that quasi- space is protected has one section of Virtual Space to be managed by consumer process itself in consumer process, and limitation can not Access of credit household's code to Virtual Space sensitive data.User class page table proposed by the present invention protection (PULPT, ProtectionbyUser Level Page Table) security mechanism, including divide user class page table and kernel page table, pipe User class page table is managed, the range of limitation user class page table mapping physical page, limiting only specified program object could access User class page table, out-of-bounds access, permission are illegal or skip leaf and can all trigger interruption, execute the customized interrupt processing process of user.Its In, management user class page table includes mutual conversion (the actual situation page of consumer process Self management region virtual address and physical address again Mapping process between face), the management method of physical space, page table initializes and priority assignation.
Specifically, the invention discloses data isolation guard methods in a kind of process based on user class page table, wherein Include:
The Virtual Space of consumer process is marked off a part voluntarily to be managed by consumer process, as user's Self management area User's Self management region division is user class page table region and user's Self management data area, the user class page table area by domain Domain is to store user class page table, and user's Self management data area is to store shielded sensitive data, the sensitive data It is only managed by the user class page table, management content includes modification actual situation address of cache, setting read-write executes permission, label is read The access state write.
Data isolation guard method in the process based on user class page table, wherein dividing user class page table and kernel page Table, specific method are, when the access instruction of the consumer process triggers hardware searching page table entry, judge that the access instruction is requested Virtual address whether belong in the boundary in user's Self management region, if so, selection user class page table root address, User class page table regional search page table entry;Otherwise page table entry is searched in kernel area in the root address for selecting kernel page table;
Processor includes virtual address limit register, for storing the upper bound and the lower bound in user's Self management region;Processing Device further includes address register, for storing the root address of the user class page table.
Data isolation guard method in the process based on user class page table, wherein the user class page table content is by the user Process voluntarily manages, and voluntarily applies for and distribute the virtual page number in user's Self management region in the consumer process implementation procedure, and Mapping relations are established for the virtual page number and physical page in user's Self management region, wherein the physical page is by the consumer process To obtained by kernel application.
Data isolation guard method in the process based on user class page table, wherein limiting the user class by following steps The range of page table mapping physical page: when processor write command executes, if the destination address of the write command belongs to user from pipe The user class page table region in region is managed, then the write-in data of the write command are the page table entry in user class page table region, from the page The physical page number of the physical page of destination address mapping is obtained in list item, and judges whether the physical page number is legal, it is legal to be Refer to the physical page range for belonging to the mapping of user class page table by kernel setup, then generates interruption if it is illegal, this is prevented to write finger It enables and user class page table region is written into page table entry, otherwise allow the write command that user class page table region is written in page table entry;
The physical page range of user class page table mapping is set by following steps: a kind of data knot is established by kernel Structure, the data element in the data structure are the physical page address of mapping, or mapping physical page physical page number, or should The corresponding indicating bit of physical page number, to physical page number whether legal judgement when writing the user class page table, by searching the data element Element is realized.
Data isolation guard method in the process based on user class page table visits the user class page table wherein limiting The program object asked, to protect the user class page table.
Data isolation guard method in the process based on user class page table, the wherein virtual page in user's Self management region Before face and physical page mapping transformation, a multi-level page-table from mapping is first initialized, and establish in page tables at different levels respectively Corresponding page table entry is directed toward the first address of respective page table, to complete the initialization procedure of the user class page table.
Data isolation guard method in the process based on user class page table, wherein executing access instruction in the consumer process During the virtual page number and the physical page mapping transformation that trigger user's Self management region, if interrupting, execute following Step:
Step 201, processor is detected in write back stage and is interrupted, and executes interrupt processing;
Step 202, whether need consumer process voluntarily handle, if so, executing step 203, otherwise execute step if judging to interrupt Rapid 206;
Step 203, consumer process voluntarily handles the interruption, and processor provides one group of user's special register and interrupts to save The program counter of instruction, the reason of interrupting and the address of memory access;
Step 204, program goes to the entrance of user's interrupt processing function, executes the customized interrupt processing function of user;
Step 205, terminate;
Step 206, conventional kernel interrupt processing process is executed, executes step 205 later.
Data isolation guard method in the process based on user class page table, wherein the consumer process is to obtained by kernel application Physical page, the management method of corresponding physical space includes:
The management process of physical space obtains preset data structure, to record the free physical page number of kernel distribution;
The finding step of data structure, when user's Self management region initializes or page faults occur, according to application Physical space size, multiple physical pages are obtained from the data structure, multiple physical page is sequentially mapped to virtually The page;
Physical page is put back into being somebody's turn to do for record free physical page number in page recycling by the inserting step of data structure Data structure;
The deletion step of data structure returns the physical page in the data structure interior when the consumer process exits Core.
The invention also discloses data isolations in a kind of process based on user class page table to protect system, including:
Preprocessing module is used before consumer process accesses memory by boundary and setting that user's Self management region is arranged Family grade page table root address, realizes the division in user class page table region and kernel page table region;The preprocessing module is also used to The management in user class page table region, including the initialization of user class page table, user's Self management region virtual address and physical address are built Access authority setting in vertical mapping relations, the corresponding physical space management of physical page and user class page table entry;
Processing module first determines whether the virtual address of request belongs to user from pipe when consumer process accesses memory Manage region, if so, from user class page table regional search page table entry, safeguard protection in consumer process unlatching process, otherwise from Kernel page table regional search page table entry, consumer process are in conventional safeguard protection state;Then judge whether request accesses use Family grade page table region, if so, further judge request object whether Internet access user class page table, and in user class page table entry Whether the physical page number of write-in belongs to the physical page range of user class page table mapping, if so then execute access request, otherwise Opens interrupters;If requesting access to user's Self management data area, consumer process execute user class page table entry permission bits it is illegal and It skips leaf inspection, if the two one occurs, otherwise opens interrupters execute access request.
Data isolation protects system in the process based on user class page table, and wherein the preprocessing module initializes one certainly The multi-level page-table of mapping, and the first address that corresponding page table entry is directed toward respective page table is established in page tables at different levels respectively, to complete The initialization procedure of the user class page table;
The data structure of preprocessing module management physical space, comprising:
Physical space management module obtains preset data structure, to record the free physical page number of kernel distribution;
Data structure lookup module, when user's Self management region initializes or page faults occur, according to application Physical space size obtains multiple physical pages from the data structure, and multiple physical page is sequentially mapped to virtual page Face;
Data structure is inserted into module, in page recycling, physical page is put back into the number of record free physical page number According to structure;
Physical page in the data structure is returned kernel when the consumer process exits by data structure removing module;
Processing module executes the customized interrupt processing process of user, particular content when interrupting when the program is run Include:
Detecting module is interrupted, detects and interrupts in write back stage for processor, executes interrupt processing;
Whether judgment module needs user voluntarily to handle, if so, calling user's interrupt module, otherwise for judging to interrupt Calling system interrupt module;
User's interrupt module, for voluntarily handling the interruption for consumer process, processor provides one group of dedicated deposit of user For device come the reason of saving the program counter of interrupt instruction, the interrupt and address of memory access, program goes to user's interrupt processing function Entrance, execute the customized interrupt processing function of user, later end interrupt handle;
System break module, for executing conventional kernel interrupt processing process, end interrupt is handled later.
Technological progress of the invention includes:
1. promoting the efficiency of virtual memory system.
The modification and maintenance of user class page table are mainly carried out in User space, are not needed frequently to pass in and out kernel, are reduced progress The expense of context switching.
2. security protection in fine-grained process.
User class page table such as can read and write as unit of the page, execute at the security configurations, not limited by the number of regions of MPX The bouds register number of system and PULP limit.User class page table can make the trusted code inside process cleverer to a certain extent Living is the accessible range of insincere code configuration.Wherein, trusted code and insincere code are set by consumer process, Such as consumer process can set principal function code as trusted code, the third party library function code of calling is insincere code. Consumer process can also set trusted code and insincere code according to other demands for security.
Detailed description of the invention
Fig. 1 is that the present invention is based on data protection schematic diagrames in the process of user class page table;
Fig. 2 is the customized interrupt processing flow chart of user of the present invention;
Fig. 3 is the management method flow chart of physical space of the present invention;
Fig. 4 is the method flow diagram that present invention limitation consumer process accesses physical page;
Fig. 5 is the three-level page table PTW procedure chart of the prior art;
Fig. 6 is that page table of the present invention initializes PTW procedure chart;
Fig. 7 is the Embedded process flow chart of the invention that skips leaf when PTE list item missing;
Fig. 8 is the Embedded process flow chart of the invention that skips leaf when PMD list item missing;
Fig. 9 is the Embedded process flow chart of the invention that skips leaf when PGD list item missing.
Specific embodiment
In order to solve the above-mentioned technical problem, it is an object of that present invention to provide a kind of fine granularity protection sides of data in process Method proposes and the page table of consumer process is placed on Virtual Space protects, have in consumer process one section of Virtual Space by with Family process is managed itself, limits access of the insincere personal code work to Virtual Space sensitive data.It is of the invention upper to allow More clearly understandable, special embodiment below can be illustrated by stating feature and effect, and Figure of description is cooperated to be described in detail below.
Embodiment of the method for the invention: data protection in the process based on user class page table
One section of Virtual Space of consumer process is set as user's Self management region, is user class page table area by the region division Domain and user's Self management data area, the sensitive data of user's Self management data area is only by the page in the user class page table region Table is managed, and data protection is as shown in Figure 1 in the process based on user class page table.
In 101 stages that pre-processed, the boundary 1013 in user's Self management region and the root mesh of user class page table is arranged in processor Record address 1014.In program operation, according to the boundary of the virtual address of memory access request and user's Self management region, judgement 1021 lookup page table entries are to carry out in user class page table region, or carry out in kernel area.The root of user class page table Location is different from the root address of kernel page table, therefore the division 1011 to user class page table and kernel page table may be implemented.
In pretreatment stage, the management 1012 in user class page table region, including the initialization of user class page table are also carried out 1015, user's Self management region virtual address and physical address establish mapping relations 1016, the corresponding physical space of physical page 1017 are managed, access authority setting 1018 in user class page table entry;
In program operation, if searching page table entry in kernel area, consumer process is in conventional safeguard protection state 1022;If in user class page table regional search page table entry, consumer process is in the safeguard protection state 1023 in process.
Under safeguard protection state in process, judge whether request accesses user class page table region 1024, if so, both It wants whether determining program object may have access to user class page table 1025, judges that the physical page number being written in user class page table entry is again It is no to belong to the physical page range 1026 that mapped, if violating the restrictive condition of the two one, opens interrupters, into user Customized interrupt processing 1029;Otherwise, if requesting access to user's Self management data area, consumer process will execute user class page List item permission bits illegal 1027 and inspection 1028 of skipping leaf, if the two one occurs, opens interrupters, into the customized interruption of user Processing.
Embodiment of the method for the invention: newly-increased register type and its function.
Newly-increased register is divided into four kinds, their title and function is as shown in table 1.Wherein physical page limit register group Can only kernel could read and write, remaining register group can only user security code can read and write.
1 present invention of table newly-increased register type and its function
The embodiment of the present invention: newly-increased register read write command and its function.
Newly-increased instruction is divided into two kinds, their title and menu is as shown in table 2.
2 present invention of table newly-increased instruction and its function
Embodiment of the method for the invention: the conversion of user class page table region virtual address to physical address.
The process that typical virtual address is converted into physical address is: retrieval page table is gone with logical page number (LPN), from page table To the physical page number of this page, it is fitted into physical address register.Meanwhile address does not need to convert in page, is sent directly into object It manages in the page of address register in address field.In this way, the content in physical address register is exactly the reality being spliced by the two Border accesses the address of memory, so as to complete the conversion from logical address (virtual address) to physical address.Traditional operation system In system, page table maintenance is completed by kernel.In execution process instruction, the lookup of page table entry and address translation are the hardware by processor It automatically processes, but filling in and modifying for page table entry is completed by software.Distinguish user's Self management space and kernel pipe Space is managed, actual situation address translation is done in user's Self management space by user class page table, improves holding for user's fine granularity modification page table Line efficiency, user program process voluntarily guarantee the safety of this section of spatial data
Embodiment of the method for the invention: the conversion of user class page table region physical address to virtual address.
In conventional design, page table is stored in inner core region, differs only by one between the virtual address and real address of inner core region Virtual address can be calculated by physical address and deviant in deviant (offset).But user's Self management region is not present This corresponding relationship.
When page table is stored in user Self management region, a kind of data structure is selected to store page table physical page number to virtual page Number corresponding relationship, this data structure includes but is not limited to table (list) or Hash table (hash table).It is realized to reduce Complexity, this data structure can treat as common consumer process data, the page table of these data structures is still by kernel It is managed, while limiting interior its modification of verification.
Embodiment of the method for the invention: the customized interrupt processing of user.
The actual situation in one section of region of self-management is wanted to map for user class and page table configures, the page faults occurred in this section of region It all needs that consumer process oneself is transferred to handle with the exception of rights violation, it is therefore desirable to increase the customized design of interruption of user.Specifically Implementation method be, distinguish interrupt processing function entrance, increase user's dedicated interrupt control register.Fig. 2 is that user is customized The process of interrupt processing, including the following steps:
Step 201, when the instruction that processor executes is interrupted, for Precise exceptions, that is, the finger that interrupts All instructions of front is enabled all correctly to execute, subsequent instruction is all not carried out, so in generally just detecting to write back stage It is disconnected, interrupt processing is executed, interruption herein is the interruption of entire computer system, there are many kinds of, more than page faults, such as calculate Software interrupt (page faults belong to this one kind) that device interrupts, the application programs such as spilling interruption, the keyboard and mouse of machine provide etc.. The process that exemplary processor executes instruction is divided into five stages, referred to as five-stage pipeline, is fetching, decoding, execution, visit respectively It deposits, write back.(Writeback, the WB) stage is write back the operation result data " writing back " in the stage of execution to certain storage form;
Step 202, judge interrupt whether need the customized interrupt processing of user in write back stage, if so, executing step 203, it is no to then follow the steps 206.Its judgment criteria is to check whether virtual address va when generating interruption belongs to user's Self management Region, if so, needing the customized interrupt processing of user;
Step 203, user wants oneself processing a part to interrupt, and processor will provide one group of user's special register to save The PC of interrupt instruction, the reason of interrupting and the address of memory access.Wherein, PC is program counter (program counter), is used to Store and indicate the address for the instruction that next to be executed;
Step 204, computer system interrupt handling routine goes to the entrance of the customized interrupt processing function of user, executes use The customized interrupt processing function in family;
Step 205, terminate;
Step 206, conventional kernel interrupt processing process is executed, only by taking the processor core Rocket_chip that increases income as an example, including The following contents, the PC of generation interrupt instruction, interrupt the reason of (abnormal to encode), memory access address (the relevant instruction of memory access) write It is posted to state of a control register (CSR, Control and Status Register) corresponding sepc, scause, sbadaddr In storage, is used for the interrupt handling routine of kernel, then program is gone to again the interrupt processing function entrance of kernel, in execution Disconnected processing function.
Thus it can guarantee that the exception of the page faults and rights violation that occur in the customized management region of user is all transferred to use Family process oneself processing does not need the context switching of User space and kernel state.Wherein, context is exactly the ring that process executes Border is specifically exactly each variable and data, including all register variables, file, memory information etc. that process is opened.
Embodiment of the method for the invention: the management of physical space.
In traditional design, consumer process does not need application physical page, this process is completed by kernel.And consumer process The actual situation in one section of region of self-management maps, so the needs to free physical pages can be generated, required free physical pages, The free physical page number of kernel distribution is recorded to a kind of data structure obtained by kernel application, can be chosen from consumer process.Shen Please free physical pages this processes there is no specific timing node, may be before actual situation mapping, it is also possible to be mapped in actual situation Later.
In the present invention, consumer process has the right to configure user class page table entry, so that there are the wind of any mapping physical page Danger, causes the physical page the other users process space to be mapped to user's Self management region, needs to limit user class page thus The range of table mapping physical page.Specific method is, when write command executes, to increase the judgement to its destination address, if belonging to Page table area range in user's Self management region then limits the data content of instruction write-in, it is ensured that write-in user's Self management area The physical page number of domain page table belongs to the physical page range that kernel distributes to consumer process.
The actual situation mapping in one section of region of consumer process self-management and user and page table configuration, required free physical pages It is consumer process to obtained by kernel application.User's Self management region is to the management method of physical space as shown in figure 3, including following Each section content:
The management process 301 of physical space, selects a kind of data structure, for recording the free physical page of kernel distribution Number.This data structure includes but is not limited to PPN table (ppn list).Only by taking PPN table as an example;
The finding step 302 of data structure, when user's Self management region initializes or page faults occur, according to application Physical space size the physical page of corresponding number is obtained from corresponding data structure, be then successively mapped to each physics one by one The corresponding virtual page number of the page.It is to execute search operation to PPN table;
The inserting step 303 of data structure puts back to physical page the number of record free physical page number in page recycling According to structure.It is to execute insertion operation several times to PPN table.If should be noted that without free physical pages, occur to lack When page interrupts, the mapping of physical page to virtual page number can not be just carried out, consumer process cannot be executed normally, it is therefore desirable to have page Face reclaimer operation.Consumer process can be inspected periodically, will when physical page number idle in system is less than specific threshold value Initiate the operation of page recycling.The size of this threshold value is determined as needed by consumer process;
The deletion step 304 of data structure returns the physical page in data structure interior when consumer process exits Core.It is to execute delete operation to PPN table.
Thus consumer process can be effectively prevent to utilize the configuration permission to user's Self management region page table entry, arbitrarily mapping object The page is managed, so that the physical page of other processes be accessed.
Embodiment of the method for the invention: limitation consumer process arbitrarily maps physical page.
Consumer process has the right to configure user class page table entry, so that there are the risks of any mapping physical page.Limit user The method that grade page table arbitrarily maps physical page is, when write command executes, to increase the judgement to its destination address, if belonging to use The page table area range in family Self management region then limits the data content of instruction write-in, it is ensured that write-in user's Self management region page The physical page number of table belongs to the physical page range that kernel distributes to consumer process.Because write command, which executes, is in processor flowing water The critical path of line, it is therefore desirable to the physical page range query method of hardware-efficient.
There are many kinds of the methods that physics Page Range is arranged.Most direct scheme is hardware setting multiple groups physical address boundary (physical address bound, pa_bound) register, to limit the physical page range that consumer process can map. This method realization is relatively simple, but has certain requirement, and pa_ to the continuity of the physical space of kernel distribution It will affect the speed of inquiry when the number of bound is more.
Other feasible schemes including but not limited to may have access to Physical Page using bit mapping (Bitmap) record consumer process The range in face, described herein specific examples are only used to explain the present invention, is not intended to limit the present invention.
Method using Bitmap record physical page range is, entire physical space with customized area size (ZONE_SIZE is the integral multiple of physical page size) is divided into several regions, the corresponding bit in each region, when being 1 Indicate that consumer process may map to this region.
When ZONE_SIZE is larger (MB grades), Bitmap the space occupied is smaller, can entirely be placed on piece register In, inquiry is very fast, but distribution physics spatial granularity in this way is larger, it is equally possible to cause the waste in space.When ZONE_SIZE compared with Hour (KB grade), kernel is fine-grained to give user memory distribution physical space, can be but opposite compared with good utilisation physical space, The occupied space of Bitmap is bigger, inevitably occurs needing on replacement blade in register the case where Bitmap.
The scheduling flow design of Bitmap is as shown in Figure 4.Wherein, PPN represents physical page number, and x represents arbitrary value, i.e. PPNx Indicate any one physical page number.Physical page number is divided into two parts, PPNx [Max-1:Index] and PPNx [Index-1:0], The former is the index (Index) for searching memory headroom Bitmap, and the latter is the corresponding memory headroom address storage of the index Bitmap value, Fig. 4 include the following contents:
402 two parts when whole flow process being divided into pretreatment stage 401 and program operation first.Wherein pretreatment stage is pressed According to the sequencing of execution, including three steps, respectively calculating parameter 4011, the content of memory headroom whole Bitmap is filled in 4012, two on piece registers 4013 are filled in, the two registers are respectively used to save PPNx [Max-1:Index] and PPNx [Index-1:0]。
Detailed process is as follows when program is run:
Step 4021, judge whether the index for the bit mapping that PPNx [Max-1:Index] and on piece register store matches, If matching, illustrate that bit mapping has been stored on piece register, executes step 4022, it is no to then follow the steps 4025;
Step 4022, according to the value of PPNx [Index-1:0], the bit mapping that on piece register stores is corresponded to the position of the value The bit (position) for setting storage takes out;
Step 4023, judge that the bit mapping of on piece register storage corresponds to whether position is 1, if so, 4024 are thened follow the steps, It is no to then follow the steps 4026.Wherein, 1 accessible corresponding physical page is indicated, 0 indicates to forbid accessing corresponding Physical Page Face;
Step 4024, consumer process accesses physical page, terminates current judgement;
Step 4025, from memory address Bitmap_base_addr+PPNx [Max-1:Index] * WIDTH/8, position is taken out Data are mapped, on piece register is written.Wherein, Bitmap_base_addr indicates the base of the address space of storage Bitmap Location, WIDTH indicate the bit wide of a Bitmap, and WIDTH/8 indicates byte length needed for storing a Bitmap;
Step 4026, forbid consumer process to access the physical page, terminate current judgement.
Embodiment of the method for the invention: user's Self management space page table initialization.
For user's Self management region, if the corresponding page carries out actual situation mapping not yet, just do not correspond to Page table root address, therefore subsequent step can not carry out.To solve this problem, consumer process is before address translation operation, First initialize a multi-level page-table from mapping, referred to as page table initialization procedure.
In order to reduce the size for the memory headroom that page table occupies, modern operating system is mostly using the page table structure of classification. Only by taking three-level page table as an example, the conversion process for completing virtual address to physical address is as shown in Figure 5.Occurring TLB miss's When, PTW (Page Table Walker) can be according to page table root address (sptbr, systempage table base Address the corresponding page table in virtual address) is taken out step by step according to the process that page table is translated, if corresponding page table entry does not reflect Physical address is penetrated, page faults will be triggered, actual situation map operation is carried out by system kernel, the above process is known as PTW (Page Table Walker).Wherein, sptbr is physical address, and page table includes three types, page global dictionary (Page Global Directory, PGD), page middle directory (Page Middle Directory, PMD), page table entry (Page Table Entry, PTE)。
The first step of address translation is according to the ppn saved inside sptbr, the i.e. physical page address of PGD, to obtain Corresponding list item in PGD.In modern operating system, the multi-level page-table of consumer process is all placed on kernel spacing, kernel spacing Page table all has built up perfect in system initialization, modifies page table content or permission bits with can be convenient.
But for user's Self management region, corresponding page PGD carries out actual situation mapping not yet, just without it The process of corresponding physical page number, entire address translation cannot carry out.To solve this problem, consumer process is being responsible for from pipe Before managing the operation of region actual situation address of cache, a three-level page table from mapping is first initialized, then respectively in PGD, PMD, PTE Corresponding page table entry is established on the page and is directed toward itself, referred to as page table initialization procedure, as shown in Figure 6.
To distinguish with typical case, user class page table is known as UPGD, UPMD, UPTE, wherein U indicates user.Page table Initialization procedure, using the traditional design of PTW, the virtual address (VA) for being respectively completed UPGD, UPMD, UPTE arrives physical address (PA) process converted, obtains UPGD_PA, UPMD_PA, UPTE_PA, increases step 601,602,603, make respectively UPGD_PA, UPMD_PA, UPTE_PA are directed toward the first address of respective page, complete initialization procedure.To simplify the illustration, set UPGD, UPMD, UPTE is stored in continuous three pages (VPN3, VPN3+1, VPN3+2) of user's space, has no this limitation in practical realization. Uptbr (userpage table base address) corresponds to sptbr, refers to the user class of user's space register storage Page table base.
Embodiment of the method for the invention: skip leaf Embedded process process in user's Self management space.
User class page table of the present invention is located at user's space, consumer process occur page faults when, user it is customized in Disconnected processing function is written and read page table, and the user class page table of user's space may be established not yet, cause to send out again It is raw to interrupt, form the nesting that skips leaf.By taking three-level page table as an example, the nesting that skips leaf is broadly divided into 3 kinds of situations: PGD list item missing, PMD table Item missing, PTE list item missing.
When the space size in user's Self management region is smaller, every grade of page table, which only needs to occupy a page, can be managed entirely Portion Self management region, then be only possible to there is a situation where PTE list item lack.The space size in user's Self management region cannot surpass at this time Cross PAGE_SIZE* (PAGE_SIZE/PTE_SIZE).Its calculation method are as follows: because every grade of page table only takes up a page, every page PAGE_SIZE/PTE_SIZE page table entry can be at most stored, i.e. user class page table at most manages (PAGE_SIZE/PTE_SIZE) The page in a user's Self management region, multiplied by page-size, the as space size in user's Self management region.Skip leaf Embedded process Process is as shown in Figure 7.
Step 701, PTE list item lacks;
Step 702, free physical page frame is judged whether there is, if so, step 703 is executed, it is no to then follow the steps 706;
Step 703, physics page frame is distributed;
Step 704, mapping relations are established according to the address that page faults occur;
Step 705, terminate;
Step 706, output error prompt information.
When the space size in user's Self management region is placed in the middle, page table PTE needed for user's Self management region will occupy super A page-size is crossed, PGD, PMD list item only need to occupy a page-size, and PTE list item and PMD list item all may hairs at this time Raw missing.When then page faults generate, what progress PTW judgement was interrupted first is which rank of page table, the place of PTE list item missing Process is managed as the processing method in the case of the first, the process flow of PMD list item missing is as shown in Figure 8.Wherein above-mentioned use The space size in family Self management region is placed in the middle, refers to that it is greater than PAGE_SIZE* (PAGE_SIZE/PTE_SIZE) and no more than PAGE_SIZE*(PAGE_SIZE/PTE_SIZE)*(PAGE_SIZE/PTE_SIZE).The calculation method of the latter are as follows: PMD is only accounted for With a page-size, then user class page table at most manages (PAGE_SIZE/PTE_SIZE) a PTE page table, and each PTE pages The size that table corresponds to user's Self management region is PAGE_SIZE* (PAGE_SIZE/PTE_SIZE), and the two is multiplied, as user The space size in Self management region.
Step 801, PMD list item lacks;
Step 802, free physical page frame is judged whether there is, if so, step 803 is executed, it is no to then follow the steps 809;
Step 803, a physics page frame is distributed from idle page frame chained list to be used to save PTE;
Step 804, the free virtual page is judged whether there is, if so, step 805 is executed, it is no to then follow the steps 809;
Step 805, a virtual page (vpn) is distributed from free virtual page chained list;
Step 806, virtual page and physics page frame are mapped;
Step 807, PTE list item is executed by Fig. 7 lack process flow;
Step 808, terminate;
Step 809, output error prompt information.
When the space in user's Self management region is very big, page table PMD needed for user's Self management region will occupy over one A page-size, PTE list item, PMD list item, PGD list item may all lack at this time.It is same to carry out when page faults generate What PTW judgement was interrupted is which rank of page table, for example above two feelings of process flow of PTE list item missing and PMD list item missing The process flow of condition, PGD list item missing is as shown in Figure 9.Wherein the space in above-mentioned user's Self management region is very big, refers to that it is greater than PAGE_SIZE*(PAGE_SIZE/PTE_SIZE)*(PAGE_SIZE/PTE_SIZE)。
Step 901, PGD list item lacks;
Step 902, free physical page frame is judged whether there is, if so, step 803 is executed, it is no to then follow the steps 809;
Step 903, a physics page frame is distributed from idle page frame chained list to be used to save PMD;
Step 904, the free virtual page is judged whether there is, if so, step 805 is executed, it is no to then follow the steps 809;
Step 905, a virtual page (vpn) is distributed from free virtual page chained list;
Step 906, virtual page and physics page frame are mapped;
Step 907, PMD list item is executed by Fig. 8 lack process flow;
Step 908, terminate;
Step 909, output error prompt information.
The following are system embodiment corresponding with above method embodiment, present embodiment can be mutual with above embodiment Cooperation is implemented.The above-mentioned relevant technical details mentioned in mode of applying are still effective in the present embodiment, in order to reduce repetition, this In repeat no more.Correspondingly, the relevant technical details mentioned in present embodiment are also applicable in above embodiment.
The invention also discloses data isolations in a kind of process based on user class page table to protect system, including:
Preprocessing module is used before consumer process accesses memory by boundary and setting that user's Self management region is arranged Family grade page table root address, realizes the division in user class page table region and kernel page table region;The preprocessing module is also used to The management in user class page table region, including the initialization of user class page table, user's Self management region virtual address and physical address are built Access authority setting in vertical mapping relations, the corresponding physical space management of physical page and user class page table entry;
Processing module first determines whether the virtual address of request belongs to user from pipe when consumer process accesses memory Manage region, if so, from user class page table regional search page table entry, safeguard protection in consumer process unlatching process, otherwise from Kernel page table regional search page table entry, consumer process are in conventional safeguard protection state;Then judge whether request accesses use Family grade page table region, if so, further judge request object whether Internet access user class page table, and in user class page table entry Whether the physical page number of write-in belongs to the physical page range of user class page table mapping, if so then execute access request, otherwise Opens interrupters;If requesting access to user's Self management data area, consumer process execute user class page table entry permission bits it is illegal and It skips leaf inspection, if the two one occurs, otherwise opens interrupters execute access request.
Data isolation protects system in the process based on user class page table, and wherein the preprocessing module initializes one certainly The multi-level page-table of mapping, and the first address that corresponding page table entry is directed toward respective page table is established in page tables at different levels respectively, to complete The initialization procedure of the user class page table;
The data structure of preprocessing module management physical space, comprising:
Physical space management module obtains preset data structure, to record the free physical page number of kernel distribution;
Data structure lookup module, when user's Self management region initializes or page faults occur, according to application Physical space size obtains multiple physical pages from the data structure, and multiple physical page is sequentially mapped to virtual page Face;
Data structure is inserted into module, in page recycling, physical page is put back into the number of record free physical page number According to structure;
Physical page in the data structure is returned kernel when the consumer process exits by data structure removing module;
Processing module executes the customized interrupt processing process of user, particular content when interrupting when the program is run Include:
Detecting module is interrupted, detects and interrupts in write back stage for processor, executes interrupt processing;
Whether judgment module needs user voluntarily to handle, if so, calling user's interrupt module, otherwise for judging to interrupt Calling system interrupt module;
User's interrupt module, for voluntarily handling the interruption for consumer process, processor provides one group of dedicated deposit of user For device come the reason of saving the program counter of interrupt instruction, the interrupt and address of memory access, program goes to user's interrupt processing function Entrance, execute the customized interrupt processing function of user, later end interrupt handle;
System break module, for executing conventional kernel interrupt processing process, end interrupt is handled later.

Claims (10)

1. data isolation guard method in a kind of process based on user class page table characterized by comprising
The Virtual Space of consumer process is marked off a part voluntarily to be managed by consumer process, it, will as user's Self management region User's Self management region division be user class page table region and user's Self management data area, the user class page table region to User class page table is stored, user's Self management data area is to store shielded sensitive data, and the sensitive data is only by this User class page table is managed, and management content includes modifying actual situation address of cache, setting the visit that read-write executes permission, label read-write Ask state.
2. data isolation guard method in the process as described in claim 1 based on user class page table, which is characterized in that divide User class page table and kernel page table, specific method are, when the access instruction of the consumer process triggers hardware searching page table entry, Judge whether the virtual address of access instruction request belongs in the boundary in user's Self management region, if so, selection user class The root address of page table, in user class page table regional search page table entry;Otherwise the root address of kernel page table is selected, inside Core region searches page table entry;
Processor includes virtual address limit register, for storing the upper bound and the lower bound in user's Self management region;Processor is also Including address register, for storing the root address of the user class page table.
3. data isolation guard method in the process as described in claim 1 based on user class page table, which is characterized in that the use Family grade page table content is voluntarily managed by the consumer process, is voluntarily applied in the consumer process implementation procedure and is distributed the user from pipe The virtual page number in region is managed, and establishes mapping relations for the virtual page number and physical page in user's Self management region, wherein should Physical page is from the consumer process to obtained by kernel application.
4. data isolation guard method in the process based on user class page table as described in claim 1 and 3, which is characterized in that The range that the user class page table maps physical page is limited by following steps: when processor write command executes, if this writes finger The destination address of order belongs to the user class page table region in user's Self management region, then the write-in data of the write command are user class The page table entry in page table region, obtains the physical page number of the physical page of destination address mapping from the page table entry, and judging should Whether physical page number is legal, the legal physical page range for belonging to the mapping of user class page table referred to by kernel setup, if not conforming to Rule generates interruption, prevents the write command that user class page table region is written in page table entry, otherwise allows the write command by page table entry User class page table region is written;
The physical page range of user class page table mapping is set by following steps: a kind of data structure is established by kernel, it should Data element in data structure is the physical page address of mapping, or the physical page number or the physics of the physical page mapped The corresponding indicating bit of page number, to physical page number whether legal judgement when writing the user class page table, by searching data element reality It is existing.
5. data isolation guard method in the process as described in claim 1 based on user class page table, which is characterized in that limit To the program object that the user class page table accesses, to protect the user class page table.
6. data isolation guard method in the process as claimed in claim 1 or 3 based on user class page table, which is characterized in that Before the virtual page number in user's Self management region and physical page mapping transformation, a multistage page from mapping is first initialized Table, and the first address that corresponding page table entry is directed toward respective page table is established in page tables at different levels respectively, to complete the user class page table Initialization procedure.
7. data isolation guard method in the process as claimed in claim 1 or 3 based on user class page table, which is characterized in that The virtual page number and physical page mapping transformation process that access instruction triggers user's Self management region are executed in the consumer process In, if interrupting, execute following steps:
Step 201, processor is detected in write back stage and is interrupted, and executes interrupt processing;
Step 202, whether judge to interrupt needs consumer process voluntarily to handle, if so, step 203 is executed, it is no to then follow the steps 206;
Step 203, consumer process voluntarily handles the interruption, and processor provides one group of user's special register to save interrupt instruction Program counter, interrupt the reason of and memory access address;
Step 204, program goes to the entrance of user's interrupt processing function, executes the customized interrupt processing function of user;
Step 205, terminate;
Step 206, conventional kernel interrupt processing process is executed, executes step 205 later.
8. data isolation guard method in the process as claimed in claim 1 or 3 based on user class page table, which is characterized in that The consumer process includes: to the resulting physical page of kernel application, the management method of corresponding physical space
The management process of physical space obtains preset data structure, to record the free physical page number of kernel distribution;
The finding step of data structure, when user's Self management region initializes or page faults occur, according to the object of application Space size is managed, multiple physical pages are obtained from the data structure, multiple physical page is sequentially mapped to virtual page number;
The inserting step of data structure is put back into physical page the data of record free physical page number in page recycling Structure;
Physical page in the data structure is returned kernel when the consumer process exits by the deletion step of data structure.
9. data isolation protects system in a kind of process based on user class page table characterized by comprising
Preprocessing module, before consumer process accesses memory, by boundary and setting user class that user's Self management region is arranged The division in user class page table region and kernel page table region is realized in page table root address;The preprocessing module is also used to user The management in grade page table region, including the initialization of user class page table, user's Self management region virtual address and physical address foundation are reflected Access authority in the corresponding physical space management of relationship, physical page and user class page table entry is penetrated to be arranged;
Processing module first determines whether the virtual address of request belongs to user's Self management area when consumer process accesses memory Domain, if so, from user class page table regional search page table entry, safeguard protection in consumer process unlatching process, otherwise from kernel Page table regional search page table entry, consumer process are in conventional safeguard protection state;Then judge whether request accesses user class Page table region, if so, further judge request object whether Internet access user class page table, and be written in user class page table entry Physical page number whether belong to the user class page table mapping physical page range otherwise opened if so then execute access request It interrupts;If requesting access to user's Self management data area, consumer process execution user class page table entry permission bits are illegal and skip leaf It checks, if the two one occurs, otherwise opens interrupters execute access request.
10. data isolation protects system in the process as claimed in claim 9 based on user class page table, which is characterized in that should Preprocessing module initializes a multi-level page-table from mapping, and establishes corresponding page table entry in page tables at different levels respectively and be directed toward respectively From the first address of page table, to complete the initialization procedure of the user class page table;
The data structure of preprocessing module management physical space, comprising:
Physical space management module obtains preset data structure, to record the free physical page number of kernel distribution;
Data structure lookup module, when user's Self management region initializes or page faults occur, according to the physics of application Space size obtains multiple physical pages from the data structure, and multiple physical page is sequentially mapped to virtual page number;
Data structure is inserted into module, in page recycling, physical page is put back into the data knot of record free physical page number Structure;
Physical page in the data structure is returned kernel when the consumer process exits by data structure removing module;
Processing module executes the customized interrupt processing process of user when interrupting when the program is run, and particular content includes:
Detecting module is interrupted, detects and interrupts in write back stage for processor, executes interrupt processing;
Whether judgment module needs user voluntarily to handle, if so, calling user's interrupt module, otherwise calls for judging to interrupt System break module;
User's interrupt module, for voluntarily handling the interruption for consumer process, processor, which provides one group of user's special register, to be come The address of the reason of saving the program counter of interrupt instruction, interrupting and memory access, program go to entering for user's interrupt processing function Mouthful, the customized interrupt processing function of user is executed, end interrupt is handled later;
System break module, for executing conventional kernel interrupt processing process, end interrupt is handled later.
CN201810589291.0A 2018-06-08 2018-06-08 In-process data isolation protection method and system based on user-level page table Active CN109002706B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810589291.0A CN109002706B (en) 2018-06-08 2018-06-08 In-process data isolation protection method and system based on user-level page table

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810589291.0A CN109002706B (en) 2018-06-08 2018-06-08 In-process data isolation protection method and system based on user-level page table

Publications (2)

Publication Number Publication Date
CN109002706A true CN109002706A (en) 2018-12-14
CN109002706B CN109002706B (en) 2021-04-06

Family

ID=64600619

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810589291.0A Active CN109002706B (en) 2018-06-08 2018-06-08 In-process data isolation protection method and system based on user-level page table

Country Status (1)

Country Link
CN (1) CN109002706B (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110069935A (en) * 2019-03-20 2019-07-30 上海交通大学 Inside protecting sensitive data method and system based on label memory
CN110147670A (en) * 2019-05-21 2019-08-20 电子科技大学 Persistence method for protecting EMS memory between a kind of process working in kernel state
CN110532767A (en) * 2019-08-19 2019-12-03 上海交通大学 Internal insulation method towards SGX security application
CN111143900A (en) * 2019-12-24 2020-05-12 海光信息技术有限公司 Data processing method, data access control method, data processing system, data access control system, data processing device, data processing apparatus, and storage medium
CN111367831A (en) * 2020-03-26 2020-07-03 超验信息科技(长沙)有限公司 Deep prefetching method and component for translation page table, microprocessor and computer equipment
CN111597124A (en) * 2020-04-21 2020-08-28 重庆大学 Persistent memory file system data organization method, system and storage medium
EP3757804A1 (en) * 2019-06-28 2020-12-30 INTEL Corporation Page tables for granular allocation of memory pages
CN112182560A (en) * 2020-09-17 2021-01-05 上海交通大学 Efficient isolation method, system and medium for Intel SGX interior
CN112379927A (en) * 2020-11-17 2021-02-19 深圳市和讯华谷信息技术有限公司 Method and device for remotely executing code instructions, computer equipment and storage medium
CN112817780A (en) * 2021-02-01 2021-05-18 上海交通大学 Method and system for realizing safety and high-performance interprocess communication
CN115061954A (en) * 2022-08-18 2022-09-16 统信软件技术有限公司 Missing page interrupt processing method, computing device and storage medium
CN115934002A (en) * 2023-03-08 2023-04-07 阿里巴巴(中国)有限公司 Solid state disk access method, solid state disk, storage system and cloud server
CN116185902A (en) * 2023-04-13 2023-05-30 阿里云计算有限公司 Table segmentation method, system, electronic equipment and readable medium
WO2023098536A1 (en) * 2021-11-30 2023-06-08 华为技术有限公司 Method and apparatus for running process
WO2023098653A1 (en) * 2021-11-30 2023-06-08 华为技术有限公司 Kernel protecting method, apparatus and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1737761A (en) * 2004-08-18 2006-02-22 中兴通讯股份有限公司 Method for protecting assigned course private data area and stack area
CN103699498A (en) * 2013-11-25 2014-04-02 南京大学 Application key data protection system and protection method
CN104092743A (en) * 2014-06-27 2014-10-08 清华大学 User data protecting method and system in cloud environment
CN105335306A (en) * 2014-06-30 2016-02-17 华为技术有限公司 Memory control method and memory control device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1737761A (en) * 2004-08-18 2006-02-22 中兴通讯股份有限公司 Method for protecting assigned course private data area and stack area
CN103699498A (en) * 2013-11-25 2014-04-02 南京大学 Application key data protection system and protection method
CN104092743A (en) * 2014-06-27 2014-10-08 清华大学 User data protecting method and system in cloud environment
CN105335306A (en) * 2014-06-30 2016-02-17 华为技术有限公司 Memory control method and memory control device

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110069935A (en) * 2019-03-20 2019-07-30 上海交通大学 Inside protecting sensitive data method and system based on label memory
CN110147670B (en) * 2019-05-21 2020-10-27 电子科技大学 Inter-process persistent memory protection method working in kernel mode
CN110147670A (en) * 2019-05-21 2019-08-20 电子科技大学 Persistence method for protecting EMS memory between a kind of process working in kernel state
EP3757804A1 (en) * 2019-06-28 2020-12-30 INTEL Corporation Page tables for granular allocation of memory pages
CN110532767A (en) * 2019-08-19 2019-12-03 上海交通大学 Internal insulation method towards SGX security application
CN111143900A (en) * 2019-12-24 2020-05-12 海光信息技术有限公司 Data processing method, data access control method, data processing system, data access control system, data processing device, data processing apparatus, and storage medium
CN111143900B (en) * 2019-12-24 2023-09-26 海光信息技术(苏州)有限公司 Data processing and access control method, system, device, equipment and storage medium
CN111367831A (en) * 2020-03-26 2020-07-03 超验信息科技(长沙)有限公司 Deep prefetching method and component for translation page table, microprocessor and computer equipment
CN111597124A (en) * 2020-04-21 2020-08-28 重庆大学 Persistent memory file system data organization method, system and storage medium
CN112182560A (en) * 2020-09-17 2021-01-05 上海交通大学 Efficient isolation method, system and medium for Intel SGX interior
CN112182560B (en) * 2020-09-17 2022-04-26 上海交通大学 Efficient isolation method, system and medium for Intel SGX interior
CN112379927A (en) * 2020-11-17 2021-02-19 深圳市和讯华谷信息技术有限公司 Method and device for remotely executing code instructions, computer equipment and storage medium
CN112379927B (en) * 2020-11-17 2024-01-23 深圳市和讯华谷信息技术有限公司 Method, device, computer equipment and storage medium for remotely executing code instructions
CN112817780A (en) * 2021-02-01 2021-05-18 上海交通大学 Method and system for realizing safety and high-performance interprocess communication
CN112817780B (en) * 2021-02-01 2022-03-11 上海交通大学 Method and system for realizing safety and high-performance interprocess communication
WO2023098536A1 (en) * 2021-11-30 2023-06-08 华为技术有限公司 Method and apparatus for running process
WO2023098653A1 (en) * 2021-11-30 2023-06-08 华为技术有限公司 Kernel protecting method, apparatus and system
CN115061954B (en) * 2022-08-18 2022-11-29 统信软件技术有限公司 Missing page interrupt processing method, computing device and storage medium
CN115061954A (en) * 2022-08-18 2022-09-16 统信软件技术有限公司 Missing page interrupt processing method, computing device and storage medium
CN115934002A (en) * 2023-03-08 2023-04-07 阿里巴巴(中国)有限公司 Solid state disk access method, solid state disk, storage system and cloud server
CN115934002B (en) * 2023-03-08 2023-08-04 阿里巴巴(中国)有限公司 Solid state disk access method, solid state disk, storage system and cloud server
CN116185902A (en) * 2023-04-13 2023-05-30 阿里云计算有限公司 Table segmentation method, system, electronic equipment and readable medium

Also Published As

Publication number Publication date
CN109002706B (en) 2021-04-06

Similar Documents

Publication Publication Date Title
CN109002706A (en) Data isolation guard method and system in a kind of process based on user class page table
US11630920B2 (en) Memory tagging for side-channel defense, memory safety, and sandboxing
JP5581403B2 (en) Store secure mode page table data in secure and non-secure areas of memory
US8296538B2 (en) Storing secure mode page table data in secure and non-secure regions of memory
CN109840410A (en) The method and system of data isolation and protection in a kind of process
CN103842976A (en) Input/output memory management unit with protection mode for preventing memory access by i/o devices
EP3867763B1 (en) Trusted intermediary realm
CN115357527A (en) Techniques for executing transactional-only memory
EP3881189B1 (en) An apparatus and method for controlling memory accesses
WO2020057394A1 (en) Method and device for monitoring memory access behavior of sample process
CN115335814A (en) Apparatus and method for using multiple physical address spaces
CN110532767A (en) Internal insulation method towards SGX security application
Aga et al. InvisiPage: oblivious demand paging for secure enclaves
US20230236925A1 (en) Tag checking apparatus and method
EP3818447B1 (en) Memory access control
WO2021209744A1 (en) Data integrity check for granule protection data
CN115298655A (en) Controlling memory access in a data processing system having multiple subsystems
US20230342289A1 (en) Apparatus and method for managing capabilities
US20240202139A1 (en) Technique for constraining access to memory using capabilities
US20230132695A1 (en) Apparatus and method using plurality of physical address spaces
Jaamoum Strategies for securing cache memories against software side-channel attacks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant