CN109002706B - In-process data isolation protection method and system based on user-level page table - Google Patents

In-process data isolation protection method and system based on user-level page table Download PDF

Info

Publication number
CN109002706B
CN109002706B CN201810589291.0A CN201810589291A CN109002706B CN 109002706 B CN109002706 B CN 109002706B CN 201810589291 A CN201810589291 A CN 201810589291A CN 109002706 B CN109002706 B CN 109002706B
Authority
CN
China
Prior art keywords
user
page table
page
physical
level
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810589291.0A
Other languages
Chinese (zh)
Other versions
CN109002706A (en
Inventor
赵阳洋
陈明宇
朱晓静
洪宗会
郭云格
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Computing Technology of CAS
Original Assignee
Institute of Computing Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Computing Technology of CAS filed Critical Institute of Computing Technology of CAS
Priority to CN201810589291.0A priority Critical patent/CN109002706B/en
Publication of CN109002706A publication Critical patent/CN109002706A/en
Application granted granted Critical
Publication of CN109002706B publication Critical patent/CN109002706B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/1009Address translation using page tables, e.g. page table structures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)
  • Memory System Of A Hierarchy Structure (AREA)

Abstract

The invention relates to a method and a system for protecting in-process data isolation based on a user-level page table. The user self-management area is divided into a user level page table area and a user self-management data area, and the protected sensitive data stored in the user self-management data area is managed only by the page table of the user level page table area. The isolation of data in the process is realized by limiting the designated program object to access the user-level page table. Meanwhile, the physical page range which can be mapped by the user-level page table is limited, so that the isolation of data between processes is not influenced. The user-level page table completes virtual and real address mapping, page table initialization and page missing processing in a virtual space; when the interrupt occurs, the user-level page table carries out user-defined interrupt processing, avoids trapping in a kernel, and ensures the operating efficiency. The invention can improve the efficiency of the virtual memory system and provide fine-grained in-process security protection.

Description

In-process data isolation protection method and system based on user-level page table
Technical Field
The invention relates to the field of computers, in particular to a method and a system for protecting in-process data isolation based on a user-level page table.
Background
Conventional computer systems do not provide an effective means of protecting data access within a process. In general, processor hardware allows code in a process to arbitrarily access data space in the process, which provides a potential attack approach for attack methods such as buffer overflow. The attack program can obtain the access authority of the whole process address space through local code bugs in the process, and further control the execution of data and codes of the whole process. Many consumer electronic devices use extended security modules to ensure data security, and currently common methods are:
1. and a hardware safety module is hung outside.
The processing of data is realized by external security modules, which can protect the security of data such as own resources and keys, such as SIM cards, various smart cards or hardware encryption and decryption modules connected to the outside, but the communication lines of the modules and the main chip are exposed to the outside and are easy to be monitored and cracked. In addition, the rate of communication is relatively low.
2. And internally integrating the hardware security module.
The functionality of the external security module is integrated into the chip so that there are at least two cores, a normal core and a secure core, on a chip. The advantage is that the communication between the cores is realized inside the chip and is not exposed outside. The disadvantages are that the communication speed between cores is still low, and the performance of the single safety core is limited, and the SoC area is occupied, and the cost is high.
And 3, ARM Trustzone, Intel SGX and other safety subsystems.
Trustzone security technology introduced the ARM architecture specification from ARMv6 version. The hardware and software resources of the SoC are conceptually divided into a Secure World and a non-Secure World, all operations needing to be kept secret are executed in the Secure World (such as fingerprint identification, cryptographic processing, data encryption and decryption, Secure authentication and the like), the rest operations are executed in the non-Secure World (such as a user operating system, various application programs and the like), and the Secure World and the non-Secure World are converted through a supervision Mode (Monitor Mode). There is also a performance overhead at mode switching.
Intel SGX is an abbreviation for Intel Software Guard Extension. SGX is an extension of the Intel Instruction Set Architecture (ISA), and mainly provides instructions for creating a Trusted Execution Environment (TEE). The user mode application can be executed in the Enclave safely without being attacked by a malicious Operating System (OS) or a Hypervisor (Hypervisor). The Intel SGX technology provides isolation at an application level, and security sensitive codes which need to ensure confidentiality and integrity only trust a CPU, and hardware, an OS, an application program and the like cannot influence the security of the execution of the codes. The primary purpose of SGX technology is to protect the security sensitive code of an application from being interrupted or corrupted by malicious high priority software.
The above technology of the partition safety subsystem only protects the data safety inside one closed subsystem, and cannot realize effective protection of data for complex large-scale application programs. The complex large application program refers to a process which comprises a plurality of threads, and memory space of the program is shared among the threads; or that the memory space occupied by programs and data within a process is of the order of GB.
And 4, data protection technology in processes such as Intel MPK and MPX.
An Intel MPK (Memory protection key) is a method for dividing pages of a Memory into a plurality of domains. Each page belongs to one of N domains, specified by M bits in the page table, called protection key (protection key). Wherein N is 2M. The protection method of the MPK technology is that when a process accesses a memory, hardware can check whether a protection key word of the current process is the same as that of a memory block to be accessed, and if not, an exception is triggered. Meanwhile, the authority of the page represented by the authority limit of the page table itself must be satisfied, and both the authority and the authority are satisfied to be legal access operation.
Intel MPX (Memory Protection eXtensions) checks a Memory address range accessed by a pointer, and is implemented with hardware assistance, and starts with a sixth generation Core processor (Skylake) to support. Under the support of a compiler, a library and an operating system, MPX judges the intention of normal compilation by checking pointer reference and judges whether malicious utilization is caused during running due to buffer overflow, thereby improving the safety of software.
PULP (Protection by User Level Partition Protection) is a method for realizing data isolation and Protection in a process based on association of a processor program counter and a memory access address. And within the same process, the damage and the out-of-range access of the untrusted code to the security sensitive data are limited.
In the above three technologies for protecting data in a process, MPK is based on domain isolation, MPX is based on address isolation, and pupp is based on user-level partition data isolation, and MPX has the disadvantages that all address accesses need to be modified, judgment instructions are added, and overhead is high. The common disadvantage of MPK and PULP is that data protection can only be performed in units of domains or regions, which generally include several pages, and thus, coarse-grained data protection cannot be achieved, and fine-grained in-process data isolation in units of pages cannot be achieved.
Disclosure of Invention
The invention provides a method for protecting a page table of a user process in a virtual space for realizing fine-grained protection of data in the process, wherein a section of the virtual space in the user process is managed by the user process, and access of untrusted user codes to sensitive data in the virtual space is limited. The safety mechanism of User Level Page Table Protection (PULPT) comprises a User Level Page Table and a kernel Page Table which are divided, a User Level Page Table is managed, the range of a User Level Page Table mapping physical Page is limited, only a specified program object can access the User Level Page Table, and the User Level Page Table can be triggered to be interrupted when the User Level Page Table is accessed beyond the border, the authority is illegal or the Page is missing, so that the User defined interrupt processing flow is executed. The management of the user-level page table includes mutual conversion between a virtual address and a physical address of a self-management area of a user process (mapping process between virtual and real pages), a management method of a physical space, page table initialization and authority setting.
Specifically, the invention discloses a method for protecting in-process data isolation based on a user-level page table, which comprises the following steps:
the method comprises the steps of dividing a virtual space of a user process into a part, automatically managing the part by the user process as a user self-management area, dividing the user self-management area into a user-level page table area and a user self-management data area, wherein the user-level page table area is used for storing a user-level page table, the user self-management data area is used for storing protected sensitive data, the sensitive data is only managed by the user-level page table, and the management content comprises the steps of modifying virtual-real address mapping, setting read-write execution authority and marking the read-write access state.
The in-process data isolation protection method based on the user-level page table is characterized in that the user-level page table and the kernel page table are divided, and the specific method is that when a memory access instruction of the user process triggers hardware to search page table entries, whether a virtual address requested by the memory access instruction belongs to the boundary of a user self-management area is judged, if yes, a root directory address of the user-level page table is selected, and the page table entries are searched in the user-level page table area; otherwise, selecting the root directory address of the kernel page table, and searching page table entries in the kernel area;
the processor comprises a virtual address limit register for storing an upper bound and a lower bound of the user self-management area; the processor also includes an address register to store a root directory address of the user-level page table.
The in-process data isolation protection method based on the user-level page table is characterized in that the content of the user-level page table is managed by the user process, the user process applies for and allocates a virtual page of the user self-management area in the execution process, and a mapping relation is established between the virtual page and a physical page of the user self-management area, wherein the physical page is obtained by applying for a kernel by the user process.
The in-process data isolation protection method based on the user-level page table is characterized in that the range of the physical page mapped by the user-level page table is limited by the following steps: when a processor write instruction is executed, if a destination address of the write instruction belongs to a user-level page table region of a user self-management region, write data of the write instruction is a page table item of the user-level page table region, a physical page number of a physical page mapped by the destination address is obtained from the page table item, and whether the physical page number is legal is judged, wherein the legal is a physical page range which is configured by a kernel and belongs to the user-level page table mapping, if the interruption is not generated by a rule, the write instruction is prevented from writing the page table item into the user-level page table region, otherwise, the write instruction is allowed to write the page table item into the user-level page table region;
setting a physical page range mapped by the user-level page table by: establishing a data structure by a kernel, wherein a data element in the data structure is a mapped physical page address, or a mapped physical page number, or an indication bit corresponding to the physical page number, and judging whether the physical page number is legal or not when the user-level page table is written is realized by searching the data element.
The in-process data isolation protection method based on the user-level page table is characterized in that a program object for accessing the user-level page table is limited to protect the user-level page table.
Before mapping transformation between a virtual page and a physical page of a user self-management area, a self-mapped multi-level page table is initialized, and corresponding page table entries are respectively established on each level of page table to point to the first address of each page table, so that the initialization process of the user-level page table is completed.
In the process of mapping and transforming the virtual page and the physical page of the user self-management area triggered by the access instruction executed by the user process, if an interrupt occurs, the following steps are executed:
step 201, the processor detects an interrupt in a write-back stage and executes an interrupt process;
step 202, judging whether the interruption needs to be processed by the user process, if so, executing step 203, otherwise, executing step 206;
step 203, the user process processes the interrupt by itself, the processor provides a group of user special registers to store the program counter of the interrupt instruction, the interrupt reason and the access address;
step 204, the program is transferred to the entrance of the user interrupt processing function, and the user-defined interrupt processing function is executed;
step 205, end;
in step 206, the conventional kernel interrupt handling flow is executed, followed by step 205.
The in-process data isolation protection method based on the user-level page table is characterized in that the user process applies for the obtained physical page from the kernel, and the management method of the corresponding physical space comprises the following steps:
a step of managing a physical space, which is to acquire a preset data structure and record the number of an idle physical page allocated by a kernel;
a data structure searching step, when the user initializes the self-management area or breaks the page missing, according to the applied physical space size, a plurality of physical pages are taken from the data structure, and the plurality of physical pages are mapped to the virtual pages in sequence;
inserting a data structure, namely putting the physical page back to the data structure recording the idle physical page number when the page is recycled;
and deleting the data structure, and returning the physical page in the data structure to the kernel when the user process exits.
The invention also discloses a system for protecting the data isolation in the process based on the user-level page table, which comprises the following steps:
the preprocessing module is used for realizing the division of a user-level page table region and a kernel page table region by setting the boundary of a user self-management region and setting a user-level page table root directory address before a user process accesses a memory; the preprocessing module is also used for managing a user-level page table region, and comprises user-level page table initialization, mapping relation establishment between a virtual address and a physical address of a user self-management region, physical space management corresponding to a physical page and access authority setting in a user-level page table entry;
the processing module is used for judging whether the requested virtual address belongs to a user self-management area or not when a user process accesses the memory, if so, searching page table entries from a user-level page table area, starting security protection in the process by the user process, otherwise, searching page table entries from a kernel page table area, and keeping the user process in a conventional security protection state; then judging whether the request accesses a user-level page table region, if so, further judging whether the request object has the right to access the user-level page table, and whether a physical page number written in a user-level page table entry belongs to a physical page range mapped by the user-level page table, if so, executing the access request, otherwise, starting interruption; and if the user self-management data area is requested to be accessed, the user process executes user-level page table entry permission violation and missing page check, if one of the user-level page table entry permission violation and the missing page check occurs, the interrupt is started, otherwise, the access request is executed.
The in-process data isolation protection system based on the user-level page table is characterized in that the preprocessing module initializes a self-mapped multi-level page table, and establishes corresponding page table entries on each level of page table to point to the first addresses of the respective page table so as to complete the initialization process of the user-level page table;
the preprocessing module manages a data structure of a physical space, including:
the physical space management module is used for acquiring a preset data structure and recording the idle physical page number distributed by the kernel;
the data structure searching module is used for acquiring a plurality of physical pages from the data structure according to the size of the applied physical space when the user initializes the self-management area or breaks the page missing, and sequentially mapping the physical pages to the virtual pages;
the data structure insertion module is used for putting the physical page back to the data structure recording the idle physical page number when the page is recovered;
the data structure deleting module is used for returning the physical page in the data structure to the kernel when the user process exits;
when the program runtime processing module is interrupted, executing a user-defined interrupt processing process, wherein the specific contents comprise:
the interrupt detection module is used for detecting the interrupt in the write-back stage and executing the interrupt processing;
the judging module is used for judging whether the interruption needs to be processed by the user, if so, the user interruption module is called, and otherwise, the system interruption module is called;
the processor provides a group of special registers for storing a program counter of an interrupt instruction, an interrupt reason and an access address, a program is transferred to an inlet of a user interrupt processing function, the user-defined interrupt processing function is executed, and then the interrupt processing is finished;
and the system interrupt module is used for executing the routine kernel interrupt processing flow and then finishing the interrupt processing.
The technical progress of the invention comprises:
1. the efficiency of the virtual memory system is improved.
The modification and maintenance of the user-level page table are mainly carried out in a user mode, the kernel does not need to be frequently accessed, and the overhead of carrying out context switching is reduced.
2. Fine-grained in-process security protection.
The user-level page table can be safely configured in units of pages, such as reading, writing, executing and the like, and is not limited by the number of MPX regions and the number of PULP limit registers. The user-level page table can enable the trusted code in the process to be more flexible to configure the accessible range for the untrusted code to a certain extent. The trusted code and the untrusted code are set by a user process, for example, the user process may set the main function code as the trusted code and the called third-party library function code as the untrusted code. The user process may also set trusted and untrusted code according to other security requirements.
Drawings
FIG. 1 is a diagram illustrating in-process data protection based on a user-level page table according to the present invention;
FIG. 2 is a flow chart of user-defined interrupt handling according to the present invention;
FIG. 3 is a flow chart of a method for managing physical space according to the present invention;
FIG. 4 is a flowchart of a method for restricting user process access to a physical page in accordance with the present invention;
FIG. 5 is a diagram of a prior art three-level page table PTW process;
FIG. 6 is a diagram of a page table initialization PTW process of the present invention;
FIG. 7 is a flowchart illustrating the process of missing page nesting according to the present invention when a PTE entry is missing;
FIG. 8 is a flowchart of the page missing nesting process when a PMD entry is missing according to the present invention;
FIG. 9 is a flowchart illustrating the process of page missing nesting when a PGD entry is missing according to the present invention.
Detailed Description
In order to solve the above technical problem, the present invention aims to provide a fine-grained protection method for data in a process, and proposes to place a page table of a user process in a virtual space for protection, where a section of the virtual space in the user process is managed by the user process itself, so as to limit access of untrusted user codes to sensitive data in the virtual space. In order to make the aforementioned features and effects of the present invention more comprehensible, embodiments accompanied with figures are described in detail below.
The method embodiment of the invention comprises the following steps: in-process data protection based on user-level page tables
A section of virtual space of a user process is set as a user self-management area, the area is divided into a user-level page table area and a user self-management data area, sensitive data of the user self-management data area is managed only by a page table of the user-level page table area, and in-process data protection based on the user-level page table is shown in fig. 1.
During the pre-processing 101 phase, the processor sets the user self-managed region limit 1013 and the root directory address 1014 of the user-level page table. When the program runs, according to the virtual address of the memory access request and the boundary of the user self-management area, judging whether the page table item is searched in the user-level page table area or in the kernel area 1021. The root directory address of the user-level page table is different from the root directory address of the kernel page table, so partitioning 1011 the user-level page table and the kernel page table can be achieved.
In the preprocessing stage, user-level page table region management 1012 is also performed, including user-level page table initialization 1015, mapping relation 1016 is established between the virtual address and the physical address of the user self-management region, physical space management 1017 corresponding to the physical page, and access authority setting 1018 in the user-level page table entry;
when the program runs, if the page table entry is searched in the kernel area, the user process is in the conventional security protection state 1022; if a page table entry is looked up in the user-level page table region, the user process is in the in-process security state 1023.
Under the safety protection state in the process, judging whether a request accesses a user-level page table region 1024, if so, judging whether a program object can access the user-level page table 1025, and judging whether a physical page number written in a user-level page table entry belongs to a mappable physical page range 1026, if the restriction condition of one of the two is violated, starting an interrupt, and entering a user-defined interrupt processing 1029; otherwise, if the user self-management data area is requested to be accessed, the user process needs to execute the user-level page table entry permission violation 1027 and the missing page check 1028, if one of the user-level page table entry permission violation and the missing page check 1028 occurs, the interrupt is started, and the user-defined interrupt processing is started.
The method embodiment of the invention comprises the following steps: the added register type and its function.
The newly added registers are divided into four types, and their names and functions are shown in table 1. The physical page limits the register group to be read and written only by the kernel, and the other register groups can be read and written only by the user security code.
TABLE 1 register types and functions added to the present invention
Figure GDA0002825036210000081
The embodiment of the invention comprises the following steps: and adding a register read-write instruction and a function thereof.
The new instructions are divided into two types, and the names and the function tables of the new instructions are shown in the table 2.
TABLE 2 Instructions and their functions newly added to the invention
Figure GDA0002825036210000082
Figure GDA0002825036210000091
The method embodiment of the invention comprises the following steps: user-level page table region virtual to physical address translation.
A typical process for translating a virtual address to a physical address is: the page table is searched by the logical page number, the physical page number of the page is obtained from the page table, and the physical page number is loaded into the physical address register. Meanwhile, the address in the page is directly sent into the address field in the page of the physical address register without conversion. Thus, the content in the physical address register is the address of the actual access memory spliced by the two, and the conversion from the logical address (virtual address) to the physical address is completed. In conventional operating systems, page table maintenance is done by the kernel. During instruction execution, the search and address translation of page table entries are automatically processed by hardware of the processor, but the filling and modification of page table entries are completed by software. The user self-management space and the kernel management space are distinguished, the user self-management space performs virtual-real address translation by the user-level page table, the execution efficiency of the user fine-grained modification page table is improved, and the security of the space data is automatically ensured by the user program process
The method embodiment of the invention comprises the following steps: user-level page table region physical address to virtual address translation.
In a conventional design, a page table is stored in a kernel area, and a virtual address and a real address of the kernel area differ by only one offset value (offset), and the virtual address can be calculated from a physical address and the offset value. But there is no such correspondence for the user self-managed area.
When the page table is stored in the user self-management area, a data structure is selected to store the corresponding relationship between the physical page number and the virtual page number of the page table, and the data structure includes, but is not limited to, a table (list) or a hash table (hash table). To reduce implementation complexity, such data structures may be treated as data for common user processes, with the page tables of these data structures still being managed by the kernel, while restricting the modifications to it by the kernel.
The method embodiment of the invention comprises the following steps: and (4) user-defined interrupt processing.
The user level needs to self-manage the virtual-real mapping and the page table configuration of a section of area, and the exception of page fault interruption and authority violation occurring in the section of area needs to be handled by the user process, so that the user-defined interruption design needs to be added. The specific implementation method is to distinguish the interrupt processing function entrance and add the user-specific interrupt control register. FIG. 2 is a process for user-defined interrupt handling, comprising the steps of:
in step 201, when an instruction executed by a processor is interrupted, for a precise exception, all instructions in front of the interrupted instruction are correctly executed, and the following instructions are not executed, so that the interruption is generally detected in a write-back stage, and an interrupt process is executed, where the interruption is an interruption of the whole computer system, and there are many types of interruption without page, such as an overflow interruption of the computer, an interruption of a device such as a keyboard and a mouse, and an interruption of software given by an application program (the interruption without page belongs to one type), and the like. The process of executing instructions by a typical processor is divided into five stages, called five-stage pipelines, which are instruction fetch, decode, execute, access, and write-back, respectively. The write-back (WB) stage "writes back" the execution result data of the execution stage to some form of storage;
step 202, in the write-back stage, it is determined whether the interrupt requires user-defined interrupt processing, if yes, step 203 is executed, otherwise, step 206 is executed. The judgment standard is that whether the virtual address va when the interrupt is generated belongs to a user self-management area is checked, if so, the interrupt processing is required to be defined by a user;
in step 203, the user needs to process a part of the interrupt by himself, and the processor needs to provide a set of user-specific registers to store the PC of the interrupt instruction, the reason for the interrupt, and the address of the memory access. Wherein, the PC is a program counter (program counter) for storing and indicating an address of a next instruction to be executed;
step 204, the interrupt processing program of the computer system is transferred to the entrance of the user-defined interrupt processing function, and the user-defined interrupt processing function is executed;
step 205, end;
step 206, executing a conventional kernel interrupt processing flow, taking an open source processor core socket _ chip as an example only, including writing a PC where an interrupt instruction occurs, an interrupt reason (exception code), and an address of memory access (an instruction related to memory access) into a sepc Register, scause Register, and sbadaddr Register corresponding to a Control state Register (CSR, Control and Status Register) for use by an interrupt handler of the kernel, and then transferring the program to an interrupt handling function entry of the kernel to execute an interrupt handling function.
Therefore, the exception of page fault interruption and authority violation in the user-defined management area can be guaranteed to be processed by the user process, and context switching between a user mode and a kernel mode is not needed. The context is an environment for executing the process, and specifically, each variable and data includes all register variables, files opened by the process, memory information, and the like.
The method embodiment of the invention comprises the following steps: and managing the physical space.
In the traditional design, a user process does not need to apply for a physical page, and the process is completed by a kernel. The user process self-manages the virtual-real mapping of a section of area, so that the requirement for idle physical pages can be generated, the needed idle physical pages are obtained by applying the user process to the kernel, and a data structure can be selected to record the idle physical page number distributed by the kernel. The process of applying for free physical pages has no specific time node, and may be before the virtual-real mapping or after the virtual-real mapping.
In the invention, the user process has the right to configure the user level page table entries, so that the risk of mapping the physical page at will exists, which results in mapping the physical pages of other user process spaces to the user self-management area, and therefore, the range of mapping the physical pages by the user level page table needs to be limited. The specific method is that when the write instruction is executed, the judgment of the destination address is added, if the write instruction belongs to the page table area range of the user self-management area, the data content written by the instruction is limited, and the physical page number written into the page table of the user self-management area is ensured to belong to the physical page range allocated to the user process by the kernel.
The user process self-manages the virtual-real mapping and the user and page table configuration of a section of area, and the needed idle physical page is obtained by applying the user process to the kernel. Fig. 3 shows a method for managing a physical space by a user self-management area, which includes the following contents:
physical space management step 304 selects a data structure for recording the number of free physical pages allocated by the kernel. Such data structures include, but are not limited to, PPN tables (PPN list). Taking PPN table as an example only;
in the step 301 of searching the data structure, when a user initializes a self-managed area or breaks due to missing pages, a corresponding number of physical pages are obtained from the corresponding data structure according to the size of the physical space applied, and then the physical pages are sequentially mapped to the virtual pages corresponding to the physical pages one by one. Performing search operation on the PPN table;
the insertion of data structure step 302, during page reclamation, puts back the physical page into the data structure that records the free physical page number. The PPN table is then inserted for several times. It should be noted that if there is no free physical page, when page-missing interruption occurs, mapping from the physical page to the virtual page cannot be performed, and the user process cannot be executed normally, so that a page reclamation operation is required. The user process will periodically check that when the number of free physical pages in the system is less than a certain threshold, a page reclaim operation will be initiated. The size of this threshold is determined by the user process as needed;
the deletion step 303 of the data structure returns the physical page in the data structure to the kernel when the user process exits. The deletion operation is executed on the PPN table.
Therefore, the method can effectively prevent the user process from arbitrarily mapping the physical page by utilizing the configuration authority of the user self-management area page table entry, thereby accessing the physical page of other processes.
The method embodiment of the invention comprises the following steps: and limiting the user process to arbitrarily map the physical page.
The user process has the right to configure user-level page table entries, so that there is a risk of arbitrarily mapping physical pages. The method for limiting the random mapping of the physical page of the user-level page table is that when a write instruction is executed, the judgment of the destination address is added, if the write instruction belongs to the page table area range of the user self-management area, the data content written by the instruction is limited, and the physical page number written into the page table of the user self-management area is ensured to belong to the physical page range allocated to the user process by a kernel. Because write instruction execution is in the critical path of the processor pipeline, a hardware efficient physical page range lookup approach is needed.
There are many ways to set the physical page range. The most straightforward solution is that the hardware sets multiple sets of physical address bound (pa _ bound) registers to define the range of physical pages that the user process can map. This method is simple to implement, but has certain requirements on the continuity of the physical space allocated by the kernel, and the speed of query is affected when the number of pa _ bound is large.
Other possible approaches, including but not limited to recording the extent to which a user process may access a physical page using a Bitmap (Bitmap), are described herein by way of example only and are not intended to limit the present invention.
The method for recording the physical page range by using the Bitmap is that the whole physical space is divided into a plurality of areas by the user-defined area SIZE (ZONE _ SIZE, which is integral multiple of the physical page SIZE), each area corresponds to one bit, and when the area is 1, the user process can be mapped to the area.
When ZONE _ SIZE is larger (MB level), Bitmap occupies smaller space, can be placed in an on-chip register in whole, and is queried faster, but this allocation of physical space has larger granularity, which may also cause waste of space. When ZONE _ SIZE is small (KB level), the kernel allocates physical space to the user memory in fine granularity, so that the physical space can be better utilized, but relatively, the occupied space of the Bitmap is large, and the situation that the Bitmap in the on-chip register needs to be replaced inevitably occurs.
The scheduling flow design of Bitmap is shown in fig. 4. Where PPN represents a physical page number and x represents an arbitrary value, i.e., PPNx represents an arbitrary physical page number. The physical page number is divided into two parts, PPNx [ Max-1: Index ] and PPNx [ Index-1:0], where the former is an Index (Index) for searching a memory space Bitmap, and the latter is a Bitmap value stored in a memory space address corresponding to the Index, and fig. 4 includes the following contents:
the whole flow is firstly divided into a preprocessing stage 401 and a program runtime 402. The preprocessing stage comprises three steps according to the execution sequence, namely calculating parameters 4011, filling all the contents 4012 of the Bitmap in a memory space, and filling two on-chip registers 4013, wherein the two registers are used for storing PPNx [ Max-1: Index ] and PPNx [ Index-1:0] respectively.
The specific flow of the program in operation is as follows:
step 4021, judging whether the PPNx [ Max-1: Index ] is matched with the Index of the bitmap stored in the on-chip register, if so, indicating that the bitmap is stored in the on-chip register, executing step 4022, otherwise, executing step 4025;
step 4022, according to the value of PPNx [ Index-1:0], extracting the bit (bit) stored in the position of the bit map corresponding to the value stored in the on-chip register;
step 4023, determining whether the bit mapping corresponding bit stored in the on-chip register is 1, if yes, executing step 4024, otherwise, executing step 4026. Wherein, 1 represents that the corresponding physical page can be accessed, and 0 represents that the corresponding physical page is forbidden to be accessed;
step 4024, the user process accesses the physical page and finishes the current judgment;
step 4025, extracting the Bitmap data from the memory address Bitmap _ base _ addr + PPNx [ Max-1: Index ]. multidish/8, and writing the Bitmap data into the on-chip register. Wherein, Bitmap _ base _ addr represents the base address of the address space for storing the Bitmap, WIDTH represents the bit WIDTH of one Bitmap, and WIDTH/8 represents the byte length required for storing one Bitmap;
step 4026, forbid the user process to access the physical page, and end the current judgment.
The method embodiment of the invention comprises the following steps: user self-managed space page table initialization.
For the user self-management area, if the corresponding page is not mapped virtually or virtually, the corresponding page table root address is not available, so that the subsequent steps cannot be performed. To solve this problem, the user process initializes a self-mapped multi-level page table before the address translation operation, which is called a page table initialization process.
To reduce the amount of memory space occupied by page tables, modern operating systems mostly employ a hierarchical page table structure. Taking only three levels of page tables as an example, it completes the translation process of virtual address to physical address as shown in fig. 5. When TLB miss occurs, a ptw (page Table walker) may extract a page Table corresponding to a virtual address step by step according to a page Table root address (sptbr) and a system page Table base address in a page Table translation process, if a corresponding page Table entry does not map a physical address, a page fault interrupt may be triggered, and a system kernel performs a virtual-real mapping operation, which is referred to as a ptw (page Table walker). Wherein sptbr is a physical address, and the Page Table includes three types, a Page Global Directory (PGD), a Page Middle Directory (PMD), and a Page Table Entry (PTE).
The first step of address translation is to obtain the corresponding entry in the PGD according to the ppn stored in the sptbr, i.e. the physical page address of the PGD. In a modern operating system, all the multi-level page tables of a user process are placed in a kernel space, the page tables of the kernel space are well established during system initialization, and the content or the permission limit of the page tables can be conveniently modified.
However, for the user self-management area, the corresponding page PGD has not been subjected to virtual-real mapping, and the whole address translation process cannot be performed without the corresponding physical page number. To solve this problem, before the user process is responsible for the mapping operation of the virtual and real addresses in the self-managed region, a self-mapped three-level page table is initialized, and then corresponding page table entries are respectively established on the pages of the PGD, PMD, and PTE to point to itself, which is called a page table initialization process, as shown in fig. 6.
To distinguish from the typical case, the user-level page tables are called UPGD, UPMD, UPTE, where U denotes user. The page table initialization process is to utilize the conventional design of PTW to respectively complete the process of converting the Virtual Address (VA) to the Physical Address (PA) of the UPGD, UPMD, UPTE to obtain the UPGD _ PA, UPMD _ PA, UPTE _ PA, and add steps 601, 602, 603 to respectively enable the UPGD _ PA, UPMD _ PA, UPTE _ PA to point to the home address of each page, thus completing the initialization process. For simplicity, the updd, UPMD, and UPTE are stored in three pages (VPN3, VPN3+1, VPN3+2) that are consecutive in the user space, but there is no such limitation in practical implementation. The uptbr (user page table base address) corresponds to sptbr, referring to the user-level page table base address stored in the user space register.
The method embodiment of the invention comprises the following steps: and (5) a user self-management space page missing nesting processing flow.
The user-level page table is positioned in the user space, when the user process is interrupted due to page fault, the user-defined interrupt processing function of the user carries out read-write operation on the page table, and the user-level page table of the user space is not established possibly, so that the interruption is caused again, and the page fault nesting is formed. Taking a three-level page table as an example, page missing nesting is mainly divided into 3 cases: PGD table item loss, PMD table item loss and PTE table item loss.
When the space size of the user self-management area is small, each level of page table can manage all the self-management areas only by occupying one page, and the condition of PTE table entry loss can only occur. The spatial SIZE of the user self-management area cannot exceed PAGE _ SIZE (PAGE _ SIZE/PTE _ SIZE) at this time. The calculation method comprises the following steps: because each level of PAGE table only occupies one PAGE, each PAGE can store PAGE _ SIZE/PTE _ SIZE PAGE table entries at most, that is, the user level PAGE table manages (PAGE _ SIZE/PTE _ SIZE) PAGEs of the user self-management area at most, and the PAGE SIZE is multiplied by the PAGE SIZE, that is, the space SIZE of the user self-management area. The page missing nesting process flow is shown in fig. 7.
Step 701, a PTE table entry is lost;
step 702, judging whether an idle physical page frame exists, if so, executing step 703, otherwise, executing step 706;
step 703, allocating physical page frames;
step 704, establishing a mapping relation according to the address where the page fault interrupt occurs;
step 705, end;
step 706, outputting an error prompt message.
When the space size of the user self-management area is centered, the page table PTE required by the user self-management area occupies more than one page size, the PGD and PMD table entries only occupy one page size, and at the moment, the PTE table entries and the PMD table entries are likely to be lost. When the page missing interrupt occurs, the PTW first determines which page table is the one in which the interrupt occurs, the processing flow of the PTE table entry missing is the same as the processing method in the first case, and the processing flow of the PMD table entry missing is as shown in fig. 8. The spatial SIZE of the user self-management area is centered, which means that the user self-management area is larger than PAGE _ SIZE (PAGE _ SIZE/PTE _ SIZE) and cannot exceed PAGE _ SIZE (PAGE _ SIZE/PTE _ SIZE). The latter calculation method is: and the PMD only occupies one PAGE SIZE, the user-level PAGE table manages (PAGE _ SIZE/PTE _ SIZE) at most the PTE PAGE tables, and the SIZE of each PTE PAGE table corresponding to the user self-management area is PAGE _ SIZE (PAGE _ SIZE/PTE _ SIZE), and the SIZE of each PTE PAGE table is multiplied by the SIZE of the user self-management area, namely the space SIZE of the user self-management area.
Step 801, PMD table entry loss;
step 802, judging whether a free physical page frame exists, if so, executing step 803, otherwise, executing step 809;
step 803, a physical page frame is allocated from the free page frame linked list to store the PTE;
step 804, judging whether a free virtual page exists, if so, executing step 805, otherwise, executing step 809;
step 805, allocating a virtual page (vpn) from the free virtual page linked list;
step 806, mapping the virtual page and the physical page frame;
step 807, executing the PTE table entry missing processing flow according to FIG. 7;
step 808, ending;
step 809, outputting an error prompt message.
When the space of the user self-management area is large, the page table PMD required by the user self-management area occupies more than one page, and the PTE table entries, PMD table entries and PGD table entries are likely to be missing. When the page fault interrupt occurs, the PTW also determines which page table is interrupted, and the processing flow of PTE table entry fault and PMD table entry fault is as above, and the processing flow of PGD table entry fault is as shown in fig. 9. The user self-management area has a large space, which means that the user self-management area is larger than PAGE _ SIZE (PAGE _ SIZE/PTE _ SIZE).
Step 901, the PGD table entry is missing;
step 902, judging whether a free physical page frame exists, if so, executing step 903, otherwise, executing step 909;
step 903, distributing a physical page frame from the free page frame linked list to store PMD;
step 904, judging whether a free virtual page exists, if so, executing step 905, otherwise, executing step 909;
step 905, allocating a virtual page (vpn) from the idle virtual page linked list;
step 906, mapping the virtual page and the physical page frame;
step 907, executing PMD entry deletion processing flow according to fig. 8;
step 908, end;
in step 909, an error prompt message is output.
The following are system examples corresponding to the above method examples, and this embodiment can be implemented in cooperation with the above embodiments. The related technical details mentioned in the above embodiments are still valid in this embodiment, and are not described herein again in order to reduce repetition. Accordingly, the related-art details mentioned in the present embodiment can also be applied to the above-described embodiments.
The invention also discloses a system for protecting the data isolation in the process based on the user-level page table, which comprises the following steps:
the preprocessing module is used for realizing the division of a user-level page table region and a kernel page table region by setting the boundary of a user self-management region and setting a user-level page table root directory address before a user process accesses a memory; the preprocessing module is also used for managing a user-level page table region, and comprises user-level page table initialization, mapping relation establishment between a virtual address and a physical address of a user self-management region, physical space management corresponding to a physical page and access authority setting in a user-level page table entry;
the processing module is used for judging whether the requested virtual address belongs to a user self-management area or not when a user process accesses the memory, if so, searching page table entries from a user-level page table area, starting security protection in the process by the user process, otherwise, searching page table entries from a kernel page table area, and keeping the user process in a conventional security protection state; then judging whether the request accesses a user-level page table region, if so, further judging whether the request object has the right to access the user-level page table, and whether a physical page number written in a user-level page table entry belongs to a physical page range mapped by the user-level page table, if so, executing the access request, otherwise, starting interruption; and if the user self-management data area is requested to be accessed, the user process executes user-level page table entry permission violation and missing page check, if one of the user-level page table entry permission violation and the missing page check occurs, the interrupt is started, otherwise, the access request is executed.
The in-process data isolation protection system based on the user-level page table is characterized in that the preprocessing module initializes a self-mapped multi-level page table, and establishes corresponding page table entries on each level of page table to point to the first addresses of the respective page table so as to complete the initialization process of the user-level page table;
the preprocessing module manages a data structure of a physical space, including:
the physical space management module is used for acquiring a preset data structure and recording the idle physical page number distributed by the kernel;
the data structure searching module is used for acquiring a plurality of physical pages from the data structure according to the size of the applied physical space when the user initializes the self-management area or breaks the page missing, and sequentially mapping the physical pages to the virtual pages;
the data structure insertion module is used for putting the physical page back to the data structure recording the idle physical page number when the page is recovered;
the data structure deleting module is used for returning the physical page in the data structure to the kernel when the user process exits;
when the program runtime processing module is interrupted, executing a user-defined interrupt processing process, wherein the specific contents comprise:
the interrupt detection module is used for detecting the interrupt in the write-back stage and executing the interrupt processing;
the judging module is used for judging whether the interruption needs to be processed by the user, if so, the user interruption module is called, and otherwise, the system interruption module is called;
the processor provides a group of special registers for storing a program counter of an interrupt instruction, an interrupt reason and an access address, a program is transferred to an inlet of a user interrupt processing function, the user-defined interrupt processing function is executed, and then the interrupt processing is finished;
and the system interrupt module is used for executing the routine kernel interrupt processing flow and then finishing the interrupt processing.

Claims (8)

1. A method for protecting in-process data isolation based on a user-level page table is characterized by comprising the following steps:
dividing a part of a virtual space of a user process into a user self-management area, wherein the user self-management area is used as a user self-management area, and is divided into a user level page table area and a user self-management data area, the user level page table area is used for storing a user level page table, the user self-management data area is used for storing protected sensitive data, the sensitive data is only managed by the user level page table, and the management content comprises the steps of modifying virtual-real address mapping, setting read-write execution authority and marking the read-write access state;
the content of the user-level page table is managed by the user process, the user process applies and distributes a virtual page of the user self-management area by itself in the execution process, and a mapping relation is established between the virtual page of the user self-management area and a physical page, wherein the physical page is obtained by applying from the user process to a kernel;
the user-level page table enables the trusted codes in the process to be the virtual memory space range of the non-trusted codes, wherein the trusted codes and the non-trusted codes are set by the user process, a section of virtual space in the user process is managed by the user process, and access of the non-trusted user codes to the sensitive data of the virtual space is limited.
2. The in-process data isolation protection method based on the user-level page table as claimed in claim 1, wherein the user-level page table and the kernel page table are divided, and the specific method is that when the access instruction of the user process triggers hardware to search for page table entries, whether the virtual address requested by the access instruction belongs to the boundary of the user self-management region is judged, if yes, the root directory address of the user-level page table is selected, and the page table entries are searched in the user-level page table region; otherwise, selecting the root directory address of the kernel page table, and searching page table entries in the kernel area;
the processor comprises a virtual address limit register for storing an upper bound and a lower bound of the user self-management area; the processor also includes an address register to store a root directory address of the user-level page table.
3. The in-process data isolation protection method based on the user-level page table as claimed in claim 1, wherein a program object accessing the user-level page table is defined to protect the user-level page table;
the range of physical pages mapped by the user-level page table is limited by: when a processor write instruction is executed, if a destination address of the write instruction belongs to a user-level page table region of a user self-management region, write data of the write instruction is a page table item of the user-level page table region, a physical page number of a physical page mapped by the destination address is obtained from the page table item, and whether the physical page number is legal is judged, wherein the legal is a physical page range which is configured by a kernel and belongs to the user-level page table mapping, if the interruption is not generated by a rule, the write instruction is prevented from writing the page table item into the user-level page table region, otherwise, the write instruction is allowed to write the page table item into the user-level page table region;
setting a physical page range mapped by the user-level page table by: establishing a data structure by a kernel, wherein a data element in the data structure is a mapped physical page address, or a mapped physical page number, or an indication bit corresponding to the physical page number, and judging whether the physical page number is legal or not when the user-level page table is written is realized by searching the data element.
4. The method as claimed in claim 1, wherein before mapping transformation between the virtual page of the user self-managed region and the physical page, a self-mapped multi-level page table is initialized, and corresponding page table entries are respectively established on each level of page table to point to the first address of the respective page table, so as to complete the initialization process of the user-level page table.
5. The in-process data isolation protection method based on the user-level page table as claimed in claim 1, wherein in the process that the memory access instruction executed by the user process triggers the mapping transformation between the virtual page and the physical page of the user self-management area, if an interrupt occurs, the following steps are executed:
step 201, the processor detects an interrupt in a write-back stage and executes an interrupt process;
step 202, judging whether the interruption needs to be processed by the user process, if so, executing step 203, otherwise, executing step 206;
step 203, the user process processes the interrupt by itself, the processor provides a group of user special registers to store the program counter of the interrupt instruction, the interrupt reason and the access address;
step 204, the program is transferred to the entrance of the user interrupt processing function, and the user-defined interrupt processing function is executed;
step 205, end;
in step 206, the conventional kernel interrupt handling flow is executed, followed by step 205.
6. The in-process data isolation protection method based on the user-level page table as claimed in claim 1, wherein the management method of the physical space corresponding to the physical page requested by the user process from the kernel comprises:
a step of managing a physical space, which is to acquire a preset data structure and record the number of an idle physical page allocated by a kernel;
a data structure searching step, when the user initializes the self-management area or breaks the page missing, according to the applied physical space size, a plurality of physical pages are taken from the data structure, and the plurality of physical pages are mapped to the virtual pages in sequence;
inserting a data structure, namely putting the physical page back to the data structure recording the idle physical page number when the page is recycled;
and deleting the data structure, and returning the physical page in the data structure to the kernel when the user process exits.
7. An in-process data isolation protection system based on a user-level page table, comprising:
the preprocessing module is used for realizing the division of a user-level page table region and a kernel page table region by setting the boundary of a user self-management region and setting a user-level page table root directory address before a user process accesses a memory; the preprocessing module is also used for managing a user-level page table region, and comprises user-level page table initialization, mapping relation establishment between a virtual address and a physical address of a user self-management region, physical space management corresponding to a physical page and access authority setting in a user-level page table entry;
the processing module is used for judging whether the requested virtual address belongs to a user self-management area or not when a user process accesses the memory, if so, searching page table entries from a user-level page table area, starting security protection in the process by the user process, otherwise, searching page table entries from a kernel page table area, and keeping the user process in a conventional security protection state; then judging whether the request accesses a user-level page table region, if so, further judging whether the request object has the right to access the user-level page table, and whether a physical page number written in a user-level page table entry belongs to a physical page range mapped by the user-level page table, if so, executing the access request, otherwise, starting interruption; if the user self-management data area is requested to be accessed, the user process executes user-level page table entry permission violation and missing page check, if one of the user-level page table entry permission violation and missing page check occurs, the interrupt is started, otherwise, the access request is executed;
the content of the user-level page table is managed by the user process, the user process applies and distributes a virtual page of the user self-management area by itself in the execution process, and a mapping relation is established between the virtual page of the user self-management area and a physical page, wherein the physical page is obtained by applying from the user process to a kernel;
the user-level page table enables the trusted codes in the process to be the virtual memory space range of the non-trusted codes, wherein the trusted codes and the non-trusted codes are set by the user process, a section of virtual space in the user process is managed by the user process, and access of the non-trusted user codes to the sensitive data of the virtual space is limited.
8. The in-process data isolation protection system of claim 7, wherein the pre-processing module initializes a self-mapped multi-level page table and establishes corresponding page table entries on the page tables to point to the respective page table's first address to complete the initialization of the user-level page table;
the preprocessing module manages a data structure of a physical space, including:
the physical space management module is used for acquiring a preset data structure and recording the idle physical page number distributed by the kernel;
the data structure searching module is used for acquiring a plurality of physical pages from the data structure according to the size of the applied physical space when the user initializes the self-management area or breaks the page missing, and sequentially mapping the physical pages to the virtual pages;
the data structure insertion module is used for putting the physical page back to the data structure recording the idle physical page number when the page is recovered;
the data structure deleting module is used for returning the physical page in the data structure to the kernel when the user process exits;
when the program runtime processing module is interrupted, executing a user-defined interrupt processing process, wherein the specific contents comprise:
the interrupt detection module is used for detecting the interrupt in the write-back stage and executing the interrupt processing;
the judging module is used for judging whether the interruption needs to be processed by the user, if so, the user interruption module is called, and otherwise, the system interruption module is called;
the processor provides a group of special registers for storing a program counter of an interrupt instruction, an interrupt reason and an access address, a program is transferred to an inlet of a user interrupt processing function, the user-defined interrupt processing function is executed, and then the interrupt processing is finished;
and the system interrupt module is used for executing the routine kernel interrupt processing flow and then finishing the interrupt processing.
CN201810589291.0A 2018-06-08 2018-06-08 In-process data isolation protection method and system based on user-level page table Active CN109002706B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810589291.0A CN109002706B (en) 2018-06-08 2018-06-08 In-process data isolation protection method and system based on user-level page table

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810589291.0A CN109002706B (en) 2018-06-08 2018-06-08 In-process data isolation protection method and system based on user-level page table

Publications (2)

Publication Number Publication Date
CN109002706A CN109002706A (en) 2018-12-14
CN109002706B true CN109002706B (en) 2021-04-06

Family

ID=64600619

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810589291.0A Active CN109002706B (en) 2018-06-08 2018-06-08 In-process data isolation protection method and system based on user-level page table

Country Status (1)

Country Link
CN (1) CN109002706B (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110069935B (en) * 2019-03-20 2020-12-01 上海交通大学 Internal sensitive data protection method and system based on tagged memory
CN110147670B (en) * 2019-05-21 2020-10-27 电子科技大学 Inter-process persistent memory protection method working in kernel mode
US10817433B2 (en) * 2019-06-28 2020-10-27 Intel Corporation Page tables for granular allocation of memory pages
CN110532767B (en) * 2019-08-19 2021-06-11 上海交通大学 Internal isolation method for SGX (secure gateway) security application
CN111143900B (en) * 2019-12-24 2023-09-26 海光信息技术(苏州)有限公司 Data processing and access control method, system, device, equipment and storage medium
CN111367831B (en) * 2020-03-26 2022-11-11 超睿科技(长沙)有限公司 Deep prefetching method and component for translation page table, microprocessor and computer equipment
CN111597124B (en) * 2020-04-21 2023-05-05 重庆大学 Method, system and storage medium for organizing data of persistent memory file system
CN112182560B (en) * 2020-09-17 2022-04-26 上海交通大学 Efficient isolation method, system and medium for Intel SGX interior
CN112379927B (en) * 2020-11-17 2024-01-23 深圳市和讯华谷信息技术有限公司 Method, device, computer equipment and storage medium for remotely executing code instructions
CN112817780B (en) * 2021-02-01 2022-03-11 上海交通大学 Method and system for realizing safety and high-performance interprocess communication
CN116204884A (en) * 2021-11-30 2023-06-02 华为技术有限公司 Kernel protection method, device and system
CN116204458A (en) * 2021-11-30 2023-06-02 华为技术有限公司 Method and device for running process
CN115061954B (en) * 2022-08-18 2022-11-29 统信软件技术有限公司 Missing page interrupt processing method, computing device and storage medium
CN115934002B (en) * 2023-03-08 2023-08-04 阿里巴巴(中国)有限公司 Solid state disk access method, solid state disk, storage system and cloud server
CN116185902B (en) * 2023-04-13 2023-08-01 阿里云计算有限公司 Table segmentation method, system, electronic equipment and readable medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1737761A (en) * 2004-08-18 2006-02-22 中兴通讯股份有限公司 Method for protecting assigned course private data area and stack area

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103699498B (en) * 2013-11-25 2016-08-31 南京大学 A kind of application program critical data protection system and guard method thereof
CN104092743B (en) * 2014-06-27 2017-08-11 清华大学 The guard method of user data and system under cloud environment
CN105335306B (en) * 2014-06-30 2018-02-13 华为技术有限公司 A kind of internal memory control method and device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1737761A (en) * 2004-08-18 2006-02-22 中兴通讯股份有限公司 Method for protecting assigned course private data area and stack area

Also Published As

Publication number Publication date
CN109002706A (en) 2018-12-14

Similar Documents

Publication Publication Date Title
CN109002706B (en) In-process data isolation protection method and system based on user-level page table
US11630920B2 (en) Memory tagging for side-channel defense, memory safety, and sandboxing
EP3716081B1 (en) Memory protection with hidden inline metadata
EP3491520B1 (en) Controlling access to pages in a memory in a computing device
JP5581403B2 (en) Store secure mode page table data in secure and non-secure areas of memory
US7870336B2 (en) Operating system protection against side-channel attacks on secrecy
US11829299B2 (en) Technologies for execute only transactional memory
JP7149298B2 (en) Disabling a Target Realm in the Realm Hierarchy
TWI796414B (en) Apparatus, method, computer program, and storage medium for region fusing
EP3867763B1 (en) Trusted intermediary realm
US12001541B2 (en) Parameter signature for realm security configuration parameters
US10049048B1 (en) Method and system for using processor enclaves and cache partitioning to assist a software cryptoprocessor
TW201905716A (en) Mask of the architectural state associated with the domain
CN112639789A (en) Integrity tree for memory integrity checking
TW201905715A (en) Exception return instruction
CN115885266A (en) Label inspection device and method
US20230342289A1 (en) Apparatus and method for managing capabilities
US11237957B2 (en) Scrub-commit state for memory region
CN116561824A (en) Method and apparatus for managing memory in a confidential computing architecture

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant