CN111523113A - 用于增加计算机安全的方法和系统 - Google Patents

用于增加计算机安全的方法和系统 Download PDF

Info

Publication number
CN111523113A
CN111523113A CN201911356002.3A CN201911356002A CN111523113A CN 111523113 A CN111523113 A CN 111523113A CN 201911356002 A CN201911356002 A CN 201911356002A CN 111523113 A CN111523113 A CN 111523113A
Authority
CN
China
Prior art keywords
descriptor table
permission level
operating system
function
descriptor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911356002.3A
Other languages
English (en)
Chinese (zh)
Inventor
埃里克·R·诺瑟普
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Google LLC
Original Assignee
Google LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Google LLC filed Critical Google LLC
Publication of CN111523113A publication Critical patent/CN111523113A/zh
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/545Interprogram communication where tasks reside in different layers, e.g. user- and kernel-space

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
CN201911356002.3A 2011-10-19 2012-10-16 用于增加计算机安全的方法和系统 Pending CN111523113A (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US13/277,063 2011-10-19
US13/277,063 US8826440B2 (en) 2011-10-19 2011-10-19 Defensive techniques to increase computer security
CN201280061783.3A CN103988211B (zh) 2011-10-19 2012-10-16 用于增加计算机安全的方法和系统

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201280061783.3A Division CN103988211B (zh) 2011-10-19 2012-10-16 用于增加计算机安全的方法和系统

Publications (1)

Publication Number Publication Date
CN111523113A true CN111523113A (zh) 2020-08-11

Family

ID=47172889

Family Applications (3)

Application Number Title Priority Date Filing Date
CN201911356002.3A Pending CN111523113A (zh) 2011-10-19 2012-10-16 用于增加计算机安全的方法和系统
CN201611013568.2A Active CN107103232B (zh) 2011-10-19 2012-10-16 用于增加计算机安全的方法和系统
CN201280061783.3A Active CN103988211B (zh) 2011-10-19 2012-10-16 用于增加计算机安全的方法和系统

Family Applications After (2)

Application Number Title Priority Date Filing Date
CN201611013568.2A Active CN107103232B (zh) 2011-10-19 2012-10-16 用于增加计算机安全的方法和系统
CN201280061783.3A Active CN103988211B (zh) 2011-10-19 2012-10-16 用于增加计算机安全的方法和系统

Country Status (7)

Country Link
US (3) US8826440B2 (https=)
EP (2) EP3373187B1 (https=)
JP (3) JP5973583B2 (https=)
CN (3) CN111523113A (https=)
AU (1) AU2012326336B2 (https=)
CA (1) CA2853050C (https=)
WO (1) WO2013059189A2 (https=)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9141559B2 (en) 2012-01-04 2015-09-22 Intel Corporation Increasing virtual-memory efficiencies
US9268707B2 (en) * 2012-12-29 2016-02-23 Intel Corporation Low overhead paged memory runtime protection
RU2653985C2 (ru) * 2013-06-28 2018-05-15 Закрытое акционерное общество "Лаборатория Касперского" Способ и система обнаружения вредоносного программного обеспечения путем контроля исполнения программного обеспечения запущенного по сценарию
US9230106B2 (en) 2013-06-28 2016-01-05 Kaspersky Lab Ao System and method for detecting malicious software using malware trigger scenarios in a modified computer environment
US9984231B2 (en) * 2015-11-11 2018-05-29 Qualcomm Incorporated Detecting program evasion of virtual machines or emulators
US11334501B2 (en) 2020-01-28 2022-05-17 Hewlett Packard Enterprise Development Lp Access permissions for memory regions
CN115277607B (zh) * 2022-07-15 2023-12-26 天津市滨海新区信息技术创新中心 一种异构系统复杂流量情况下的两级拟态判决方法
CN115510427B (zh) * 2022-11-21 2023-03-31 博智安全科技股份有限公司 跨平台进程运行可信监控方法和系统

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1194411A (zh) * 1997-01-09 1998-09-30 太阳微系统公司 控制对系统资源的软件访问的方法和设备
CN1723448A (zh) * 2002-11-18 2006-01-18 Arm有限公司 用于保护以防恶意程序的安全存储器
US20060230282A1 (en) * 2005-04-06 2006-10-12 Hausler Oliver M Dynamically managing access permissions
CN1918556A (zh) * 2004-02-05 2007-02-21 Kings情报通信 使用安全输入装置驱动器的计算机安全装置和方法
US20100031360A1 (en) * 2008-07-31 2010-02-04 Arvind Seshadri Systems and methods for preventing unauthorized modification of an operating system
US7685638B1 (en) * 2005-12-13 2010-03-23 Symantec Corporation Dynamic replacement of system call tables

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2010591C (en) * 1989-10-20 1999-01-26 Phillip M. Adams Kernels, description tables and device drivers
DE10122505A1 (de) * 2001-05-10 2002-11-14 Giesecke & Devrient Gmbh Verfahren zum Schützen eines Rechners gegen Manipulation von Registerinhalten und Rechner zum Durchführen des Verfahrens
US20040268084A1 (en) * 2003-06-30 2004-12-30 Steve Longerbeam Protected RAM filesystem
US7530103B2 (en) * 2003-08-07 2009-05-05 Microsoft Corporation Projection of trustworthiness from a trusted environment to an untrusted environment
US7552426B2 (en) * 2003-10-14 2009-06-23 Microsoft Corporation Systems and methods for using synthetic instructions in a virtual machine
JP2007004661A (ja) * 2005-06-27 2007-01-11 Hitachi Ltd 仮想計算機の制御方法及びプログラム
US7571298B2 (en) * 2005-06-30 2009-08-04 Intel Corporation Systems and methods for host virtual memory reconstitution
US20070067590A1 (en) * 2005-09-22 2007-03-22 Uday Savagaonkar Providing protected access to critical memory regions
US8032897B2 (en) * 2007-07-31 2011-10-04 Globalfoundries Inc. Placing virtual machine monitor (VMM) code in guest context to speed memory mapped input/output virtualization
CN101464841A (zh) * 2008-12-31 2009-06-24 杭州华三通信技术有限公司 实现对块存储体写保护的方法和系统
JP2011090612A (ja) * 2009-10-26 2011-05-06 Clarion Co Ltd 情報処理装置、情報処理装置の制御方法及び制御プログラム

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1194411A (zh) * 1997-01-09 1998-09-30 太阳微系统公司 控制对系统资源的软件访问的方法和设备
CN1723448A (zh) * 2002-11-18 2006-01-18 Arm有限公司 用于保护以防恶意程序的安全存储器
CN1918556A (zh) * 2004-02-05 2007-02-21 Kings情报通信 使用安全输入装置驱动器的计算机安全装置和方法
US20060230282A1 (en) * 2005-04-06 2006-10-12 Hausler Oliver M Dynamically managing access permissions
US7685638B1 (en) * 2005-12-13 2010-03-23 Symantec Corporation Dynamic replacement of system call tables
US20100031360A1 (en) * 2008-07-31 2010-02-04 Arvind Seshadri Systems and methods for preventing unauthorized modification of an operating system

Also Published As

Publication number Publication date
JP2017037660A (ja) 2017-02-16
CA2853050C (en) 2018-09-11
WO2013059189A3 (en) 2013-06-13
EP2769331A2 (en) 2014-08-27
JP2016184441A (ja) 2016-10-20
JP6211158B2 (ja) 2017-10-11
US9195827B2 (en) 2015-11-24
US8826440B2 (en) 2014-09-02
US20140373154A1 (en) 2014-12-18
AU2012326336A1 (en) 2014-05-15
JP2014531088A (ja) 2014-11-20
EP2769331B1 (en) 2018-06-20
JP6013640B2 (ja) 2016-10-25
US20130104234A1 (en) 2013-04-25
US9576129B2 (en) 2017-02-21
JP5973583B2 (ja) 2016-08-23
CN103988211B (zh) 2016-12-07
WO2013059189A2 (en) 2013-04-25
US20150371041A1 (en) 2015-12-24
CN107103232A (zh) 2017-08-29
EP3373187A1 (en) 2018-09-12
AU2012326336B2 (en) 2015-04-23
CN107103232B (zh) 2020-09-04
EP3373187B1 (en) 2019-08-07
CA2853050A1 (en) 2013-04-25
CN103988211A (zh) 2014-08-13

Similar Documents

Publication Publication Date Title
CN107103232B (zh) 用于增加计算机安全的方法和系统
Anderson et al. Operating Systems: Principles and Practice, volume 1: Kernel and Processes
US9697142B2 (en) Execution-aware memory protection
US8776245B2 (en) Executing trusted applications with reduced trusted computing base
US11171983B2 (en) Techniques to provide function-level isolation with capability-based security
EP4020236A1 (en) Isolating memory within trusted execution environments
Guanciale et al. Provably secure memory isolation for Linux on ARM: Submission to special issue on verified information flow security
US10127064B2 (en) Read-only VM function chaining for secure hypervisor access
US20190004978A1 (en) Security role identifier pools allocation
HK1260837A1 (en) Defensive techniques to increase computer security
HK1260837B (en) Defensive techniques to increase computer security
US11074200B2 (en) Use-after-free exploit prevention architecture
Kim A Principled Framework for Pliable and Secure Speculation in Operating Systems
Nemati et al. Trustworthy memory isolation of Linux on embedded devices
Zhang et al. The design and implementation of process copy and memory sharing on SeL4
US20200174688A1 (en) Combined hardware/software-enforced segmentation of multi-tenant memory/storage systems
Muthu et al. Emulating trust zone in android emulator with secure channeling
Assembly Pervasive Verification of an OS Microkernel

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20200811

WD01 Invention patent application deemed withdrawn after publication