CN114637997A - Operating system security protection method, device and system - Google Patents

Operating system security protection method, device and system Download PDF

Info

Publication number
CN114637997A
CN114637997A CN202210281823.0A CN202210281823A CN114637997A CN 114637997 A CN114637997 A CN 114637997A CN 202210281823 A CN202210281823 A CN 202210281823A CN 114637997 A CN114637997 A CN 114637997A
Authority
CN
China
Prior art keywords
kernel
address
protected
page table
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210281823.0A
Other languages
Chinese (zh)
Inventor
邵培杰
张军昌
魏东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Dahua Technology Co Ltd
Original Assignee
Zhejiang Dahua Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Dahua Technology Co Ltd filed Critical Zhejiang Dahua Technology Co Ltd
Priority to CN202210281823.0A priority Critical patent/CN114637997A/en
Publication of CN114637997A publication Critical patent/CN114637997A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/0223User address space allocation, e.g. contiguous or non contiguous base addressing
    • G06F12/023Free address space management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • G06F12/1009Address translation using page tables, e.g. page table structures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a method, a device and a system for operating system security protection, and relates to the technical field of computer system security protection. The method comprises the following steps that a kernel protection module obtains an address of a memory region needing to be protected and a kernel page table base address; the kernel protection module instructs a trust zone address space controller TZASC to set the access authority of the memory zone needing to be protected as an insecure zone read-only according to the address of the memory zone needing to be protected; and the kernel protection module analyzes the base address of the kernel page table to obtain a kernel page table entry and indicates the TZASC to set the access right of the kernel page table entry falling into the memory region needing to be protected as an unsafe region read only.

Description

Operating system security protection method, device and system
Technical Field
The present application relates to the field of computer system security protection technologies, and in particular, to a method, an apparatus, and a system for operating system security protection.
Background
With the rapid development of information technology and the continuous expansion of business requirements, the design of a computer system becomes more and more complex, so that the code volume of an operating system is continuously expanded, and great examination is brought to the safety protection of the computer system. The operating system kernel is used as a core component of the computer system, and the security protection of the operating system kernel also becomes an important point for ensuring the security of the computer system. It can be seen that the prerequisite of the security protection technology for the operating system, which exerts the security protection capability, is that the operating system kernel is trusted, and the necessary condition for the operating system kernel to be trusted is the integrity of the operating system kernel.
In the process of realizing the integrity protection of the kernel of the operating system, some software-based protection technologies are proposed and applied successively, but most of the software protection technologies have some defects.
Therefore, how to avoid the kernel of the operating system from being tampered is a problem that needs to be solved at present.
Disclosure of Invention
The embodiment of the application provides a method, a device and a system for operating system security protection, which are used for preventing an operating system kernel from being tampered.
In a first aspect, an operating system security protection method is provided, including:
the kernel protection module acquires the address of a memory region needing to be protected and a kernel page table base address; the kernel protection module instructs the TZASC to set the access authority of the memory area needing to be protected as the read-only of the non-secure area according to the address of the memory area needing to be protected; and the kernel protection module analyzes the kernel page table base address to obtain a kernel page table entry and indicates the TZASC to set the access authority of the kernel page table entry falling into the memory region needing protection as a non-secure region read-only.
In a possible implementation manner, before the kernel protection module obtains an address of a memory region to be protected and a kernel page table base address, the method further includes:
and the kernel of the operating system sends the address of the memory region needing to be protected and the kernel page table base address to the kernel protection module.
In a possible implementation manner, before the operating system kernel sends the address of the memory region to be protected and a kernel page table base address to the kernel protection module, the method further includes:
initializing the kernel of the operating system, acquiring the address of a memory region needing to be protected, and reading a kernel page table base address from a page table base address register; the addresses of the memory area to be protected at least include a memory physical address for storing the program code of the operating system kernel and a memory physical address for storing read-only data.
In a possible implementation manner, the sending, by the operating system kernel, the address of the memory region to be protected and a kernel page table base address to the kernel protection module includes:
and the kernel of the operating system sends the address of the memory region to be protected and the kernel page table base address to the kernel protection module by calling an interface of a security monitoring module.
In a possible implementation manner, the kernel protection module parses an operating system kernel image file or a kernel configuration file to obtain an address of the memory region to be protected, and reads a kernel page table base address from the page table base address register.
In a possible implementation manner, before the instructing, by the kernel protection module, the tzacs to set the access right of the memory region to be protected as an insecure region read-only according to the address of the memory region to be protected, the method further includes:
the kernel protection module checks the validity of the address of the memory area needing to be protected; the method includes that the kernel protection module instructs the TZASC to set the access right of the memory area to be protected as an insecure area read-only according to the address of the memory area to be protected, and includes: and the kernel protection module instructs the TZASC to set the access authority of the memory area verified as valid as read-only of the nonsecure area according to the address of the memory area verified as valid.
In one possible implementation, the kernel protection module runs in a secure area, and the operating system kernel runs in a non-secure area.
In a second aspect, an operating system security protection system is provided, including: an operating system kernel, the kernel protection module and a TZASC; the kernel protection module is used for acquiring the address of the memory region needing to be protected and the kernel page table base address, and indicating the trust zone address space controller TZASC to set the access authority of the memory region needing to be protected as the non-secure zone read-only according to the address of the memory region needing to be protected; and analyzing a kernel page table entry according to the kernel page table base address to indicate the TZASC to set the access authority of the kernel page table entry falling into the memory region needing protection as a non-secure region read-only; the TZASC is used for setting the access authority of the memory area needing to be protected as an unsafe area read only according to the indication of the kernel protection module; and setting the access authority of the kernel page table entry falling into the memory area needing protection as an insecure area for reading only.
In one possible implementation, the operating system kernel is to:
and sending the address of the memory region needing to be protected and the kernel page table base address to the kernel protection module.
In one possible implementation, the operating system kernel is further configured to:
initializing, acquiring the address of a memory region needing to be protected, and reading a kernel page table base address from a page table base address register; the addresses of the memory area to be protected at least include a memory physical address for storing the program code of the operating system kernel and a memory physical address for storing read-only data.
In one possible implementation, the system further includes a security monitoring module; the operating system kernel is specifically configured to: and sending the address of the memory region to be protected and the kernel page table base address to the kernel protection module by calling an interface of the security monitoring module.
In a possible implementation manner, the kernel protection module is specifically configured to:
and analyzing an operating system kernel image file or a kernel configuration file to obtain the address of the memory region needing to be protected, and reading a kernel page table base address from the page table base address register.
In one possible implementation manner, the kernel protection module is further configured to:
verifying the validity of the address of the memory area needing to be protected; and instructing the TZASC to set the access authority of the memory area verified as valid as read-only of the insecure area according to the address of the memory area verified as valid.
In one possible implementation, the kernel protection module runs in a secure area, and the operating system kernel runs in a non-secure area.
In a third aspect, a communication apparatus is provided, including: a processor, a memory; the memory storing computer instructions; the processor is configured to read the computer instructions and execute the method according to any one of the first aspect.
In a fourth aspect, there is provided a computer-readable storage medium having stored thereon computer-executable instructions for causing a computer to perform the method of any of the first aspects.
In a fifth aspect, there is provided a computer program product which, when invoked by a computer, causes the computer to perform the method of any of the first aspects.
The kernel protection module instructs the TZASC to set the access authority of the memory area needing to be protected as the read-only of the nonsecure area according to the address of the memory area needing to be protected sent by the kernel of the operating system, so the integrity protection of the kernel of the operating system is realized. Furthermore, after the kernel protection module obtains the kernel page table entry according to the kernel page table base address analysis, the TZASC is indicated to set the access authority of the kernel page table entry falling into the memory region needing to be protected as the non-secure region read-only, so that the kernel of the operating system is prevented from being tampered, and the security of the operating system is improved.
Drawings
FIG. 1 is a diagram of TrustZone architecture suitable for use in embodiments of the present application;
FIG. 2 is a diagram of an operating system security protection system architecture suitable for use with an embodiment of the present application;
fig. 3 is a schematic flowchart of a method for protecting security of an operating system according to an embodiment of the present disclosure;
fig. 4 is a schematic diagram illustrating an initial process performed by an operating system kernel according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a communication device according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application clearer, the present application will be described in further detail with reference to the accompanying drawings, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Some terms in the embodiments of the present application are explained below to facilitate understanding by those skilled in the art.
(1) In the embodiments of the present application, the terms "network" and "system" are often used interchangeably, but those skilled in the art can understand the meaning.
(2) In the embodiments of the present application, the term "plurality" means two or more, and other terms are similar thereto.
(3) "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
(4) The TrustZone technology is characterized in that ARM core logic is divided into a secure core and an insecure core, and resources such as a Memory, an external device and an on-chip Static Random Access Memory (SRAM) are isolated into secure resources and insecure resources for the secure core and the insecure core to Access through on-chip secure modules such as a Trusted Zone Address Space Controller (TZASC), a Trusted Zone Protection Controller (TZPC), a Trusted Zone Memory Adapter (TZMA) and the like.
The tzsc is generally integrated on a memory controller, and is used for dividing a secure area and an insecure area of a memory and supporting access right control. The access right of the TZASC is represented by 4 bits, and represents that the security core can read, the security core can write, the non-security core can read and the non-security core can write, and 16 kinds of rights are available. The TZASC can only access through a security core, so that the access configuration cannot be tampered.
The TZPC is generally integrated on an Advanced High Performance Bus (AHB) or A Peripheral Bus (APB) for controlling access rights of Peripheral devices (accessible to a secure core or not accessible to a secure core). The TZPC can only access through a security core, so that the access configuration cannot be tampered.
TZMA is used to control the secure or non-secure core access rights of Read-Only Memory (ROM) or SRAM on-chip. The TZMA can only access through a security core, so that the access configuration cannot be tampered.
Fig. 1 is a technical architecture diagram of TrustZone applicable to the embodiment of the present application. As shown, the architecture is mainly connected by a Bus (e.g., AXI Bus)10 and a Central Processing Unit (CPU) 11, an Interrupt Controller (GIC), a Graphics Processing Unit (GPU), a Neural Network Processor (NPU), a tzsc 12, a TZMA 13, a TZP, and an AXI bridge. The number of the CPUs 11 may be plural, and fig. 1 is described with only one CPU.
The CPU 11 is divided into an unsecure kernel (shown as NS in fig. 1) and a secure kernel (shown as S in the figure) and can be used to distinguish between access to secure resources and unsecure resources.
The tzsc 12 mainly controls a Dynamic Random Access Memory (DRAM), and may divide a Memory into a secure CPU core accessible area and a non-secure CPU core accessible area, thereby implementing isolation of the DRAM.
The TZMA 13 is mainly used for controlling a random access memory (iRAM) inside the system, a read only memory (iRAM) inside the system, and the like, and can divide the memories (iRAM ) into a safe area and a non-safe area so as to realize the isolation of the memories.
The TZPC is a peripheral controller and may control access rights of a peripheral, for example, access rights of a High Definition Multimedia Interface (HDMI), a Universal Serial Bus (USB), and the like.
The GIC, which can distinguish between the non-secure interrupt and the secure interrupt, can perform interrupt control management on the CPU 11. The AXI Bridges can bridge the APB bus, and the TZPC is matched to enable the APB bus peripheral to support a TrustZone safety characteristic system bus as an infrastructure facility of the TrustZone, so that an isolation mechanism of a safe world and an unsafe world is provided, and an unsafe core is ensured to only access system resources of the unsafe world, and can access all resources, so that the resources of the safe world cannot be accessed by the unsafe world (or a common world).
In the embodiment of the application, the TZASC 12 based on the Trust Zone technology configures the memory access permission, thereby implementing security protection on the kernel of the operating system.
Fig. 2 is a schematic structural diagram of an operating system security protection system applicable in this embodiment.
As shown in the figure, the system mainly includes an application program, an operating system kernel 20, a security monitoring module 21, a tzsc 12, and a kernel protection module 23. The security monitoring module 21, the kernel protection module 23, and the tzsc 12 operate in a secure area, and the operating system kernel 20 operates in an insecure area.
The application runs under EL0 processor mode.
The operating system kernel 20 runs in the EL1 processor mode of the insecure area, and can send the acquired address to be protected to the kernel protection module 23 through the security monitoring module 21.
The security monitoring module 21 is a basic module in the TrustZone technology, operates in the EL3 processor mode of the secure domain, and can send the received address to the kernel protection module 23, and can also be used to load and operate the kernel protection module 23.
The kernel protection module 23 operates in the EL1 processor mode of the secure domain, and may be used to acquire an address sent by the security monitoring module 21, directly analyze an operating system kernel image file or a kernel configuration file, read from a page table base address register, and the like to obtain a required address, load the operating system kernel 20 into the non-secure domain memory to operate, and call the tzsc 12 to set a permission operation on the acquired address, thereby implementing security protection on the operating system kernel 20.
It should be noted that, the security of the above module in the startup phase can be verified by the digital signature to guarantee the security of the module.
Fig. 3 is a flowchart illustrating a method for operating system security protection according to an embodiment of the present disclosure, where the flowchart may be executed by a kernel protection module (e.g., the kernel protection module 23 in fig. 2). The module can be realized by software, hardware or a combination of software and hardware. As shown, the process includes the following steps:
301: the kernel protection module acquires the address of the memory region needing protection and the kernel page table base address.
Optionally, the address of the memory area that needs to be protected may include a memory physical address for storing a program code of an operating system kernel, a memory physical address for storing read-only data, and the like, and may also include any other memory address range that needs to be protected by read-only, which is not limited in this embodiment of the present application.
Optionally, in some embodiments, when the system is initialized, the operating system kernel sends the address of the memory region to be protected and the kernel page table base address to the kernel protection module. For example, as shown in fig. 4, before the kernel protection module obtains the address of the memory region to be protected and the kernel page table base address sent by the operating system kernel, the operating system kernel initializes, and the process of initializing the operating system kernel is as follows:
401: the operating system kernel initializes.
402: after the kernel of the operating system is initialized, the address of the memory region needing to be protected is obtained, and the kernel page table base address is read from the page table base address register.
403: and the kernel of the operating system sends the address of the memory region needing to be protected and the kernel page table base address to the kernel protection module. Optionally, the kernel of the operating system may obtain addresses and ranges of text and data segments, and may also read a kernel page table base address from the page table base address register, and send the kernel page table base address to the kernel protection module.
Optionally, the kernel of the operating system may send the address of the memory region to be protected and the kernel page table base address to the kernel protection module by calling an interface of the security monitoring module. Thereafter, the operating system kernel processes in the original manner.
When the kernel of the operating system is initialized, the kernel of the operating system does not need to be changed, so that the consumption of system resources is reduced.
Optionally, in other embodiments, the kernel protection module may also directly parse the kernel image file or the kernel configuration file of the operating system to obtain an address of the memory region to be protected, and read the kernel page table base address from the page table base address register, so as to avoid changing the kernel of the operating system.
302: and the core protection module indicates the TZASC to set the access authority of the memory area needing to be protected as the non-secure region read only according to the address of the memory area needing to be protected.
Optionally, before instructing the tzsc to set the access right of the memory area to be protected as the nonsecure region read-only according to the address of the memory area to be protected, the kernel protection module may further check validity of the address of the memory area to be protected, and when the address of the memory area to be protected is checked as the address of the valid memory area, the kernel protection module instructs the tzsc to set the access right of the memory area checked as valid as the nonsecure region read-only. For example, according to the range threshold of the physical memory of the located area, the address of the memory area needing to be protected is checked, if the address range of the memory area needing to be protected does not exceed the range threshold of the physical memory, the address of the memory area needing to be protected is determined to be valid, and the access right of the memory area is set to be read-only in the non-secure area.
The access right of the memory area needing to be protected is set to be read only by the TZASC, the state switching between the secure area and the non-secure area is not needed, dynamic measurement is not needed, and the influence of the access right set based on the TZASC on the bandwidth and delay of the memory is small, so that the resources of an operating system are saved.
303: and the kernel protection module analyzes the kernel page table base address to obtain a kernel page table entry and indicates the TZASC to set the access authority of the kernel page table entry falling into the memory region needing protection as a non-secure region read-only.
In this step, only the tzsc needs to be instructed to set the access right of the kernel page table entry falling into the memory region to be protected as the nonsecure region read only, and compared with the operation executed by switching the kernel page table entry into the secure region, the change of the operating system is small, so that the consumption of the operating system resources is reduced.
In the embodiment of the application, because the address of the memory area needing to be protected is sent according to the kernel of the operating system, and the kernel protection module instructs the tzsc to set the access right of the memory area needing to be protected as the read-only of the nonsecure area, the integrity protection of the kernel of the operating system is realized. Further, after the module obtains the kernel page table entry according to the kernel page table base address analysis, the module indicates the TZASC to set the access authority of the kernel page table entry falling into the memory region needing to be protected as the non-secure region read-only, so that the kernel of the operating system is prevented from being tampered, and the security of the operating system is improved.
In the embodiment of the application, because the non-secure area has no right to modify the TZASC, even if an attacker takes the access right of the kernel of the operating system, the kernel of the operating system cannot be tampered, so that the integrity protection of the kernel of the operating system is realized; because the access authority of the kernel page table entry falling into the memory area needing protection is set to be read only in the non-secure area, an attacker cannot tamper with the kernel of the operating system by modifying the page table entry to point to another physical memory address; and the TZASC controls the access authority of the physical memory address, thereby protecting the safety of an operating system.
Based on the same technical concept, the embodiment of the present application further provides a device, and the device can implement the method and the process for the security protection of the operating system in the embodiment of the present application.
Fig. 5 is a schematic structural diagram of a communication device according to an embodiment of the present application.
As shown, the apparatus may comprise: a processor 501, a memory 502, and a bus interface 503.
The processor 501 is responsible for managing the bus architecture and general processing, and the memory 502 may store data used by the processor 501 in performing operations.
The bus architecture may include any number of interconnected buses and bridges, with one or more processors, represented by processor 501, and various circuits, represented by memory 502, being linked together. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The processor 501 is responsible for managing the bus architecture and general processing, and the memory 502 may store data used by the processor 501 in performing operations.
The processes disclosed in the embodiments of the present application may be applied to the processor 501, or implemented by the processor 501. In implementation, the steps of the signal processing flow may be implemented by integrated logic circuits of hardware or instructions in the form of software in the processor 501. The processor 501 may be a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof, configured to implement or perform the methods, steps, and logic blocks disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method applied in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in the processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in the memory 502, and the processor 501 reads the information in the memory 502 and completes the steps of the information processing flow in combination with the hardware thereof.
Specifically, the processor 501 is configured to read the computer instructions in the memory 502 and execute an operating system security protection method in the embodiment of the present application.
It should be noted that, the communication device provided in the embodiment of the present application can implement all the method steps implemented by the method embodiment and achieve the same technical effect, and detailed descriptions of the same parts and beneficial effects as the method embodiment in this embodiment are omitted here.
The embodiment of the present application further provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and the computer-executable instructions are used to enable a computer to execute the operating system security protection method in the foregoing embodiment.
The embodiment of the present application further provides a computer program product, and when the computer program product is called by a computer, the computer is enabled to execute the operating system security protection method in the above embodiment.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (17)

1. An operating system security protection method, comprising:
the kernel protection module acquires an address of a memory region needing to be protected and a kernel page table base address;
the kernel protection module instructs a trust zone address space controller TZASC to set the access authority of the memory zone needing to be protected as an insecure zone read-only according to the address of the memory zone needing to be protected;
and the kernel protection module analyzes the base address of the kernel page table to obtain a kernel page table entry and indicates the TZASC to set the access right of the kernel page table entry falling into the memory region needing to be protected as an unsafe region read only.
2. The method of claim 1, wherein before the kernel protection module obtains the address of the memory region to be protected, the kernel page table base address, the method further comprises:
and the kernel of the operating system sends the address of the memory region needing to be protected and the kernel page table base address to the kernel protection module.
3. The method of claim 2, wherein before the operating system kernel sends the address of the memory region to be protected, a kernel page table base address, to the kernel protection module, the method further comprises:
initializing the kernel of the operating system, acquiring the address of a memory region needing to be protected, and reading a kernel page table base address from a page table base address register; the addresses of the memory area to be protected at least include a memory physical address for storing the program code of the operating system kernel and a memory physical address for storing read-only data.
4. The method as claimed in claim 2, wherein the said operating system kernel sends the address of the memory region needing protection, kernel page table base address to the said kernel protection module, including:
and the kernel of the operating system sends the address of the memory region to be protected and the kernel page table base address to the kernel protection module by calling an interface of a security monitoring module.
5. The method of claim 1, wherein the kernel protection module obtaining an address of a memory region to be protected, a kernel page table base address, comprises:
the kernel protection module analyzes an operating system kernel image file or a kernel configuration file to obtain the address of the memory region needing to be protected, and reads the kernel page table base address from the page table base address register.
6. The method of claim 1, wherein the core protection module instructs the tzsc to set the access right of the memory region to be protected as an insecure region read-only according to the address of the memory region to be protected, further comprising:
the kernel protection module checks the validity of the address of the memory area needing to be protected;
the method includes that the kernel protection module instructs the TZASC to set the access right of the memory area to be protected as an insecure area read-only according to the address of the memory area to be protected, and includes:
and the kernel protection module instructs the TZASC to set the access authority of the memory area verified as valid as read-only of the nonsecure area according to the address of the memory area verified as valid.
7. The method of any of claims 1-6, wherein the kernel protection module runs in a secure area and the operating system kernel runs in a non-secure area.
8. An operating system security protection system, comprising: an operating system kernel, the kernel protection module and a trust zone address space controller TZASC;
the kernel protection module is used for acquiring the address of the memory region needing to be protected and the kernel page table base address, and indicating the trust zone address space controller TZASC to set the access authority of the memory region needing to be protected as the non-secure zone read-only according to the address of the memory region needing to be protected; and analyzing a kernel page table entry according to the kernel page table base address to indicate the TZASC to set the access authority of the kernel page table entry falling into the memory region needing protection as a non-secure region read-only;
the TZASC is used for setting the access authority of the memory area needing to be protected as an unsafe area read only according to the indication of the kernel protection module; and setting the access authority of the kernel page table entry falling into the memory area needing protection as an insecure area for reading only.
9. The system of claim 8, wherein the operating system kernel is to:
and sending the address of the memory region needing to be protected and the kernel page table base address to the kernel protection module.
10. The system of claim 9, wherein the operating system kernel is further to:
initializing, acquiring the address of a memory region needing to be protected, and reading a kernel page table base address from a page table base address register; the addresses of the memory area to be protected at least include a memory physical address for storing the program code of the operating system kernel and a memory physical address for storing read-only data.
11. The system of claim 9, wherein the system further comprises a security monitoring module;
the operating system kernel is specifically configured to: and sending the address of the memory region to be protected and the kernel page table base address to the kernel protection module by calling an interface of the security monitoring module.
12. The system of claim 8, wherein the kernel protection module is specifically configured to:
and analyzing an operating system kernel image file or a kernel configuration file to obtain the address of the memory region needing to be protected, and reading a kernel page table base address from the page table base address register.
13. The system of claim 8, wherein the kernel protection module is further to:
verifying the validity of the address of the memory area needing to be protected; and instructing the TZASC to set the access authority of the memory area verified as valid as read-only of the insecure area according to the address of the memory area verified as valid.
14. The system of any of claims 8-13, wherein the kernel protection module runs in a secure area and the operating system kernel runs in a non-secure area.
15. A communications apparatus, comprising: a processor, a memory;
the memory storing computer instructions;
the processor, reading the computer instructions, performing the method of any one of claims 1-7.
16. A computer-readable storage medium having computer-executable instructions stored thereon for causing a computer to perform the method of any one of claims 1-7.
17. A computer program product, which, when called by a computer, causes the computer to perform the method of any one of claims 1 to 7.
CN202210281823.0A 2022-03-21 2022-03-21 Operating system security protection method, device and system Pending CN114637997A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210281823.0A CN114637997A (en) 2022-03-21 2022-03-21 Operating system security protection method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210281823.0A CN114637997A (en) 2022-03-21 2022-03-21 Operating system security protection method, device and system

Publications (1)

Publication Number Publication Date
CN114637997A true CN114637997A (en) 2022-06-17

Family

ID=81949031

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210281823.0A Pending CN114637997A (en) 2022-03-21 2022-03-21 Operating system security protection method, device and system

Country Status (1)

Country Link
CN (1) CN114637997A (en)

Similar Documents

Publication Publication Date Title
KR100987507B1 (en) A computer system including a bus bridge for connection to a security services processor
EP2587376B1 (en) Systems and methods for semaphore-based protection of shared system resources
US10489332B2 (en) System and method for per-task memory protection for a non-programmable bus master
US5970246A (en) Data processing system having a trace mechanism and method therefor
KR100950102B1 (en) A computer system including a secure execution mode-capable processor and a method of initializing the computer system
JP2000513471A (en) System for controlling access to a register mapped in an I / O address space of a computer system
US10102155B2 (en) Method and device of information protection for micro control unit chip
CN112417470B (en) Method, device, electronic equipment and storage medium for realizing GPU data security access
US20230297725A1 (en) Technologies for filtering memory access transactions received from one or more i/o devices
US20100017893A1 (en) System for Securing Register Space and Method of Securing the Same
US20080086769A1 (en) Monitor mode integrity verification
US9104472B2 (en) Write transaction interpretation for interrupt assertion
US20190050570A1 (en) Computer resource access control based on the state of a non-accessing component
CN113452666A (en) IP independent secure firmware loading
CN112749397A (en) System and method
CN115659379B (en) Bus access authority control method and device
CN112835846A (en) System on chip
US7596671B2 (en) Pre-paid computer monitoring hardware
US20180129828A1 (en) Exclusive execution environment within a system-on-a-chip computing system
US20090327750A1 (en) Security system for code dump protection and method thereof
US20210389884A1 (en) System and method for memory region protection
US7389427B1 (en) Mechanism to secure computer output from software attack using isolated execution
CN114637997A (en) Operating system security protection method, device and system
US10055588B2 (en) Event-based apparatus and method for securing BIOS in a trusted computing system during execution
CN115374041A (en) Bus decoder

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination