MX2021013230A - Ejecucion de llamadas de sistema en espacio de direccion aislado en el nucleo de sistema operativo. - Google Patents
Ejecucion de llamadas de sistema en espacio de direccion aislado en el nucleo de sistema operativo.Info
- Publication number
- MX2021013230A MX2021013230A MX2021013230A MX2021013230A MX2021013230A MX 2021013230 A MX2021013230 A MX 2021013230A MX 2021013230 A MX2021013230 A MX 2021013230A MX 2021013230 A MX2021013230 A MX 2021013230A MX 2021013230 A MX2021013230 A MX 2021013230A
- Authority
- MX
- Mexico
- Prior art keywords
- syscall
- kernel
- processor
- memory
- address space
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/545—Interprogram communication where tasks reside in different layers, e.g. user- and kernel-space
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
- G06F12/10—Address translation
- G06F12/1009—Address translation using page tables, e.g. page table structures
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/145—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being virtual, e.g. for virtual blocks or segments before a translation mechanism
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1491—Protection against unauthorised use of memory or access to memory by checking the subject access rights in a hierarchical protection system, e.g. privilege levels, memory rings
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/30003—Arrangements for executing specific machine instructions
- G06F9/3004—Arrangements for executing specific machine instructions to perform operations on memory
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/468—Specific access rights for resources, e.g. using capability register
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2212/00—Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
- G06F2212/10—Providing a specific technical effect
- G06F2212/1052—Security improvement
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Hardware Redundancy (AREA)
- Bus Control (AREA)
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US16/416,229 US11194639B2 (en) | 2019-05-19 | 2019-05-19 | Executing system calls in isolated address space in operating system kernel |
| PCT/EP2020/063618 WO2020234155A1 (en) | 2019-05-19 | 2020-05-15 | Executing system calls in isolated address space in operating system kernel |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| MX2021013230A true MX2021013230A (es) | 2022-01-06 |
Family
ID=70779711
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| MX2021013230A MX2021013230A (es) | 2019-05-19 | 2020-05-15 | Ejecucion de llamadas de sistema en espacio de direccion aislado en el nucleo de sistema operativo. |
Country Status (12)
| Country | Link |
|---|---|
| US (1) | US11194639B2 (https=) |
| EP (1) | EP3973393B1 (https=) |
| JP (1) | JP7546602B2 (https=) |
| KR (1) | KR102612503B1 (https=) |
| CN (1) | CN113711182B (https=) |
| AU (1) | AU2020277632B2 (https=) |
| BR (1) | BR112021023258A2 (https=) |
| CA (1) | CA3137259A1 (https=) |
| IL (1) | IL288057B2 (https=) |
| MX (1) | MX2021013230A (https=) |
| SG (1) | SG11202110222XA (https=) |
| WO (1) | WO2020234155A1 (https=) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11799741B2 (en) * | 2019-10-29 | 2023-10-24 | Fannie Mae | Systems and methods for enterprise information technology (IT) monitoring |
| US11586727B2 (en) * | 2021-03-29 | 2023-02-21 | Red Hat, Inc. | Systems and methods for preventing kernel stalling attacks |
| CN114048502B (zh) * | 2021-10-15 | 2023-08-15 | 中国科学院信息工程研究所 | 一种轻量级可信通道及其通信控制方法 |
| CN116204884A (zh) * | 2021-11-30 | 2023-06-02 | 华为技术有限公司 | 内核保护方法、装置及系统 |
| US12254079B2 (en) * | 2022-05-10 | 2025-03-18 | International Business Machines Corporation | Providing system services |
| CN117573419B (zh) * | 2024-01-16 | 2024-04-26 | 上海芯联芯智能科技有限公司 | 一种页面异常处理方法及装置 |
| CN119004420B (zh) * | 2024-10-23 | 2025-08-15 | 浙江大华技术股份有限公司 | 一种权限控制方法、权限控制装置以及计算机存储介质 |
Family Cites Families (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7496576B2 (en) | 2006-03-30 | 2009-02-24 | Microsoft Corporation | Isolated access to named resources |
| KR20080104591A (ko) * | 2007-05-28 | 2008-12-03 | 삼성전자주식회사 | 메모리 보호 방법 및 장치 |
| US10019327B1 (en) | 2008-12-15 | 2018-07-10 | Open Invention Network Llc | System and method for hybrid kernel- and user-space incremental and full checkpointing |
| US9354977B1 (en) | 2008-12-15 | 2016-05-31 | Open Invention Network Llc | System and method for hybrid kernel- and user-space incremental and full checkpointing |
| US8627451B2 (en) | 2009-08-21 | 2014-01-07 | Red Hat, Inc. | Systems and methods for providing an isolated execution environment for accessing untrusted content |
| US8533418B2 (en) * | 2010-06-30 | 2013-09-10 | International Business Machines Corporation | Memory allocation with identification of requesting loadable kernel module |
| US8677354B2 (en) | 2010-07-12 | 2014-03-18 | International Business Machines Corporation | Controlling kernel symbol visibility and accessibility across operating system linkage spaces |
| US9323921B2 (en) | 2010-07-13 | 2016-04-26 | Microsoft Technology Licensing, Llc | Ultra-low cost sandboxing for application appliances |
| US8954697B2 (en) * | 2010-08-05 | 2015-02-10 | Red Hat, Inc. | Access to shared memory segments by multiple application processes |
| CN102308282A (zh) * | 2011-07-20 | 2012-01-04 | 华为技术有限公司 | 多处理器体系结构远端内存访问的模拟方法及模拟器 |
| US9152548B2 (en) * | 2012-01-17 | 2015-10-06 | Vmware, Inc. | Controlling access to a privileged resource in user-mode system level mobile virtualization using a ptrace () system call |
| US9529614B2 (en) * | 2012-03-05 | 2016-12-27 | Board Of Regents The University Of Texas Systems | Automatically bridging the semantic gap in machine introspection |
| CN102681940B (zh) * | 2012-05-15 | 2015-06-10 | 北京航空航天大学 | 一种针对Linux操作系统内存管理子系统进行性能测试的方法 |
| US10585801B2 (en) * | 2012-11-26 | 2020-03-10 | Advanced Micro Devices, Inc. | Prefetch kernels on a graphics processing unit |
| US9910689B2 (en) * | 2013-11-26 | 2018-03-06 | Dynavisor, Inc. | Dynamic single root I/O virtualization (SR-IOV) processes system calls request to devices attached to host |
| US9628279B2 (en) * | 2014-09-30 | 2017-04-18 | Microsoft Technology Licensing, Llc | Protecting application secrets from operating system attacks |
| US10192067B2 (en) | 2016-05-26 | 2019-01-29 | Microsoft Technology Licensing, Llc | Self-described security model for resource access |
| US11188365B2 (en) * | 2016-11-29 | 2021-11-30 | Red Hat, Inc. | Memory overcommit by speculative fault |
| US10324838B2 (en) * | 2017-10-12 | 2019-06-18 | International Business Machines Corporation | Virtually addressable hardware global kernel segment table |
| US10599835B2 (en) * | 2018-02-06 | 2020-03-24 | Vmware, Inc. | 32-bit address space containment to secure processes from speculative rogue cache loads |
| US10698637B2 (en) * | 2018-07-03 | 2020-06-30 | Oracle International Corporation | Stale block resynchronization in NVM based systems |
-
2019
- 2019-05-19 US US16/416,229 patent/US11194639B2/en not_active Expired - Fee Related
-
2020
- 2020-05-15 CA CA3137259A patent/CA3137259A1/en active Pending
- 2020-05-15 SG SG11202110222XA patent/SG11202110222XA/en unknown
- 2020-05-15 CN CN202080029768.5A patent/CN113711182B/zh active Active
- 2020-05-15 WO PCT/EP2020/063618 patent/WO2020234155A1/en not_active Ceased
- 2020-05-15 EP EP20727198.2A patent/EP3973393B1/en active Active
- 2020-05-15 JP JP2021568575A patent/JP7546602B2/ja active Active
- 2020-05-15 AU AU2020277632A patent/AU2020277632B2/en active Active
- 2020-05-15 IL IL288057A patent/IL288057B2/en unknown
- 2020-05-15 MX MX2021013230A patent/MX2021013230A/es unknown
- 2020-05-15 KR KR1020217034428A patent/KR102612503B1/ko active Active
- 2020-05-15 BR BR112021023258A patent/BR112021023258A2/pt unknown
Also Published As
| Publication number | Publication date |
|---|---|
| AU2020277632A1 (en) | 2021-10-14 |
| SG11202110222XA (en) | 2021-10-28 |
| JP2022534685A (ja) | 2022-08-03 |
| KR20210141682A (ko) | 2021-11-23 |
| EP3973393A1 (en) | 2022-03-30 |
| US20200364101A1 (en) | 2020-11-19 |
| CN113711182B (zh) | 2025-02-11 |
| JP7546602B2 (ja) | 2024-09-06 |
| WO2020234155A1 (en) | 2020-11-26 |
| IL288057B1 (en) | 2024-02-01 |
| IL288057B2 (en) | 2024-06-01 |
| CA3137259A1 (en) | 2020-11-26 |
| IL288057A (en) | 2022-01-01 |
| EP3973393B1 (en) | 2024-08-07 |
| AU2020277632B2 (en) | 2023-07-06 |
| CN113711182A (zh) | 2021-11-26 |
| US11194639B2 (en) | 2021-12-07 |
| KR102612503B1 (ko) | 2023-12-08 |
| BR112021023258A2 (pt) | 2022-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| MX2021013230A (es) | Ejecucion de llamadas de sistema en espacio de direccion aislado en el nucleo de sistema operativo. | |
| Park et al. | libmpk: Software abstraction for intel memory protection keys (intel {MPK}) | |
| AU2019252434B2 (en) | Method and system for improving software container performance and isolation | |
| Ahn et al. | Revisiting hardware-assisted page walks for virtualized systems | |
| Liu et al. | Concurrent and consistent virtual machine introspection with hardware transactional memory | |
| US9465750B2 (en) | Memory protection circuit, method and processing unit utilizing memory access information register to selectively allow access to memory areas by virtual machines | |
| US9436619B2 (en) | Multi-level, hardware-enforced domain separation using a separation kernel on a multicore processor with a shared cache | |
| US9189360B2 (en) | Processor that records tracing data in non contiguous system memory slices | |
| US20160210069A1 (en) | Systems and Methods For Overriding Memory Access Permissions In A Virtual Machine | |
| WO2016118033A3 (en) | Systems and methods for exposing a result of a current processor instruction upon exiting a virtual machine | |
| KR20190096959A (ko) | 가상 머신 보안 어플리케이션을 위한 이벤트 필터링 | |
| GB2513266A (en) | Providing logical partitions with hardware-thread specific information reflective of exclusive use of a processor core | |
| BR112021023211A2 (pt) | Ambiente de execução limitada para kernel monolítico | |
| CN112368688B (zh) | 作为用于虚拟化的gpu任务容器的vmid | |
| US10216649B2 (en) | Kernel transitioning in a protected kernel environment | |
| US10956571B2 (en) | Kernel runtime integrity using processor assists | |
| Skarlatos et al. | BabelFish: Fusing address translations for containers | |
| Chen et al. | Hyperhammer: Breaking free from kvm-enforced isolation | |
| US10083125B2 (en) | Method to efficiently implement synchronization using software managed address translation | |
| D’Agostino et al. | Seeds of SEED: Characterizing enclave-level parallelism in secure multicore processors | |
| Bost | Hardware support for robust partitioning in freescale qoriq multicore socs (p4080 and derivatives) | |
| Lengyel et al. | Pitfalls of virtual machine introspection on modern hardware | |
| Wang et al. | ZION: A practical confidential virtual machine architecture on commodity RISC-V processors | |
| US20240311152A1 (en) | Translation lookaside buffer maintenance method and related device | |
| US20250004950A1 (en) | Translation lookaside buffer probing prevention |