+

WO2011076464A1 - Procédé et système de protection d'un système d'exploitation vis-à-vis d'une modification non autorisée - Google Patents

Procédé et système de protection d'un système d'exploitation vis-à-vis d'une modification non autorisée Download PDF

Info

Publication number
WO2011076464A1
WO2011076464A1 PCT/EP2010/066049 EP2010066049W WO2011076464A1 WO 2011076464 A1 WO2011076464 A1 WO 2011076464A1 EP 2010066049 W EP2010066049 W EP 2010066049W WO 2011076464 A1 WO2011076464 A1 WO 2011076464A1
Authority
WO
WIPO (PCT)
Prior art keywords
write
memory
predefined
machine code
operating system
Prior art date
Application number
PCT/EP2010/066049
Other languages
English (en)
Inventor
Christian Borntraeger
Wolfgang Gellerich
Holger Smolinksi
Original Assignee
International Business Machines Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corporation filed Critical International Business Machines Corporation
Priority to CN201080058484.5A priority Critical patent/CN102667794B/zh
Priority to JP2012545174A priority patent/JP5607752B2/ja
Publication of WO2011076464A1 publication Critical patent/WO2011076464A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Definitions

  • the present invention relates to a computerized method, a computer system, and a computer program product for protecting an operating system against unauthorized modification.
  • a computer virus is a computer program that can copy itself and infect a computer.
  • a virus and other types of malicious software programs can spread automatically via networks and manipulate data or executable code in a way that a code sequence belonging to the virus is executed.
  • Some malware programs have symptoms noticeable to a computer user, but many are
  • virus scanning programs search for a certain data pattern that is believed to identify a virus.
  • the major disadvantage of this approach is that a virus scanner requires a knowledge of viruses that have been analyzed by experts. Virus infection can only be detected, but is not prevented. Even if virus scanners are regularly updated, the system may still remain vulnerable for new viruses. Furthermore, a searched byte sequence may be erroneously found in non-infected data. Removing a virus from a computer system is also tricky and error-prone.
  • a virus may be programmed to encrypt itself and/or to undergo some mutation. Both changes the binary
  • Root kits A further example of malicious software are so-called root kits which exploit weaknesses in the operating system and completely circumvent most known protection systems.
  • the term root kit originally referred to a maliciously modified set of administrative tools for a Unix-like operating system that granted root access. If an intruder could replace the standard administrative tools on a system with a root kit, the modified tools would allow the intruder to gain elevated permissions before the protection system is initiated while concealing these activities from the legitimate system administrator.
  • Kernel- based root kits are directly installed into the kernel or drivers of an operating system and are significantly harder to detect and to prevent, for example, by an anti-virus or anti- spyware scan. Root kits may also install a "back door" in a system by replacing the login mechanism with an executable that accepts a secret login combination, which, in turn, allows an attacker to access the system, regardless of the changes to the actual accounts on the system.
  • the PCT patent application WO 2008/138653 Al discloses a method and data processing system to prevent computer programs and data of any kind stored in a computer system from being manipulated.
  • the computer system comprises storage means and means for switching the storage means into a write-protected mode.
  • the following steps are proposed either during boot or during an installation process of an application program: (a) prompting a user to perform a switching allowing temporarily writing to a write-protectable storage area, where the switching means is exclusively operable from outside of the operating system, (b) storing security-relevant information into the write-protectable storage area, (c) prompting a user to perform a manual switching to restrict writing to the write-protectable storage area, (d) restricting any write access to the write- protected storage area in response to the manual switching during further runtime of the computer system.
  • VPS virtual protection system
  • VCM virtual machine monitor
  • Access to portions of memory of the computer system by an additional operating system is restricted to read ⁇ only access. However, unrestricted access to the portions of memory is emulated via the first operating system.
  • the operating system controls memory access operations from a plurality of user and kernel processes.
  • a user process can be, for example, an email program or a text processing program.
  • the operating system allows write access to a specific memory portion only for one or more specific user processes and protects this specific memory portion against write-access attempts from other user processes.
  • the operating system also prohibits user processes to write- access memory portions that have been assigned to kernel
  • a computerized method for protecting an operating system (OS) against unauthorized modification in a computer system having a central processing unit (CPU) and a working memory comprises the following steps: A portion of the OS is predefined as to be write protected. The computer system is initiated by loading the OS into the working memory. Loading the predefined OS portion is finished by reaching a specific OS command initiating a write protect machine code instruction to be executed by the CPU to irreversibly switch the working memory portion containing the predefined OS portion into write-protected mode.
  • an OS command initiating a switch back of the working memory portion containing the predefined OS portion to write-enabled mode is prohibited.
  • the write protect machine code instruction is provided by the CPU.
  • the write protect machine code instruction may be triggered by accessing a specific memory address.
  • the write protect machine code instruction is associated with storage keys controlling access rights to the working memory portion containing the predefined OS portion by indicating the write-protected mode to the CPU.
  • the storage keys may be
  • a timer component initiates the write protect machine code instruction after a pre-defined time interval elapsed. More preferably, a measurement of the pre-defined time interval is based on a real-time clock. Alternatively, a measurement of the pre-defined time interval is based on counting instructions executed by the OS. Yet more preferably, the instructions are executed by a virtual processing unit of a virtual environment. More preferably, a measurement of the pre-defined time interval is based on counting cycles of a virtual processing unit of a virtual environment.
  • a write enable machine code instruction is initiated by a reset process external to the OS to be executed by the CPU to switch the memory portion containing the predefined OS portion into write-enabled mode. More preferably, the reset process is
  • hypervisor external to the OS and the hypervisor provides a virtual environment to the OS.
  • a central processing unit comprising adapted means for executing a write protect machine code instruction to irreversibly switch a portion of a working memory containing a predefined portion of an operating system (OS) into write
  • OS operating system
  • a computer system is initiated by loading the OS into the working memory and loading the predefined OS portion is finished by reaching a specific OS command initiating the write protect machine code instruction to be executed by the CPU.
  • a computer system comprising an operating system (OS) to be protected against unauthorized modification, a
  • Adapted means of the computer system initiate the computer system by loading the OS into the working memory, and finish loading the predefined OS portion by reaching a specific OS command initiating a write protect machine code instruction to be executed by the CPU to irreversibly switch the working memory portion containing the predefined OS portion into write-protected mode.
  • the computer program product comprises a computer usable medium having computer usable program code embodied therewith.
  • the computer usable program code is configured to perform the steps of the first aspect.
  • Fig. 1 illustrates a flow chart of a method for protecting an operating system according to an embodiment of the present invention .
  • Figs. 2 - 5 illustrate block diagrams of different phases of a computer system according to an embodiment of the present invention .
  • Fig. 6 illustrates a detail block diagram of a computer system according to prior art.
  • Fig. 7 illustrates a detail block diagram of a computer system according to an embodiment of the present invention.
  • a protection against unwanted manipulation of memory contents has been achieved by extending software and hardware capabilities of a prior art computer system.
  • the operating system may identify security-critical information that would typically be changed by a virus or a hacker attack and load this information into specific portions of the memory that can be switched from a write-enabled mode to a write-protected mode.
  • the memory portions are in the write-enabled mode, that is, machine code instructions of the processor of the computer system can change the contents of a particular memory location.
  • the load may be part of a boot procedure of the operating system, an
  • the load is not
  • protected this way may include some executable code, for example, a Windows or Linux operating system core, as well as security-critical data structures, for example, a Linux system call table.
  • executable code for example, a Windows or Linux operating system core
  • security-critical data structures for example, a Linux system call table.
  • the specific memory portions are switched to the write-protected mode and the operating system kernel and applications continue normal system operation.
  • Data structures that need to be changed during the normal system operation for example, data structures for managing user space processes in Linux, are stored in normal memory that is not write-protectable .
  • the program code and security-critical data stored in the write-protected memory area can be read as if stored in normal random access memory (RAM) . Writing, however, is
  • the write-protection prevents attackers from modifying security- relevant information, in particular portions of the operating system. When an attacker tries to write into such a write- protected memory area, an alert can be raised to indicate a detection of an attack attempt.
  • the preferred embodiment discloses an implementation of a write-protection management, which is based on triggers for the transitions between a write-protected mode and a write-enabled mode and vice versa and a set of implementations for these triggers .
  • the trigger that switches a write-protectable memory area into write-enabled mode may be of one of the following three types :
  • a hardware power-on or a hardware reset operation is typically triggered by manually actuating a mechanical switch or button.
  • an electrical switch may be conceived that is controlled by an external hardware component.
  • the initial mode of the write-protectable memory should be write-enabled.
  • the switch may have effect for all or only specific write-protectable portions of the memory.
  • the trigger may be a software command to write- enable specific portions of memory.
  • the software command must be privileged in such a way that it cannot be issued from within the operating system to be protected.
  • a virtual machine VM
  • the hypervisor that provides the virtual environment or the host operating system are external to the guest operating system.
  • the hypervisor could be adapted to issue the software command for switching these specific memory portions into write-enabled mode. It is essential that a privileged user having administrator rights for the operating system to be protected must not be allowed to execute this software command.
  • a start or reset of a subsystem to be protected may switch the write-protectable memory regions into write-enabled mode in the same way as a hardware power-on or reset.
  • the subsystem may be a guest operating system or a specific process context.
  • Three types of triggers may switch a write-protectable memory area into write-protected mode as follows:
  • a user may be prompted to activate the write- protected mode via a mechanical or electrical switch, or via a graphical user interface by selecting a GUI element or entering a software command.
  • the write-protected mode may be activated by a software command that is issued by the operating system to be protected.
  • This software command is preferably executed right after the information to be protected has been written to the write-protectable memory area.
  • the software command may be issued when specific earlier stages of a boot or installation procedure are completed. These specific earlier stages are typically related to specific components of the operating system. These stages may also include initialization steps of the components when dynamic configuration information is determined and written to the write-protectable memory area. It is advantageous to write-protect this information before later stages of the boot procedure allow access to user application processes.
  • the software command may specify which portions of memory should be switched to the write-protected mode.
  • the software command can be one of the following: (a) a specific machine code instruction that is provided by the processor hardware to perform the switch; (b) a specific hardware
  • interrupt that causes the processor to save its state of execution and begin execution of an interrupt handler, which comprises code portions to change the mode of write-protection; (c) when a program code instruction tries to access a pre ⁇ defined memory address or a memory address outside a pre-defined address range, this may trigger a switch of the memory address of the access attempt to the write-protected mode before the write-access becomes effective.
  • the mode change When the transition from the write-enabled mode to the write-protected mode can be triggered by a software command from within the operating system to be protected, the mode change must have "trapdoor semantics". This means that the switch is irreversible for the operating system to be protected. It must not be possible to change back from the write-protected mode to the write-enabled mode from within the operating system.
  • the switch to the write-protected mode may be triggered by a signal or software command issued by a timer component after a pre-defined delay time has elapsed.
  • the timer component is outside the operating system to be protected. It may be realized in hardware, firmware, or in a hypervisor of a virtual environment.
  • a timer may be
  • the following events decrement the counter value: timer ticks of a wall clock, machine cycles of the hardware processor, and write instructions executed by the hardware processor.
  • the corresponding decrement events are machine cycles or instruction counts of a virtual machine.
  • the memory portions to be protected remain in the write-enabled mode while the counter value is positive and go into the write-protected mode once the counter value reached zero.
  • the automatic activation of the write-protected mode by a software command or timer signal has an advantage over a manual actuation that it cannot be forgotten by a user who is
  • the software command is combined with the timer signal.
  • the memory will nevertheless be write-protected in response to the timer signal after the pre-defined delay time has elapsed.
  • the address space of the memory is split into two parts: a first one that can be write-protected and a second one that is not write-protectable.
  • This is feasible with a simple approach based on a protection per memory chip or per memory bank which depends on the particular architecture.
  • the first variant is simple to realize at low costs and has a low risk of misuse by the hacker attack.
  • the operating system software must be adapted to support this memory architecture. This involves an adapted operating system design, programming language extensions, compiler extensions, and loader/linker extensions.
  • a user-defined protection scheme comprises multiple regions of a memory address space which are independent of each other. These regions are not necessarily contiguous. A programmer or a system operator is free to specify which address ranges are to be protected. A specified list of protected memory areas must be stored and maintained at a secure memory location, which may be difficult to achieve.
  • the second variant provides high flexibility and may be combined with all operating system software even if the operating system software was not designed to support the memory protection mechanism of the preferred embodiment.
  • the disadvantages are high hardware costs, high efforts for
  • a first action may be an alert of the access attempt for a system operator via a hardware component, for example, by flashing on a lamp.
  • a second action may be a notification via the operating system or other software components.
  • An entry may be recorded in a system log, for example, the Linux syslog, or an email may be sent to the system operator.
  • third actions comprise
  • the operating system process can be a kernel or an application process. These third actions may be extended to all operating system processes started with
  • Fig. 1 illustrates a flow chart of a method for protecting an operating system (OS) against unauthorized modification.
  • a computer system has a central processing unit (CPU) and a working memory.
  • a portion of the OS is predefined as to be write protected.
  • the computer system is initiated by loading the OS into the working memory.
  • loading the predefined OS portion is finished by reaching a specific OS command initiating a write protect machine code instruction to be executed by the CPU to irreversibly switch the working memory portion containing the predefined OS portion into write-protected mode.
  • Figs. 2 to 5 illustrate block diagrams of different phases of a computer system 200, 300, 400, and 500.
  • the computer system has a central processing unit (CPU) 201, 301, 401, and 501, a working memory 202, 302, 402, and 502, and storage means 203, 303, 403, and 503 for providing an operating system (OS) .
  • CPU central processing unit
  • OS operating system
  • a portion 222 of the OS 221 is predefined as to be write protected. This portion 222 has a darker shading than other portions 223, 224 of the OS.
  • Program code portions 211 are stored in the computer system 200. According to these program code portions, the CPU 201 initiates the computer system by loading the OS into the working memory 202. The start of loading is symbolized by the block arrow 241. While loading the
  • this memory area is in the write-enabled mode. This mode is indicated by a light shading .
  • the CPU 301 finishes loading the predefined OS portion 322 by reaching a specific OS command 312 initiating in step 361 a write protect machine code instruction 351 to be executed by the CPU to irreversibly switch in step 362 the working memory portion 332 containing the predefined OS portion into write-protected mode.
  • the finish of loading this predefined OS portion is represented by the bar at the tip of the block arrow 341.
  • the predefined portion 332 of the OS has a darker shading than other OS portions 333, 334, which are write- enabled .
  • a timer component 404 initiates in step 463 the write protect machine code instruction 451 to be executed in step 464 by the CPU 401 after a pre-defined time interval elapsed.
  • This time measurement is preferably started in step 462 when loading the OS 421 or the predefined OS portion 422 into the working memory 402 begins.
  • the start of loading the OS is indicated by a block arrow 441.
  • the timer component 404 is preferably external to the OS 431.
  • the CPU 501 executes program code portions 513 of a reset process external to the OS 531 by initiating a write enable machine code instruction 552 to switch in step 561 the memory portion 532 containing the predefined OS portion 522 into write-enabled mode.
  • the write-enabled mode both this memory portion 532 and other memory portions 533, 534 of the OS 531 have the same light shading.
  • Fig. 6 illustrates a detail block diagram of a computer system 600 according to prior art.
  • the core of a central hub 600 is not limited to a central hub 600 .
  • processor hardware are internal communication means 601, for example, a bus system, which interconnect a memory control unit 602, an arithmetic logic unit (ALU) 603, a floating point unit (FPU) 604 and other processor components 605, registers 606, instruction decoder 607, instruction pointer component 608 and reset component 609.
  • a sequence 611 of machine code instructions may comprise "store access rights"
  • the prior art instruction decoder may process one operational code of this "store access rights" instruction.
  • a first parameter specifies a binary flag, for example, "0" for "write enable” and "1” for "write protect”.
  • Further parameters of a store access rights instruction may specify at least one memory address.
  • This address may refer to an individual memory page or memory page frame depending on the memory architecture.
  • Memory pages are same-sized blocks of storage, for example, 4 kilobytes, 8 kilobytes, 16 kilobytes, etc.
  • a second memory address or a page count may be used to specify a larger memory range of multiple pages.
  • the registers 606 provide storage for small amounts of data whose contents can be accessed more quickly than, for example, data stored in random access memory.
  • the arithmetic logic unit 603 and the floating point unit 604 are digital circuits that perform arithmetic and logical operations and floating point operations.
  • the memory control unit 602 is the hardware interface between the bus system 601 and the random access memory (RAM) 614, or shortly memory, which provides fast storage access to data independent of a storage location.
  • the memory is used for transient or temporary storage of data.
  • the memory control unit 602 comprises caches 615 to temporarily store data for frequent access to avoid delay times from memory access operations.
  • An access check component 616 stores memory access information specifying memory regions with restricted access, for example, write protection. The access rights are encoded into a number which is stored in table entries associated with storage
  • the memory controller 617 processes data to be stored at or
  • the reset component may reset the contents of the processor' s storage components to an initial state. This may comprise removing stored information from the memory, caches, and
  • the memory access information is also reset to allow maximum access rights to most or all portions of the memory.
  • the reset component may be initiated by an electro-mechanical switch 618, for example, a reset button, or by a hardware power-on.
  • the key issue of prior art is that the same "store access rights" machine code instructions is used for write-enabling and write-disabling of memory portions. Hence, both actions have the same privilege level. However, it is more security-sensitive to switch memory portions to write-enabled mode than to write- protected mode.
  • the embodiment solves the problem by providing two distinct machine code instructions for write-enabling and write-disabling as explained below.
  • the write enable machine code instruction needs to be privileged in the sense that it cannot be initiated from within the operating system to be protected, but only from outside the operating system, for example, from firmware components or from a hypervisor providing a virtualized environment to the operating system.
  • Fig. 7 illustrates a detail block diagram of a computer system 700 according to the preferred embodiment.
  • the internal communication bus system 701, the ALU 703, the FPU 704, other processor components 705, instruction pointer component 708, and registers 706 work essentially similar to prior art.
  • the internal communication bus system 701, the ALU 703, the FPU 704, other processor components 705, instruction pointer component 708, and registers 706 work essentially similar to prior art.
  • the memory 614 is split into protectable memory 718 and standard memory 714.
  • the access check component 716 of the memory control unit 702 is used to maintain access rights to portions of the standard memory 714 as described in Fig. 6.
  • the access rights of the protectable memory 718 are controlled by an additional trap door component 719 of the memory control unit.
  • the memory controller 717 processes data to be retrieved from both the standard memory 714 and the protectable memory 718 and to be stored at the standard memory 714. Data is only allowed to be stored at the protectable memory 718 before the switch to the write protected mode.
  • the memory controller 717 operates independently from the ALU, the FPU, and the other processing units.
  • the instruction decoder 707 of the embodiment is adapted to process a write protect machine code instruction 720 to switch a portion of the protectable memory 718 to write-protected mode.
  • One or more parameters of the write protect machine code instruction may specify at least one memory address of one or more memory pages of the protectable memory.
  • a super privilege decoder 722 may process separate machine code instructions 723, which are provided by firmware components or a hypervisor 721.
  • the super privilege decoder is adapted to process a write enable machine code instruction 724 to switch a portion of the protectable memory 718 to write- enabled mode.
  • the instruction decoder 707 is not adapted to process this write enable machine code instruction.
  • the decoded write enable machine code instructions are passed from the super privilege decoder via a trap door reset component 725 to the trap door component 719 of the memory control unit 702. Then, the trap door component switches specified portions of the protectable memory to write enable mode.
  • the trap door reset component 725 is preferably decoupled from the internal bus system 701.
  • the reset component 709 switches a hardware power-on or a hardware reset signal not only to the bus system 701, but also to the trap door reset component 725. This component processes the reset signal to switch most or all portions of the protectable memory to write-enabled mode.
  • the write protect machine code instruction 720 and the write enable machine code instruction 724 have different privilege levels.
  • the machine code instructions 711 of the operating system can only initiate the write protect machine code instruction, but not the write enable machine code instruction. As described above, the
  • instruction decoder for the operating system may not be able to decode a write enable machine code instruction.
  • a compiler of operating system machine code instructions may only support the generation of the write protect machine code instructions and suppress the
  • a control field in storage called a storage key is associated with each 4 kilobyte frame of central storage.
  • a specific key is assigned to each work being performed in the system. When a request is made to modify the contents of a central storage location, the specific key associated with the request is compared to the storage key. If the keys match or the program is executing with the master key 0, the request is satisfied. If the key
  • the system rejects the request and issues a program exception interruption.
  • the specific key is stored in 4 bits of the program status word (PSW) assigned to each job and allows isolation of up to 16 components.
  • PSW program status word
  • the storage key can be updated using a "store access rights" instruction, for example, in z/OS, the SET_STORAGE_KEY_EXTENDED (SSKE) instruction.
  • a WRITE_PROTECTED bit may be added to the bits of the storage key.
  • the value of a WRITE_PROTECTED bit is "1"
  • the processor provides a WRITE_PROTECT instruction and a
  • the WRITE_PROTECT instruction sets the value "1" of the WRITE_PROTECTED bit for one or more frames to protect data stored in the corresponding portions of memory against modification.
  • the WRITE_ENABLE instruction sets the value "0" of the WRITE_PROTECTED bit to enable write operations on data stored in one or more frames.
  • the SSKE instruction can only set the WRITE_PROTECTED bit to the value "1", but not unset it to the value "0". Only the additional WRITE_ENABLE instruction is permitted to unset the WRITE_PROTECTED bit back to the value "0".
  • the WRITE_PROTECTED bit may also have the value "0" to represent the write-protected state.
  • the processor provides a FI ALIZE_STORAGE_KEY instruction referring to one or more memory frames.
  • This FI ALI ZE_STORAGE_KEY instruction disallows any future SSKE instruction to change the storage key values set by previous SSKE instructions.
  • the FI ALI ZE_STORAGE_KEY instruction may set a specific KEY_FINALIZED flag for the corresponding memory frames. Only an additional INITIALI ZE_STORAGE_KEY
  • the INITIALI ZE_STORAGE_KEY instruction may even be adapted to reset the contents of the complete storage key to an initial value.
  • instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the
  • These computer program instructions may also be stored in a computer readable medium that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the
  • the computer program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the
  • each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

Un mode de réalisation fournit un procédé informatisé, un système informatique et un produit-programme d'ordinateur destinés à protéger un système d'exploitation (OS) vis-à-vis d'une modification non autorisée. Le système informatique comporte une unité centrale de traitement (CPU) et une mémoire de travail. Une partie de l'OS est prédéfinie pour une protection en écriture. Le système informatique est lancé en chargeant l'OS dans la mémoire de travail. Le chargement de la partie prédéfinie de l'OS est terminé en atteignant une commande spécifique de l'OS qui lance l'exécution d'une instruction de code machine de protection en écriture par la CPU qui vise à commuter de manière irréversible la partie mémoire de travail qui contient la partie prédéfinie de l'OS dans un mode de protection en écriture.
PCT/EP2010/066049 2009-12-23 2010-10-25 Procédé et système de protection d'un système d'exploitation vis-à-vis d'une modification non autorisée WO2011076464A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201080058484.5A CN102667794B (zh) 2009-12-23 2010-10-25 用于保护操作系统免于非授权修改的方法和系统
JP2012545174A JP5607752B2 (ja) 2009-12-23 2010-10-25 不正な変更からオペレーティング・システムを保護するための方法及びシステム

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP09180535.8 2009-12-23
EP09180535 2009-12-23

Publications (1)

Publication Number Publication Date
WO2011076464A1 true WO2011076464A1 (fr) 2011-06-30

Family

ID=43302348

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2010/066049 WO2011076464A1 (fr) 2009-12-23 2010-10-25 Procédé et système de protection d'un système d'exploitation vis-à-vis d'une modification non autorisée

Country Status (4)

Country Link
JP (1) JP5607752B2 (fr)
CN (1) CN102667794B (fr)
TW (1) TW201137660A (fr)
WO (1) WO2011076464A1 (fr)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014004212A1 (fr) * 2012-06-29 2014-01-03 Intel Corporation Temporisateur pour protection matérielle d'une sentinelle d'intégrité du moteur d'exécution sur un moniteur de machines virtuelles
JP2015523668A (ja) * 2012-08-28 2015-08-13 アリババ・グループ・ホールディング・リミテッドAlibaba Group Holding Limited マルウェアプロセスの検出
WO2016172012A1 (fr) * 2015-04-24 2016-10-27 Qualcomm Incorporated Protection de mémoire à grains fins pour empêcher des attaques de dépassement de mémoire
US9953104B2 (en) 2013-07-01 2018-04-24 International Business Machines Corporation Controlling access to one or more datasets of an operating system in use
WO2020057728A1 (fr) * 2018-09-18 2020-03-26 Huawei Technologies Co., Ltd. Appareil et procédé de protection de mémoire
JP2022521148A (ja) * 2019-02-25 2022-04-06 インターナショナル・ビジネス・マシーンズ・コーポレーション メモリを保護するために使用されるストレージ・キーの変更の検出

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8694738B2 (en) * 2011-10-11 2014-04-08 Mcafee, Inc. System and method for critical address space protection in a hypervisor environment
US8973144B2 (en) 2011-10-13 2015-03-03 Mcafee, Inc. System and method for kernel rootkit protection in a hypervisor environment
US9069586B2 (en) 2011-10-13 2015-06-30 Mcafee, Inc. System and method for kernel rootkit protection in a hypervisor environment
TWI619038B (zh) * 2011-11-07 2018-03-21 Admedec Co Ltd Safety box
DE102013209264A1 (de) * 2013-05-17 2014-11-20 Robert Bosch Gmbh Verfahren zum Betreiben eines Kommunikationsmoduls und Kommunikationsmodul
JP6129702B2 (ja) * 2013-09-24 2017-05-17 株式会社東芝 情報処理装置、情報処理システム、プログラム
GB2540961B (en) * 2015-07-31 2019-09-18 Arm Ip Ltd Controlling configuration data storage
US9984231B2 (en) * 2015-11-11 2018-05-29 Qualcomm Incorporated Detecting program evasion of virtual machines or emulators
US11003777B2 (en) 2018-04-16 2021-05-11 International Business Machines Corporation Determining a frequency at which to execute trap code in an execution path of a process executing a program to generate a trap address range to detect potential malicious code
US10810304B2 (en) 2018-04-16 2020-10-20 International Business Machines Corporation Injecting trap code in an execution path of a process executing a program to generate a trap address range to detect potential malicious code

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070005919A1 (en) 2005-07-01 2007-01-04 Red Hat, Inc. Computer system protection based on virtualization
WO2008138653A1 (fr) 2007-05-09 2008-11-20 International Business Machines Corporation Procédé et système de traitement des données permettant d'empêcher la manipulation de systèmes informatiques
US20090285068A1 (en) * 2008-05-19 2009-11-19 Mingjun Xu Disk operation protection method and disk controller

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2507430B2 (ja) * 1987-05-29 1996-06-12 富士通株式会社 主記憶保護方式
WO2000050974A2 (fr) * 1999-02-26 2000-08-31 Reveo, Inc. Systemes globalement synchronises dans le temps
JP2007036907A (ja) * 2005-07-29 2007-02-08 Calsonic Kansei Corp ゲートウェイ装置
US8037269B2 (en) * 2005-11-07 2011-10-11 Panasonic Corporation Portable auxiliary storage device
JP5260081B2 (ja) * 2008-02-25 2013-08-14 パナソニック株式会社 情報処理装置及びその制御方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070005919A1 (en) 2005-07-01 2007-01-04 Red Hat, Inc. Computer system protection based on virtualization
WO2008138653A1 (fr) 2007-05-09 2008-11-20 International Business Machines Corporation Procédé et système de traitement des données permettant d'empêcher la manipulation de systèmes informatiques
US20090285068A1 (en) * 2008-05-19 2009-11-19 Mingjun Xu Disk operation protection method and disk controller

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014004212A1 (fr) * 2012-06-29 2014-01-03 Intel Corporation Temporisateur pour protection matérielle d'une sentinelle d'intégrité du moteur d'exécution sur un moniteur de machines virtuelles
US8800052B2 (en) 2012-06-29 2014-08-05 Intel Corporation Timer for hardware protection of virtual machine monitor runtime integrity watcher
JP2015523668A (ja) * 2012-08-28 2015-08-13 アリババ・グループ・ホールディング・リミテッドAlibaba Group Holding Limited マルウェアプロセスの検出
JP2016105310A (ja) * 2012-08-28 2016-06-09 アリババ・グループ・ホールディング・リミテッドAlibaba Group Holding Limited マルウェアプロセスの検出
US9953104B2 (en) 2013-07-01 2018-04-24 International Business Machines Corporation Controlling access to one or more datasets of an operating system in use
US10628489B2 (en) 2013-07-01 2020-04-21 International Business Machines Corporation Controlling access to one or more datasets of an operating system in use
CN107533515A (zh) * 2015-04-24 2018-01-02 高通股份有限公司 阻止存储器溢出攻击的精细粒度存储器保护
WO2016172012A1 (fr) * 2015-04-24 2016-10-27 Qualcomm Incorporated Protection de mémoire à grains fins pour empêcher des attaques de dépassement de mémoire
WO2020057728A1 (fr) * 2018-09-18 2020-03-26 Huawei Technologies Co., Ltd. Appareil et procédé de protection de mémoire
CN112703490A (zh) * 2018-09-18 2021-04-23 华为技术有限公司 用于存储器保护的装置和方法
CN112703490B (zh) * 2018-09-18 2024-06-25 华为技术有限公司 用于存储器保护的装置和方法
JP2022521148A (ja) * 2019-02-25 2022-04-06 インターナショナル・ビジネス・マシーンズ・コーポレーション メモリを保護するために使用されるストレージ・キーの変更の検出
JP7329605B2 (ja) 2019-02-25 2023-08-18 インターナショナル・ビジネス・マシーンズ・コーポレーション メモリを保護するために使用されるストレージ・キーの変更の検出

Also Published As

Publication number Publication date
JP2013515989A (ja) 2013-05-09
JP5607752B2 (ja) 2014-10-15
TW201137660A (en) 2011-11-01
CN102667794B (zh) 2015-08-19
CN102667794A (zh) 2012-09-12

Similar Documents

Publication Publication Date Title
JP5607752B2 (ja) 不正な変更からオペレーティング・システムを保護するための方法及びシステム
TWI470471B (zh) 保護作業系統資源
Shi et al. Deconstructing Xen.
Ge et al. Sprobes: Enforcing kernel code integrity on the trustzone architecture
Payne et al. Lares: An architecture for secure active monitoring using virtualization
KR102189296B1 (ko) 가상 머신 보안 어플리케이션을 위한 이벤트 필터링
JP6370747B2 (ja) バーチャルマシーンモニタベースのアンチマルウェアセキュリティのためのシステム及び方法
US8239959B2 (en) Method and data processing system to prevent manipulation of computer systems
CN107066311B (zh) 一种内核数据访问控制方法与系统
EP3238070B1 (fr) Protection d'une mémoire à l'aide de pages non lisibles
US20120216281A1 (en) Systems and Methods for Providing a Computing Device Having a Secure Operating System Kernel
Duflot et al. Using CPU system management mode to circumvent operating system security functions
EP2652666B1 (fr) Procédés et appareils anti-logiciel malveillant à base de lecteur de stockage
US20100107252A1 (en) Cognizant engines: systems and methods for enabling program observability and controlability at instruction level granularity
US9396329B2 (en) Methods and apparatus for a safe and secure software update solution against attacks from malicious or unauthorized programs to update protected secondary storage
CN104520867A (zh) 用于目标装置的主动监测、存储器保护和完整性验证的方法、系统和计算机可读介质
JP6370098B2 (ja) 情報処理装置、情報処理監視方法、プログラム、及び記録媒体
US6907524B1 (en) Extensible firmware interface virus scan
KR20090067569A (ko) 가상화 기법을 이용한 윈도우 커널 보호 시스템
WO2022105610A1 (fr) Procédé, appareil, support de stockage et dispositif informatique de protection de données
Mahapatra et al. An online cross view difference and behavior based kernel rootkit detector
Atamli et al. IO-Trust: an out-of-band trusted memory acquisition for intrusion detection and forensics investigations in cloud IOMMU based systems
Suzaki et al. Kernel memory protection by an insertable hypervisor which has VM introspection and stealth breakpoints
US10019576B1 (en) Security control system for protection of multi-core processors
WO2015052831A1 (fr) Dispositif, procédé, et programme de traitement de l'information

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201080058484.5

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10768938

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2012545174

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10768938

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载