[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN114579254A - System calling method and device of microkernel virtualization operating system - Google Patents

System calling method and device of microkernel virtualization operating system Download PDF

Info

Publication number
CN114579254A
CN114579254A CN202210199379.8A CN202210199379A CN114579254A CN 114579254 A CN114579254 A CN 114579254A CN 202210199379 A CN202210199379 A CN 202210199379A CN 114579254 A CN114579254 A CN 114579254A
Authority
CN
China
Prior art keywords
virtual machine
authority
call
microkernel
calling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210199379.8A
Other languages
Chinese (zh)
Inventor
殷灿菊
彭元志
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kedong Guangzhou Software Technology Co Ltd
Original Assignee
Kedong Guangzhou Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kedong Guangzhou Software Technology Co Ltd filed Critical Kedong Guangzhou Software Technology Co Ltd
Priority to CN202210199379.8A priority Critical patent/CN114579254A/en
Publication of CN114579254A publication Critical patent/CN114579254A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • G06F12/1466Key-lock mechanism
    • G06F12/1475Key-lock mechanism in a virtual system, e.g. with translation means
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The application belongs to the technical field of virtual operating systems. Specifically, a method and a device for system call of a microkernel virtualization operating system are provided, wherein the method comprises the following steps: through a development tool, customizing the authority of system calling of the configuration virtual machine, and injecting configuration information into the microkernel; and when the virtual machine executes the system call request, the microkernel determines the authority corresponding to the system call according to the configuration information and gives a call response according to the determined authority. Based on the technical scheme provided by the application, the user can define the calling authority of each virtual machine system function independently, so that differentiated management is realized.

Description

System calling method and device of microkernel virtualization operating system
Technical Field
The present application relates to the field of virtual operating systems, and in particular, to a method and an apparatus for system call of a microkernel virtualized operating system.
Background
The kernel is the core part of the operating system and manages various resources of the system. Currently, the core architecture is divided into Micro core (microkernel) and macro core (Monolithic Kernel). Compared with the macro kernel, the micro kernel has the advantages of being safer and more reliable.
When performing system call tasks, the microkernel operating system provides a series of call interfaces, but these system call interfaces are often exposed to user space. On one hand, in the whole life cycle of most virtual machines, the actual utilization rate of a plurality of system call interfaces is not high; on the other hand, the system call interface exposed in the user space may have various security holes, and if the system call interface is maliciously utilized, serious security risks may be brought to the whole system, so that it is necessary to limit the system call of the user-mode virtual machine.
In prior known microkernel operating systems, such as seL4, system calls were not restricted. For a traditional macro kernel, for example, a Seccomp secure computing mode supported by a Linux system may limit the call authority of an application system. In the Seccomp secure computation mode in Linux systems, only four system calls read, write, exit, and signatur are allowed, except that other calls are terminated. However, although the Seccomp secure computation mode in the Linux system realizes the restriction on the system call permission, the Seccomp secure computation mode cannot perform differential control due to the consistent processing on the call permissions of all the controlled processes. In addition, only a few fixed system call authorities are opened, and the access requirements of users on system calls cannot be met.
Disclosure of Invention
In view of the above problems in the prior art, the present application provides a method and an apparatus for system invocation of a microkernel virtualization operating system, so that a user can autonomously define the invocation authority of each virtual machine system, thereby implementing differentiated management to meet the personalized requirements of the user on system invocation.
In order to achieve the above object, a first aspect of the present application provides a system call method for a microkernel virtualized operating system, including: through a development tool, customizing the authority of system calling of the configuration virtual machine, and injecting configuration information into the microkernel; when the virtual machine executes the system call request, the microkernel determines the authority corresponding to the system call according to the configuration information, and gives a call response according to the determined authority.
In this way, the system call method of the microkernel virtualization operating system provided by the application can realize differential management of system call based on the microkernel virtualization operating system by autonomously configuring the system call permission of the virtual machine and injecting the configured information into the microkernel, and meets the individual requirements of users on system call.
As a possible implementation manner of the first aspect, the injecting configuration information into the microkernel includes: and generating a virtual machine calling authority descriptor according to the configuration information, and compiling the descriptor into the mirror image of the microkernel.
Therefore, the virtual machine calling authority is described through the descriptor, so that the virtual machine can quickly identify whether the corresponding system calling authority exists.
As a possible implementation manner of the first aspect, when the custom configuring the authority of the system call of the virtual machine, the method further includes: configuring a call response strategy aiming at no system call authority; the giving of the call response according to the determined authority includes: and when the system calling is determined to be unauthorized, carrying out calling response according to the calling response strategy.
Therefore, the call response strategy is configured for the call request without the system call authority, so that the response strategy has expandability and difference.
As a possible implementation manner of the first aspect, the invoking a response policy includes: stopping the running of the virtual machine or returning an error code to the virtual machine.
Therefore, by executing different calling response strategies, the safety accidents are prevented from further spreading, and the safety and the reliability of the virtual machine system are improved.
As a possible implementation manner of the first aspect, the configuration information of the system call of the virtual machine is locked during the lifetime of the virtual machine.
As a possible implementation manner of the first aspect, when it is determined that the system call does not have the right, the method further includes:
generating a log of the call record of the virtual machine system; wherein the call record comprises one or more of the following information: a timestamp, a virtual machine identification, a system call request, a context of the system call request, and a response behavior of a call response.
Therefore, when the virtual machine system is maliciously called (namely, the system call does not have the authority), the safety analysis can be conveniently carried out by the user by generating the call record of the virtual machine system into the log.
A second aspect of the present application provides a system call apparatus for a virtualized operating system, including: a configuration module and a response module. The configuration module is used for customizing the authority of system call of the configuration virtual machine through a development tool and injecting configuration information into the microkernel; and the response module is used for determining the authority corresponding to the system call according to the configuration information and giving a call response according to the determined authority when the virtual machine executes the system call request.
As a possible implementation manner of the second aspect, the configuration module is further configured to: when the authority of the system calling of the virtual machine is configured in a user-defined mode, a calling response strategy aiming at the system calling-free authority is also configured; the giving of the call response according to the determined authority includes: and when the system calling is determined to be unauthorized, carrying out calling response according to the calling response strategy.
From the above, the advantageous effects of the present aspect can be referred to the advantageous effects of the first aspect described above.
A third aspect of the present application provides a computing device comprising: a processor, and
a memory having stored thereon program instructions that, when executed by the processor, cause the processor to perform a system call method of a microkernel virtualized operating system as defined in any of the first aspects above.
A fourth aspect of the present application provides a computer-readable storage medium, on which program instructions are stored, wherein the program instructions, when executed by a computer, cause the computer to execute the system call method of the microkernel virtualization operating system according to any one of the above-mentioned first aspects.
These and other aspects of the present application will be more readily apparent from the following description of the embodiment(s).
Drawings
Fig. 1 is a flowchart of a system call method of a microkernel virtualization operating system according to an embodiment of the present application;
FIG. 2 is an exemplary visualization interface of a virtual machine provided in an embodiment of the present application;
FIG. 3 is a flowchart of another method for system invocation of a microkernel virtualized operating system according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a system call apparatus of a microkernel virtualization operating system according to an embodiment of the present application;
FIG. 5 is a schematic structural diagram of a computing device provided by an embodiment of the present application;
fig. 6 is a schematic structural diagram of another computing device provided in an embodiment of the present application.
Detailed Description
The terms "first, second, third and the like" or "module a, module B, module C and the like in the description and in the claims, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order, it being understood that specific orders or sequences may be interchanged where permissible to effect embodiments of the present application in other than those illustrated or described herein.
In the following description, reference to reference numerals indicating steps, such as S110, S120 … …, etc., does not necessarily indicate that the steps are performed in this order, and the order of the preceding and following steps may be interchanged or performed simultaneously, where permissible.
The term "comprising" as used in the specification and claims should not be construed as being limited to the contents listed thereafter; it does not exclude other elements or steps. It should therefore be interpreted as specifying the presence of the stated features, integers, steps or components as referred to, but does not preclude the presence or addition of one or more other features, integers, steps or components, and groups thereof. Thus, the expression "an apparatus comprising the devices a and B" should not be limited to an apparatus consisting of only the components a and B.
Reference in the specification to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the application. Thus, appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment, but may. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments, as would be apparent to one of ordinary skill in the art from this disclosure.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. In the case of inconsistency, the meaning described in the present specification or the meaning derived from the content described in the present specification shall control. In addition, the terminology used herein is for the purpose of describing embodiments of the present application only and is not intended to be limiting of the present application.
In order to make the objects, technical solutions and advantages of the present application more clear, the present application will be further described in detail with reference to the accompanying drawings.
Before further detailed description of the embodiments of the present application, terms and expressions in the embodiments of the present application and their corresponding uses, functions, and functions of the embodiments of the present application will be described, and the terms and expressions in the embodiments of the present application are used for the following explanations:
1) macro kernel: also known as a single kernel, is one of the operating system kernel architectures. In the macro kernel architecture, user services and kernel services are implemented in the same space.
2) Microkernel: is a reduced version of the kernel that provides operating system core functionality. Only the most basic kernel services, such as virtual machine scheduling, system calls, etc., are provided in the microkernel architecture. Compared with the macro kernel, the safety and reliability of the micro kernel are higher.
3) Trapping into the kernel: and entering a kernel space. When a user-mode virtual machine needs to access the core function of the microkernel system, a system call needs to be executed, and when the system call is executed, the user-mode virtual machine usually needs to trap into the kernel through a soft interrupt mechanism and then execute a corresponding system call function.
The following describes a system call method of a virtualized operating system in detail with reference to the drawings.
Fig. 1 is a flowchart of a system call method for a virtualized operating system according to an embodiment of the present disclosure. The implementation process of the method mainly comprises steps S110-S120, and the following steps are introduced in sequence:
s110: and through a development tool, customizing the authority of system call of the configuration virtual machine, and injecting configuration information into the microkernel.
In this embodiment, a user may configure the system invocation permission in the visual interface of the virtual machine according to the needs of the user. It should be understood that this step may be implemented by pre-configuration, or may be implemented by real-time configuration. When the authority of the system call of the virtual machine is configured in a user-defined mode, a call response strategy aiming at the system call-free authority can be configured, namely when the system call-free authority is determined, a call response is carried out according to the call response strategy.
Fig. 2 shows an exemplary visualization interface of a virtual machine, in which, for each virtual machine (for example, virtual machine VM1 or virtual machine VMn in fig. 2), under a call interface corresponding to each system function, system call authority and system call response policy may be autonomously configured. The VMK _ StartVM represents a calling interface for starting the virtual machine, and the corresponding system calling function is to start the virtual machine; VMK _ StopVM represents a call interface for stopping the running of the virtual machine, and the corresponding system call function is to stop the running of the virtual machine; VMK _ ResetVM represents a calling interface for resetting the running of the virtual machine, and the corresponding system calling function is the reset virtual machine; the VMK _ GetVMID represents a calling interface for acquiring the ID number of the virtual machine, and the corresponding system calling function is to acquire the ID number of the virtual machine. It should be understood that the above-described invocation interfaces are merely exemplary descriptions, and in other embodiments, other invocation interfaces may exist. In the system call permission configuration column, TRUE indicates that the system function corresponding to the virtual machine is allowed to be called, that is, the permission of the system call is possessed, and FALSE indicates that the system function corresponding to the virtual machine is refused to be called, that is, the permission of the system call is not possessed. In the response behavior column, STOP represents a response behavior of stopping the operation of the virtual machine, and ERROR represents a response behavior of returning an ERROR code to the virtual machine. Through the configuration interface, a user can autonomously define the system calling authority of each virtual machine and a corresponding system calling response strategy, so that differentiated management of system function calling of the virtual machines is realized, and differentiated requirements of the user are met.
In this step, configuration information needs to be injected into the microkernel, specifically: and generating a virtual machine calling authority descriptor according to the configuration information, and compiling the virtual machine calling authority descriptor into an image of the microkernel. The calling authority descriptor is managed through a bitmap data structure, namely, is described through a binary bit string. In the binary bit string, the value of each bit indicates whether the virtual machine has the corresponding system call authority. The following are exemplary: when the value of the bit of the binary bit string is 1, the virtual machine is indicated to have corresponding system call authority, and when the value of the bit of the binary bit string is 0, the virtual machine is indicated to not have corresponding system call authority.
S120: and when the virtual machine executes the system call request, the microkernel determines the authority corresponding to the system call according to the configuration information and gives a call response according to the determined authority.
In this embodiment, the system call response may include a first system call response and a second system call response. Specifically, the method comprises the following steps: the first system call response is a normal system call, at this time, the corresponding system function of the virtual machine is allowed to be called, that is, the TRUE field in the system call permission configuration column in fig. 2 is executed, and at this time, the requested system function is successfully called. And the second system call response represents a response behavior during illegal call, at the moment, the corresponding system function of the virtual machine is not allowed to be called, and a corresponding security protection strategy is fed back to the virtual machine. Wherein the second system call response may be described by another binary bit string. In the binary bit string, the value of each bit represents a call response policy. The following are exemplary: and when the value of the bit of the binary bit string is 1, stopping the running of the virtual machine is indicated, and when the value of the bit of the binary bit string is 0, an error code is returned to the virtual machine.
When the virtual machine system is illegally called, namely a second system calling response needs to be executed, the microkernel can generate and record a log of the illegal system calling of the virtual machine for subsequent security analysis. In this embodiment, the content of the log record includes, but is not limited to, one or more of a timestamp, a virtual machine identification, a system call request, a context of the system call request, and a response behavior of the second system call response.
Based on the embodiment provided by the application, a user can autonomously define the system calling authority of each virtual machine through a visual interface, so that differentiated management of system function calling is realized, a processing strategy for illegal system calling can be autonomously defined, a malicious program is prevented from damaging a system, and the safety and reliability of the whole operating system are improved.
Referring to the drawings, a system call method of a microkernel virtualized operating system according to another embodiment of the present application will be described in detail.
A system call method of a virtualized operating system according to an embodiment of the present application is described with reference to a flowchart shown in fig. 3. The method mainly comprises steps S210-S270, and the following steps are introduced in sequence:
s210: and the user autonomously configures the system calling authority of the virtual machine and the corresponding relation between the system calling authority and the calling response to generate a configuration file.
In this step, the user can invoke a configuration interface based on a visual system provided by the integrated development environment, and autonomously complete configuration according to the own requirements.
S220: and generating a virtual machine system function calling authority descriptor according to the configuration file. Wherein the steps are performed in an integrated development environment.
In this step, the calling authority descriptor is described by a bitmap data structure, that is, the description of the virtual machine system function calling authority is realized in the form of a binary bit string. The value of each bit in the binary bit string indicates whether the virtual machine has corresponding call permissions.
In this embodiment, the virtual machine system function call permission descriptor does not support change or extension within the lifetime of the virtual machine, i.e. once the configuration of the autonomic configuration item in step S210 is completed, no change is supported.
S230: the virtual machine executes the system call request and traps to the kernel.
S240: the microkernel receives and executes the system call request.
S250: and the microkernel judges whether the virtual machine has the calling authority requested in the system calling request, if so, the step S260 is executed, and if not, the step S270 is executed.
S260: the virtual machine is allowed to perform the call of the corresponding system function.
S270: and refusing the virtual machine to execute the call of the corresponding system function and providing a response behavior and generating a log to record the illegal access behavior.
Wherein the response behavior is described by another binary bit string, and the value of each bit of the binary bit string represents the response behavior of the call response. Specifically, the method comprises the following steps: a bit value of 1 in the binary bit string indicates stopping the operation of the virtual machine, i.e., the response behavior of step S270A in fig. 2, and a bit value of 0 in the binary bit string indicates returning an error code to the virtual machine, i.e., the response behavior of step S270B in fig. 2.
Another embodiment of the present application provides a system call apparatus for a microkernel virtualized operating system, where the apparatus may be implemented by a software system, or may be implemented by a hardware device, or may be implemented by a combination of a software system and a hardware device. The system call means of the virtualized operating system executes the contents described in steps S110 to S120 shown in fig. 1.
It should be understood that fig. 4 is a schematic diagram illustrating an example of a structure of the system call device 40 of the microkernel virtualized operating system, and the present application does not limit the division of the functional modules in the system call device of the virtualized operating system. As shown in fig. 4, the system call device of the microkernel virtualized operating system may be logically divided into a plurality of modules, each of which may have different functions, the functions of each module being implemented by instructions in a memory that may be read and executed by a processor in the computing device. Illustratively, the system call device of the virtualized operating system includes a configuration module 410 and a response module 420.
The configuration module 410 is used for customizing the authority of system call of the configuration virtual machine through a development tool, and injecting configuration information into the microkernel. Specifically, the configuration module 410 is configured to execute step S110 in the system call method of the microkernel virtualized operating system and any optional example thereof.
The response module 420 is configured to, when the virtual machine executes the system call request, determine, by the microkernel, a right corresponding to the system call according to the configuration information, and give a call response according to the determined right. . Specifically, the response module 420 is configured to execute step S120 and any optional example thereof in the system call method of the microkernel virtualized operating system.
In some embodiments, the configuration module 410 is further configured to generate a descriptor of the virtual machine invocation authority according to the configuration information, and compile the descriptor into the image of the microkernel.
In some embodiments, the configuration module 410 is further configured to: when the authority of the system calling of the virtual machine is configured in a user-defined mode, a calling response strategy aiming at the system calling-free authority is also configured; the giving of the call response according to the determined authority includes: and when the system calling is determined to have no authority, carrying out calling response according to the calling response strategy. Wherein the call response policy comprises: stopping the running of the virtual machine or returning an error code to the virtual machine.
In some embodiments, configuration information for system calls of the virtual machine is locked for the lifetime of the virtual machine.
In some embodiments, the system further comprises a log generation module, configured to log the call records of the virtual machine system; wherein the call record includes one or more of the following information: a timestamp, a virtual machine identification, a system call request, a context of the system call request, and a response behavior of a call response.
An embodiment of the present application further provides a computing device, which includes a processor and a memory. The memory has stored thereon program instructions that, when executed by the processor, cause the processor to perform the method of the embodiment corresponding to fig. 1, or alternative embodiments thereof.
Fig. 5 is a schematic structural diagram of a computing device 900 provided in an embodiment of the present application. The computing device 900 includes: a processor 910, a memory 920.
It is to be appreciated that the computing device 900 illustrated in FIG. 5 may also include a communication interface 930 that may be employed to communicate with other devices.
The processor 910 may be coupled to the memory 920. The memory 920 may be used to store the program codes and data. Therefore, the memory 920 may be a storage unit inside the processor 910, an external storage unit independent of the processor 910, or a component including a storage unit inside the processor 910 and an external storage unit independent of the processor 910.
Optionally, computing device 900 may also include a bus. The memory 920 and the communication interface 930 may be connected to the processor 910 through a bus. The bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc.
It should be understood that, in the embodiment of the present application, the processor 910 may employ a Central Processing Unit (CPU). The Processor may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. Or the processor 910 may employ one or more integrated circuits for executing related programs to implement the technical solutions provided in the embodiments of the present application.
The memory 920 may include a read-only memory and a random access memory, and provides instructions and data to the processor 910. A portion of the processor 910 may also include non-volatile random access memory. For example, the processor 910 may also store information of the device type.
When the computing device 900 is running, the processor 910 executes the computer-executable instructions in the memory 920 to perform the operational steps of the above-described method.
It should be understood that the computing device 900 according to the embodiment of the present application may correspond to a corresponding main body for executing the method according to the embodiments of the present application, and the above and other operations and/or functions of each module in the computing device 900 are respectively for implementing corresponding flows of each method of the embodiment, and are not described herein again for brevity.
An embodiment of the present application further provides another computing device, and as shown in fig. 6, a schematic structural diagram of another computing device 1000 provided in this embodiment includes: a processor 1010, and an interface circuit 1020, wherein the processor 1010 accesses a memory through the interface circuit 1020, the memory storing program instructions that, when executed by the processor, cause the processor to perform the method of the corresponding embodiment of fig. 1. In addition, the computing device may further include a communication interface, a bus, and the like, which may specifically refer to the description in the embodiment shown in fig. 5 and are not described again. Illustratively, the interface circuit 1020 may be a CAN bus or a LIN bus.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is used, when executed by a processor, to execute a system call method of a microkernel virtualization operating system, where the method includes at least one of the solutions described in the foregoing embodiments.
The computer storage media of the embodiments of the present application may take any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It should be noted that the foregoing is only illustrative of the preferred embodiments of the present application and the technical principles employed. It will be understood by those skilled in the art that the present application is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the application. Therefore, although the present application has been described in more detail through the above embodiments, the present application is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present application, which all fall within the scope of the present application.

Claims (10)

1. A system call method of a microkernel virtualization operating system is characterized by comprising the following steps:
through a development tool, customizing the authority of system calling of the configuration virtual machine, and injecting configuration information into the microkernel;
and when the virtual machine executes the system call request, the microkernel determines the authority corresponding to the system call according to the configuration information and gives a call response according to the determined authority.
2. The method of claim 1, wherein injecting configuration information into the microkernel comprises:
and generating a virtual machine calling authority descriptor according to the configuration information, and compiling the descriptor into the mirror image of the microkernel.
3. The method of claim 1, wherein the custom configuring the authority of the system call of the virtual machine further comprises: configuring a call response strategy aiming at no system call authority;
the giving of the call response according to the determined authority includes: and when the system calling is determined to have no authority, carrying out calling response according to the calling response strategy.
4. The method of claim 3, wherein invoking the response policy comprises: stopping the running of the virtual machine or returning an error code to the virtual machine.
5. The method of claim 1, wherein configuration information for system calls of the virtual machine is locked for the lifetime of the virtual machine.
6. The method of any of claims 1 to 5, upon determining that the system call does not have a right, further comprising:
generating a log of the call record of the virtual machine system; wherein the call record includes one or more of the following information: a timestamp, a virtual machine identification, a system call request, a context of the system call request, and a response behavior of a call response.
7. A system call apparatus of a microkernel virtualized operating system, comprising:
the configuration module is used for customizing the authority of system call of the configuration virtual machine through a development tool and injecting configuration information into the microkernel;
and the response module is used for determining the authority corresponding to the system call according to the configuration information and giving a call response according to the determined authority when the virtual machine executes the system call request.
8. The apparatus of claim 7, wherein the configuration module is further configured to:
when the authority of the system calling of the virtual machine is configured in a user-defined mode, a calling response strategy aiming at the system calling-free authority is also configured;
the giving of the call response according to the determined authority includes: and when the system calling is determined to have no authority, carrying out calling response according to the calling response strategy.
9. A computing device, comprising:
a processor, and
a memory having stored thereon program instructions that, when executed by the processor, cause the processor to perform the system call method of the microkernel virtualized operating system of any of claims 1-6.
10. A computer readable storage medium having stored thereon program instructions, which when executed by a computer, cause the computer to perform the system call method of a microkernel virtualized operating system according to any of claims 1-6.
CN202210199379.8A 2022-03-02 2022-03-02 System calling method and device of microkernel virtualization operating system Pending CN114579254A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210199379.8A CN114579254A (en) 2022-03-02 2022-03-02 System calling method and device of microkernel virtualization operating system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210199379.8A CN114579254A (en) 2022-03-02 2022-03-02 System calling method and device of microkernel virtualization operating system

Publications (1)

Publication Number Publication Date
CN114579254A true CN114579254A (en) 2022-06-03

Family

ID=81776166

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210199379.8A Pending CN114579254A (en) 2022-03-02 2022-03-02 System calling method and device of microkernel virtualization operating system

Country Status (1)

Country Link
CN (1) CN114579254A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106203080A (en) * 2016-07-14 2016-12-07 北京元心科技有限公司 System calling method and device
CN106909840A (en) * 2015-12-22 2017-06-30 北京奇虎科技有限公司 A kind of method and device of monitor operating system behavior
CN107203715A (en) * 2016-03-18 2017-09-26 阿里巴巴集团控股有限公司 The method and device that execution system is called
CN108399331A (en) * 2017-02-06 2018-08-14 腾讯科技(深圳)有限公司 Application process trial method and system
US20180336360A1 (en) * 2017-05-16 2018-11-22 Beyondtrust Software, Inc. Systems and methods for controlling privileged operations
CN110059453A (en) * 2019-03-13 2019-07-26 中国科学院计算技术研究所 A kind of container virtualization safety reinforced device and method
CN113986449A (en) * 2021-09-17 2022-01-28 华中科技大学 Container-oriented Linux kernel virtualization system and method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106909840A (en) * 2015-12-22 2017-06-30 北京奇虎科技有限公司 A kind of method and device of monitor operating system behavior
CN107203715A (en) * 2016-03-18 2017-09-26 阿里巴巴集团控股有限公司 The method and device that execution system is called
CN106203080A (en) * 2016-07-14 2016-12-07 北京元心科技有限公司 System calling method and device
CN108399331A (en) * 2017-02-06 2018-08-14 腾讯科技(深圳)有限公司 Application process trial method and system
US20180336360A1 (en) * 2017-05-16 2018-11-22 Beyondtrust Software, Inc. Systems and methods for controlling privileged operations
CN110059453A (en) * 2019-03-13 2019-07-26 中国科学院计算技术研究所 A kind of container virtualization safety reinforced device and method
CN113986449A (en) * 2021-09-17 2022-01-28 华中科技大学 Container-oriented Linux kernel virtualization system and method

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
DIMITRIOS SKARLATOS: "Draco: Architectural and Operating System Support for System Call Security", 《 2020 53RD ANNUAL IEEE/ACM INTERNATIONAL SYMPOSIUM ON MICROARCHITECTURE (MICRO)》 *
徐靖: "一种基于Xen虚拟机的内核完整性监控方法", 《现代计算机(普及版)》 *
朱双喜, 西安电子科技大学出版社 *
蒋建春: "《网络入侵检测原理与技术》", 31 July 2001, 国防工业出版社 *
赵伟华: "《计算机操作系统》", 30 September 2018, 西安电子科技大学出版社 *

Similar Documents

Publication Publication Date Title
US11687645B2 (en) Security control method and computer system
KR102255767B1 (en) Systems and methods for virtual machine auditing
CN102799817B (en) For the system and method using Intel Virtualization Technology to carry out malware protection
US7631196B2 (en) Method and apparatus for loading a trustable operating system
US7673109B2 (en) Restricting type access to high-trust components
US7802250B2 (en) Support for transitioning to a virtual machine monitor based upon the privilege level of guest software
CN109726549B (en) Techniques for untrusted code execution with processor sandboxes support
RU2377634C2 (en) Licensing program interface
US20080047023A1 (en) User space virtualization system
EP3961446B1 (en) Method and apparatus for securely entering trusted execution environment in hyper-threading scenario
CN104700026A (en) Detecting JAVA sandbox escaping attacks based on JAVA bytecode instrumentation and JAVA method hooking
US9824225B1 (en) Protecting virtual machines processing sensitive information
JP7495193B2 (en) Enhanced memory-safe programming using page frame tags
WO2023123850A1 (en) Method and apparatus for implementing firmware root of trust, device, and readable storage medium
US20180101485A1 (en) Method and apparatus for accessing private data in physical memory of electronic device
CN114579254A (en) System calling method and device of microkernel virtualization operating system
US8307340B2 (en) Hardware abstraction in embedded systems
Rui et al. Security mechanism analysis of open-source: Andriod OS & Symbian OS
CN116702129B (en) Safe calling method and device for power architecture running service code
US20240362049A1 (en) Using virtual machine privilege levels to control write access to kernel memory in a virtual machine
US20240144256A1 (en) Decentralized blockchain client authorization and authentication
US20060136679A1 (en) Protected processing apparatus, systems, and methods
JP7076014B2 (en) Java Debugger blocking method and system for program protection
CN114266038A (en) Software sandbox-based security isolation method, storage medium, device and apparatus
CN117150487A (en) Dynamic link library file injection detection method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20220603

RJ01 Rejection of invention patent application after publication