Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for implementing application software behavior monitoring system based on CPU temporal-spatial isolation mechanism

A technology for application software and monitoring systems, applied in computer security devices, instruments, electrical digital data processing, etc., can solve problems affecting system performance, bypassing, poor readability, etc., to achieve low system security risks, ensure effectiveness, The effect of small damage to system performance

Inactive Publication Date: 2016-04-13
中软信息系统工程有限公司
View PDF4 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Once malicious codes gain access to the system kernel, the effectiveness of the kernel-level monitoring technology will be challenged, and the application software behavior monitoring system may be bypassed
3. The monitoring technology based on hardware virtualization, through the virtual machine management software running between the computer hardware platform and the operating system kernel, monitors information such as system memory space usage, application software behavior characteristics, and dynamic kernel object access rights, which is higher The privileged CPU running state can guarantee the high reliability of the application behavior monitoring system. However, the virtual machine management software can only obtain the system hardware level information, such as the parameter information of the register in the CPU, the memory address, etc., so it can be obtained directly from the hardware platform. There are semantic differences between the received system information and the operating system, and the readability is poor. Additional system semantic conversion seriously affects system performance

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for implementing application software behavior monitoring system based on CPU temporal-spatial isolation mechanism
  • Method for implementing application software behavior monitoring system based on CPU temporal-spatial isolation mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0036] A method for implementing an application software behavior monitoring system based on a CPU time-space isolation mechanism, such as figure 1 As shown, the method for the monitoring system includes the following steps:

[0037] 1. Under the general operating system operating environment, use the system call interception technology to extract the application software process system call sequence, system call parameter information and return value, and establish a process normal behavior sample library through data analysis technology;

[0038] 2. Under the operating environment of the general operating system, intercept the application software behavior information and save it in the shared memory space of the general operating system; switch the system operating state to the safe kernel through the preset safe clock interrupt processing;

[0039] 3. The application software behavior monitoring system in the security kernel reads the intercepted application software proce...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for implementing an application software behavior monitoring system based on a CPU temporal-spatial isolation mechanism. Two CPU virtual cores of different states, which are usually divided into a safety core and a common core, are run in a time slice manner by using a CPU virtualization technology; a system memory domain is spatially divided by a memory management unit (MMU), and a register relating to memory control is configured for ensuring the access authorities to different memory areas, thus the effects of access control and memory isolation are achieved; and application software behaviors in the general operating environment are controlled by using the safety operating environment based on the CPU temporal-spatial isolation mechanism. The method provided by the invention has the advantages of improving the timeliness and reliability of the application software behavior monitoring system, and enhancing the safety of the computer application system.

Description

technical field [0001] The invention relates to a software monitoring method, in particular to a method for realizing an application software behavior monitoring system based on a CPU time-space isolation mechanism, and belongs to the field of software monitoring. Background technique [0002] With the continuous development of information technology and the popularization of the application of national economy and national defense military information technology, the computer application system is in the basic support position of the economy and national defense, and its security has become the key to determine the security of the economy and national defense. Once the computer application system A system compromised can have catastrophic consequences. As an important part of the security protection of computer application systems, the current traditional computer protection software based on the matching of malicious code behavior characteristics cannot timely detect malic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/53G06F21/56
CPCG06F21/53G06F21/566G06F2221/033
Inventor 王定健陈鲁符兴斌李锁在孟亚平孙铁陶亮郝斌白雷白秋霞房子成
Owner 中软信息系统工程有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com