摘要
操作系统内核安全是整个计算机及信息系统安全的基石,而拥有50%以上份额内核代码的设备驱动程序则被认为是内核漏洞的主要来源。设备驱动程序通常以系统级权限运行在内核空间,而操作系统对运行在内核空间的程序是完全信任的。所以,一旦设备驱动程序存在漏洞或恶意代码,往往会影响操作系统安全,甚至导致整个系统的崩溃。为解决此类安全问题,设备驱动程序非内核化成为可选的有效途径之一。考虑到设备驱动程序的复杂性及其与操作系统其他内核模块之间的密切关联性,设备驱动程序的非内核化迁移是一项耗时耗力的工作。立足于自动化迁移的最终目标,文章试图构建一种规范的通信架构,探索选择设备驱动函数迁移的科学依据、迁出函数与用户空间函数的设计框架以及典型的非内核化迁移操作过程。相关原型测试结果表明,文章给出的设备驱动非内核化通信机制在有效隔离设备驱动安全问题的同时,并未过多增加系统开销,对系统性能没有造成太大影响。
The kernel security of operating systems is the foundation of the security of computer and information systems. Device drivers are considered to be the main source of kernel bugs because they account for more than 50% of kernel codes. Moreover, device drivers always run in kernel-space with system level permission, and the system completely trusts the codes running in kernel- space. So, if some bugs or malicious codes exist in device drivers, it could affect the safety of operating systems, and even render the whole system collapse. In order to prevent such failure caused by device drivers, moving part or whole codes of device drivers to user space becomes one of the effective ways to limit and isolate the vulnerability of device drivers. However,it will be a time consuming task because device drivers are various and complicated and closely related to other modules of kernels. Based on the final goal of automated split and migration, this paper attempts to construct unified and standardized communication architecture, to explore scientific policies about migrated functions within device drivers, to design framework for both user space part and kernel space part of the migrated functions, and to extract basic non-kemel migration operations. Corresponding prototypes are implemented and test results show that communication mechanisms and non- kemel solutions for device drivers in this paper are ejffective and less overloaded.
出处
《信息网络安全》
2016年第11期57-65,共9页
Netinfo Security
基金
国家自然科学基金[61672092]
国家留学基金委青年骨干教师出国研修项目[201307095025]
