一种操作系统函数级安全监控方案

当前我国自主研发的操作系统已经具备许多实际应用环境和场景,尤其多用于重要服务器、核心设备等关键环节,因此挖掘并修复它们的内核漏洞十分重要。目前业界的漏洞挖掘技术基本上还是局部的、人工的和技术性的手段,缺乏一种广义的、全局的、算法级别上的思想和方法。在已知源码的基础上,提出一种以函数为粒度的自动变造、自动追踪和自动分析验证算法。实现了操作系统内核函数运行时监控和调用序列分析,实时发现利用内核漏洞的入侵,并精确定位出现漏洞的源码,阻塞漏洞入侵代码的运行。

AN OPERATING SYSTEM FUNCTION LEVEL SECURITY MONITORING SCHEME

The operating system of independent research and development in China has many practical application environments and scenarios,especially for important servers,core equipment and other key links,so it is very important to mine and repair their kernel vulnerabilities.At present,the vulnerability mining technology in the industry is basically a local,artificial and technical means,lacking a generalized,global and algorithm level idea and method.This paper presents an algorithm with granularity of function of automatic alteration,automatic tracing and automatic analysis and verification based on known source code.It realizes the runtime monitoring and call sequence analysis of the kernel functions of the operating system.It can detect the intrusion of kernel vulnerabilities in real time,locate the source code of the vulnerability accurately,and block the operation of the vulnerability intrusion code.