Совершенствование механизмов безопасности отечественных операционных систем
Аннотация
В работе обозначена проблема — отсутствие механизма защиты от атак на память типа ROP и др. в отечественных операционных системах. Рассмотрены структуры процесса, которые отвечают за управление доступом к виртуальным областям памяти. Исследованы потоки выполнения программы в операционной системе на базе ядра Linux, построен граф потоков выполнения программы. Разработан алгоритм для контроля потоков выполнения программы и научно-техническое предложение по практической реализации предложенного алгоритма контроля за потоком выполнения программы.
The paper identifies a problem — the lack of a mechanism to protect against memory attacks such as ROP, etc. in Russian operating systems. The process structures that are responsible for managing access to virtual memory areas are considered. The program execution flows in an operating system based on the Linux kernel are investigated, a graph of program execution flows is constructed. An algorithm has been developed to control the program execution flows. A scientific and technical proposal has been developed for the practical implementation of the proposed algorithm for monitoring the flow of program execution.
The paper identifies a problem — the lack of a mechanism to protect against memory attacks such as ROP, etc. in Russian operating systems. The process structures that are responsible for managing access to virtual memory areas are considered. The program execution flows in an operating system based on the Linux kernel are investigated, a graph of program execution flows is constructed. An algorithm has been developed to control the program execution flows. A scientific and technical proposal has been developed for the practical implementation of the proposed algorithm for monitoring the flow of program execution.