Search

CN-121997319-A - Authority adjusting method, device, equipment and computer readable storage medium

CN121997319ACN 121997319 ACN121997319 ACN 121997319ACN-121997319-A

Abstract

The invention discloses a permission adjustment method, a device, equipment and a computer readable storage medium, which are applied to the technical field of computation and comprise the steps of obtaining access frequency of a heap area in a virtual address, error quantity and code abnormal jump condition of physical address permission detection, determining corresponding control signals according to the access frequency, the error quantity and the code abnormal jump condition, wherein the control signals comprise permission change signals and process freezing signals, dynamically adjusting physical memory permission of a memory management unit according to the control signals, and dynamically adjusting the read or write or execution permission of a physical page and disturbing the access sequence of a conversion backup buffer. The method solves the limitation that the traditional static authority configuration cannot adapt to the dynamic running state of the process, and the defect that the MMU cannot detect and block malicious attacks in real time, and realizes the dual promotion of the safety and the flexibility of the authority management of the MMU.

Inventors

  • YUAN XIUYANG
  • ZOU XIAOFENG

Assignees

  • 山东博算智新信息科技有限公司

Dates

Publication Date
20260508
Application Date
20260126

Claims (10)

  1. 1. The authority adjusting method is characterized by being applied to a memory management unit and comprising the following steps of: the access frequency of the file area in the virtual address is obtained, the access frequency is determined based on the shift statistical result of the file area recording register, and the file area recording register carries out left shift and bit filling according to whether the virtual address is the file area address or not; the method comprises the steps of obtaining the error quantity of physical address authority detection and the abnormal code jump condition, wherein the error quantity is determined by the statistic result of an error count register of the physical address authority detection, and the abnormal code jump condition is determined by the difference value of virtual addresses of two continuous instructions; Determining corresponding control signals according to the access frequency, the error quantity and the code abnormal jump condition, wherein the control signals comprise permission change signals and process freezing signals; And dynamically adjusting the physical memory authority of the memory management unit according to the control signal, wherein the dynamic adjustment comprises the steps of adjusting the read or write or execution authority of the physical page and disturbing the access sequence of the conversion backup buffer.
  2. 2. The rights adjustment method of claim 1, wherein obtaining the number of errors and the code exception skip condition for the physical address rights detection comprises: If the actual access behavior is not consistent with the preset memory attribute, adding 1 to the physical address authority detection error count register, and determining the error number according to the numerical value of the physical address authority detection error count register; If the virtual address input by the instruction picking module is the first virtual address, the difference value of the abnormal jump virtual address is 0, and if the virtual address is not the first virtual address, the difference value of the abnormal jump virtual address is equal to the absolute value of the difference value of the current virtual address and the previous virtual address.
  3. 3. The rights adjustment method of claim 2, wherein determining a corresponding control signal based on the access frequency, the number of errors, and the code exception skip condition comprises: Comparing the access frequency with a preset frequency threshold, if the access frequency is larger than the preset frequency threshold, regulating the heap authority page by page according to a heap address range, and outputting an address and the authority change signal; Comparing the error number with a preset error threshold, and outputting the process freezing signal if the error number is larger than the preset error threshold; And comparing the abnormal jump virtual address difference value with a preset jump difference value threshold, and outputting the process freezing signal if the abnormal jump virtual address difference value is larger than the preset jump difference value threshold.
  4. 4. The rights adjustment method of claim 1, wherein obtaining the access frequency of the heap area in the virtual address comprises: Setting the file region record register, the file region range register and the file region access frequency register, wherein the file region range register is used for representing a file region virtual address interval, and the initialization of the file region record register and the file region access frequency register is that all bits are 0; when an instruction pickup module inputs a virtual address, determining whether the virtual address is a heap address based on the heap range register; if the virtual address is a file area address and the highest bit of the file area record register is 0, adding 1 to the file area access frequency register, and shifting the whole file area record register left by 1 bit and supplementing 1 to the right; If the virtual address is a file area address and the highest bit of the file area record register is 1, adding 0 to the file area access frequency register, and shifting the whole file area record register left by 1 bit and supplementing 1 to the right; If the virtual address is not a file area address and the highest bit of the file area record register is 0, adding 0 to the file area access frequency register, and shifting the whole file area record register left by 1 bit and supplementing 0 to the right; If the virtual address is not a file area address and the highest bit of the file area record register is 1, subtracting 1 from the file area access frequency register, shifting the whole file area record register by 1 bit leftwards and supplementing 0 to the right side; and determining the access frequency according to the value of the access frequency register of the file area.
  5. 5. The authority adjustment method according to any one of claims 2 and 4, further comprising: if the process switching instruction is received, resetting the range register of the file area, the record register of the file area and the access frequency register of the file area, and stopping the judgment work of the virtual address and the record register of the file area; If the process switching instruction is received, the physical address authority detection error count register returns to zero; and if the process switching instruction is received, the difference value of the abnormal jump virtual address is equal to 0.
  6. 6. The permission adjustment method according to claim 1, wherein dynamically adjusting physical memory permissions of a memory management unit according to the control signal comprises: When the control signal is the permission change signal, determining a corresponding target working register according to an address inquiry address register, reading the numerical value of the target working register, and changing the permission; And when the control signal is the process freezing signal, configuring all the authorities of all the working registers as unreadable and writable, and sending a conversion backup buffer refreshing signal to a page table caching module.
  7. 7. The rights adjustment method of claim 1, further comprising: And if the control signal is a process switching signal, updating a working register in the configuration register into a numerical value of a shadow register, wherein the working register stores real-time physical address authority, and the shadow register stores the same physical address authority as that in the control state register.
  8. 8. A rights adjustment apparatus, applied to a memory management unit, comprising: the system comprises a first acquisition module, a first storage module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring the access frequency of a heap area in a virtual address, the access frequency is determined based on a shift statistical result of a heap area recording register, and the heap area recording register carries out left shift and bit filling according to whether the virtual address is a heap area address; The system comprises a first acquisition module, a second acquisition module and a code processing module, wherein the first acquisition module is used for acquiring the error quantity of physical address authority detection and the code abnormal jump condition, the error quantity is determined by the statistics result of a physical address authority detection error count register, and the code abnormal jump condition is determined by the difference value of virtual addresses of two continuous instructions; The control signal determining module is used for determining corresponding control signals according to the access frequency, the error quantity and the code abnormal jump condition, wherein the control signals comprise permission change signals and process freezing signals; The dynamic regulation module is used for dynamically regulating the physical memory authority of the memory management unit according to the control signal, wherein the dynamic regulation comprises regulating the read or write or execution authority of the physical page and disturbing the access sequence of the conversion backup buffer.
  9. 9. A rights adjustment apparatus, characterized by comprising: A memory for storing a computer program; processor for implementing the rights adjustment method according to any one of claims 1 to 7 when executing the computer program.
  10. 10. A computer readable storage medium having stored therein computer executable instructions which when loaded and executed by a processor implement the rights adjustment method of any of claims 1 to 7.

Description

Authority adjusting method, device, equipment and computer readable storage medium Technical Field The present invention relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a computer readable storage medium for rights adjustment. Background MMU (memory management unit) is a core hardware module in a computer system responsible for virtual address to physical address translation, memory protection, and resource management. In the prior art, a fixed page table authority configuration mechanism is generally adopted in the authority management of the memory pages by the MMU, and the static authority management mode has obvious safety defects that when the memory pages are attacked by malicious codes, abnormal authority change behaviors cannot be timely identified, so that system memory data are stolen or tampered, a conversion backup buffer (Translation Lookaside Buffer, a TLB (TLB, also called a conversion side buffer) is a cache for storing the mapping from a most recently used virtual address to a physical address in a CPU cache) and the access mode of the page table can indirectly leak the memory access rule of a process, and an attacker can initiate side channel attack by utilizing the characteristic, so that serious threat is formed to the security of the system data. Therefore, how to provide a secure memory management unit architecture that can support dynamic rights adjustment, has abnormal access monitoring capability, and can resist side channel attacks is a technical problem that needs to be solved currently. Disclosure of Invention Accordingly, an object of the present invention is to provide a method, apparatus, device and computer readable storage medium for adjusting rights, which solve the problems that a secure memory management unit in the prior art cannot support dynamic rights adjustment, does not have abnormal access monitoring capability, and cannot resist side channel attacks. In order to solve the above technical problems, the present invention provides a rights adjustment method, applied to a memory management unit, including: the access frequency of the file area in the virtual address is obtained, the access frequency is determined based on the shift statistical result of the file area recording register, and the file area recording register carries out left shift and bit filling according to whether the virtual address is the file area address or not; the method comprises the steps of obtaining the error quantity of physical address authority detection and the abnormal code jump condition, wherein the error quantity is determined by the statistic result of an error count register of the physical address authority detection, and the abnormal code jump condition is determined by the difference value of virtual addresses of two continuous instructions; Determining corresponding control signals according to the access frequency, the error quantity and the code abnormal jump condition, wherein the control signals comprise permission change signals and process freezing signals; And dynamically adjusting the physical memory authority of the memory management unit according to the control signal, wherein the dynamic adjustment comprises the steps of adjusting the read or write or execution authority of the physical page and disturbing the access sequence of the conversion backup buffer. On the one hand, obtaining the error quantity and the code abnormal jump condition of the physical address permission detection comprises the following steps: If the actual access behavior is not consistent with the preset memory attribute, adding 1 to the physical address authority detection error count register, and determining the error number according to the numerical value of the physical address authority detection error count register; If the virtual address input by the instruction picking module is the first virtual address, the difference value of the abnormal jump virtual address is 0, and if the virtual address is not the first virtual address, the difference value of the abnormal jump virtual address is equal to the absolute value of the difference value of the current virtual address and the previous virtual address. In one aspect, determining the corresponding control signal according to the access frequency, the error number and the code abnormal jump condition includes: Comparing the access frequency with a preset frequency threshold, if the access frequency is larger than the preset frequency threshold, regulating the heap authority page by page according to a heap address range, and outputting an address and the authority change signal; Comparing the error number with a preset error threshold, and outputting the process freezing signal if the error number is larger than the preset error threshold; And comparing the abnormal jump virtual address difference value with a preset jump difference value threshold, and outputting the process