CN104809401B - A kind of operating system nucleus completeness protection method - Google Patents

A kind of operating system nucleus completeness protection method Download PDF

Info

Publication number
CN104809401B
CN104809401B CN201510234249.3A CN201510234249A CN104809401B CN 104809401 B CN104809401 B CN 104809401B CN 201510234249 A CN201510234249 A CN 201510234249A CN 104809401 B CN104809401 B CN 104809401B
Authority
CN
China
Prior art keywords
ips
integrity protection
target
monitoring
kernel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510234249.3A
Other languages
Chinese (zh)
Other versions
CN104809401A (en
Inventor
曾庆凯
黄啸
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University
Original Assignee
Nanjing University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University filed Critical Nanjing University
Priority to CN201510234249.3A priority Critical patent/CN104809401B/en
Publication of CN104809401A publication Critical patent/CN104809401A/en
Application granted granted Critical
Publication of CN104809401B publication Critical patent/CN104809401B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

A kind of operating system nucleus integrity protection system, including integrity protection program, kernel hooking, redirect code, goal systems and monitoring protector;Using following steps:(1) startup and initialization of monitoring protector;Integrity protection program IPS request operation is waited after initialization;(2) integrity protection program IPS registration and the setting of monitoring environmental protection;(3) monitoring and protection to goal systems Target O/S kernel integralities are implemented;When the hook that integrity protection program IPS is arranged in kernel is triggered, it is necessary to which the generation for the kernel events that Target O/S kernel integralities are checked and protected, is now switched in integrity protection program IPS and carries out respective handling;(4) integrity protection program IPS nullifies removes with monitoring environmental protection;The monitoring environmental protection established in clear operation (2), and recover goal systems Target OS normal operation.

Description

A kind of operating system nucleus completeness protection method
Technical field
It is more particularly to a kind of that integrality monitoring is carried out to operating system nucleus the present invention relates to the safeguard protection of operating system With the method for protection.
Background technology
Operating system nucleus code is in large scale, complicated, and in order to ensure running efficiency of system, generally use is not The programming language of safety, thus substantial amounts of leak and mistake wherein be present.Attacker can utilize these leaks to kernel Implement attack, change kernel key state, perform arbitrary malicious code, therefore, operating system nucleus is faced with very severe Safety issue.The integrality of operating system nucleus is monitored and protected, can effectively lift its security.
The more mechanism using monitor of virtual machine VMM of integrity protection of existing operating system nucleus, these VMM should Virtualization is provided for operating system to support, but there are problems that.VMM is faced with the same safety of operating system nucleus Problem, the security of its own can not be effectively ensured.Because operating system continually can be entered in its life cycle with VMM Row interaction so that VMM has extensive attack face.So, malicious operating system can just be touched by the data constructed meticulously The leak in VMM is sent out, to implement to attack.VMM needs to perform virtualization operations for operating system and needs to intervene kernel integrity Checksum protection process, serious performance cost can be produced so that practicality substantially reduces.Therefore, safe and efficient operation system Kernel integrity of uniting monitors protection technique, is very important.Using computer hardware virtualization technology, ensureing effectively to implement Kernel integrity is monitored with the basis of protection, lifting its own security and reducing the performance cost of completeness protection method, With realistic meaning.
The content of the invention
In order to overcome the deficiencies in the prior art, the invention provides a kind of operating system nucleus integrity protection side Method so that the monitoring and protection to operating system nucleus integrality are more safe efficient.
To achieve the above object, the present invention adopts the following technical scheme that:A kind of operating system nucleus integrity protection system, Based on component include integrity protection program, kernel hooking, redirect code, goal systems and monitoring protector;Including as follows Step (key operation):
(1) startup and initialization of monitoring protector;Monitoring protector carries out the configuration work of virtualized environment on startup Make, the extension page table EPT mechanism and VM-functions mechanism of Intel processor offer are provided, and establish for supporting target System Target OS carry out the EPT paging structure GEPT of internal storage access, and integrity protection program IPS is waited after initialization Request operation;
(2) integrity protection program IPS registration and the setting of monitoring environmental protection;Integrity protection program IPS is adding , it is necessary to set the kernel hooking of intercepting and capturing event during load, create and configure and redirect code and coherence check program, surpassed by VMCALL Level call instruction is registered to monitoring protector, and monitoring protector is created for supporting integrity protection program IPS to carry out internal memory visit The EPT paging structure SEPT asked, and set internal memory to protect, realize that internal memory is isolated;
(3) monitoring and protection to goal systems Target O/S kernel integralities are implemented;As integrity protection program IPS When the hook being arranged in kernel is triggered, it is meant that in needing Target O/S kernel integralities are checked and protected The generation of nuclear incident, now it is switched in integrity protection program IPS and carries out respective handling.
(4) integrity protection program IPS nullifies removes with monitoring environmental protection;The monitoring established in clear operation (2) is protected Retaining ring border, and recover goal systems Target OS normal operation.
Integrity protection program IPS (Integrity Protection Software) is placed in destination OS Inside Target OS address spaces, encapsulate and integrity checking and protection are carried out to destination OS Target O/S kernels Correlative code, and data segment and work stack required during operation, the performing environment of a closing is formed, wherein specific complete Property the inspection security strategy related to protection voluntarily formulated according to user's request;When need to operating system nucleus implement integrality Monitoring protection when, integrity protection program IPS loading when to monitoring protector register, monitoring protector be IPS build by The running environment of protection, corresponding security strategy is performed under monitoring protector protection in IPS whole life cycle.
Kernel hooking is placed in goal systems Target O/S kernels, may make Target OS integralities for intercepting and capturing The kernel events that state changes so that controlling stream can be transferred in integrity protection program IPS and be checked and be analyzed.
The embodiment and set location of kernel hooking are related to security strategy, are voluntarily formulated by user, for example, Set at the kernel events such as kernel module loading and deletion, executable file execution, or intercept and capture Target OS tick interrupts Processing routine is to carry out periodic integrity checking.
The control switching that code is used between destination OS Target OS and integrity protection program IPS is redirected, together The protection of the monitored protector of sample.After the kernel hooking that user is placed in Target OS is triggered, controlling stream can pass through Redirect code and be transferred in integrity protection program IPS and analyzed and processed, then return to goal systems by redirecting code again Target OS are continued executing with.The code that redirects into integrity protection program IPS is referred to as entry and redirects code, returns to target system The system Target OS code that redirects is referred to as exit and redirects code.
Monitoring protector is run directly on computer hardware, for integrity protection program IPS, kernel hooking and is redirected Code provides insulation blocking, builds safe performing environment, resists goal systems Target OS and the malice of said modules is attacked Hit, so as to ensure the validity of kernel integrity protection system;
Monitoring protector provides the running environment of an insulation blocking for integrity protection program IPS, is a lightweight VMM but do not perform any virtualization operations, nonintervention destination OS Target OS operation;Monitoring protector, connect The registration and unregistration request that program IPS integrity protected is sent, constructed internal storage access safeguard measure is established and cancels, and Recording-related information;Monitoring protector is booted up by Grub, is run directly on hardware, and monitoring protector uses on startup Intel TXT GETSEC instructions carry out credible startup;Monitoring protector only enables extension page table EPT mechanism, VM- Functions mechanism and the protection to LBR MSR, control targe is distinguished by different EPT page table structures GEPT and SEPT The access of system Target OS and integrity protection program IPS to physical memory.
READ, WRITE, EXECUTION position that monitoring protector is enabled in extension page table EPT items reflect list item meaning The reading and writing of the physical memory page and executable access rights;By setting different access rights in GEPT and SEPT;Together When, the EPTP handover mechanisms that provide in VM-functions is used in redirecting code, directly realized in non-root patterns Switching between EPT;
In order to manage integrity protection program IPS, kernel hooking, the internal storage access authority for redirecting code, monitoring protector Using corresponding the registered integrity protection program IPS of safe_monitor data structures, for stored memory protection information, bag Include:Index ips_index, each region of memorys of SEPT base address ips_eptp, the ips_eptp in EPTP list fields Starting and end address and required setting access rights.
Goal systems Target OS contextual information and monitoring configure when performing integrity checking with protecting to preserve Information, integrity protection program IPS inside are recorded using ips_context structures, including:Need to preserve goal systems Stack pointer os_stack, integrity protection program IPS stack pointers ips_stack when Target OS are currently run, Entry and exit redirects code address ips_entry and ips_exit, integrity protection program IPS processing function entrances address Ips_handler, kernel hooking address ips_hook and return address ips_return.
Beneficial effects of the present invention:It is hard that operating system nucleus completeness protection method provided by the invention is based on Intel VT Part virtualization technology.In this kernel integrity protection system, integrity protection program IPS operates in goal systems Target Inside OS, by setting kernel hooking to intercept and capture Target O/S kernel events, integrity protection program is transferred to via code is redirected IPS performs corresponding security strategy.The protection of the monitored protector of all components so that Target OS can not be to it Modify and destroy, so as to protect its security.Monitoring protector provided by the invention is a lightweight VMM, is only System is protected to provide an isolated execution environment for kernel integrity, without other virtualization features, monitoring protector is only Extension page table EPT mechanism, VM-functions mechanism and the protection to LBR MSR are enabled, is controlled by different EPT page tables Access of the Target OS and IPS to physical memory, and the EPTP handover mechanisms provided using VM-functions, directly The switching between EPT is realized in non-root patterns.Thus, Target OS are in the process of implementation and IPS performs integrality and protected Protect during related security policies, the intervention without monitoring protector so that whole system performs safe and efficient.
Brief description of the drawings
Fig. 1 operating system nucleus integrity protection system's structural representations;
Fig. 2 operating system nucleus completeness protection method flow charts;
Fig. 3 monitoring protector initialization flowcharts;
Fig. 4 integrity protection programs IPS is registered and monitoring environmental protection setting procedure figure;
Fig. 5 HYPERCALL_CREATE hypercalls execution flow charts;
Fig. 6 HYPERCALL_SET hypercalls execution flow charts;
Specifically flow chart is protected in the monitoring to kernel integrity to Fig. 7;
Fig. 8 entry redirect code flow diagram;
Fig. 9 exit redirect code flow diagram;
Figure 10 integrity protection programs IPS nullifies removes flow chart with monitoring environmental protection;
Figure 11 HYPERCALL_DESTROY hypercalls flow charts.
Embodiment
The present invention is further described below in conjunction with the accompanying drawings.
As shown in figure 1, a kind of operating system nucleus integrity protection system provided by the invention, contained component includes complete Property defence program IPS, kernel hooking, redirect code, goal systems Target OS and monitoring protector.When needs are to operation When kernel of uniting implements integrality monitoring protection, integrity protection program IPS is loaded into object run by way of kernel module In system Target OS address spaces, the configuration needed for environmental protection is monitored, and registered to monitoring protector, structure Build the running environment by insulation blocking.Integrity protection program IPS itself is encapsulated in goal systems Target OS Core carries out integrity checking and the correlative code of protection, and data segment and work stack required during operation, forms an envelope The performing environment closed, wherein specific security strategy is voluntarily formulated according to user's request.
Goal systems Target OS contextual information and monitoring are matched somebody with somebody when performing integrity checking with protecting to preserve Confidence ceases, and is recorded inside integrity protection program IPS using ips_context structures, including:Need to preserve goal systems Stack pointer os_stack, integrity protection program IPS stack pointers ips_stack when Target OS are currently run, Entry and exit redirects code address ips_entry and ips_exit, integrity protection program IPS processing function entrances address Ips_handler, kernel hooking address ips_hook and return address ips_return.
Goal systems Target OS integrity states may occur to enable integrity protection program IPS to intercept and capture The kernel events of change, and then association integrity inspection and analysis are carried out, it is necessary to set kernel hooking in Target OS.It is interior The embodiment and set location of core hook are related to security strategy, are voluntarily formulated by user, for example, in kernel module Loading and delete, executable file performs etc. sets at kernel events, or intercept and capture Target OS clock interrupt handling routines with Carry out periodic integrity checking.
Redirect code be used between goal systems Target OS and integrity protection program IPS control switching, equally by To the protection of monitoring protector.After the kernel hooking that user is placed in goal systems Target OS is triggered, controlling stream meeting It is transferred in integrity protection program IPS by redirecting code and is analyzed and processed, then returns to target system by redirecting code again System Target OS are continued executing with.The code that redirects from goal systems Target OS into integrity protection program IPS is referred to as Entry redirects code, and the code that redirects for returning to goal systems Target OS is referred to as exit and redirects code.
Monitoring protector is the core component of the system, and the fortune of an insulation blocking is provided for integrity protection program IPS Row environment, the VMM of a lightweight is effectively equivalent to, receives the registration and unregistration request that integrity protection program IPS is sent, Establish and cancel constructed internal storage access safeguard measure, and recording-related information.Monitoring protector is booted up by Grub, directly Connect and operate on hardware, in order to ensure the clean boot of itself, monitoring protector uses Intel TXT GETSEC on startup Instruction carries out credible startup.Monitoring protector is only to protect system to provide an isolated execution environment for kernel integrity, and Without other virtualization features, thus almost it is not required to set the execution control domain in virtual machine control block VMCS, only enables expansion Open up page table EPT mechanism, VM-functions mechanism and the protection to LBR MSR, by different EPT page table structures GEPT and SEPT distinguishes the access of control targe system Target OS and integrity protection program IPS to physical memory.EPT page table entries In READ, WRITE, EXECUTION position reflect the reading and writing of the list item meaning physical memory page and executable access right Limit.It is to realize to carry out insulation blocking to integrity protection program IPS by setting different access rights in GEPT and SEPT Key.Meanwhile the EPTP handover mechanisms provided in redirecting code using VM-functions, can be directly in non- The switching between EPT is realized in root patterns, without the intervention of monitoring protector, ensure that the high efficiency of monitoring guard method.
In order to manage integrity protection program IPS, kernel hooking, the internal storage access authority for redirecting code, monitoring protector Using corresponding the registered integrity protection program IPS of safe_monitor data structures, for stored memory protection information, bag Include:Index ips_index, each region of memorys of SEPT base address ips_eptp, the ips_eptp in EPTP list fields Starting and end address and required setting access rights.
Fig. 2 show operating system nucleus completeness protection method flow chart.Including:Step 20 monitoring protector is initial Change;Step 21 integrity protection program IPS registers to be set with monitoring environmental protection;The step 22 specifically monitoring to kernel integrity Protection;And step 23 integrity protection program IPS is nullified with monitoring the primary operationals such as environmental protection removing.
Fig. 3 is monitoring protector initialization flowchart.Step 30 is initial state;Step 31 enables extension page table EPT machines System and VM functions mechanism, the purpose for enabling VM functions be in order to can in goal systems Target OS it is straight Connect and perform EPT handover operations, by Enable EPT positions in virtual machine control block VMCS and VM functions positions 1;Step 32 By the positions 1 of IA32_DEBUGCTL MSR registers bit 0, to open LBR (Last Branch Record) mechanism, while In VMCS MSR write bit figures, by the position 1 corresponding to IA32_DEBUGCTL and LBR stacks (LBR stack) register, to forbid Goal systems Target OS change these registers, while allow to read these deposits in integrity protection program IPS again Device;Step 33 sets whole GEPT list items according to the size of goal systems Target OS physical address, and page-size is set to 4KB, READ, WRITE, EXECUTION position 1 of whole GEPT list items is initialized, ensure Target OS guest-physical addresses Identical mapping between machine physical address, and GEPT page tables base address guest_eptp is stored in virtual machine control block VMCS EPTP fields, in addition, physical memory area where monitoring protector itself is left out from GEPT page table entries, to forbid External module access monitoring protector own content;Step 34 by the positions 1 of VM-functions control fields bit 0 in VMCS, To enable EPTP switching (EPTP Switching) mechanism, 4KB size EPTP lists are distributed, and guest_eptp is stored in EPTP list indexs position is at 0;Step 35 terminates.Initialization is completed, and waits integrity protection program IPS request.
After monitoring protector initialization is completed, just possess and build an isolation operation for integrity protection program IPS The function of environment.Integrity protection program IPS is in loading, it is necessary to carry out pertinent registration with monitoring the behaviour such as environmental protection setting Make.And at the end of monitoring, the configured monitoring environmental protection of revocation, recovery goal systems Target OS normal operation.Tool The operation being configured in monitoring protector is needed during the registration and unregistration of body, is used by integrity protection program IPS Hypercalls are carried out.In Intel VT-x, hypercalls make use of VMCALL to instruct, therefore, the present invention provides following three Individual supersystem is called:(1)HYPERCALL_CREATE:For notifying monitoring protector to create SEPT paging structures, RAX deposits Device Transfer Parameters HYPERCALL_CREATE.(2)HYPERCALL_SET:For setting kernel hooking in GEPT and SEPT, jump Turn code, the access rights of region of memory where integrity protection program IPS, environmental protection is monitored to integrality for realizing Protection, RAX register Transfer Parameters HYPERCALL_SET, RBX register Transfer Parameters initial address start, RCX registers Transfer Parameters end address end, RDX register Transfer Parameters component type (kernel hooking, redirects code, IPS codes, IPS numbers According to).(3)HYPERCALL_DESTROY:For removing the internal memory safeguard measure set in monitoring protector, RAX registers pass Pass parameter HYPERCALL_DESTROY.When integrity protection program IPS calls supersystem to call, CPU can be trapped in monitoring In protector, monitoring protector carries out relevant treatment according to specific parameter information.
Fig. 4 is that integrity protection program IPS is registered with monitoring environmental protection setting procedure figure.Step 40 is initial state; Stack and other data areas needed for step 41 distribution integrality defence program IPS operations, for forming the operation of a closing Environment;Step 42 dynamically produces ips_context structures, goal systems Target O/S context information when being monitored for preserving And monitoring configuration information, including need to preserve stack pointer os_stack, IPS storehouses of Target OS when currently running and refer to Pin ips_stack, entry and exit redirect code address ips_entry and ips_exit, IPS processing function entrance address Ips_handler, kernel hooking address ips_hook and return address ips_return;Step 43 is by IPS stack tops address ips_ Stack, entry and exit redirect code address ips_entry, ips_exit, and IPS processing function entrances ips_handler is protected It is stored in ips_context structures;Step 44 sets kernel hooking, and the present invention does not limit the specific side that user adds kernel hooking Formula, ensure that kernel hooking jumps to ips_entry positions by user, and by its address ips_hook and return address ips_ Return is saved in ips_context structures, and ips_hook, which is used to call, checks program, ensures integrity protection program IPS It is to be triggered by set kernel hooking;Step 45 calls HYPERCALL_CREATE hypercalls to create SEPT paging knots Structure, the process includes a sub-process handled in monitoring protector, and transmits return value ips_index with RAX registers, Ips_index is indexes of the SEPT page tables base address ips_eptp in virtual machine control block VMCS EPTP list fields;Step Rapid 46 judge kernel hooking, redirect code, whether page internal memory protection setting has all been handled shared by integrity protection program IPS Into terminating if so, then going to step 48, otherwise go to step 47;Step 47 calls HYPERCALL_SET hypercalls in GEPT With kernel hooking is set in SEPT, redirect code, the access rights of internal memory where integrity protection program IPS, for realizing pair Kernel integrity monitors the protection of environmental protection, and the process includes a sub-process handled in monitoring protector;Step 48 Terminate.
Fig. 5 is HYPERCALL_CREATE hypercalls execution flow charts.Step 50 is initial state;Step 51 produces Safe_monitor structure stored memory protection informations, including SEPT base address ips_eptp, ips_eptp in EPTP lists The starting of index ips_index, each region of memory in field and end address and the access rights of required setting;Step 52 set whole SEPT list items according to the size of goal systems Target OS physical address, and page-size is set to 4KB, SEPT Duplication version equivalent to GEPT, but all pages not can perform authority, therefore, initialize whole SEPT list items READ, WRITE positions 1, EXECUTION positions 0, ensure the identical mapping of guest-physical addresses and machine physical address, monitoring is protected Physical memory area where device itself is left out from SEPT page table entries, to forbid in external module access monitoring protector itself Hold, and SEPT base address ips_eptp is saved in safe_monitor;Ips_eptp is saved in VMCS by step 53 EPTP list fields, index as ips_index;Ips_index is saved in safe_monitor by step 54;Step 55 is used RAX registers preserve return value ips_index;Step 56 terminates.
Fig. 6 is HYPERCALL_SET hypercalls execution flow charts.Step 60 is initial state;Step 61 is verified HYPERCALL_SET hypercalls instruct the legitimacy of Transfer Parameters, i.e. the initial address start of determination component and end address Whether end is processed (having been saved in safe_monitor), and start<End, if Transfer Parameters are legal, it is transferred to Step 62, otherwise it is transferred to step 6A error handle;Step 62 is determined in GEPT and SEPT according to component type in RDX registers The authority gacc and sacc to be set:If kernel hooking, then gacc is arranged to readable, not writeable, executable, and sacc is arranged to It is readable, writeable, not can perform, if code is redirected, then gacc is arranged to readable, not writeable, executable, and sacc is arranged to can Read, be writeable, executable, if IPS codes, then gacc is arranged to unreadable, not writeable, can perform, sacc be arranged to it is readable, Not writeable, executable, if IPS data, then gacc is arranged to unreadable, not writeable, can perform, sacc be arranged to it is readable, It is writeable, not can perform;Step 63 sets circulation initial state, and initial address start is set into current address laddr;Step 64 Judge whether laddr is more than or equal to end address end, if so, then all page processing are completed, jump to step 69, circulation knot Beam, otherwise into loop body, go to step 65;Step 65 inquires about current Target OS page tables using laddr, obtains corresponding client Physical address paddr;Step 66 travels through GEPT and SEPT respectively using paddr, and corresponding list item access rights are set respectively For gacc and sacc;Step 67 preserves laddr, paddr, gacc and sacc in safe_monitor;Step 68 is by current position Location laddr is arranged to the address of next page, goes to step 64;Step 69 terminates internal storage access priority assignation;Passed in step 6A The parameter entered is illegal, and program error terminates.
Fig. 7 is that specifically flow chart is protected in the monitoring to kernel integrity.Step 70 is initial state;Work as setting in step 71 When hook in kernel is triggered, it will jump to entry and redirect execution at the address ips_entry of code;In step 72 by Entry redirects code and performs switching task, and the main task that performs includes preserving the deposits of goal systems Target OS before the handover Device information, perform EPT handover operations (GEPT switches to SEPT), integrality defence program IPS operation work stacks ips_ is set Stack and jump to calling check program;Jump information can be recorded in step 73 in LBR stack registers, reads the deposit of LBR stacks Device content, and compared with ips_hook, call validity checking for performing, it is ensured that controlling stream was redirected from corresponding hook Come, rather than goal systems Target OS malice triggers;If step 74 is identical, it is legal to call, and is transferred to step 75, otherwise Step 78 mistake is transferred to terminate;Step 75 is jumped at integrity protection program IPS processing function entrances address ips_handler Perform kernel integrity inspection to operate with protection, the security strategy specifically performed is defined by the user;Step 76 redirects generation by exit Code performs return task, and the main task that performs includes recovering goal systems Target OS register informations before the handover, performed EPT handover operations (SEPT switches to GEPT) and returning in goal systems Target OS continue executing with;Step 77 terminates; Step 78 mistake terminates.
Fig. 8 is that entry redirects code flow diagram, is made up of assembly instruction.Step 80 is initial state, and kernel hooking redirects Redirected to entry at code;Step 81 is broken using the CLI instructions Central Shanxi Plain, ensures that entry redirects the atomicity of code execution;Step The 82 general register pop downs for using goal systems Target OS, the storehouse oneself used by Target OS preserve;Step 83 by RAX register assignments 0, represent EPTP switchings (EPTP switching), are ips_index by RCX register assignments, hold Row VMFUNC instructions are switched to SEPT;Step 84 performs CLI instructions again, prevents goal systems Target OS from directly skipping step Rapid 81, ensure the atomicity of kernel integrity monitoring protection process;The stack pointer that step 85 uses goal systems Target OS The os_stack being saved in ips_context;Ips_stack is assigned to RSP registers by step 86;Step 87 jumps to step Rapid 73 perform.Step 88 terminates.
Fig. 9 is that exit redirects code flow diagram, is made up of assembly instruction.Step 90 is initial state, integrity protection journey Sequence is finished, and returns to exit and redirects at code;Step 91 is broken using the CLI instructions Central Shanxi Plain, ensures that exit redirects code execution Atomicity;Os_stack is assigned to RSP registers by step 92, recovers goal systems Target OS stack pointer;Step 93 By RAX register assignments 0, EPTP switchings (EPTP switching) are represented, is 0 by RCX register assignments, represents GEPT and exist Index in EPTP list fields, perform VMFUNC instructions and EPTP is switched back into GEPT;Step 94 recovers previously used target System Target OS general register;Step 95 opens interruption using STI instructions, recovers Target OS interrupt status;Step Rapid 96, which jump to return address ips_return, continues goal systems Target OS execution.Step 97 terminates.
Figure 10 is that integrity protection program IPS is nullified and monitors environment removing flow chart.Step A0 is initial state;Step A1 calls HYPERCALL_DESTROY hypercalls to remove the internal memory safeguard measure set in monitoring protector, the process bag Containing a sub-process handled in monitoring protector;Step A2 eliminates the kernel hooking set, recovers goal systems Target OS is normally performed;Step A3 empties the internal memory and register that integrity protection program IPS is used, and to prevent information leakage, discharges institute The memory headroom of occupancy;Step A4 terminates.
Figure 11 is HYPERCALL_DESTROY hypercalls flow charts.Step B0 is initial state;Step B1 judges current Whether under SEPT controls, only integrity protection program IPS internal codes can call HYPERCALL_DESTROY to surpass Level is called, and such as "Yes", then into step B2, otherwise, is transferred to step B9 mistakes and is terminated;Step B2 judges to need to remove internal memory protection All the page of setting whether complete by processing, if so, then going to step B4, otherwise goes to step B3;Step B3 is utilized and is stored in Corresponding page table entry access rights are reverted to READ, WRITE, EXECUTION by the paddr traversal GEPT in safe_monitor, And it is transferred to step B2 and handles next paddr;Step B4 empties whole SEPT list items, release busy internal memory;Step B5 discharges Safe_monitor space-consumings;GEPT page tables base address guest_eptp is stored in the EPTP fields in VMCS by step B6; Step B7 normal terminations;Step B8 mistakes terminate.
Described above is only the preferred embodiment of the present invention, it should be pointed out that:For the ordinary skill people of the art For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should It is considered as protection scope of the present invention.

Claims (7)

1. a kind of operating system nucleus completeness protection method, it is characterized in that based on component include integrity protection program, interior Core hook, redirect code, goal systems and monitoring protector;Using following steps:
(1)The startup and initialization of monitoring protector;Monitoring protector carries out the configuration work of virtualized environment on startup, opens The extension page table EPT mechanism and VM-functions mechanism provided with Intel processor, and establish for supporting goal systems Target OS carry out the EPT paging structure GEPT of internal storage access, and asking for integrity protection program IPS is waited after initialization Ask operation;
(2)Integrity protection program IPS registration and the setting of monitoring environmental protection;Integrity protection program IPS loading when, Need to set the kernel hooking of intercepting and capturing event, create and configure and redirect code and coherence check program, pass through the super tune of VMCALL Registered with instruction to monitoring protector, monitoring protector is created for supporting integrity protection program IPS to carry out internal storage access EPT paging structure SEPT, and set internal memory to protect, realize that internal memory is isolated;
(3)Implement the monitoring and protection to goal systems Target O/S kernel integralities;When integrity protection program IPS is set , it is necessary to the hair for the kernel events that Target O/S kernel integralities are checked and protected when hook in kernel is triggered It is raw, now it is switched in integrity protection program IPS and carries out respective handling;
(4)Integrity protection program IPS nullifies to be removed with monitoring environmental protection;Clear operation(2)The monitoring protection ring of middle foundation Border, and recover goal systems Target OS normal operation;
Integrity protection program IPS(Integrity Protection Software)It is placed in destination OS Target OS Inside address space, encapsulate and integrity checking and the correlative code of protection carried out to destination OS Target O/S kernels, And required data segment and work stack during operation, form the performing environment of a closing, wherein specific integrity checking with Related security strategy is protected voluntarily to be formulated according to user's request;Protected when needing to monitor operating system nucleus implementation integrality When, load integrity protection program IPS and registered to monitoring protector, monitoring protector is the operation that IPS structures are protected Environment, corresponding security strategy is performed under monitoring protector protection in IPS whole life cycle;
Kernel hooking is placed in goal systems Target O/S kernels, may make Target OS integrity states for intercepting and capturing The kernel events to change so that controlling stream can be transferred in integrity protection program IPS and be checked and be analyzed;Kernel hook The embodiment and set location of son are related to security strategy, are voluntarily formulated by user, the core module that is included loading Perform with deletion, executable file and set at kernel events, or intercept and capture Target OS clock interrupt handling routines to carry out week The integrity checking of phase property;
Redirect code be used between destination OS Target OS and integrity protection program IPS control switching, equally by To the protection of monitoring protector;After the kernel hooking that user is placed in Target OS is triggered, controlling stream can be by redirecting Code is transferred in integrity protection program IPS and analyzed and processed, and then returns to goal systems Target by redirecting code again OS is continued executing with;The code that redirects into integrity protection program IPS is referred to as entry and redirects code, returns to goal systems The Target OS code that redirects is referred to as exit and redirects code;
Monitoring protector is run directly on computer hardware, for integrity protection program IPS, kernel hooking and redirects code Insulation blocking is provided, safe performing environment is built, resists malicious attacks of the goal systems Target OS to said modules, from And ensure the validity of kernel integrity protection system;
Monitoring protector provides the running environment of an insulation blocking for integrity protection program IPS, is a lightweight VMM, but any virtualization operations are not performed, nonintervention destination OS Target OS operation;Monitoring protector receives The registration and unregistration request that integrity protection program IPS is sent, establishes and cancels constructed internal storage access safeguard measure, and remember Record relevant information;Monitoring protector is booted up by Grub, is run directly on hardware, and monitoring protector uses on startup Intel TXT GETSEC instructions carry out credible startup;Monitoring protector only enables extension page table EPT mechanism, VM- Functions mechanism and the protection to LBR MSR, control targe is distinguished by different EPT page table structures GEPT and SEPT The access of system Target OS and integrity protection program IPS to physical memory.
2. operating system nucleus completeness protection method according to claim 1, it is characterized in that monitoring protector enables expansion Exhibition page table EPT items in READ, WRITE, EXECUTION position reflect the list item meaning physical memory page reading and writing and Executable access rights;Different access rights are set in GEPT and SEPT;Meanwhile VM- is used in code is redirected The EPTP handover mechanisms provided in functions, the switching between EPT is directly realized in non-root patterns;
In order to manage integrity protection program IPS, kernel hooking, the internal storage access authority for redirecting code, monitoring protector uses Corresponding the registered integrity protection program IPS of safe_monitor data structures, for stored memory protection information, including: Index ips_index, of each region of memory of SEPT base address ips_eptp, the ips_eptp in EPTP list fields The access rights to begin with end address and required setting.
3. operating system nucleus completeness protection method according to claim 1, it is characterized in that performing integrality to preserve The contextual information and monitoring configuration information with goal systems Target OS during protection are checked, in integrity protection program IPS Portion is recorded using ips_context structures, including:Need to preserve storehouse when goal systems Target OS are currently run Pointer os_stack, integrity protection program IPS stack pointers ips_stack, entry and exit redirect code address ips_ Entry and ips_exit, integrity protection program IPS processing function entrances address ips_handler, kernel hooking address ips_ Hook and return address ips_return.
4. operating system nucleus completeness protection method according to claim 1, it is characterized in that monitoring protector initializes Flow;Step 30 is initial state;Step 31 enables extension page table EPT mechanism and VM functions mechanism, enables VM Functions purpose is in order to directly perform EPT handover operations in goal systems Target OS, by virtual machine control block Enable EPT positions and VM functions positions 1 in VMCS;Step 32 is by IA32_DEBUGCTL MSR registers bit 0 1 is put, to open LBR(Last Branch Record)Mechanism, while in VMCS MSR write bit figures, by IA32_DEBUGCTL With LBR stacks(LBR stack)Position 1 corresponding to register, to forbid goal systems Target OS to change these registers, Allow to read these registers in integrity protection program IPS again simultaneously;Step 33 is according to goal systems Target OS physics The size of address sets whole GEPT list items, and page-size is set to 4KB, initialize whole GEPT list items READ, WRITE, EXECUTION positions 1, ensure the identical mapping between Target OS guest-physical addresses and machine physical address, and will GEPT page tables base address guest_eptp is stored in virtual machine control block VMCS EPTP fields, in addition, by monitoring protector certainly Physical memory area where body is left out from GEPT page table entries, to forbid external module access monitoring protector own content;Step Rapid 34 by the positions 1 of VM-functions control fields bit 0 in VMCS, to enable EPTP handover mechanisms, distribution 4KB sizes EPTP List, and it is at 0 that guest_eptp is stored in into EPTP list indexs position;Step 35 terminates;Initialization is completed, and is waited complete Property defence program IPS request;
After monitoring protector initialization is completed, just possess and build an isolation running environment for integrity protection program IPS Function;Integrity protection program IPS operates in loading, it is necessary to carry out pertinent registration and set with monitoring environmental protection;And At the end of monitoring, the configured monitoring environmental protection of revocation, recovery goal systems Target OS normal operation;Specific note The operation being configured in monitoring protector is needed in volume and log off procedure, super tune is used by integrity protection program IPS For carry out;In Intel VT-x, hypercalls make use of VMCALL to instruct;Adjusted therefore, providing following three supersystem With:(1)HYPERCALL_CREATE:For notifying monitoring protector to create SEPT paging structures, RAX register Transfer Parameters HYPERCALL_CREATE;(2)HYPERCALL_SET:For setting kernel hooking in GEPT and SEPT, code is redirected, it is complete The access rights of region of memory where whole property defence program IPS, the protection of environmental protection, RAX are monitored to integrality for realizing Register Transfer Parameters HYPERCALL_SET, RBX register Transfer Parameters initial address start, RCX register Transfer Parameters End address end, RDX register Transfer Parameters component type:Including kernel hooking, code, IPS codes, IPS data are redirected; (3)HYPERCALL_DESTROY:For removing the internal memory safeguard measure set in monitoring protector, RAX registers transmission ginseng Number HYPERCALL_DESTROY;When integrity protection program IPS calls supersystem to call, CPU can be trapped in monitoring protection In device, monitoring protector carries out relevant treatment according to specific parameter information.
5. operating system nucleus completeness protection method according to claim 1, it is characterized in that integrity protection program IPS Registration and monitoring environmental protection setting procedure:Step 40 is initial state;Step 41 distribution integrality defence program IPS operations institute The stack needed and other data areas, for forming the running environment of a closing;Step 42 dynamically produces ips_context knots Structure, goal systems Target O/S contexts information and monitoring configuration information when being monitored for preserving, including need to preserve Stack pointer os_stack, IPS stack pointer ips_stack, entry and exit when Target OS are currently run redirect generation Code address ips_entry and ips_exit, IPS processing function entrance address ips_handler, kernel hooking address ips_hook And return address ips_return;IPS stack tops address ips_stack, entry and exit are redirected code address ips_ by step 43 Entry, ips_exit, IPS processing function entrances ips_handler are saved in ips_context structures;In step 44 is set Core hook, the concrete mode that user adds kernel hooking is not limited, ensures that kernel hooking jumps to ips_entry positions by user Put, and its address ips_hook and return address ips_return are saved in ips_context structures, ips_hook is used for Call and check program, ensure that integrity protection program IPS is triggered by set kernel hooking;Step 45 is called HYPERCALL_CREATE hypercalls create SEPT paging structures, and the process includes a son handled in monitoring protector Flow, and return value ips_index is transmitted with RAX registers, ips_index is SEPT page tables base address ips_eptp virtual Index in machine control block VMCS EPTP list fields;Step 46 judges kernel hooking, redirects code, integrity protection program All page internal memory protection setting shared by IPS whether complete by processing, terminates if so, then going to step 48, otherwise goes to step 47;Step Rapid 47 calling HYPERCALL_SET hypercalls set kernel hooking in GEPT and SEPT, redirect code, integrity protection journey The access rights of internal memory where sequence IPS, the protection of environmental protection is monitored for realizing to kernel integrity, and the process includes one The sub-process handled in monitoring protector;Step 48 terminates.
6. operating system nucleus completeness protection method according to claim 1, it is characterized in that the prison to kernel integrity Control protection flow:Step 70 is initial state;In step 71 when the hook being arranged in kernel is triggered, it will jump to Entry is redirected and performed at the address ips_entry of code;Code is redirected by entry in step 72 and performs switching task, is mainly held Row task include preserving goal systems Target OS register information before the handover, perform EPT handover operations, set it is complete Property defence program IPS operation work stack ips_stack and jump to calling and check program;In step 73 in LBR stack registers Jump information can be recorded, reads LBR stack register contents, and compared with ips_hook, calls validity checking for performing, really Protect controlling stream to redirect from corresponding hook, rather than goal systems Target OS malice triggers;If step 74 phase Together, then it is legal to call, and is transferred to step 75, is otherwise transferred to step 78 mistake and terminates;Step 75 jumps to integrity protection program IPS Perform kernel integrity inspection at the ips_handler of processing function entrance address to operate with protection, the security strategy specifically performed It is defined by the user;Step 76 redirects code by exit and performs return task, and the main task that performs includes recovering goal systems Register information, execution EPT handover operations, the SEPT of Target OS before the handover switch to GEPT and return to target system Continued executing with system Target OS;Step 77 terminates;Step 78 mistake terminates.
7. operating system nucleus completeness protection method according to claim 1, it is characterized in that entry redirects code flow Journey:It is made up of assembly instruction;Step 80 is initial state, and kernel hooking jumps to entry and redirected at code;Step 81 uses The CLI instructions Central Shanxi Plain is broken, and ensures that entry redirects the atomicity of code execution;Step 82 uses goal systems Target OS logical With register pop down, the storehouse oneself used by Target OS preserves;RAX register assignments 0 are represented EPTP and cut by step 83 Change(EPTP switching), it is ips_index by RCX register assignments, performs VMFUNC instructions and be switched to SEPT;Step 84 CLI instructions are performed again, prevent goal systems Target OS from directly skipping step 81, ensure that kernel integrity monitoring was protected The atomicity of journey;The goal systems Target OS stack pointers used are saved in the os_ in ips_context by step 85 stack;Ips_stack is assigned to RSP registers by step 86;Step 87 jumps to step 73 and performed;Step 88 terminates.
CN201510234249.3A 2015-05-08 2015-05-08 A kind of operating system nucleus completeness protection method Active CN104809401B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510234249.3A CN104809401B (en) 2015-05-08 2015-05-08 A kind of operating system nucleus completeness protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510234249.3A CN104809401B (en) 2015-05-08 2015-05-08 A kind of operating system nucleus completeness protection method

Publications (2)

Publication Number Publication Date
CN104809401A CN104809401A (en) 2015-07-29
CN104809401B true CN104809401B (en) 2017-12-19

Family

ID=53694214

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510234249.3A Active CN104809401B (en) 2015-05-08 2015-05-08 A kind of operating system nucleus completeness protection method

Country Status (1)

Country Link
CN (1) CN104809401B (en)

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107301082B (en) * 2016-04-15 2020-10-09 南京中兴软件有限责任公司 Method and device for realizing integrity protection of operating system
CN106203082A (en) * 2016-06-29 2016-12-07 上海交通大学 The system and method efficiently isolating kernel module based on virtualization hardware characteristic
CN106096455A (en) * 2016-08-08 2016-11-09 王波 A kind of main frame kernel data reduction protection method
CN106778257A (en) * 2016-12-08 2017-05-31 北京国电通网络技术有限公司 A kind of anti-release apparatus of virtual machine
CN106775941A (en) * 2016-12-08 2017-05-31 北京国电通网络技术有限公司 A kind of virtual machine kernel completeness protection method and device
CN107016283B (en) * 2017-02-15 2019-09-10 中国科学院信息工程研究所 Android privilege-escalation attack safety defense method and device based on integrity verification
EP3373178A1 (en) * 2017-03-08 2018-09-12 Secure-IC SAS Comparison of execution context data signatures with references
CN107797895A (en) * 2017-05-08 2018-03-13 中国人民解放军国防科学技术大学 A kind of secure virtual machine monitoring method and system
CN108958879B (en) * 2017-05-24 2021-02-26 华为技术有限公司 Monitoring method and device for virtual machine
CN107391225A (en) * 2017-07-13 2017-11-24 北京航空航天大学 A kind of monitoring method and system based on more EPT lists
CN107368739B (en) * 2017-07-26 2020-02-07 北京理工大学 Kernel drive monitoring method and device
CN107506638B (en) * 2017-08-09 2020-10-16 南京大学 Kernel control flow abnormity detection method based on hardware mechanism
CN107479946B (en) * 2017-08-16 2020-06-16 南京大学 Interactive behavior monitoring scheme of kernel module
CN108171061B (en) * 2018-01-16 2021-02-02 武汉轻工大学 Android system kernel safety detection method and device
CN108763927A (en) * 2018-01-16 2018-11-06 武汉轻工大学 A kind of cloud system safety detection method and device
CN110348252B (en) 2018-04-02 2021-09-03 华为技术有限公司 Trust zone based operating system and method
CN108469984B (en) * 2018-04-17 2021-07-30 哈尔滨工业大学 Virtual machine introspection function level-based dynamic detection system and method for inner core of virtual machine
CN109271787A (en) * 2018-07-03 2019-01-25 ***股份有限公司 A kind of operating system security active defense method and operating system
CN110892388B (en) 2018-07-11 2022-07-22 华为技术有限公司 Method and device for enhancing isolation of user space and kernel space
CN109522050B (en) * 2018-09-10 2020-11-17 上海交通大学 Memory data real-time recording method and system based on processor control flow recording characteristics
CN109388948B (en) * 2018-11-05 2021-02-26 杭州安恒信息技术股份有限公司 Virtualization technology-based potential malware analysis method and related device
CN111177716B (en) * 2019-06-14 2024-04-02 腾讯科技(深圳)有限公司 Method, device, equipment and storage medium for acquiring executable file in memory
CN111177703B (en) * 2019-12-31 2023-03-31 青岛海尔科技有限公司 Method and device for determining data integrity of operating system
CN111400702B (en) * 2020-03-24 2023-06-27 上海瓶钵信息科技有限公司 Virtualized operating system kernel protection method
CN111881485B (en) * 2020-07-14 2022-04-05 浙江大学 Core sensitive data integrity protection method based on ARM pointer verification
CN112100686B (en) * 2020-08-28 2022-04-08 浙江大学 Core code pointer integrity protection method based on ARM pointer verification
CN112631671A (en) * 2020-12-31 2021-04-09 东软睿驰汽车技术(沈阳)有限公司 Method and device for initializing operating system
CN112989326A (en) * 2021-04-08 2021-06-18 北京字节跳动网络技术有限公司 Instruction sending method and device
CN117688552B (en) * 2024-01-30 2024-04-12 龙芯中科技术股份有限公司 Stack space protection method, electronic device, storage medium and computer program product

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101226577A (en) * 2008-01-28 2008-07-23 南京大学 Method for protecting microkernel OS integrality based on reliable hardware and virtual machine
CN102222194A (en) * 2011-07-14 2011-10-19 哈尔滨工业大学 Module and method for LINUX host computing environment safety protection
CN103093150A (en) * 2013-02-18 2013-05-08 中国科学院软件研究所 Dynamic integrity protection method based on credible chip
CN103699498A (en) * 2013-11-25 2014-04-02 南京大学 Application key data protection system and protection method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030101381A1 (en) * 2001-11-29 2003-05-29 Nikolay Mateev System and method for virus checking software

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101226577A (en) * 2008-01-28 2008-07-23 南京大学 Method for protecting microkernel OS integrality based on reliable hardware and virtual machine
CN102222194A (en) * 2011-07-14 2011-10-19 哈尔滨工业大学 Module and method for LINUX host computing environment safety protection
CN103093150A (en) * 2013-02-18 2013-05-08 中国科学院软件研究所 Dynamic integrity protection method based on credible chip
CN103699498A (en) * 2013-11-25 2014-04-02 南京大学 Application key data protection system and protection method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一个基于硬件虚拟化的内核完整性监控方法;李珣等;《计算机科学》;20111231;第38卷(第12期);第68-72页 *

Also Published As

Publication number Publication date
CN104809401A (en) 2015-07-29

Similar Documents

Publication Publication Date Title
CN104809401B (en) A kind of operating system nucleus completeness protection method
RU2686552C2 (en) Systems and methods for presenting a result of a current processor instruction when exiting from a virtual machine
KR102189296B1 (en) Event filtering for virtual machine security applications
TWI667611B (en) Data processing apparatus and method therefor
US10140448B2 (en) Systems and methods of asynchronous analysis of event notifications for computer security applications
US9129106B2 (en) Systems and methods for secure in-VM monitoring
CN102096786A (en) Cross-platform safety protection system based on hardware virtualization
US20050076186A1 (en) Systems and methods for improving the x86 architecture for processor virtualization, and software systems and methods for utilizing the improvements
CN109643290A (en) For having the technology of the memory management of the object-oriented with extension segmentation
JP2005122711A (en) Method for improving processor virtualization and system for processing synthetic instruction
WO2002052404A2 (en) Processor mode for limiting the operation of guest software r unning on a virtual machine supported by a monitor
CN107479946B (en) Interactive behavior monitoring scheme of kernel module
CN110059453A (en) A kind of container virtualization safety reinforced device and method
EP3864555B1 (en) Verifying a stack pointer
Deng et al. Dancing with wolves: Towards practical event-driven vmm monitoring
Shuo et al. Prevent kernel return-oriented programming attacks using hardware virtualization
Tang et al. Secure and efficient in-hypervisor memory introspection using nested virtualization
Sparks et al. Windows Rootkits a game of" hide and seek"
US10019576B1 (en) Security control system for protection of multi-core processors
Liu et al. HyperPS: a hypervisor monitoring approach based on privilege separation
Zhou et al. Protecting Virtual Machines against Untrusted Hypervisor on ARM64 Cloud Platform
Ding et al. Improving flask implementation using hardware assisted in-VM isolation
Silakov Using Hardware-Assisted Virtualization to Protect Application Address Space Inside Untrusted Environment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant