METHOD AND AN APPARATUS TO IMPLEMENT SECURE SYSTEM CALL WRAPPERS
First Claim
Patent Images
1. A computer-implemented method comprising:
- validating, by a computer system, parameters of a system call directed to a kernel using a system call wrapper, the parameters supplied by a user process in user-space in a memory of the computer system; and
protecting, by the computer system, the parameters from being accessed by processes in the user-space after the parameters have been validated by the system call wrapper.
1 Assignment
0 Petitions
Accused Products
Abstract
Some embodiments of a method and an apparatus to a method and an apparatus to implement secure system call wrapper have been presented. In one embodiment, a system call wrapper is used to validate parameters of a system call directed to a kernel from a user-space process. The user-space process supplies the parameters of the system call. The parameters are protected from being accessed by processes in the user-space after the parameters have been validated.
-
Citations
21 Claims
-
1. A computer-implemented method comprising:
-
validating, by a computer system, parameters of a system call directed to a kernel using a system call wrapper, the parameters supplied by a user process in user-space in a memory of the computer system; and protecting, by the computer system, the parameters from being accessed by processes in the user-space after the parameters have been validated by the system call wrapper. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus comprising:
-
a memory hosting a kernel, a system call wrapper, and a protection mechanism; and
;a processor, coupled to the memory, to cause the system call wrapper to validate parameters of a system call directed to the kernel, the parameters supplied by a user process in the user-space, and to cause the protection mechanism to protect the parameters from being accessed by processes in the user-space after the system call wrapper has validated the parameters. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable storage medium embodying instructions that, when executed by a processor in a computer system, will cause the processor to perform a method comprising:
-
validating, by the computer system, parameters of a system call directed to a kernel using a system call wrapper, the parameters supplied by a user process in user-space in a memory of the computer system; and protecting, by the computer system, the parameters from being accessed by processes in the user-space after the parameters have been validated by the system call wrapper. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification