Method and system usable in sensor networks for handling memory faults
First Claim
1. A method comprising:
- executing multiple application modules which access memory in a single memory address space;
prior to a memory access to an application state by an application module, detecting whether the state of the application module is corrupted;
when the state of the application module is corrupted, micro-rebooting the application module; and
when the state of the application module is not corrupted, permitting the application module to access the at least one block of memory allocated to the application module up to completion of a current execution of the application module, recalculating the MIC for the at least one block of memory allocated to the application module immediately after the execution of the application module, and replacing the stored MIC for the at least one block of memory allocated to the application module with the recalculated MIC for the at least one block of memory allocated to the application module;
wherein each of the application modules is allocated at least one block of memory in said single data memory space, and said step of detecting whether a state of the application module is corrupted comprises;
calculating a memory integrity code (MIC) for the at least one block of memory allocated to the application module as a function of content stored in the at least one block of memory allocated to the application module;
comparing the calculated MIC with a stored MIC for the at least one block of memory allocated to the application module;
when the calculated MIC is identical to the stored MIC for the at least one block of memory allocated to the application module, determining that the state of the application module is not corrupted; and
when the calculated MIC is not identical to the stored MIC for the at least one block of memory allocated to the application module, determining that the state of the application module is corrupted.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system usable in sensor networks for handling memory faults is disclosed. In order to protect the operating system of a sensor node, coarse-grained memory protection is provided by creating and enforcing an application fault domain in the data memory address space of the sensor node. The data memory accessed by the application modules is restricted to the region (which defines the application fault domain) within the data memory address space. The application modules are prevented from accessing memory outside the application fault domain through software-based run-time checks. The state belonging to the operations system is maintained outside of the application fault domain, and is thus protected from memory corruption from any application module. In order to ensure that an application module does not operate on a corrupted state, fine-grained error detection and recovery is provided within the application fault domain. Any corruption of memory within the application fault domain is detected by a run-time memory integrity verifier implemented in the operating system kernel. Recovery involves purging the corrupted state and restarting only the affected application module to operate on an uncorrupted state.
-
Citations
21 Claims
-
1. A method comprising:
-
executing multiple application modules which access memory in a single memory address space; prior to a memory access to an application state by an application module, detecting whether the state of the application module is corrupted; when the state of the application module is corrupted, micro-rebooting the application module; and when the state of the application module is not corrupted, permitting the application module to access the at least one block of memory allocated to the application module up to completion of a current execution of the application module, recalculating the MIC for the at least one block of memory allocated to the application module immediately after the execution of the application module, and replacing the stored MIC for the at least one block of memory allocated to the application module with the recalculated MIC for the at least one block of memory allocated to the application module; wherein each of the application modules is allocated at least one block of memory in said single data memory space, and said step of detecting whether a state of the application module is corrupted comprises; calculating a memory integrity code (MIC) for the at least one block of memory allocated to the application module as a function of content stored in the at least one block of memory allocated to the application module; comparing the calculated MIC with a stored MIC for the at least one block of memory allocated to the application module; when the calculated MIC is identical to the stored MIC for the at least one block of memory allocated to the application module, determining that the state of the application module is not corrupted; and when the calculated MIC is not identical to the stored MIC for the at least one block of memory allocated to the application module, determining that the state of the application module is corrupted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer readable medium storing computer program instructions for handling memory faults, said computer program instructions defining the steps comprising:
-
executing multiple application modules which access memory in a single memory address space; prior to a memory access to an application state by an application module, detecting whether the state of the application module is corrupted; when the state of the application module is corrupted, micro-rebooting the application module; and when the state of the application module is not corrupted, permitting the application module to access the at least one block of memory allocated to the application module up to completion of a current execution of the application module, recalculating the MIC for the at least one block of memory allocated to the application module immediately after the execution of the application module, and replacing the stored MIC for the at least one block of memory allocated to the application module with the recalculated MIC for the at least one block of memory allocated to the application module; wherein each of the application modules is allocated at least one block of memory in said single data memory space, and the computer program instructions defining the step of detecting whether a state of the application module is corrupted comprise computer program instructions defining the steps; calculating a memory integrity code (MIC) for the at least one block of memory allocated to the application module as a function of content stored in the at least one block of memory allocated to the application module; comparing the calculated MIC with a stored MIC for the at least one block of memory allocated to the application module; when the calculated MIC is identical to the stored MIC for the at least one block of memory allocated to the application module, determining that the state of the application module is not corrupted; and when the calculated MIC is not identical to the stored MIC for the at least one block of memory allocated to the application module, determining that the state of the application module is corrupted. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification