Method and an apparatus to implement secure system call wrappers

US 8,561,090 B2
Filed: 02/26/2009
Issued: 10/15/2013
Est. Priority Date: 02/26/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

validating, by a system call wrapper in a computer system, a plurality of parameters of a system call directed to a kernel, the plurality of parameters supplied by a user process in a user-space in a user-space memory located outside of a kernel space of the computer system, wherein the user process defines an address space in the user-space memory for a helper process; and

upon validating the plurality of parameters, protecting, by the computer system, the plurality of parameters from being accessed by another process in the user-space, wherein protecting the plurality of parameters from being accessed by another process in the user-space comprises;

creating a separate helper process for the another process in the user-space,assigning a first identifier to the another process in the user-space and a second identifier to the separate helper process, wherein the second identifier is associated with the first identifier, andallowing only the system call wrapper to directly manipulate the separate helper process.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments of a method and an apparatus to a method and an apparatus to implement secure system call wrapper have been presented. In one embodiment, a system call wrapper is used to validate parameters of a system call directed to a kernel from a user-space process. The user-space process supplies the parameters of the system call. The parameters are protected from being accessed by processes in the user-space after the parameters have been validated.

15 Citations

View as Search Results

21 Claims

1. A computer-implemented method comprising:
- validating, by a system call wrapper in a computer system, a plurality of parameters of a system call directed to a kernel, the plurality of parameters supplied by a user process in a user-space in a user-space memory located outside of a kernel space of the computer system, wherein the user process defines an address space in the user-space memory for a helper process; and
  
  upon validating the plurality of parameters, protecting, by the computer system, the plurality of parameters from being accessed by another process in the user-space, wherein protecting the plurality of parameters from being accessed by another process in the user-space comprises;
  
  creating a separate helper process for the another process in the user-space,assigning a first identifier to the another process in the user-space and a second identifier to the separate helper process, wherein the second identifier is associated with the first identifier, andallowing only the system call wrapper to directly manipulate the separate helper process.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein protecting the plurality of parameters from being accessed by another process in the user-space after the plurality of parameters have been validated by the system call wrapper comprises:
    - translating, by the computer system, the system call from the user process to the helper process of the system call wrapper; and
      
      storing the plurality of parameters of the system call within the address space of the helper process in the user-space memory.
  - 3. The method of claim 1, wherein protecting the plurality of parameters from being accessed by another process in the user-space after the plurality of parameters have been validated by the system call wrapper comprises:
    - creating, by the computer system, the helper process, separate from the system call wrapper, having the address space in the user-space memory to store the plurality of parameters; and
      
      making, by the computer system, the address space of the helper process unreadable and unwritable by the user process, except for an area of the address space that is explicitly shared between the helper process and at least one other process in the user-space.
  - 4. The method of claim 1, further comprising:
    - forwarding, by the computer system, the system call to the kernel from the helper process separate from the user process, wherein the address space of the helper process in the user-space memory stores the plurality of parameters of the system call.
  - 5. The method of claim 1, wherein the first identifier is an odd number and the second identifier is an even number.
  - 6. The method of claim 1, wherein the system call wrapper is a kernel module within the kernel in the computer system.
  - 7. The method of claim 1, wherein the plurality of parameters comprise at least one of the following:
    - a file name, a memory address location, a device identifier, a network address, a shared memory structure, a mutual exclusion structure, a process, or a thread.

8. An apparatus comprising:
- a memory hosting a kernel, a system call wrapper, and a protection mechanism, the memory comprising a kernel space and a user-space memory, wherein the user-space memory is located outside of the kernel space memory; and
  
  ;
  
  a processor, coupled to the memory, to cause;
  
  the system call wrapper to validate a plurality of parameters of a system call directed to the kernel, the plurality of parameters supplied by a user process in a user-space, wherein the user process defines an address space in the user-space memory for a helper process, and to causethe protection mechanism to protect the plurality of parameters from being accessed by another process in the user-space after the system call wrapper has validated the plurality of parameters, wherein the user process defines an address space in the user-space memory for a helper process, wherein the protection mechanism comprises a process creator to create a separate helper process for the another process in the user-space, to assign a first identifier to the another process in the user-space and a second identifier to the separate helper process, and to allow only the system call wrapper to directly manipulate the separate helper process, wherein the second identifier is associated with the first identifier.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein the protection mechanism comprises:
    - a call translator to translate the system call from the user process to the helper process of the system call wrapper and to store the plurality of parameters of the system call within the address space of the helper process.
  - 10. The apparatus of claim 8, wherein the protection mechanism comprises:
    - a process creator to create the helper process, separate from the system call wrapper, having the address space to store the plurality of parameters, and to make the address space of the helper process unreadable and unwritable by the user process, except for an area of the address space that is explicitly shared between the helper process and at least one other process in the user-space.
  - 11. The apparatus of claim 8, wherein the processor further causes the system call wrapper to forward the system call to the kernel from the helper process separate from the user process, wherein an address space of the helper process in the memory stores the plurality of parameters of the system call.
  - 12. The apparatus of claim 8, wherein the first identifier is an odd number and the second identifier is an even number.
  - 13. The apparatus of claim 8, wherein the system call wrapper is a kernel module within the kernel.
  - 14. The apparatus of claim 8, wherein the plurality of parameters comprise at least one of the following:
    - a file name, a memory address location, a device identifier, a network address, a shared memory structure, a mutual exclusion structure, a process, or a thread.

15. A non-transitory machine-readable storage medium embodying instructions that, when executed by a processor in a computer system, will cause the processor to perform a method comprising:
- validating, by a system call wrapper in the computer system, a plurality of parameters of a system call directed to a kernel, the plurality of parameters supplied by a user process in a user-space in a user-space memory located outside of a kernel space of the computer system, wherein the user process defines an address space for a helper process in the user-space memory; and
  
  upon validating the plurality of parameters, protecting, by the computer system, the plurality of parameters from being accessed by another process in the user-space, wherein protecting the plurality of parameters from being accessed by another process in the user-space comprises;
  
  creating a separate helper process for the another process in the user-space,assigning a first identifier to the another process in the user-space and a second identifier to the separate helper process, wherein the second identifier is associated with the first identifier, andallowing only the system call wrapper to directly manipulate the separate helper process.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory machine-readable storage medium of claim 15, wherein protecting the plurality of parameters from being accessed by another process in the user-space after the plurality of parameters have been validated by the system call wrapper comprises:
    - translating, by the computer system, the system call from the user process to the helper process of the system call wrapper; and
      
      storing the plurality of parameters of the system call within the address space of the helper process in the user-space memory.
  - 17. The non-transitory machine-readable storage medium of claim 15, wherein protecting the plurality of parameters from being accessed by another process in the user-space after the plurality of parameters have been validated by the system call wrapper comprises:
    - creating, by the computer system the helper process, separate from the system call wrapper, having the address space in the memory to store the plurality of parameters; and
      
      making, by the computer system, the address space of the helper process unreadable and unwritable by the user process, except for an area of the address space that is explicitly shared between the helper process and at least one-other process in the user-space.
  - 18. The non-transitory machine-readable storage medium of claim 15, wherein the method further comprises:
    - forwarding, by the computer system, the system call to the kernel from the helper process separate from the user process, wherein the address space of the helper process in the memory stores the plurality of parameters of the system call.
  - 19. The non-transitory machine-readable storage medium of claim 15, wherein the first identifier is an odd number and the second identifier is an even number.
  - 20. The non-transitory machine-readable storage medium of claim 15, wherein the system call wrapper is a kernel module within the kernel in the computer system.
  - 21. The non-transitory machine-readable storage medium of claim 15, wherein the plurality of parameters comprise at least one of the following:
    - a file name, a memory address location, a device identifier, a network address, a shared memory structure, a mutual exclusion structure, a process, or a thread.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Schneider, James P.
Primary Examiner(s)
Puente, Emerson
Assistant Examiner(s)
KIM, DONG U

Application Number

US12/393,997
Publication Number

US 20100218201A1
Time in Patent Office

1,692 Days
Field of Search

None
US Class Current

719/330
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 9/545 where tasks reside in diffe...

Method and an apparatus to implement secure system call wrappers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and an apparatus to implement secure system call wrappers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links