首页 > 代码库 > PatentTips - Maintaining shadow page tables in a sequestered memory region

PatentTips - Maintaining shadow page tables in a sequestered memory region

BACKGROUND

Malicious code, known as malware, which includes viruses, worms, adware, etc., may attack core components of the operating system to compromise key applications, including critical applications that operate in the operating system kernel, such as security, firewall and anti-virus agents. One concern is that malware may attack page tables maintained by the operating system to perform address translation for critical security applications. The malware may modify the references in the page table to point to pages of the malware code that when invoked by the security agent performs malicious operations.

FIG. 1, panel?2?shows that prior to the attack, the critical agent, e.g., security or anti-virus application, references good pages of critical agent code. Panel?4?shows that prior to the attack the malware application page tables reference malicious pages of malicious malware code. Panel?6?shows that after the attack, the critical agent‘s page tables are modified to point to malicious pages. By referencing the malware page as shown in panels?6?and?8, address translation for the critical agent may cause the critical agent to execute the malware code in malicious page?1, panel?8. The executed malware code may provide the malware access to critical agent data structures to allow the malware to orchestrate a malicious attack on the system.

DETAILED DESCRIPTION

FIG. 2 illustrates a computing environment used with the described embodiments. A computer?2?includes a host processor?4?and service processor?6. The host processor?4?includes microcode?24?implementing the host processor?4?platform and architecture. The host?4?and service?6?processors may be implemented in separate processor devices. For instance, the host processor?4?may be implemented in a central processing unit (CPU) and the service processor?6?may be implemented in a chipset, comprising one or more integrated circuit devices. The chipset in which service processor?6?may be implemented may be directly attached to the motherboard or implemented on an expansion card. Alternatively, the host?4?and service?6?processors may be implemented on separate CPU devices. Still further, the host?4?and service?6?processors may be implemented as separate virtual machines implemented in a single processor device. Virtual machines may be implemented in a single processor device using a virtualization monitor.

The host?4?and service?6?processors execute different operating systems?14?and?38, respectively, and maintain separate operating system data structures to independently execute applications and perform operations. The computer?2?further includes a basic input/output system (BIOS)?8?including code executed by the host processor?4?to initialize and control various computer?2?components (e.g., the keyboard, display screen, disk drives, serial communications, etc.) during a boot sequence. The BIOS?8?may be implemented in firmware in a non-volatile memory device on the computer?2motherboard, such as a Flash memory, Read Only Memory (ROM), Programmable ROM (PROM), etc. The BIOS?8?code indicates the sequence of the boot operations.

The computer?2?includes a memory?10, comprising one or more memory devices, configured to include a host memory?12?in which an operating system14?executed by the host processor?4?is loaded. One or more applications?16, having application code?18?and data structures?20, are loaded into the operating system?14?environment implemented in the host memory?12?to execute. In certain embodiments, the applications?16?may include device drivers loaded in the kernel space of the operating system?14. The operating system?14?may comprise an operating system known in the art, such as a Microsoft? Windows? operating system, Linux?, etc. (Microsoft and Windows are registered trademarks of Microsoft Corporation and Linux is a trademark of Linus Torvalds).

During initialization, the BIOS?8?may configure a sequestered memory region?22?that is inaccessible to processes controlled by the operating system14, but is accessible to the operating system?38?and applications?40?executed by the service processor?6.

Page tables?28?in the host memory?12?are created for the application?16. Page tables?28?have entries for virtual addresses used by the application?16that map to physical addresses referencing physical locations in pages?30?in the host memory?12. Page tables?28?in the host memory?12?are accessible to the operating system?14?and applications?16?executing therein. Additionally, shadow page tables?32?are created for the application?16?in the sequestered memory region?22?having entries for virtual addresses that map to physical addresses referencing locations in pages?30?in the host memory?12.

A sequestered memory flag?26?implemented in the host processor?4?platform, such as the host processor?4?circuitry or chipset, indicates whether the host processor?4?may access the sequestered memory region?22. In normal operating mode, the host processor?4?and applications?16?running in the host memory?12?do not access the sequestered memory region?22. However, while performing address translations using shadow page tables?32, the host processor?4?requires access to the sequestered memory region?22?which hosts the shadow page tables?32. For the duration of such access, the host processor?4?configures the sequestered memory flag?26?to enable access to the sequestered memory region?22. Once the address translations using the shadow page tables?32?complete, the flag?26?is set to disable host processor?4?access to the sequestered memory region?22.

The sequestered memory region?22?may further include sequestered code?34?loaded into the sequestered memory region?22?by the BIOS?8?during the boot sequence that is inaccessible to processes operating under the operating system?14. This sequestered code?34?comprises code associated with the sequestered memory region?22?and may comprise special firmware code that may be executed in a special operating mode, i.e., sequestered mode, of the processor platform in which the host processor?4?process has exclusive access to all of platform hardware resources. In other words, this sequestered operating mode of the platform provides an isolated environment independent of the host operating system?14.

In certain embodiments, the host processor?4?may execute a special interrupt, which instruction is recognized by the host processor?4?platform and causes the host processor?4?to save the host processor?4?state information and enter the sequestered mode to execute the sequestered code?34loaded by the BIOS?8?in the sequestered memory region?22. Upon processing the special interrupt, the host processor?4?executes special handlers to execute the sequestered code?34?to perform various system management operations.

In one embodiment, the sequestered code?34?may comprise System Management Mode (SMM) code included in Intel Corporation‘s ("Intel") processor architecture. On Intel architectures, the sequestered operating mode is referred to as System Management Mode (SMM) and the special interrupt to invoke the SMI mode is referred to as a System Management Interrupt (SMI). Further details of the SMM mode are described in the publication from Intel entitled "Intel Architecture Software Developer‘s Manual, Volume 3: System Programming" (Copyright Intel, 1999). In additional embodiments, the sequestered mode, sequestered code?34, and special interrupt may be implemented in processor architectures from different processor vendors.

The memory?10?may further implement a service processor memory region?36?accessible to the service processor?6, but not to the host processor?4. The service processor?6?executes an operating system?38. The service processor?6?may execute a shadow page table agent?40?that manages shadow page tables?32?in the sequestered memory region?22?for the host applications?16. In one embodiment, the service processor?6?has access to the sequestered memory region?22.

References in FIG. 2 to single instances of certain components, such as the page table?28, application?16, memory pages?30, shadow page table?32, etc. may refer to multiple instances of these components.

FIG. 3 illustrates operations to implement an address translation table for the application?16?as a shadow page table?32?in the sequestered memory region?22. Control begins at block?100?with the host processor?4?executing the host operating system?14?to load the application?16. The host processor4?executes code in the application?16?to invoke (at block?102) a second processor, e.g., service processor?6, to create shadow page table(s)?32?in the sequestered memory region?22?for the application?16. The developer of the application?16?may include code to create shadow page tables?32?in the sequestered memory region?22?to use for address translation. Blocks?104?through?122?provide an embodiment of how the service processor?6?is invoked to create shadow page tables?32. While executing the application?16, the host processor?4?executes (at block?104) the special interrupt (which in an Intel SMM embodiment, comprises an SMI interrupt) to cause the host processor?4?to execute in the sequestered mode, e.g., service management mode (SMM), to register a shadow page table?32. Other programming techniques may be used to cause the host processor?4?to execute in sequestered mode. As discussed, in this sequestered mode, the host processor?4?does not execute the loaded operating system?14?code (which is executed when operating in the operating system mode), but instead executes the sequestered code?34?(to execute in the sequestered or second mode) which may have been loaded into the sequestered memory region?22?during system initialization. The sequestered memory region?22?is inaccessible to the operating system?14. The host processor?4?may execute (at block?106) a sequestered mode routine, which is part of the special interrupt handler, to call a shadow page table (SPT) agent?40?executed by the service processor?6.

The SPT agent?40, executed by the service processor?6, may pin (at block?108) the memory pages?30?in the host memory?12?referenced by the entries in the shadow page table?32. Pinning the memory pages?30?in the host memory?12?prevents the pages from being swapped to disk. Further, when pinning the memory pages?30, the pinned memory pages?30?are not moved once allocated and the shadow page table?32?protects those pinned pages30. The SPT agent?40?further validates (at block?110) the application?16?from which the call to register shadow page tables?32?was made. To validate the application?16, the SPT agent?40?may determine whether the application?16?is indicated in a list as an acceptable application type or whether the application?16?is indicated in a list indicating malicious application types which are not permitted to register shadow page tables?32. Alternatively, the application?16?may be digitally signed by a trusted entity, indicating that the application?16?is allowed to register with the SPT agent?40. In one embodiment, the call to register the shadow page tables?32, e.g., the special interrupt, may indicate the location of the application?16?in host physical memory?12?to provide to the service processor?6. To verify the image and validate the application?16, the SPT agent?40?may scan the image of the application?16?at the location indicated in the call and compute a hash of the image to compare with pre-configured hashes of acceptable images.

If (at block?112) the application?16?from which the call was made to register shadow page tables?32?is not validated, then the SPT agent?40?fails (at block?114) the registration process, which may involve returning an error to the special interrupt executed by first processor and generate a platform alert. The host processor?4?exits (at block?116) the sequestered mode and returns to host operating system mode to execute the host operating system14?code and application code?16. The host processor?4?may exit the sequestered mode by executing an exit instruction. In SMM embodiments, the exit instruction may comprise the RESUME (RSM) instruction executed in the system management mode (SMM). Upon exiting the sequestered mode in the event of a failure, the host processor?4?unloads (at block?118) the application?16. Further, the pinned memory pages may be unpinned.

If (at block?112) the application?16?registering the shadow page table?32?is validated, then the SPT agent?40?creates (at block?120) the shadow page table?32?to provide address translation from virtual to physical addresses for a virtual address range used by the application?14. Upon the SPT agent?40notifying (at block?122) the host processor?4?of completing the shadow page tables?32, the host processor?4?exits (at block?124) the sequestered mode operations and returns to host operating system mode to execute the host operating system?14?and the applications?16.

FIGS. 4,?5, and?6?illustrate an embodiment of operations implemented in the host processor microcode?24?to perform page table related operations when executing application code?18. With respect to FIG. 4, when the host processor?4?executes (at block?150) a first switch instruction (e.g., SWITCH_TO_SHADOW) in the application code?18, the host processor?4?configures (at block?152) the host processor?4?to set the sequestered memory flag?26?to enable the host processor access to the sequestered memory region?22. In certain embodiments, the host processor microcode?24will only allow the host processor?4?access to the sequestered memory region?22?if the sequestered memory flag?26?is set to enabled. Further, the configuration of the sequestered memory flag?26?may allow the host processor read/write access to the sequestered memory region?22, or could restrict this access to read-only. Also, in certain embodiments, the host processor?4?may be allowed to perform certain privileged operations only when the sequestered memory flag?26?is set to enabled. Such operations, for example, could include writing to specific I/O ports, writing to certain memory regions, executing certain instructions, reading/modifying certain processor registers, etc. Yet further, the host processor?4?may encounter an exception when processing one switch instruction in the application if the sequestered memory region does not include one shadow page table for the application being processed.

After executing the first switch instruction, the host processor?4?accesses the shadow page tables?32?to perform address translation for application code?18?instructions between the first switch instruction and a second switch instruction (e.g., SWITCH_TO_REAL). With respect to FIG. 5, when the host processor?4?executes (at block?160) a second switch instruction (e.g., SWITCH_TO_REAL) in the application code?18, the host processor?4configures (at block?162) the sequestered memory flag?26?to disable the host processor?4?access to the sequestered memory region?22.

FIG. 6 illustrates an embodiment of operations implemented in the host processor microcode?24?to perform address translation when executing the application code?18. Upon executing (at block?170) application code?18?instructions requiring address translation, the host processor?4?determines (at block?172) whether the page table required for address translation is a shadow page table?32?in the sequestered memory region?22. If not, then the host processor?4?accesses (at block?174) the page table?28?in the operating system?14?memory region in the host memory?12?to perform address translation for the processed instruction. Otherwise, if (at block?172) the shadow page table?32?is used for the specific address translation, then the host processor4?determines (at block?176) whether the sequestered memory flag?26?indicates that access to the sequestered memory region?2?is allowed. If (at block176) access is not allowed, then the address translation fails (at block?178) and the application?16?may also fail. Otherwise, if (at block?176) access to the sequestered memory region?22?is permitted, then the host processor?4?accesses (at block?180) the shadow page table?32?for the address to translate in the sequestered memory region?32?to perform address translation.

With the described embodiments of FIGS. 4,?5, and?6, malicious code cannot modify critical page tables implemented as shadow page tables?32?for a critical application?16?because the page tables required for address translation for these critical addresses comprise shadow page tables?32?in a sequestered memory region?22?that is inaccessible to the malicious code and which cannot be altered by the malicious code. For instance, once the shadow page table?32?is registered and loaded into the sequestered memory region?22?by the shadow page table agent?40, the application?16?shadow page table?32?cannot be modified to point to pages having code for the malicious application.

In certain embodiments, when the host processor?4?is executing application code?18?between the two switch statements, the host processor?4?may disable interrupts and not execute any other code other than the application code?18?between the switch statements while access to the sequestered memory region?22?is enabled until the second switch statement disables access to the sequestered memory region?22.

FIG. 7 illustrates an embodiment of operations performed to deregister and remove shadow page tables?32?for the application?16?from the sequestered memory region?22?when unloading the application?16?from the host memory?12. Control begins at block?200?with the host processor?4?executing the host operating system?14?to unload the application?16. The host processor?4?invokes (at block?202) a service processor?6?to remove specified shadow page table(s)?32?in the sequestered memory region?22?for the application?16. The service processor?6?may be invoked by executing application code?18?for unloading the application?16. Blocks?204?through?218?provide an embodiment of how the service processor?6?is invoked to de-register and remove shadow page tables?32. While executing the application code?18?to unload the application?16, the host processor?4?executes (at block?204) a special interrupt, such as a Service Mode Interrupt (SMI), in the application code?18?to cause the host processor?4?to execute in the sequestered mode to register a page table. As discussed, in this sequestered mode, the host processor?4?does not execute the loaded operating system?14?code (in a host operating system mode), but instead executes sequestered code?34?(to execute in the sequestered mode) which may have been loaded by the BIOS?8into the sequestered memory region?22?during system initialization. The host processor?4?may execute a sequestered mode routine, which is part of a handler, in the sequestered mode to call (at block?206) the shadow page table (SPT) agent?40?executed by the service processor?6.

The SPT agent?40, executed by the service processor?6?validates (at block?208) the source (agent) from which the un-register call was made. To validate the source of the call, the sequestered code?34?handling the special interrupt can determine that the source of the call is from a registered agent. The sequestered code?34?for handling interrupts may consult with the service processor?6?to obtain a list of registered agents permitted to make such calls to unregister applications.

If (at block?210) the source of the call to unregister shadow page tables?32?is not validated, then the SPT agent?40?fails (at block?212) the unregistration process, which may involve returning an error to the special interrupt executed by the host processor?4?and generate a platform alert. The host processor?4?exits (at block?214) the sequestered mode in response to the returned error and returns to host operating system mode to execute the host operating system?14?code and application?16. The host processor?4?may exit the sequestered mode by executing an exit instruction.

If (at block?210) the source of the call to unregister is validated, then the SPT agent?40?removes (at block?216) the shadow page table?32?from the sequestered memory region?22. After the requested shadow page tables?32?for the application?16?are removed from the sequestered memory region22, the host processor?4?exits (at block?218) the sequestered mode and returns to host operating system mode to execute the host operating system14?and continue unloading the application?16.

With the described embodiment of FIG. 7, the application communicates with the SPT agent?40?to remove shadow page tables?32?from the sequestered memory region?22.

Described embodiments utilize a sequestered memory region?22?to maintain certain application page tables used for address translation to protect these shadow page tables from malicious modifications from malware executing in the operating system. Applications executing in the operating system environment are not able to access the sequestered memory region?22?to modify the references in the shadow page table?32?to point to pages of malicious code in the host memory?12, such as shown in panel?6?in FIG. 1. The shadow page tables?32?protected in the sequestered memory region?22may include critical application code used for maintaining security in the system?2. Further, if the operating system?14?crashes, the shadow page tables32?in the sequestered memory region?22?can be retrieved to access application memory pages?30?in the memory?14?for afterlife diagnosis.

SRC=http://www.freepatentsonline.com/7467285.html