Defensive Techniques to Increase Computer Security

摘要

Among other disclosed subject matter, a computer-implemented method includes initializing a first descriptor table and a second descriptor table. The first descriptor table is associated with a first permission level and the second descriptor table is associated with a second permission level that is different from the first permission level. The first descriptor table and the second descriptor table are associated with a hardware processor and initialized by an operating system kernel. The method also includes providing a memory address associated with the first descriptor table, in response to a descriptor table address request. The descriptor table address request is provided by a software process. The method also includes updating the second descriptor table, in response to an update request.

主权项

1. A computer-implemented method, the method comprising:
initializing a descriptor table, wherein the descriptor table is initialized by an operating system kernel and is associated with a hardware processor; changing a permission level associated with the descriptor table to a first permission level; and in response to an update request,
changing the permission level associated with the descriptor table to a second permission level, wherein the second permission level is greater than the first permission level;updating the descriptor table while the descriptor table is associated with the second permission level, wherein the updating is based on the update request; andafter updating the descriptor table, changing the permission level associated with the descriptor table to the first permission level, wherein the operating system kernel changes the permission level associated with the descriptor table.