Electrical computers and digital data processing systems: input/ – Interrupt processing
Reexamination Certificate
2000-02-04
2003-03-04
Dharia, Rupal (Department: 2181)
Electrical computers and digital data processing systems: input/
Interrupt processing
C709S241000
Reexamination Certificate
active
06529985
ABSTRACT:
BACKGROUND
1. Field of Invention
The present invention relates generally to intercepting system calls made to multitasking operating systems, and specifically to selective interception of system calls made by specific processes;
2. Background of Invention
Multitasking operating systems such as UNIX and Microsoft Windows NT ® are widely utilized in commercial computing systems. Among their many commercial uses, multitasking operating systems are commonly deployed on Internet and other network server computers. With the popularity and success of the Internet, server computer operating systems are currently of great commercial importance.
Although multitasking operating systems include various internal resources, it is often desirable to customize or extend operating system functionality for a particular use on a server computer. Such customization allows a computer programmer, a network administrator, or a webmaster to utilize the operating system in a specific manner beyond the default system capabilities provided by the manufacturer of the operating system. One method of extending and expanding operating system functionality is the interception of system calls.
A system call is a subroutine, the object code of which is located in an operating system, such that the subroutine can be called by processes executing under the control of the operating system. When executed, a system call performs some system operation, such as the access of a system hardware or software resource. Examples of operations executed by system calls include reading data from a file, opening a network communication channel, and allocating computer memory to a specific process. Application programs (processes) executing under the control of the operating system call a subroutine (make a system call) in order to bring about the performance of these and other system operations.
In order to make a system call, arguments are programmatically loaded into specific registers of the central processing unit of the computer on which the operating system is executing. One of these arguments identifies the specific system call that is being made. This argument is typically in the form of a number that is an offset into the operating system interrupt vector table, which contains pointers to the actual executable code of the system calls. The other loaded arguments include parameters to be passed to the system call.
Once the arguments have been loaded, a software interrupt is generated, signaling to the operating system that a process is requesting execution of a system call. The operating system reads the registers, and executes the requested system call with the specified parameters. The system call executes and performs the desired functionality. If the system call generates a return value, it places the generated return value (or a pointer thereto) in a pre-designated register where it can be accessed by the calling process.
In order to intercept a system call, a pointer in an interrupt vector table to a system call is replaced with a pointer to alternative object code to be executed instead of the system call. Then, when the system call is made, the alternative object code will execute instead. The alternative object code is known as a system call wrapper.
The interception of system calls is useful to extend and customize operating system functionality. For example, the interception of system calls can be used to manipulate operating system access privileges to provide security beyond that which is provided by the operating system. Through the interception of system calls that provide access to the file system, processes can be prevented from manipulating files. This is desirable, for example, when a user wishes to remotely execute a program residing on a web server, but does not want the remote program to be able to read or alter private data on the user's computer. Today, Java applets are commonly employed to provide such security. However, many programs which users wish to remotely execute are written in languages other than Java. System call interception allows programs written in any language to be safely executed remotely.
The interception of system calls in multitasking operating systems is known today, although it is an advanced systems programming technique. Multitasking operating system call interception is not widely employed in commercial programming, but select expert systems programmers utilize the technique. Nonetheless, two serious shortcomings limit the usefulness of system call interception as it is known today.
First, when a system call is intercepted, the system call wrapper is executed whenever any process executing under the control of the operating system makes the intercepted system call. No mechanism presently exists to allow selective interception of a system call by only certain processes. It would be desirable to selectively intercept system calls such that only certain processes execute the wrapper, whereas other processes execute the default system call. For example, if file system access calls are intercepted as described above, no processes will be able to access the standard file system calls. Although it is desirable for remotely executed processes to be so restricted, this may not be the case for many local processes which should be allowed access to the file system without restriction. Thus, it is desirable to have a method whereby system calls could be selectively intercepted such that only select processes execute the system call wrapper when a system call is made.
Another shortcoming with current system call interception technology is difficulty of development. System call wrappers are inserted into the operating system, usually by loading a module into an active operating system kernel. Thus, system call wrappers execute in a part of computer memory reserved for the operating system (operating system address space).
System call wrappers, like all computer programs, require extensive testing and debugging during the development cycle. When a computer program is being developed and tested, it inevitably generates execution errors and performs illegal instructions many times before it is debugged and complete. Often, this results in the computer program becoming “locked up” because it has overwritten some of its own control memory, or because it is executing an infinite loop, or the like.
Normally, multitasking operating system application programs execute in an area of computer memory reserved for non-system processes (user address space). Each program (process) is assigned, by the operating system, a private block of computer memory in user address space in which it can execute. This block of memory is known as the process address space of the associated process. Therefore, when a program generates execution errors during development, other processes, and the operating system itself, are not effected. Even if an individual process locks up, other processes continue to execute, and operating system resources can be utilized to terminate the locked process so that development may continue.
System call wrappers execute in operating system address space, and therefore system call wrapper execution errors effect the entire system. When a wrapper generates execution errors, it can overwrite operating system resources such as the interrupt vector table or memory map. This requires that all processes executing under control of the operating system be terminated, and that the operating system be restarted. This has the potential to be extremely costly, as processes can be executing important commercial functionality (i.e. bank wire transfers) at the time the system terminates. Even where no critical data is lost, system downtime is expensive and undesirable.
What is needed is a method by which system calls are selectively intercepted such that the system call wrapper only executes when a system call is made by select processes. When the system call is made by a non-select process, the default system call is executed. Additionally, a method by which system call wrappers execute in
Deianov Borislav D.
Huang Xun Wilson
Sharma Rosen
Dharia Rupal
Ensim Corporation
Fenwick & West LLP
LandOfFree
Selective interception of system calls does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Selective interception of system calls, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Selective interception of system calls will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3008401