中文摘要：

操作系统漏洞经常被攻击者利用，从而以内核权限执行任意代码（返回用户态攻击，ret2user）以及窃取用户隐私数据．使用虚拟机监控器构建了一个对操作系统及应用程序透明的内存访问审查机制，提出了一种低性能开销并且无法被绕过的内存页面使用信息实时跟踪策略；结合安全加载器，保证了动态链接库以及应用程序的代码完整性肩皂够确保即使操作系统内核被攻击，应用程序的内存隐私数据依然无法被窃取．在Linux操作系统上进行了原型实现及验证，实验结果表明，该隐私保护机制对大多数应用只带来6％～10％的性能负载．

英文摘要：

The vulnerabilities of OS kernel are usually exploited by attackers to execute arbitrary code with kernel privilege （i.e., return-to-user attacks, ret2user） and to steal other processes＇ private data. In this paper, a transparent OS kernel memory access mediator based on VMM （virtual machine monitor） is proposed, and a non-bypassable low performance overhead memory page tracker is provided to get the memory usage information in real-time. Combined with a safe loader, the new method guarantees the code integrity of dynamic shared objects during run-time. It also ensure that, even when the OS kernel is compromised, the application＇s memory private data is still safe. A prototype is implemented on the Linux OS, and the evaluation experiments show that it only incurs about 6%-10% performance overhead for most SPEC benchmark tests.