RU2538286C9 - Method of launching hypervisor in computer system at early computer booting stage - Google Patents

Abstract

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to launching a hypervisor in a computer system at an early computer booting stage. The method of launching a hypervisor in a computer system at an early computer booting stage comprises a computer loading a UEFI from its memory module, wherein the UEFI is set up such that immediately after switching to a driver execution environment, a thin hypervisor, which is stored in a separate partition of the memory module, is launched, wherein the thin hypervisor selects at least one storage device for booting the primary operating system; furthermore, the thin hypervisor has a built-in antivirus module which, upon detection of potentially harmful files, blocks said files and sends information to the antivirus main module within the operating system.

EFFECT: improved computer safety.

2 cl, 1 dwg

Description

The present invention relates to a method for starting a hypervisor in a computer system that is protected from unauthorized access to information.

Currently, Unified Extensible Firmware (UEFI) is being developed for modern computers, or rather their motherboards. This interface is designed to replace the computer BIOS and is intended to correctly initialize the equipment when the system is turned on and transfer control to the bootloader of the operating system. UEFI has two phases: the preliminary EFI phase, at which the computer elements are initialized, and the Driver Execution Environment (DXE) driver loading phase, after which the computer operating system is already loaded, see, for example, US 2009319763 A1 dated 12.24.2009. Thanks to the use of UEFI, the loading of the computer operating system is accelerated.

The closest technical solution is RU 2446447 C2 of 03/27/2012, which describes a method for controlling access of operating systems using a hypervisor. This method consists in loading the computer BIOS. The BIOS has a set of instructions executed at the boot stage that start the hypervisor. The disadvantage of this method is the lack of computer protection, because The hypervisor is stored in a section on the storage device, which may be subject to change.

The proposed technical solution provides a way to start a hypervisor in a computer system at an early stage of computer loading. In the proposed solution, the hypervisor is located in the area of the memory module that is not subject to change when the operating system is loaded, and therefore such a computer has increased security of the operating system.

The task that the present invention allows to solve is the possibility of guaranteed launch of the hypervisor before the start of any code located on accessible media / storage devices susceptible to virus attacks in order to prevent unauthorized access to information, and checking all information traffic by the antivirus inside the hypervisor module itself.

The technical result of the proposed technical solution is to increase the security of the computer.

The technical result is achieved by the fact that the method of starting a hypervisor in a computer system at an early stage of computer loading involves loading a computer UEFI, from its memory module, UEFI is configured so that immediately after switching to the driver execution environment, a thin hypervisor is launched, which is stored in a separate section memory module, while the thin hypervisor selects at least one storage device for loading the main operating system, in addition, the thin hypervisor has a built-in This is an anti-virus module that, upon detection of potentially dangerous files, blocks them and transfers information to the main anti-virus module, which is executed internally. operating system.

The memory module of the computer in which the UEFI is stored is essentially a FLASH chip.

Figure 1 shows a diagram of a method of starting a hypervisor in a computer system at an early stage of loading a computer.

Consider the work of the proposed method on the example of a computer device to run a thin hypervisor in UEFI at an early stage of computer boot. To operate the proposed computer, the motherboard of the computer is used, which has a memory module in the form of a FLASH chip, where instead of BIOS (BIOS) UEFI is recorded. In addition, the FLASH chip contains a section for storing data from the hypervisor module. The remaining elements of the computer represent standard computer elements: a processor with a cooling system, RAM, a video card, hard disks (SSD or HDD), a monitor, a case with a power supply, a keyboard and mouse.

The method of starting a hypervisor in a computer system at an early stage of computer boot is as follows. The user turns on the computer, after which the UEFI download starts, and various graphic or textual design of the UEFI download can be formed on the monitor. After performing the UEFI transition to the driver execution environment - DXE - the hypervisor module is launched. The thin hypervisor module is a layer between the operating system (hereinafter referred to as the OS) and interfaces, it virtualizes all device interfaces. That is, let's say the device has an interface for wireless access to the network, interfaces for a monitor, printer, and CD drive. In the usual case, the operating system sees these devices and accesses them directly. And a malicious program or an unauthorized user can, under certain conditions, gain access to these interfaces. When the thin hypervisor module is turned on, the OS sees only the hypervisor itself, without seeing the device interfaces directly, but only those in the form that the hypervisor displays for it. Thus, certain users or programs (depending on the settings of the hypervisor) simply will not see, for example, a printer, or wireless access to the network, because for them the hypervisor will not display these interfaces, and the system will assume that there is no such device on the computer. In contrast, a thin hypervisor can show the system any devices that do not really exist, such as a virtual printer or virtual hard disk. In addition, all traffic exchanged by the OS with any interfaces is processed by the hypervisor and can be transmitted by the hypervisor for processing by the antivirus module regardless of the OS, while the operating system itself, even if it is taken under control by a malicious program, will not have information that such a check is carried out, which excludes the effect of viruses on the check process (and treatment). In our case, the peculiarity is that the launch of this thin hypervisor is carried out at the preboot stage described above until any programs are launched (and before the user has the opportunity to take actions) that could potentially affect the launch of the thin hypervisor or prevent it.

The hypervisor code is located inside the microchip of the memory module and is not subject to the possibility of changing or discrediting the code.

At the same time, an antivirus module is built into the thin hypervisor module. In this connection, the hypervisor virtualizes the interaction interfaces with the network and disk subsystems of the computer in order to add additional anti-virus scanning procedures for the transmitted traffic. When detecting potential dangers, the antivirus module blocks this traffic and transfers information to the main antivirus module, which runs inside the operating system. In addition to traffic control, the hypervisor is designed to control the memory of processes in order to detect unauthorized changes. When changes are detected, the process is blocked and information is transmitted to the main antivirus module. The meaning of a thin hypervisor is that it is a layer between the operating system (OS) and device interfaces, with the hypervisor turned on, all OS calls to the network, disks, input and output devices do not go directly, as in the usual case, but are processed by the hypervisor, which can emulate any interfaces that do not exist in reality, or prevent the system from seeing the real ones, or replace them, which allows guaranteed control of traffic in order to detect virus activity and security threats, as well as e Define access policies for different users.

A specific embodiment of the proposed technical solution was disclosed above, but it is obvious to any person skilled in the art that based on the disclosed data, it is possible to create computer variations for launching a thin hypervisor in UEFI, for example, storing the antivirus module code on a separate FLASH chip. Thus, the scope of the invention should not be limited to the specific embodiment disclosed in the proposed claims.

Claims (2)

1. The way to start a hypervisor in a computer system at an early stage of computer loading, which consists in loading a UEFI computer from its memory module, UEFI is configured so that immediately after the transition to the driver execution environment is completed, a thin hypervisor is launched, which is stored in a separate section of the memory module, while the thin hypervisor selects at least one storage device for loading the main operating system, in addition, the thin hypervisor has a built-in antivirus module, which detection of potentially dangerous files, blocks and passes the information to the main antivirus module that runs within the operating system. 2. The method of starting a hypervisor in a computer system at an early stage of computer boot according to claim 1, characterized in that the memory module of the computer in which the UEFI is stored is a FLASH chip.