CN101290646B - Apparatus and method for protecting system in virtualized environment - Google Patents
Apparatus and method for protecting system in virtualized environment Download PDFInfo
- Publication number
- CN101290646B CN101290646B CN2008100911004A CN200810091100A CN101290646B CN 101290646 B CN101290646 B CN 101290646B CN 2008100911004 A CN2008100911004 A CN 2008100911004A CN 200810091100 A CN200810091100 A CN 200810091100A CN 101290646 B CN101290646 B CN 101290646B
- Authority
- CN
- China
- Prior art keywords
- territories
- territory
- access
- control module
- device driver
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
Abstract
Provided is an apparatus and method for protecting a system in a virtualized environment. The apparatus includes a domain unit including a plurality of domains, each having one or more device drivers; a system resource unit forming hardware of the system; a direct memory access (DMA) driver; and a control unit including an access control module which controls the access of the domain unit to the system resource unit in the virtualized environment.
Description
The application require on April 16th, 2007 United States Patent (USP) trademark office submit to the 60/911st, No. 930 U.S. Provisional Applications and on October 31st, 2007, this application all was disclosed in this for reference in the right of priority of the 10-2007-0110296 korean patent application of Korea S Department of Intellectual Property submission.
Technical field
Equipment and the method consistent with the present invention relate to system protection, more particularly, relate to protection system in virtual environment, and wherein, protecting system resources is not subjected to the malice access, and guarantees reliable security service in virtual environment.
Background technology
Usually, the device such as personal computer (PC), personal digital assistant (PDA), wireless terminal and Digital Television (DTV) strengthens security and realizes various application and service with Intel Virtualization Technology.For security context is provided, Intel Virtualization Technology need to be such as the function of safe guidance, fail-safe software and access control.
Fig. 1 is the block diagram of relevant virtualization system equipment.With reference to Fig. 1, relevant virtualization system equipment uses monitor of virtual machine (VMM) 10 to create virtual environment.Relevant virtualization system equipment comprises: unit, territory 20, have a plurality of territories 21,22 ...; System resource unit 30 has ROM (read-only memory) (ROM), CPU (central processing unit) (CPU), storer, battery and I/O (I/O) device.
The territory 21,22 of unit, territory 20 ... each comprise one or more device driver 21a, 22a ....In addition, territory 21,22 ... at least one (for example, the territory 21) comprise direct memory access (DMA) driver 21b.In relevant virtualization system equipment, DMA are processed in unit, territory 20, and to territory 21,22 ... between the not restriction of formation of channel.In addition, when territory 21,22 ... each when attempting access system resources unit 30, unit, territory 20 or VMM 10 carry out simple access control.
Yet because DMA are processed in unit, territory 20, and 10 pairs of system resource unit 30 of VMM do not carry out be used to the access control that may maliciously access that prevents unit, territory 20, so above-mentioned relevant virtualization system equipment has safety issue.
More particularly, DMA is processed in territory 21, and uncontrolled to the access of physical storage.Therefore, if exist uneasy universe or existence to comprise the territory of the defective device driver of tool, the then physical storage of the addressable VMM 10 in described territory or another territory, and steal confidential data or override sky data (dummy data), thereby the system failure caused.
If special domain excessively uses system storage, then the system failure may appear, like this, reduced system availability.
The quantity of the event channel that can form between two territories is restricted.Therefore, if all available event channels are used in the malice territory, then between residue field, can not form event channel.Therefore, the system failure may appear.
Summary of the invention
It is a kind of for equipment and method in the virtual environment protection system that each aspect of the present invention provides, and wherein, protecting system resources is not accessed by the malice of Malware for example, has solved the system failure, and guarantee reliable security service in virtual environment.
Yet each aspect of the present invention is not limited to an aspect set forth herein.By with reference to detailed description of the present invention given below, for a those of ordinary skill in field under the present invention, above-mentioned and other side of the present invention will become more obvious.
According to an aspect of the present invention, provide a kind of in virtual environment the equipment of protection system.Described equipment comprises: the unit, territory, comprise a plurality of territories, and each territory has one or more device drivers; The system resource unit, the hardware of formation system; Direct memory access (DMA) driver; And control module, comprise being controlled in the virtual environment unit, territory to the access control module of the access of system resource unit.
According to a further aspect in the invention, provide a kind of in virtual environment the method for protection system.Described method comprises: I/O (I/O) space that the request access control module is required with the access system resources unit and interrupt request (IRQ) quantity are distributed to the device driver among of a plurality of territories; Determine whether scheduled visit strategy allows the domain access system Resource Unit of actuating unit driver; And if scheduled visit strategy allows described domain access system Resource Unit, then input/output space and the IRQ quantity of request are distributed to device driver in the described territory, if scheduled visit strategy does not allow described domain access system Resource Unit, then input/output space and the IRQ quantity of request are not distributed to device driver in the described territory.
According to a further aspect in the invention, provide a kind of in virtual environment the method for protection system.Described method comprises: allow storer by DMA driver access system resources unit by using device driver request access control module among of a plurality of territories; Determine whether scheduled visit control strategy allows the domain browsing storer of actuating unit driver; And if scheduled visit control strategy allows described domain browsing storer, then allow the device driver reference-to storage in the described territory, if scheduled visit control strategy does not allow described domain browsing storer, then do not allow the device driver reference-to storage in the described territory.
According to a further aspect in the invention, provide a kind of in virtual environment the method for protection system.Described method comprises: a request access control module distributing system resource using a plurality of territories; Whether the amount of determining the request of described territory surpasses the allowance limit that scheduled visit control strategy arranges; And if the amount of described territory request is less than allowance limit, then allow will request system resource allocation to described territory, if the amount of described territory request surpasses allowance limit, then do not allow will request system resource allocation to described territory.
Description of drawings
By the description that the reference accompanying drawing carries out certain exemplary embodiments of the present invention, above-mentioned and other side of the present invention will become more apparent, wherein:
Fig. 1 is the block diagram of relevant virtualization system equipment;
Fig. 2 is the block diagram of the equipment of protection system in virtual environment that illustrates according to exemplary embodiment of the present invention;
Fig. 3 illustrates the process flow diagram of I/O (I/O) allocation of space to the processing of device driver, and wherein, described processing is included in the method for protection system in virtual environment according to exemplary embodiment of the present invention;
Fig. 4 be illustrate the control device driver by direct memory access (DMA) driver to the process flow diagram of the processing of the access of system storage, wherein, described processing is included in the system protection method according to exemplary embodiment of the present invention; And
Fig. 5 illustrates control domain to the process flow diagram of the processing of the access of system resource, and wherein, described processing is included in the system protection method according to exemplary embodiment of the present invention.
Embodiment
Now describe more all sidedly with reference to the accompanying drawings the present invention, exemplary embodiment of the present invention shows in the accompanying drawings.Yet the present invention can embody by different forms, and is not limited to embodiment set forth herein.In addition, thereby provide these embodiment disclosure will be thoroughly and complete and fully design of the present invention is conveyed to those skilled in the art, and the present invention be only limited by claim.In the accompanying drawings, identical label refers to identical parts, therefore will omit their description.
Below, describe in further detail with reference to the accompanying drawings according to of the present invention in virtual environment equipment and the method for protection system.
When the detailed description of determining prior art or structure may unnecessarily make the present invention blur, may omit detailed description.
Fig. 2 is the block diagram of the equipment of protection system in virtual environment that illustrates according to exemplary embodiment of the present invention.
With reference to Fig. 2, described equipment comprises: unit, territory 100, system resource unit 200 and control module 300.
Unit, territory 100 comprises: a plurality of territories 110,120 ..., each have one or more device drivers 111,121 ....Unit, territory 100 comprise at least one security domain (for example, the territory 110) and a plurality of common territory (for example, territory 120 ...).Here, security domain is very safe, and common territory is dangerous to a certain extent.
Term " territory " refers to such environment as used herein: can carry out one or more related device drivers in one or more corresponding operating systems (OS) respectively.
Use monitor of virtual machine (VMM), the access of control module 300 (for example, in wireless internet environment) 100 pairs of system resource unit 200, control domain unit in virtual environment.
Below, with reference to Fig. 3 to Fig. 5 the method for protection system in virtual environment according to exemplary embodiment of the present invention is described.
Fig. 3 illustrates the process flow diagram of input/output space being distributed to the processing of device driver, and wherein, described processing is included in the method for protection system in virtual environment according to exemplary embodiment of the present invention.
With reference to Fig. 3, the access control module 320 of control module 300 be territory 110,120 ... each be provided for the different options of access system resources unit 200, and based on the option that arranges, for territory 110,120 ... each in device driver 111,121 ... each, control described device driver 111,121 ... the input/output space of each request and the distribution of IRQ quantity.
More particularly, territory 110,120 ... one in device driver 111,121 ... the required input/output space (operation S101) of a request access control module 320 allocation access system Resource Units 200.Next, determine whether allow domain access system Resource Unit 200 (operation S102) by the access control policy that the access control module 320 of control module 300 is determined.If access control policy allows domain access system Resource Unit 200, then access control module 320 is distributed to device driver (operation S103) in the territory with the input/output space of request and IRQ quantity.Yet if access control policy does not allow domain access system Resource Unit 200, access control module 320 is not distributed to device driver in the territory with input/output space and the IRQ quantity of request.
Fig. 4 is the process flow diagram that the processing of the access of control device driver by 310 pairs of system storages of DMA driver is shown, and wherein, described processing is included in the system protection method according to exemplary embodiment of the present invention.
With reference to Fig. 4, access control module 320 control domains 110,120 of control module 300 ... each in device driver 111,121 ... each access by 310 pairs of system resource unit 200 of DMA driver.
More particularly, territory 110,120 ... one in device driver 111,121 ... a request access control module 320 allow its storer 240 by DMA driver 310 access system resources unit 200 (operation S201).Next, determine whether access control policy allows the domain browsing storer 240 of actuating unit driver (operation S202).If access control policy allows domain browsing storer 240, then access control module 320 allows device driver reference-to storage 240 (operation S203).Yet if access control policy does not allow domain browsing storer 240, access control module 320 restraint device drivers are to the access of storer 240.
Fig. 5 illustrates control domain to the process flow diagram of the processing of the access of system resource, and wherein, described processing is included in the system protection method according to exemplary embodiment of the present invention.
With reference to Fig. 5, access control module 320 restriction of domains 110,120 ... each excessively use system resource unit 200.
More particularly, territory 110,120 ... at least one request access control module 320 distributing system resource (operation S301).Next, determine whether the amount of described territory request surpasses the allowance limit of access control policy setting (operation S302).If the amount of described territory request is less than allowance limit, then access control module 320 allow will request system resource allocation to territory (operation S303).Yet if the amount of described territory request surpasses allowance limit, access control module 320 does not allow system resource allocation to the territory.For example, when territory 110,120 ... each device driver 111,121 ... a use storer 240 during more than allowance limit, access control module 320 restriction of domains are to the access of storer 240.In addition, access control module 320 forbid territory 110,120 ... each and territory 110,120 ... another form and surpass the greater number event channel that allows quantity.
As mentioned above, be used in the equipment and method of virtual environment protection system, not accessed by the malice of Malware, and can the resolution system fault.Therefore, can provide reliable security service.
Although reference exemplary embodiment demonstration of the present invention has also been described the present invention, but it should be appreciated by those skilled in the art that, in the situation that does not break away from the spirit and scope of the present invention that are defined by the claims, can carry out to it change of various forms and details.It only is descriptive that described exemplary embodiment should be considered to, rather than to be restricted to purpose.
Claims (16)
1. the equipment of a protection system in virtual environment, described equipment comprises:
The unit, territory comprises a plurality of territories, and a plurality of territories comprise device driver;
The system resource unit; And
Control module comprises direct memory access (DMA) driver and access control module, and described access control module is controlled at unit, territory in the virtual environment by the access of DMA driver to the system resource unit,
Wherein, access control module is forbidden that each territory in described a plurality of territory and another territory in described a plurality of territory form and is surpassed a plurality of event channels that allow quantity.
2. equipment as claimed in claim 1, wherein, described a plurality of territories comprise at least one security domain.
3. equipment as claimed in claim 1, wherein, described system resource unit comprises at least one in following: the event channel between at least two territories in system storage, the physical storage that is used for the DMA driver and described a plurality of territories.
4. equipment as claimed in claim 1, wherein, control module uses the monitor of virtual machine executivecontrol function.
5. equipment as claimed in claim 1, wherein, access control module control device driver in each of described a plurality of territories each by the access of DMA driver to the system resource unit.
6. equipment as claimed in claim 5, wherein, access control module restriction is installed in malicious device driver pair I/O (I/O) space relevant with the DMA driver in any one of uneasy universe among described a plurality of territory and the access of interrupt request (IRQ).
7. equipment as claimed in claim 1, wherein, access control module is that each territory in described a plurality of territories arranges the different options that is used for the access system resources unit.
8. equipment as claimed in claim 7 wherein, based on the option that arranges, for the device driver among of described a plurality of territories, is controlled the input/output space relevant with the DMA driver of described device driver request and the distribution of IRQ quantity.
9. equipment as claimed in claim 8, wherein, if allow device driver access system resources unit, then access control module is distributed to device driver among of described a plurality of territories with the input/output space of request and IRQ quantity, if do not allow device driver access system resources unit, then access control module is not distributed to the input/output space of request and IRQ quantity the device driver among of described a plurality of territories.
10. equipment as claimed in claim 1, wherein, access control module limits described a plurality of territory and excessively uses the system resource unit.
11. equipment as claimed in claim 10, wherein, if the device driver in of described a plurality of territories uses storer more than allowance limit, then access control module limits described device driver among of described a plurality of territories to the access of the storer of system resource unit.
12. the method for a protection system in virtual environment, described method comprises:
I/O (I/O) space relevant with DMA that the request access control module is required with the access system resources unit and interrupt request (IRQ) quantity are distributed to the device driver among of a plurality of territories;
Determine whether scheduled visit strategy allows to comprise the domain access system Resource Unit of device driver; And
If scheduled visit strategy allows an access system resources unit in described a plurality of territories, then the input/output space of request and IRQ quantity are distributed to the device driver among of described a plurality of territories, if scheduled visit strategy does not allow an access system resources unit in described a plurality of territories, then the input/output space of request and IRQ quantity are not distributed to the device driver among of described a plurality of territories
Wherein, access control module is forbidden that each territory in described a plurality of territory and another territory in described a plurality of territory form and is surpassed a plurality of event channels that allow quantity.
13. method as claimed in claim 12, wherein, access control policy is determined by the access control module that is included among the VMM.
14. the method for a protection system in virtual environment, described method comprises:
By using device driver request access control module among of a plurality of territories to allow storer by direct memory access (DMA) driver access system resources unit;
Determine whether scheduled visit control strategy allows to comprise a reference-to storage in described a plurality of territories of device driver; And
If scheduled visit control strategy allows a reference-to storage in described a plurality of territories, then allow the device driver reference-to storage among of described a plurality of territories, if scheduled visit control strategy does not allow a reference-to storage in described a plurality of territories, then do not allow the device driver reference-to storage among of described a plurality of territories
Wherein, access control module is forbidden that each territory in described a plurality of territory and another territory in described a plurality of territory form and is surpassed a plurality of event channels that allow quantity.
15. the method for a protection system in virtual environment, described method comprises:
Use a request access control module distributing system resource in a plurality of territories;
Whether the amount of determining the request of described territory surpasses the allowance limit that scheduled visit control strategy arranges; And
If the amount of a request in described a plurality of territories is less than allowance limit, then allow will request system resource allocation give of described a plurality of territories, if the amount of a request in described a plurality of territories surpasses allowance limit, then do not allow will request system resource allocation give of described a plurality of territories
Wherein, the amount of described a plurality of territories request is included in a plurality of event channels that form between at least two territories in described a plurality of territories.
16. method as claimed in claim 15, wherein, the amount of a request in described a plurality of territories comprises the use amount of storer.
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US91193007P | 2007-04-16 | 2007-04-16 | |
US60/911,930 | 2007-04-16 | ||
KR1020070110296A KR101405319B1 (en) | 2007-04-16 | 2007-10-31 | Apparatus and method for protecting system in virtualization |
KR10-2007-0110296 | 2007-10-31 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101290646A CN101290646A (en) | 2008-10-22 |
CN101290646B true CN101290646B (en) | 2013-05-01 |
Family
ID=40034900
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2008100911004A Expired - Fee Related CN101290646B (en) | 2007-04-16 | 2008-04-16 | Apparatus and method for protecting system in virtualized environment |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR101405319B1 (en) |
CN (1) | CN101290646B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103370715B (en) * | 2010-10-31 | 2017-04-12 | 时间防御系统有限责任公司 | System and method for securing virtual computing environments |
KR101323858B1 (en) * | 2011-06-22 | 2013-11-21 | 한국과학기술원 | Apparatus and method for controlling memory access in virtualized system |
KR101469894B1 (en) * | 2011-08-12 | 2014-12-08 | 한국전자통신연구원 | Method and apparatus for providing secure execution environment based on domain separation |
KR101710684B1 (en) | 2015-09-10 | 2017-03-02 | (주) 세인트 시큐리티 | System and method of recovering operating system anayzing malicious code not operating in virtual environment |
US9992212B2 (en) * | 2015-11-05 | 2018-06-05 | Intel Corporation | Technologies for handling malicious activity of a virtual network driver |
US9984009B2 (en) * | 2016-01-28 | 2018-05-29 | Silicon Laboratories Inc. | Dynamic containerized system memory protection for low-energy MCUs |
KR20190021673A (en) * | 2017-08-23 | 2019-03-06 | 주식회사 수산아이앤티 | Apparatus and method for preventing ransomware |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1254424A (en) * | 1997-04-30 | 2000-05-24 | Arm有限公司 | Memory access protection |
US7036122B2 (en) * | 2002-04-01 | 2006-04-25 | Intel Corporation | Device virtualization and assignment of interconnect devices |
CN1920797A (en) * | 2005-08-26 | 2007-02-28 | 株式会社东芝 | Memory access control apparatus |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002041304A (en) | 2000-07-28 | 2002-02-08 | Hitachi Ltd | Automatic imparting method of backup resource of logical section and logical section based computer system |
AU2003278350A1 (en) * | 2002-11-18 | 2004-06-15 | Arm Limited | Secure memory for protecting against malicious programs |
JP4119239B2 (en) | 2002-12-20 | 2008-07-16 | 株式会社日立製作所 | Computer resource allocation method, resource management server and computer system for executing the method |
-
2007
- 2007-10-31 KR KR1020070110296A patent/KR101405319B1/en active IP Right Grant
-
2008
- 2008-04-16 CN CN2008100911004A patent/CN101290646B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1254424A (en) * | 1997-04-30 | 2000-05-24 | Arm有限公司 | Memory access protection |
US7036122B2 (en) * | 2002-04-01 | 2006-04-25 | Intel Corporation | Device virtualization and assignment of interconnect devices |
CN1920797A (en) * | 2005-08-26 | 2007-02-28 | 株式会社东芝 | Memory access control apparatus |
Also Published As
Publication number | Publication date |
---|---|
KR20080093359A (en) | 2008-10-21 |
KR101405319B1 (en) | 2014-06-10 |
CN101290646A (en) | 2008-10-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101290646B (en) | Apparatus and method for protecting system in virtualized environment | |
CN108073816B (en) | Information processing apparatus | |
WO2019104988A1 (en) | Plc security processing unit and bus arbitration method thereof | |
US20110078760A1 (en) | Secure direct memory access | |
US8955056B2 (en) | Terminal and method for assigning permission to application | |
KR101425621B1 (en) | Method and system for sharing contents securely | |
US9208313B2 (en) | Protecting anti-malware processes | |
CN101842784A (en) | Hardware device interface supporting transaction authentication | |
CN104881596A (en) | Modifying memory permissions in a secure processing environment | |
US10242194B2 (en) | Method and apparatus for trusted execution of applications | |
CN112817780B (en) | Method and system for realizing safety and high-performance interprocess communication | |
EP1983460B1 (en) | Apparatus and method for protecting system in virtualized environment | |
CN112446032B (en) | Trusted execution environment construction method, system and storage medium | |
US10250595B2 (en) | Embedded trusted network security perimeter in computing systems based on ARM processors | |
CN110851188A (en) | Domestic PLC trusted chain implementation device and method based on binary architecture | |
CN103348355A (en) | Method and apparatus for managing security state transitions | |
US11334258B2 (en) | System and method for memory region protection | |
CN109446847B (en) | Configuration method of dual-system peripheral resources, terminal equipment and storage medium | |
CN114722404B (en) | Method and system for realizing any number of EAPP based on RISC-V | |
CN115422554A (en) | Request processing method, compiling method and trusted computing system | |
JP5496464B2 (en) | Apparatus and method for secure system protection in a virtualized environment | |
CN114065257A (en) | Address space protection method, protection device, equipment and storage medium | |
EP3667525B1 (en) | Playing memory management method | |
CN107533515A (en) | Prevent the fine granulation memory protection of memory flooding | |
KR20240040006A (en) | Method, device, and electronic apparatus for securely passing data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130501 |
|
CF01 | Termination of patent right due to non-payment of annual fee |