CN102096786A - Cross-platform safety protection system based on hardware virtualization - Google Patents
Cross-platform safety protection system based on hardware virtualization Download PDFInfo
- Publication number
- CN102096786A CN102096786A CN2011100514891A CN201110051489A CN102096786A CN 102096786 A CN102096786 A CN 102096786A CN 2011100514891 A CN2011100514891 A CN 2011100514891A CN 201110051489 A CN201110051489 A CN 201110051489A CN 102096786 A CN102096786 A CN 102096786A
- Authority
- CN
- China
- Prior art keywords
- hardware
- module
- protection
- behavior
- virtual machine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a cross-platform safety protection system based on hardware virtualization, which belongs to the technical field of computer safety. The system provided by the invention comprises a system interception module, a hardware interface module, a system service module and a safety monitoring module, wherein the system interception module is used for intercepting the specified operation system sensitive behavior and outputting the intercepted information to the system service module; the system service module determines the corresponding safety protection mechanism according to the information, and outputting a control instruction to the safety monitoring module; the safety monitoring module executes the safety protection operation; and the hardware interface module receives the call instruction of the system service module and the safety monitoring module and achieves the interaction and data transmission with the hardware system. The system can monitor and intercept the sensitive behavior of the operation system through a virtual machine monitoring program, and determine whether the behavior is a bad one or a good one by virtue of the monitoring program according to the source and aim of the behavior so as to prevent or stop the harmful aggressive behavior in time to finally ensure the safe operation of the operation system.
Description
Technical field
What the present invention relates to is the protection system in a kind of computer security technique field, specifically is a kind of cross-platform safety system based on hardware virtualization.
Background technology
In 1970, Intel Virtualization Technology was used as IBM System/370 expansion framework, has been used on the operating system for the first time.This system uses virtual machine to make and leaves over the support of code acquisition scale-of-two.As time goes on, be the virtualization capability that the commercial operation system or the operating system of increasing income all constantly make full use of hardware.So the hardware virtualization technology of AMD and Intel (Intel) is also arisen at the historic moment on this basis.The hardware virtualization technology more precisely is to provide direct support to virtual technology in CPU on hardware view, and improves virtual efficient, reduces development difficulty by this design.Based on this specific character, newly-designed virtual machine monitor need not to revise on the basis of application program and host operating system itself, to be higher than the level of privilege operation (this kind level of privilege mode is provided by the hardware virtualization technology) of host operating system.And other application programs even host operating system will be difficult to perceive its existence, and this also just provides a running environment of isolating relatively for virtual machine monitor.After host operating system (Host OS) was directed, system came initialization guest virtual machine (Guest Virtual Machine) to set up the virtual machine control structure body of each virtual machine (Virtual Machine Control Structure) with initialization virtual machine monitor (Virtual Machine Monitor) and by it.Virtual machine monitor can offer virtual hardware environment of each virtual machine, makes upper strata client operating system (Guest OS) need not to revise direct operation.
In this framework, virtual machine monitor (VMM) is to operate under pattern one root mode (root pattern) that is newly provided by CPU, Guest OS then operates under the non-root mode (non-root pattern), promptly original cpu model, and root pattern level of privilege will be higher than the non-root pattern.So Guest OS also is to use traditional ring0~ring3 level of privilege, be different from software virtualization the kernel of operating system has been placed on the ring1 level, and VMM ring0 level.These two kinds of patterns are switched by two new cpu instructions (VM exit and VM entry) that add.Being trapped in VMM from Guest OS need instruct by VM exit, otherwise then gets back to Guest OS with VM entry.
For the security of system aspect, operating system always needs the help of other application programs, such as antivirus software, code protection program and anti-debugging software or the like.Though they prove oneself is safe and effectively, most of these protected modes all are based upon operating system inside.So their these protection mechanisms can only obtain identical with system even lower than system privilege level, so just can't guarantee that themselves can hide assailant's attack.
Realize that successfully monitoring and the attack of protecting operating system to exempt from malicious code also need to face following challenge:
1, watchdog routine must have the running environment of an isolation with respect to operating system.A malicious code can detect when carrying out and can attack watchdog routine, and such behavior can not be allowed to.If there is not this fundamental characteristics, watchdog routine can't correctly be moved and guarantee to carry out effectively protection.
2, the cross-platform safeguard protection that can be based upon a kind of unification that moves on the different operating system is necessary.The present most commercial operation system and the operating system of increasing income have different system architectures and implementation, and the difference of these modes will cause safety protection program to design and realize according to these different systems, have increased the difficulty of protection.
3, based on the safety system of virtual realization, its performance cost need maintain a lower level.Because the extra system protection that increases tends to bring certain expense, and virtually also can bring no small performance to reduce to a certain extent, if this expense is excessive, so shielded system can't continue efficient operation.So must on performance cost, realize balance and optimization.
Through the retrieval of prior art is found, in the meeting of the VEE on March 11st, 2009, delivered the BitVisor:A Thin Hypervisor for Enforcing I/O Device Security by name that the research laboratory by Japanese University of tsukuba proposes (BitVisor: paper a monitor supervisor) for the lightweight of strengthening the I/O device security.Bitvisor is a virtual machine product of increasing income based on hardware virtualization.Its system architecture is very similar to VMware ESX, does not need Host OS to support, starts from bare machine and just directly sets up virtual machine monitor and virtual machine environment.The purpose of design of Bitvisor mainly is for the visit of protecting some I/O equipment and safety of data transmission.It has used the driving model of a kind of Para-Passthrough of being called as; physical machine equipment is directly controlled in the driving of a part of operating system; the driving of some the I/O equipment that will need protection then can't directly be visited peripheral hardware, and need be by driving the purpose that reaches visit and data transmission by corresponding peripheral hardware in the VMM.Have benefited from this Para-Passthrough model, can always do not interrupted and control by VMM when making in the virtual machine operating system access physics peripheral hardware, so the visit of I/O equipment and transfer efficiency have just improved greatly, machine performance also just promotes thereupon.
But the prior art realizes it mainly being at based on (SuSE) Linux OS, though also can move Windows operating system system protection support and bad, need be by under linux system, compiling and install, strong to the dependence of this operating system.On the other hand, this virtual machine monitor is the protection at the I/O device access, and other system safety protecting mechanism and poor expandability can not be provided.
Summary of the invention
The present invention is directed to the prior art above shortcomings; a kind of cross-platform safety system based on hardware virtualization is provided; this system is by the responsive behavior of virtual machine monitor monitoring and capturing operation system; and the quality according to the source and the purpose of behavior are judged this behavior in watchdog routine is harmful to the purpose that attack finally realizes protecting the operating system security operation to reach prevention or in time to prevent.
The present invention is achieved by the following technical solutions; the present invention includes: system's blocking module; hardware interface module; system service module and security monitoring module; wherein: system's blocking module is tackled the responsive behavior of operating system of appointment and is exported intercept information to the system service module; the system service module is judged corresponding safety protecting mechanism and is exported steering order to the security monitoring module according to information; the security monitoring module is carried out the safeguard protection operation, the mutual and data transfer of the call instruction of hardware interface module receiving system service module and security monitoring module and realization and hardware system.
Described system blocking module is formed by the x86 hardware platform of support hardware Intel Virtualization Technology with based on the security protection unit of hardware virtualization technology.
The responsive behavior of described system comprises: internal storage access behavior, I/O operation of equipment instruction, system debug instruction, system's privileged instruction and system break or abnormal behaviour.
Described hardware interface module is made up of the virtual instruction interface of some special hardwares unit, and this module is unified the hardware virtualization operation behavior at the singularity of different hardware virtual platform instruction.
Described system service module comprises: memory management unit, system debug unit and information process unit; wherein: memory management unit provides the internal memory operation of virtual machine monitor and watchdog routine internal memory to hide the service of self-protection and cooperates that nested page table mechanism realizes that physical memory is by monitor supervision in the hardware; the system debug unit provides debugging interface to realize debugging operations to memory management unit, and information process unit is selected corresponding safety protecting mechanism according to the intercept information that receives.
Described security monitoring module comprises: monitoring registering unit, protection filter element and safe protection treatment unit; wherein: monitoring registering unit stored safety protecting mechanism and corresponding safeguard protection operation; the application program in the protection filter element extraction intercept information or the title of process also judge whether the application program or the process of interception need protection; and the mark application program or the process that do not need protection, the safeguard protection operation is carried out at unlabelled application program or process in the safe protection treatment unit.
The present invention specifically protects process as follows:
Step 1 in system starting process, is set up the virtual machine monitoring layer.Utilize the API Calls of operating system nucleus attitude, be implemented in and set up the virtual machine monitoring layer support of multinuclear hardware system (promptly to) on each core cpu.
Step 2 is set up internal memory self-protection, realizes the hiding mechanism of internal memory.The page of original virtual machine monitoring layer is erased from the operating system page table, and utilized nested page table technology oneself to set up a cover memory management mechanism by supervisory layers.
Step 3 is carried out the configuration to VMCS, sets up virtual machine running environment and controls virtual machine (the present invention is only at the single virtual machine), makes supervisory layers to tackle according to the monitoring and the interception object of appointment, has avoided unnecessary interception expense.In this step,, and realize processing function to corresponding protection behavior with the safety protecting mechanism in the registration security monitoring module.
Step 4 is given virtual machine with the processor control, recovers the virtual machine execution environment, and opens the virtual machine operation.
Step 5 based on the processor hardware of the hardware virtualization configuration information according to VMCS, begins to monitor and tackle the responsive behavior that needs protection, and the virtual machine state after the interception is deposited in the relevant position of VMCS.
Step 6; system will be trapped in virtual machine monitoring layer operation again, the dummy machine system information after supervisory layers will obtain to tackle from VMCS, and the quality of judging this behavior according to the source and the purpose of behavior; stop destruction to system, protection system safety by measures areput.
Step 7 after the virtual machine monitoring layer is finished Processing tasks, is returned the processor control to virtual machine again, and client operating system restarts operation.Return step 5, circulation is carried out.
By above seven steps, this virtual machine is with regard to monitored program monitoring and having protected, and the client operating system that is moved on it also has been protected.In this case,, also can be protected, even comprised from I/O or the next attack of other external units even total system is under attack so as long as guarantee the safe and effective of watchdog routine.Because virtual machine monitor itself is in high privilege level (level of privilege that will be higher than operating system under the hardware virtualization support), and general procedure all pass through and simplifies optimization, so it is smaller to want to attack its possibility of destruction by common mode.
The present invention has the following advantages with respect to prior art: at first, having set up one is the virtual machine monitor of the lightweight of cost with minimum time and space expense, and utilizes hardware virtualization technology monitoring dummy machine system.Secondly, made up the cross-platform safeguard protection framework of a unification.Windows and (SuSE) Linux OS can be protected on the platform that the present invention makes up, and safe operation.In virtual machine monitor based on hardware virtualization, monitoring to dummy machine system can be by configuration VMCS structure, the api function that allows hardware finish the intercepting and capturing of system action and need not to use operating system to be correlated with, the for example information transmission of I/O mouth, process switching behavior and special instruction are carried out or the like, these behaviors assailant often used often attack means and behavior.At last, the native system framework can carry out necessary expansion easily for different should being used for, to reach different safety requirements.The configurability of system also is of the present invention one big advantage and characteristics.On the other hand, after monitor supervision platform is loaded and sets up, system still mainly operates in the running environment of operating system at ordinary times, have only and after the behavior that needs is intercepted and captured, just jump to the virtual machine monitor operation, can effectively reduce the dummy machine system expense like this, and not influence executing the task of operating system.
Description of drawings
Fig. 1 is a configuration diagram of the present invention.
Fig. 2 uses synoptic diagram for embodiment.
Embodiment
Below embodiments of the invention are elaborated, present embodiment is being to implement under the prerequisite with the technical solution of the present invention, provided detailed embodiment and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
As shown in Figure 1; present embodiment comprises: system's blocking module, hardware interface module, system service module and security monitoring module; wherein: system's blocking module is tackled the responsive behavior of operating system of appointment and is exported intercept information to the system service module; the system service module is judged corresponding safety protecting mechanism and is exported steering order to the security monitoring module according to information; the security monitoring module is carried out the safeguard protection operation, the mutual and data transfer of the call instruction of hardware interface module receiving system service module and security monitoring module and realization and hardware system.
Described system blocking module is formed by the x86 hardware platform of support hardware Intel Virtualization Technology with based on the security protection unit of hardware virtualization technology.
The responsive behavior of described system comprises: internal storage access behavior, I/O operation of equipment instruction, system debug instruction, system's privileged instruction and system break or abnormal behaviour.
Described hardware interface module is made up of the virtual instruction interface of some special hardwares unit, and this module is unified the hardware virtualization operation behavior at the singularity of different hardware virtual platform instruction.
Described system service module comprises: memory management unit, system debug unit and information process unit; wherein: memory management unit provides the internal memory operation of virtual machine monitor and watchdog routine internal memory to hide the service of self-protection and cooperates that nested page table mechanism realizes that physical memory is by monitor supervision in the hardware; the system debug unit provides debugging interface to realize debugging operations to memory management unit, and information process unit is selected corresponding safety protecting mechanism according to the intercept information that receives.
Described security monitoring module comprises: monitoring registering unit, protection filter element and safe protection treatment unit; wherein: monitoring registering unit stored safety protecting mechanism and corresponding safeguard protection operation; the application program in the protection filter element extraction intercept information or the title of process also judge whether the application program or the process of interception need protection; and the mark application program or the process that do not need protection, the safeguard protection operation is carried out at unlabelled application program or process in the safe protection treatment unit.
As shown in Figure 2; present embodiment is by the responsive behavior of virtual machine monitor monitoring and capturing operation system; and the quality according to the source and the purpose of behavior are judged this behavior in watchdog routine is harmful to the purpose that attack finally realizes protecting the operating system security operation to reach prevention or in time to prevent.
Present embodiment carries out work in the following manner:
1, when operating system initialization,, can use all hardware resources and level of privilege instruction with high privilege level like this with the form loaded virtual machine watchdog routine that drives.And whether detection hardware the support hardware Intel Virtualization Technology, carries out the relevant program of hardware according to different hardware environment, finally provides unified interface to the upper strata.
2, preserve hardware register, get back to the restoration point of guest virtual machine as the back.Enter the root pattern then.
3, virtual machine monitor at first will be set up the internal storage management system of oneself.Because the internal storage location of beginning still uses its corresponding api function to realize allocating task by client operating system, so this internal storage location is that as seen and by it client operating system is managed.For reaching the isolation operation of virtual machine monitor, its internal memory also need be managed by the internal storage management system of self so.Basis when the page table that watchdog routine will at first be duplicated a client operating system is used as internal storage access, and the reference position of preserving new page table is as the value that enters CR3 register after the root pattern later on.Then, the mapping relations about the internal storage location of watchdog routine in the original client operating system page table need be erased, the page of a falseness of reallocation is filled into this mapping value.Then, the nested page table mechanism of utilizing hardware to provide makes the virtual address in the operating system to visit real physical memory by two-layer address translation, wherein the ground floor page table will still be to be safeguarded by operating system nucleus, and second layer page table is safeguarded by virtual machine monitor.What the operating system page table was seen like this is the client computer physical memory addresses that is offered virtual machine by watchdog routine, and real machine physical address can only be managed and directly visit by watchdog routine.So just make client computer and watchdog routine reach the state of isolating.
4, configuring virtual machine environment promptly is provided with the VMCS structure.Except the required ambient Property of configuring virtual machine hardware, comprise GDT, IDT, storehouse etc., the object of hardware monitoring can also be set.
5, set up the entrance function that all monitored object are absorbed in (Trap), and realize the processing function of each monitored object, with they with the form carry of chained list under this entrance function can find its correct processing function so that make according to being absorbed in reason accordingly after being absorbed in.
6, open virtual machine at last, get back to the non-root pattern, get back to restoration point according to the environment of preserving above, and the executive operating system code.
Illustrate that as one of them embodiment this is based on the concrete course of work of the cross-platform safeguard protection of hardware virtualization with the I/O monitoring below.It is as follows to be input as routine concrete steps with keyboard password:
1, the virtual machine monitor monitoring, just is trapped in the virtual machine monitor and carries out when a button is pressed from the input data of the button each time of keyboard.The behavior of virtual machine monitor interception keyboard I/O can realize by the corresponding positions among the configuration VMCS.
2, CPU is trapped in the root pattern, and the operation virtual machine monitor.The whole process that is absorbed in is finished automatically by CPU hardware, need to consume certain CPU time, when the generation interception is absorbed in, CPU can carry out according to virtual machine monitor entry address (HOST_RIP) redirect that is provided with among the VMCS, and with high privilege level operation, operating system will can not carried out any code this moment, and virtual machine is ready.Next:
1) the hardware register state of preservation guest virtual machine is provided with restoration point, does corresponding preparation for coming back to virtual machine at last.
2) judge whether to tackle the program process of protecting, the thing that the protection filter element in the security monitoring module that Here it is is done into needs.If what take place when the process that need not protect is carried out is absorbed in, does not then process and return client operating system.If this process that needs protection then enters next monitoring processing unit.
3) carry out the safe protection treatment unit, jump to the processing function entrance point that all interceptions are absorbed in, the EXITCODE according to VMCS searches for corresponding processing function then, and these processing functions are all registered in the initialization watchdog routine and finished.If do not find corresponding function then can return error message, be left intact.
4) search and handle function and carry out this function.In the present embodiment; because the data that are keyboard I/O are intercepted and captured; handling function can will preserve the internal storage location of original keyboard I/O data and encrypt then being kept at after the data read in the internal storage location that is subjected to virtual machine monitor protection and control, preserve go back to the I/O data buffer.Allow malicious code when attacking this application program intercepting I/O data, can't obtain real data, so just protected the exchanges data of this process.
5) finish handle function after, virtual machine monitor begins to recover the hardware environment of guest virtual machine, comprises the hardware register protected previously or the like resource.
When virtual machine monitor has distributed other internal memories in the process of implementation, then all these memory protects can be got up, when the routine access in the client operating system, all can be absorbed in, come final decision whether can be visited by watchdog routine by this legitimacy of the procedure.This also is the part of virtual machine monitor memory management.
3, after virtual machine monitor is finished the work, carry out the VMRESUME instruction and will come back to the guest virtual machine execution, this is that operating system will be moved once more, and the watchdog routine of this moment will not have other expenses.
4, need read the front by the data content that keyboard I/O is delivered to buffer zone as the Any Application process, the I/O solicit operation promptly takes place.Because this piece internal memory is by the watchdog routine protection, so hardware can be absorbed in once more, system enters the root pattern again and carries out the watchdog routine code:
1) preserves the hardware register state of guest virtual machine once more, restoration point is set.
2) jump to the processing function entrance point that all interceptions are absorbed in, the EXITCODE according to VMCS finds internal storage access intercept process function then.
3) judge whether this visit process is legal.If the enciphered message in the buffer zone is then returned in unauthorized access.If this process is legal process, then the True Data that will preserve before takes out from internal memory, returns to this process.
4) finish judge and handle function after, watchdog routine is recovered the virtual machine hardware state.
5, after watchdog routine ended task, client operating system turned back to original being absorbed in a little and continuing and carries out.System continues operation and the data transfer of supervisory keyboard I/O, and the data access of correspondence memory buffer zone.
Virtual machine monitor Vaspvisor in the present embodiment can also adapt to other safeguard protections and use by configuration VMCS structure and the intercept process function of realizing other.Such as, increase interrupting the interception of debug command, and the interception of debug registers visit, can prevent that some malicious process from destroying application program by program debugging method, reach the purpose of anti-debugging.
Claims (6)
1. cross-platform safety system based on hardware virtualization; it is characterized in that; comprise: system's blocking module; hardware interface module; system service module and security monitoring module; wherein: system's blocking module is tackled the responsive behavior of operating system of appointment and is exported intercept information to the system service module; the system service module is judged corresponding safety protecting mechanism and is exported steering order to the security monitoring module according to information; the security monitoring module is carried out the safeguard protection operation, the mutual and data transfer of the call instruction of hardware interface module receiving system service module and security monitoring module and realization and hardware system.
2. the cross-platform safety system based on hardware virtualization according to claim 1 is characterized in that, described system blocking module is formed by the x86 hardware platform of support hardware Intel Virtualization Technology with based on the security protection unit of hardware virtualization technology.
3. the cross-platform safety system based on hardware virtualization according to claim 1; it is characterized in that the responsive behavior of described system comprises: internal storage access behavior, I/O operation of equipment instruction, system debug instruction, system's privileged instruction and system break or abnormal behaviour.
4. the cross-platform safety system based on hardware virtualization according to claim 1; it is characterized in that; described hardware interface module is made up of the virtual instruction interface of some special hardwares unit; this module is unified the hardware virtualization operation behavior at the singularity of different hardware virtual platform instruction.
5. the cross-platform safety system based on hardware virtualization according to claim 1; it is characterized in that; described system service module comprises: memory management unit; system debug unit and information process unit; wherein: memory management unit provides the internal memory operation of virtual machine monitor and watchdog routine internal memory to hide the service of self-protection and cooperates that nested page table mechanism realizes that physical memory is by monitor supervision in the hardware; the system debug unit provides debugging interface to realize debugging operations to memory management unit, and information process unit is selected corresponding safety protecting mechanism according to the intercept information that receives.
6. the cross-platform safety system based on hardware virtualization according to claim 1; it is characterized in that; described security monitoring module comprises: the monitoring registering unit; protection filter element and safe protection treatment unit; wherein: monitoring registering unit stored safety protecting mechanism and corresponding safeguard protection operation; the application program in the protection filter element extraction intercept information or the title of process also judge whether the application program or the process of interception need protection; and the mark application program or the process that do not need protection, the safeguard protection operation is carried out at unlabelled application program or process in the safe protection treatment unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100514891A CN102096786A (en) | 2011-03-04 | 2011-03-04 | Cross-platform safety protection system based on hardware virtualization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100514891A CN102096786A (en) | 2011-03-04 | 2011-03-04 | Cross-platform safety protection system based on hardware virtualization |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102096786A true CN102096786A (en) | 2011-06-15 |
Family
ID=44129876
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100514891A Pending CN102096786A (en) | 2011-03-04 | 2011-03-04 | Cross-platform safety protection system based on hardware virtualization |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102096786A (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102231138A (en) * | 2011-07-08 | 2011-11-02 | 上海交通大学 | Accurate memory data acquisition system and method of computer |
| CN102523215A (en) * | 2011-12-15 | 2012-06-27 | 北京海云捷迅科技有限公司 | Virtual machine (VM) online antivirus system based on KVM virtualization platform |
| CN102930203A (en) * | 2012-10-12 | 2013-02-13 | 浙江大学城市学院 | Method for realizing lightweight class JavaScript sandbox |
| CN103036759A (en) * | 2012-12-08 | 2013-04-10 | 中国科学院软件研究所 | System reducing overhead of central processing unit (CPU) of network input/output (I/O) operation under condition of X86 virtualization |
| CN103425563A (en) * | 2013-07-04 | 2013-12-04 | 上海交通大学 | Online input/output (I/O) electronic evidence obtaining system and method based on virtualization technology |
| CN103778366A (en) * | 2013-11-30 | 2014-05-07 | 北京中启智源数字信息技术有限责任公司 | Security maintenance method oriented to operating system and peripheral equipment |
| CN103793646A (en) * | 2014-02-14 | 2014-05-14 | 浪潮通信信息系统有限公司 | Virtual machine safety monitoring method based on behavior recognition |
| CN104008327A (en) * | 2013-02-26 | 2014-08-27 | 腾讯科技(深圳)有限公司 | Safe input method and system |
| CN105607945A (en) * | 2015-12-22 | 2016-05-25 | 中国科学院信息工程研究所 | Asynchronous monitoring interception system and method of host behavior on the basis of virtualization |
| CN103955438B (en) * | 2014-05-21 | 2016-11-23 | 南京大学 | Proceeding internal memory guard method based on hardware auxiliary Intel Virtualization Technology |
| CN106934281A (en) * | 2017-03-30 | 2017-07-07 | 兴华永恒(北京)科技有限责任公司 | A kind of method for building up of the virtual machine countermeasure techniques based on hardware virtualization technology |
| CN108241801A (en) * | 2016-12-26 | 2018-07-03 | 华为技术有限公司 | The method and apparatus that processing system is called |
| CN104106050B (en) * | 2011-12-22 | 2019-01-08 | 英特尔公司 | Allow efficient nested virtualization |
| CN109240797A (en) * | 2018-08-15 | 2019-01-18 | 福州瑞芯微电子股份有限公司 | A kind of virtualization multi-media processing method and system |
| CN109246109A (en) * | 2018-09-18 | 2019-01-18 | 扬州凤凰网络安全设备制造有限责任公司 | The secure memory item of software and hardware combining |
| CN109547416A (en) * | 2018-10-30 | 2019-03-29 | 扬州凤凰网络安全设备制造有限责任公司 | Physical level security server |
| CN111045646A (en) * | 2019-11-13 | 2020-04-21 | 北京中电万联科技股份有限公司 | Vehicle-mounted application cross-hardware platform based on virtualization technology |
| CN111444504A (en) * | 2020-03-30 | 2020-07-24 | 安芯网盾(北京)科技有限公司 | Method and device for automatically identifying malicious codes during software running |
| CN112162824A (en) * | 2020-10-09 | 2021-01-01 | 亿望科技(上海)有限公司 | Enterprise and computer safety virtualization platform |
| CN112784223A (en) * | 2021-01-28 | 2021-05-11 | 深信服科技股份有限公司 | Application program protection method, device, medium and user behavior control method |
| CN116560858A (en) * | 2023-07-07 | 2023-08-08 | 北京蔚领时代科技有限公司 | VR cloud server container isolation method and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101131677A (en) * | 2006-08-23 | 2008-02-27 | 联想(北京)有限公司 | Hard disk data protecting method based on virtual technology and protecting system thereof |
| CN101452407A (en) * | 2007-12-04 | 2009-06-10 | 联想(新加坡)私人有限公司 | System and method for preventing user o.s. in vmm system from deenergizing device being used by service o.s. |
-
2011
- 2011-03-04 CN CN2011100514891A patent/CN102096786A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101131677A (en) * | 2006-08-23 | 2008-02-27 | 联想(北京)有限公司 | Hard disk data protecting method based on virtual technology and protecting system thereof |
| CN101452407A (en) * | 2007-12-04 | 2009-06-10 | 联想(新加坡)私人有限公司 | System and method for preventing user o.s. in vmm system from deenergizing device being used by service o.s. |
Non-Patent Citations (1)
| Title |
|---|
| 伊腾飞: "基于硬件虚拟化反调试的软件保护设计", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102231138B (en) * | 2011-07-08 | 2013-07-03 | 上海交通大学 | Accurate memory data acquisition system and method for computer |
| CN102231138A (en) * | 2011-07-08 | 2011-11-02 | 上海交通大学 | Accurate memory data acquisition system and method of computer |
| CN102523215B (en) * | 2011-12-15 | 2014-10-01 | 北京海云捷迅科技有限公司 | Virtual machine (VM) online antivirus system based on KVM virtualization platform |
| CN102523215A (en) * | 2011-12-15 | 2012-06-27 | 北京海云捷迅科技有限公司 | Virtual machine (VM) online antivirus system based on KVM virtualization platform |
| US10467033B2 (en) | 2011-12-22 | 2019-11-05 | Intel Corporation | Enabling efficient nested virtualization |
| CN104106050B (en) * | 2011-12-22 | 2019-01-08 | 英特尔公司 | Allow efficient nested virtualization |
| CN102930203A (en) * | 2012-10-12 | 2013-02-13 | 浙江大学城市学院 | Method for realizing lightweight class JavaScript sandbox |
| CN103036759A (en) * | 2012-12-08 | 2013-04-10 | 中国科学院软件研究所 | System reducing overhead of central processing unit (CPU) of network input/output (I/O) operation under condition of X86 virtualization |
| CN103036759B (en) * | 2012-12-08 | 2015-07-01 | 中国科学院软件研究所 | System reducing overhead of central processing unit (CPU) of network input/output (I/O) operation under condition of X86 virtualization |
| CN104008327A (en) * | 2013-02-26 | 2014-08-27 | 腾讯科技(深圳)有限公司 | Safe input method and system |
| CN104008327B (en) * | 2013-02-26 | 2017-12-01 | 腾讯科技(深圳)有限公司 | A kind of secured inputting method and system |
| WO2014131295A1 (en) * | 2013-02-26 | 2014-09-04 | 腾讯科技(深圳)有限公司 | Secure input method and system |
| CN103425563A (en) * | 2013-07-04 | 2013-12-04 | 上海交通大学 | Online input/output (I/O) electronic evidence obtaining system and method based on virtualization technology |
| CN103425563B (en) * | 2013-07-04 | 2016-05-11 | 上海交通大学 | Based on online I/O electronic evidence-collecting system and the evidence collecting method thereof of Intel Virtualization Technology |
| CN103778366A (en) * | 2013-11-30 | 2014-05-07 | 北京中启智源数字信息技术有限责任公司 | Security maintenance method oriented to operating system and peripheral equipment |
| CN103778366B (en) * | 2013-11-30 | 2017-05-03 | 北京中启智源数字信息技术有限责任公司 | Security maintenance method oriented to operating system and peripheral equipment |
| CN103793646A (en) * | 2014-02-14 | 2014-05-14 | 浪潮通信信息系统有限公司 | Virtual machine safety monitoring method based on behavior recognition |
| CN103955438B (en) * | 2014-05-21 | 2016-11-23 | 南京大学 | Proceeding internal memory guard method based on hardware auxiliary Intel Virtualization Technology |
| CN105607945B (en) * | 2015-12-22 | 2018-12-28 | 中国科学院信息工程研究所 | Host behavior based on virtualization is asynchronous to listen to interception system and method |
| CN105607945A (en) * | 2015-12-22 | 2016-05-25 | 中国科学院信息工程研究所 | Asynchronous monitoring interception system and method of host behavior on the basis of virtualization |
| CN108241801A (en) * | 2016-12-26 | 2018-07-03 | 华为技术有限公司 | The method and apparatus that processing system is called |
| CN108241801B (en) * | 2016-12-26 | 2021-03-30 | 华为技术有限公司 | Method and device for processing system call |
| CN106934281A (en) * | 2017-03-30 | 2017-07-07 | 兴华永恒(北京)科技有限责任公司 | A kind of method for building up of the virtual machine countermeasure techniques based on hardware virtualization technology |
| CN109240797B (en) * | 2018-08-15 | 2020-09-11 | 瑞芯微电子股份有限公司 | Virtualized multimedia processing method and system |
| CN109240797A (en) * | 2018-08-15 | 2019-01-18 | 福州瑞芯微电子股份有限公司 | A kind of virtualization multi-media processing method and system |
| CN109246109A (en) * | 2018-09-18 | 2019-01-18 | 扬州凤凰网络安全设备制造有限责任公司 | The secure memory item of software and hardware combining |
| CN109547416A (en) * | 2018-10-30 | 2019-03-29 | 扬州凤凰网络安全设备制造有限责任公司 | Physical level security server |
| CN111045646A (en) * | 2019-11-13 | 2020-04-21 | 北京中电万联科技股份有限公司 | Vehicle-mounted application cross-hardware platform based on virtualization technology |
| CN111045646B (en) * | 2019-11-13 | 2023-03-21 | 北京中电万联科技股份有限公司 | Vehicle-mounted application cross-hardware platform based on virtualization technology |
| CN111444504A (en) * | 2020-03-30 | 2020-07-24 | 安芯网盾(北京)科技有限公司 | Method and device for automatically identifying malicious codes during software running |
| CN112162824A (en) * | 2020-10-09 | 2021-01-01 | 亿望科技(上海)有限公司 | Enterprise and computer safety virtualization platform |
| CN112784223A (en) * | 2021-01-28 | 2021-05-11 | 深信服科技股份有限公司 | Application program protection method, device, medium and user behavior control method |
| CN116560858A (en) * | 2023-07-07 | 2023-08-08 | 北京蔚领时代科技有限公司 | VR cloud server container isolation method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102096786A (en) | Cross-platform safety protection system based on hardware virtualization | |
| US11200080B1 (en) | Late load technique for deploying a virtualization layer underneath a running operating system | |
| US11106792B2 (en) | Methods and systems for performing a dynamic analysis of applications for protecting devices from malwares | |
| CN104809401B (en) | A kind of operating system nucleus completeness protection method | |
| KR102189296B1 (en) | Event filtering for virtual machine security applications | |
| US7996836B1 (en) | Using a hypervisor to provide computer security | |
| Hebbal et al. | Virtual machine introspection: Techniques and applications | |
| Gu et al. | Process implanting: A new active introspection framework for virtualization | |
| Fu et al. | Exterior: Using a dual-vm based external shell for guest-os introspection, configuration, and recovery | |
| US10095538B2 (en) | Systems and methods involving features of hardware virtualization, hypervisor, pages of interest, and/or other features | |
| US20160210069A1 (en) | Systems and Methods For Overriding Memory Access Permissions In A Virtual Machine | |
| Wang et al. | Design and implementation of SecPod, a framework for virtualization-based security systems | |
| Semnanian et al. | Virtualization technology and its impact on computer hardware architecture | |
| WO2015176048A1 (en) | Aspects of hardware virtualization, hypervisors, code detection | |
| CN106970823B (en) | Efficient nested virtualization-based virtual machine security protection method and system | |
| RU2015107219A (en) | METHODS, SYSTEMS AND MACHINE READABLE MEDIA FOR ACTIVE MONITORING, MEMORY PROTECTION AND TESTING DEVICES INTEGRITY | |
| Xiao et al. | Kernel data attack is a realistic security threat | |
| CN107203410B (en) | VMI method and system based on system call redirection | |
| Binun et al. | Self-stabilizing virtual machine hypervisor architecture for resilient cloud | |
| Grimm et al. | Automatic mitigation of kernel rootkits in cloud environments | |
| US10019576B1 (en) | Security control system for protection of multi-core processors | |
| Zhan et al. | SAVM: A practical secure external approach for automated in‐VM management | |
| Jain et al. | Introspections on the semantic gap | |
| Zaidenberg et al. | Hypervisor memory introspection and hypervisor based malware honeypot | |
| Chen et al. | DScope: To Reliably and Securely Acquire Live Data from Kernel-Compromised ARM Devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Zhu Min Inventor after: Yu Peijie Inventor after: Sun Yongqing Inventor after: Qi Zhengwei Inventor after: Guan Haibing Inventor before: Zhu Min Inventor before: Yu Peijie Inventor before: Gao Shang Inventor before: Qi Zhengwei Inventor before: Guan Haibing |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: ZHU MIN YU PEIJIE GAO SHANG QI ZHENGWEI GUAN HAIBING TO: ZHU MIN YU PEIJIESUN YONGQING QI ZHENGWEI GUAN HAIBING |
|
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110615 |