CN102521531A - Password protection system based on hardware virtualization - Google Patents
Password protection system based on hardware virtualization Download PDFInfo
- Publication number
- CN102521531A CN102521531A CN2011103790145A CN201110379014A CN102521531A CN 102521531 A CN102521531 A CN 102521531A CN 2011103790145 A CN2011103790145 A CN 2011103790145A CN 201110379014 A CN201110379014 A CN 201110379014A CN 102521531 A CN102521531 A CN 102521531A
- Authority
- CN
- China
- Prior art keywords
- module
- instruction
- virtual machine
- kernel
- machine manager
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a password protection system based on hardware virtualization, which aims at the current situation that a traditional password protection system cannot defend an inner nuclear layer rootkit. The password protection system based on hardware virtualization deploys a password protection module and a scheduling management module in an inner nuclear layer of an operation system, provides a safe input environment and an interactive interface, and simultaneously deploys an instruction intercepting module and an inner core protection module in a manager layer of a virtual machine. The instruction intercepting module is used for intercepting privileged instructions, and transmitting the current privileged instruction information to the inner core protection module so as to lead an execution flow path to enter a manger of the virtual machine from the inner nuclear layer of the operation system. The inner core protection module prevents the rootkit from randomly modifying nuclear data and service in the operation system, and guarantees password protection in the inner nuclear layer of the operation system. The password protection system based on hardware virtualization moves a trusted computing base (TCB) from the inner nuclear layer of the operation system to the manager layer of the virtual machine, thereby achieving lower level and higher safety.
Description
Technical field
The invention belongs to the computer system security field, be specifically related to a kind of based on hardware virtualization realization novel cipher protection system.
Background technology
Along with the internet constantly develops, network application and service emerge in large numbers and go deep into daily life, but the network security situation allows of no optimist, and various Trojans for stealing numbers are movable frequent, and the invasion means are also complicated day by day.Inadvertently, confidential information such as user's network game password even Web bank's password all can disappear suddenly, grievous injury privacy of user and digital properties safety.Why these Trojans for stealing numbers can steal user's password information easily, and key is that it has used the keyboard record.Realize that according to the keyboard record level is divided into two big types:
(1) application layer keyboard record: illegally use keyboard state related application DLL (API) to obtain button; The illegal message hooks such as bottom keyboard hook, keyboard hook, debugging hook, JournalRecord Hook that use obtain button or the like.
(2) inner nuclear layer keyboard record: filter the keyboard type driving and obtain button; Filter the keyboard port driver and obtain button; Revise the keyboard interrupt service and obtain button or the like.
Present cipher code protection method roughly is divided into two types: the first kind; Initiatively use message hook that keypad information is disturbed in application layer; These class methods can only prevent the recording method of application layer keyboard; And can only protect self program, and can't unitized cipher protection function be provided to general procedure, the more important thing is to prevent inner nuclear layer rootkit.Second type, protect driving in the inner nuclear layer loading, API and message hook that the filter keys disc status is relevant, but owing to rootkit is in the operating system nucleus layer together, obviously these class methods can not effectively prevent inner nuclear layer rootkit.Attack if face rootkit, the big heavy discount of the security of whole cipher protection system, even can not realize the purpose of cryptoguard.How effectively preventing rootkit, should be the problem of at first considering, and this problem can't be avoided in cryptoguard technical application process.
From 2005, Intel Virtualization Technology just obtained using widely after occurring, and has expedited the emergence of the hardware virtualization technology.In the near future Intel of x86 processor production firm and AMD have released hardware virtualization technology separately, and initial hardware virtualization just occurs for the virtual defective that remedies processor.Hardware virtualization has improved virtualizing performance, and has greatly simplified the design and the exploitation of virtual machine manager.It has increased by two kinds of processor operating modes: root mode and non-root mode.Virtual machine manager operates in level of privilege ring 0 root mode (0P); Client operating system operates in level of privilege ring 0 non-root mode (0D); Application program still operates in level of privilege ring 3 (3D).Control authority is in client operating system in the time of general, if still run into some special events and privileged instruction, by the hardware supports mode switch, control flow can get into virtual machine manager, in virtual machine manager, can specific aim handle.
Because hardware virtualization is subdivided into 0P and 0D with level of privilege ring 0; Virtual machine manager is higher than operating system privilege; Can in virtual machine manager, carry out the specific aim processing, so hardware virtualization is for effectively resisting inner nuclear layer rootkit, providing the cryptoguard of greater security to bring opportunity to special event and privileged instruction.So utilizing hardware virtualization is a kind of novel and effective method from bottom layer realization cryptoguard.
Summary of the invention
The present invention is directed to the conventional cipher protection is implemented in the operating system nucleus; Security is not high enough; Can't prevent the shortcoming that inner nuclear layer rootkit attacks, propose a kind of cipher protection system based on hardware virtualization, this system has solved the problem that inner nuclear layer rootkit attacks when cipher protection function is provided; Make cryptoguard have greater security, and have good dirigibility.
A kind of cipher protection system based on hardware virtualization provided by the invention is characterized in that this system comprises instruction intercepting and capturing module, kernel protection module, cryptoguard module and dispatching management module;
Module is intercepted and captured in instruction and the kernel protection module is positioned at the virtual machine manager layer, and cryptoguard module and dispatching management module are positioned at the operating system nucleus layer;
Dispatching management module is used to provide interactive interface, makes things convenient for calling program and virtual machine manager, calling program and cryptoguard module mutual; In loading the virtual machine manager process, dispatching management module receives the loading virtual machine manager request from calling program, and the dynamic load virtual machine manager is taken over operating system; In the protection process, dispatching management module receives shielded process tag symbol, and shielded process tag symbol is passed to the cryptoguard module; In unloading virtual machine manager process, dispatching management module receives the unloading virtual machine manager request from calling program, and the dynamic offloading virtual machine manager is with the highest weight limit of recovery operation system;
The cryptoguard module is used to prevent that rogue program from obtaining button through keyboard state related application DLL; Prevent that simultaneously rogue program from obtaining button through message hook;
Instruction is intercepted and captured module and is used for privileged instruction is intercepted and captured, and current privileged instruction information is passed to the kernel protection module, makes that carrying out flow process gets into the virtual machine manager from the operating system nucleus layer;
The kernel protection module is used to prevent rootkit retouching operation system kernel; It receives instruction and intercepts and captures the command information that module is transmitted.If this privileged instruction does not relate to the retouching operation system kernel, the kernel protection module is directly carried out this privileged instruction, and the result is returned to operating system; If this privileged instruction relates to the retouching operation system kernel, the kernel protection module is handled the present instruction situation of dividing, and the notifying operation system carries out next bar instruction.
The present invention is through realizing the cryptoguard module at the operating system nucleus layer; Take precautions against rootkit at virtual machine manager layer realization kernel protected location simultaneously and attack, thereby make whole cipher protection system have greater security.Above-mentioned cipher protection system based on hardware virtualization has following effect and advantage:
(1) high security
The conventional cipher protection system can not be resisted the attack of inner nuclear layer rootkit, and the operating system nucleus layer because conventional cipher protection module and rootkit coexist is so rootkit can make cipher protection function lose efficacy, forbid even close easily.And the cipher protection system based on hardware virtualization that the present invention proposes prevents that through the kernel protected location at the virtual machine manager layer rootkit from revising kernel, prevents that rootkit from destroying cipher protection function, makes system have high security.
(2) high flexibility
When the safe input environment of needs, the dynamic loading virtual machine manager is taken over operating system; When not needing safe input environment, the dynamic offloading virtual machine manager is with the highest weight limit of recovery operation system.Different according to demand for security, can select whether load virtual machine manager flexibly protection is provided, make system have high flexibility.
(3) versatility
The existing cipher code protection method that utilizes keypad information to disturb can only be protected self program, can not protection be provided to other programs, has significant limitation.The cryptoguard that the present invention proposes is all effective to all programs; Owing in operating system nucleus He in the virtual machine manager, realize cipher protection function; Application programs is transparent fully, can the cryptoguard service be provided for any application, makes system have versatility.
Description of drawings
Fig. 1 is the structural drawing that the present invention is based on the cipher protection system of hardware virtualization;
Fig. 2 is a virtual machine manager dynamic loading process flow diagram;
Fig. 3 is a virtual machine manager dynamic offloading process flow diagram.
Embodiment
Below in conjunction with accompanying drawing the present invention is further done detailed explanation.
The present invention is through realizing the cryptoguard module at the operating system nucleus layer; Take precautions against the rootkit attack at virtual machine manager layer realization kernel protection module simultaneously, thereby realized the high security of system.Divide from principle of work, native system can be divided into 4 parts: module 1, kernel protection module 2, cryptoguard module 3, dispatching management module 4 are intercepted and captured in instruction.Structural drawing based on the cipher protection system of hardware virtualization is as shown in Figure 1.When the safe input environment of needs, the dynamic loading virtual machine manager is taken over operating system; In the protection process, instruction is intercepted and captured module 1, kernel protection module 2, cryptoguard module 3 and dispatching management module 4 cooperations safe input environment is provided; When not needing safe input environment, the dynamic offloading virtual machine manager is with the highest weight limit of recovery operation system.
Instruction is intercepted and captured module 1 and is positioned at level of privilege ring 0P, is positioned at the virtual machine manager layer.In the process of loading virtual machine manager; At virtual machine control structure (Virtual Machine Control Structure; The privileged instruction that needs monitoring is set VMCS); Crucial the monitoring privileged instruction relevant with the retouching operation system kernel to be set, understand detailed description below the concrete method to set up.In the protection process; If implement the instruction of monitoring in the virtual machine control structure; Then accomplish virtual machine and jump out that (Virtual Machine Exit VMEXIT), carries out flow process and gets into the virtual machine manager from operating system by hardware supports; Current privileged instruction is instructed to intercept and capture module 1 intercepting and capturing, and instruction intercepting and capturing module 1 can pass to kernel protection module 2 with current privileged instruction information.
Kernel protection module 2 is positioned at level of privilege ring 0P, is positioned at the virtual machine manager layer.It receives instruction and intercepts and captures the command information that module 1 is transmitted.If this privileged instruction does not relate to the retouching operation system kernel, kernel protection module 2 is directly carried out this privileged instruction, and the result is returned to operating system, and the notifying operation system carries out next bar instruction then; If this privileged instruction relates to closing control register CR0 write-protect position; Perhaps revise interrupt-descriptor table (Interrupt Descriptor Table; IDT); Perhaps revise system call entrance function address register (SYSENTER_EIP_MSR), then 2 pairs of current privileged instructions of kernel protection module situation of dividing is handled, and the notifying operation system carries out next bar instruction then.
For the write-protected instruction of closing control register CR0,2 need of kernel protection module are simply skipped present instruction, return client operating system then and carry out, and can prevent that so just rootkit from distorting kernel data; For the instruction of revising interrupt-descriptor table; Kernel protection module 2 is rewritten client operating system IDTR plot (Guest IDTR base) field in the virtual machine control structure; Return client operating system then and carry out, can prevent that so just rootkit from distorting interrupt-descriptor table; For the instruction of revising system call entrance function address register, 2 need of kernel protection module are simply skipped present instruction, return client operating system then and carry out, and can prevent that so just rootkit from distorting kernel system call service.
Introduce control register CR0 protection, interrupt-descriptor table protection, system call entrance function address register protection process below respectively:
(1) control register CR0 protection
When instruction attempts to write a linear address, system will check at first whether control register CR0 write-protect position (WP) puts 1, then can not write if be provided with; Then check page directory item and page table entry, when both readable/can write the position (R/W) just can write when putting 1, not so generation is skipped leaf unusually.A lot of rootkit are the first closing control register CR0 write-protect of meeting position before revising kernel data, makes the arbitrary kernel address to write.
In loading the virtual machine manager process; Control register CR0 client in the virtual machine control structure/host's mask (CR0 guest/host mask) is read mask (CR0 read shadow) with control register CR0 be set to 0x10000, expression monitoring control register CR0 write-protect position.
In the protection process, if there is rootkit to attempt closing control register CR0 write-protect position, then can produces virtual machine and jump out, to carry out flow process and change virtual machine manager over to, this instruction can be intercepted and captured module 1 by instruction and intercepted and captured, and then passes to kernel protection module 2.2 need of kernel protection module are simply skipped present instruction to next bar instruction, have promptly skipped rootkit closing control register CR0 write-protect position, can prevent rootkit hack kernel data.
(2) interrupt-descriptor table protection
Interrupt-descriptor table has been preserved the address that system break is handled routine, and the plot of interrupt-descriptor table is kept in the IDTR (IDTR), uses the LIDT instruction can revise this register.A lot of rootkit revise the kernel break in service through revising interrupt-descriptor table.
In loading the virtual machine manager process, with monitoring LIDT instruction is set in the virtual machine control structure.
In the protection process, if there is rootkit to attempt to revise interrupt-descriptor table, then can produces virtual machine and jump out, to carry out flow process and change virtual machine manager over to, this instruction can be intercepted and captured module 1 by instruction and intercepted and captured, and then passes to kernel protection module 2.Kernel protection module 2 is rewritten client operating system IDTR plot (Guest IDTR base) field in the virtual machine control structure, forces client operating system to use setting value.Promptly skip rootkit to the distorting of interrupt-descriptor table, prevented the break in service of rootkit hack kernel.
(3) system call entrance function address register protection
(Model-Specific Register MSR) has preserved some relevant information of chip to special module register, uses RDMSR, WRMSR instruction to carry out read-write operation to special module register.A lot of rootkit revise kernel system call service through revising system call entrance function address register.
In loading the virtual machine manager process; With putting 1 based on the 28th bit of the virtual machine of processor operation control domain (Primary processor-based VM-execution controls) field in the virtual machine control structure; Expression is launched special module register and is kept watch on bitmap (MSR bitmap); To keep watch in the bitmap system call entrance function address register corresponding bit position (0x176) then and put 1, an expression supervisory system call entry function address register.
In the protection process, can cause virtual machine to be jumped out if there is rootkit to attempt to revise system call entrance function address register, control flow changes virtual machine manager over to, and this instruction can be intercepted and captured module 1 by instruction and intercepted and captured, and then passes to kernel protection module 2.2 need of kernel protection module are simply skipped present instruction to next bar instruction, have promptly skipped the modification of rootkit to system call entrance function address register, can prevent rootkit hack kernel system call service.
Cryptoguard module 3 is positioned at level of privilege 0D, is positioned at the operating system nucleus layer.Cryptoguard module 3 is used to prevent that rogue program from obtaining button through relevant API of keyboard state and message hook.
Owing to use the relevant API of keyboard state can obtain key-press status, rogue program can utilize the relevant API of keyboard state to obtain the keyboard input.Because press key message arrives before the message queue of concrete window can the message call Hook Function, so rogue program also can utilize bottom keyboard hook, keyboard hook, debugging hook, these several message hooks of JournalRecord Hook to obtain the keyboard input.Relevant API is as shown in table 1 for keyboard state:
The tabulation of table 1 keyboard state related function
| The application layer function | The inner nuclear layer function | Describe |
| GetRawInputData | NtUserGetRawInputData | Obtain original input data |
| GetKeyboardState | NtUserGetKeyboardState | Obtain keyboard state |
| GetAsyncKeyState | NtUserGetAsyncKeyState | Obtain key-press status |
| GetKeyState | NtUserGetKeyState | Obtain key-press status |
When needs were protected certain process, calling program passed to dispatching management module 4 with process tag symbol (PID), and dispatching management module passes to cryptoguard module 3 with the process tag symbol.The concrete course of work of cryptoguard module 3 is: at first obtain the process tag symbol of current process, judge with the process tag symbol that receives from dispatching management module 4 whether equate.If equate, explain that then current process is by the protection process, cryptoguard module 3 is forbidden the execute key disc status API that is correlated with, and forbids carrying out the message hook function; If unequal, explain that then current process does not need protection, cryptoguard module 3 allows the relevant API of execute key disc status, and allows to carry out the message hook function.
Dispatching management module 4 is positioned at level of privilege ring 0D, is positioned at the operating system nucleus layer.Dispatching management module 4 is used to provide interactive interface, makes things convenient for calling program and virtual machine manager, calling program and cryptoguard module 3 mutual.In loading the virtual machine manager process, the loading virtual machine manager request that dispatching management module 4 receives from calling program, the dynamic load virtual machine manager is taken over operating system; In the protection process, dispatching management module 4 receives the protected process tag symbol (PID) from calling program, and protected process tag symbol is passed to cryptoguard module 3 further handles; In unloading virtual machine manager process, dispatching management module receives the unloading virtual machine manager request from calling program, and the dynamic offloading virtual machine manager is with the authority of recovery operation system.
It is shown in Figure 2 to load virtual machine manager process such as process flow diagram.Support hardware is not virtual at first to check current central processing unit (CPU).Check then whether the control register CR0 bit setting relevant with the virtual machine pattern be correct, and unlatching control register CR4 virtual machine extension enable bit (Virtual-Machine Extensions Enable, VMXE).Distribute virtual machine control structure then.Get into the virtual machine pattern through carrying out the VMXON instruction afterwards; And then execution VMCLEAR instruction initialization virtual machine control structure; Carry out VMPTRLD instruction activating virtual machine control structure again; The monitor privileges instruction is set in virtual machine control structure, particularly will be provided with and monitors the relevant instruction of nuclear protection in above-mentioned the mentioning.Carry out the VMLAUNCH instruction at last and start this virtual machine control structure piece representative virtual machine.
Unloading virtual machine manager process such as process flow diagram are shown in Figure 3.At first carry out VMXOFF and instruct the virtual machine pattern of closing, discharge virtual machine control structure then, remove control register CR4 virtual machine extension enable bit at last.
The present invention not only is confined to above-mentioned embodiment; Persons skilled in the art are according to content disclosed by the invention; Can adopt other multiple embodiment embodiment of the present invention, therefore, every employing project organization of the present invention and thinking; Do some simple designs that change or change, all fall into the scope of the present invention's protection.
Claims (2)
1. the cipher protection system based on hardware virtualization is characterized in that, this system comprises instruction intercepting and capturing module (1), kernel protection module (2), cryptoguard module (3) and dispatching management module (4);
Module (1) is intercepted and captured in instruction and kernel protection module (2) is positioned at the virtual machine manager layer, and cryptoguard module (3) and dispatching management module (4) are positioned at the operating system nucleus layer;
Dispatching management module (4) is used to provide interactive interface, makes things convenient for calling program and virtual machine manager, calling program and cryptoguard module (3) mutual; In loading the virtual machine manager process, dispatching management module (4) receives the loading virtual machine manager request from calling program, and the dynamic load virtual machine manager is taken over operating system; In the protection process, dispatching management module (4) receives shielded process tag symbol, and shielded process tag symbol is passed to cryptoguard module (3); In unloading virtual machine manager process, dispatching management module (4) receives the unloading virtual machine manager request from calling program, and the dynamic offloading virtual machine manager is with the highest weight limit of recovery operation system;
Cryptoguard module (3) is used to prevent that rogue program from obtaining button through keyboard state related application DLL; Prevent that simultaneously rogue program from obtaining button through message hook;
Instruction is intercepted and captured module (1) and is used for privileged instruction is intercepted and captured, and current privileged instruction information is passed to kernel protection module (2), makes that carrying out flow process gets into the virtual machine manager from the operating system nucleus layer;
Kernel protection module (2) is used to prevent rootkit retouching operation system kernel; It receives instruction and intercepts and captures the command information that module (1) is transmitted.If this privileged instruction does not relate to the retouching operation system kernel, kernel protection module (2) is directly carried out this privileged instruction, and the result is returned to operating system; If this privileged instruction relates to the retouching operation system kernel, kernel protection module (2) is handled the present instruction situation of dividing, and the notifying operation system carries out next bar instruction.
2. the cipher protection system based on hardware virtualization according to claim 1; It is characterized in that; If privileged instruction is the write-protected instruction of closing control register CR0, kernel protection module (2) only need be skipped present instruction, returns client operating system then and carries out; If privileged instruction is for revising the instruction of interrupt-descriptor table, kernel protection module (2) is rewritten client operating system IDTR base field in the virtual machine control structure, returns client operating system then and carries out; If privileged instruction is for revising the instruction of system call entrance function address register, kernel protection module (2) only need be skipped present instruction, returns client operating system then and carries out.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110379014.5A CN102521531B (en) | 2011-11-24 | 2011-11-24 | Password protection system based on hardware virtualization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110379014.5A CN102521531B (en) | 2011-11-24 | 2011-11-24 | Password protection system based on hardware virtualization |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102521531A true CN102521531A (en) | 2012-06-27 |
| CN102521531B CN102521531B (en) | 2014-11-12 |
Family
ID=46292442
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110379014.5A Expired - Fee Related CN102521531B (en) | 2011-11-24 | 2011-11-24 | Password protection system based on hardware virtualization |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102521531B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103257893A (en) * | 2013-05-28 | 2013-08-21 | 腾讯科技(深圳)有限公司 | Method, device and system for obtaining input event state |
| CN103473508A (en) * | 2013-09-17 | 2013-12-25 | 肖楠 | Security verification method during kernel operation of operation system |
| CN104008327A (en) * | 2013-02-26 | 2014-08-27 | 腾讯科技(深圳)有限公司 | Safe input method and system |
| US9058500B2 (en) | 2013-06-03 | 2015-06-16 | Huawei Technologies Co., Ltd. | Method and apparatus for inputting data |
| CN106022096A (en) * | 2016-05-23 | 2016-10-12 | 北京金山安全软件有限公司 | Information processing method and device and terminal |
| CN106096455A (en) * | 2016-08-08 | 2016-11-09 | 王波 | A kind of main frame kernel data reduction protection method |
| CN106203066A (en) * | 2016-08-03 | 2016-12-07 | 深圳中电长城信息安全系统有限公司 | Power on password protection method, terminal and server |
| CN109800570A (en) * | 2018-12-29 | 2019-05-24 | 360企业安全技术(珠海)有限公司 | A kind of safety protecting method and device of virtual platform |
| CN110069920A (en) * | 2019-03-06 | 2019-07-30 | 上海交通大学 | Guarantee the method and system of SGX safety based on virtualization |
| CN111737656A (en) * | 2019-05-30 | 2020-10-02 | 中国科学院计算技术研究所 | Privileged hardware resource access method for application program and electronic equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090086979A1 (en) * | 2007-09-28 | 2009-04-02 | Tasneem Brutch | Virtual tpm keys rooted in a hardware tpm |
| CN101589364A (en) * | 2007-01-25 | 2009-11-25 | 微软公司 | Protection agency and privileged mode |
-
2011
- 2011-11-24 CN CN201110379014.5A patent/CN102521531B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101589364A (en) * | 2007-01-25 | 2009-11-25 | 微软公司 | Protection agency and privileged mode |
| US20090086979A1 (en) * | 2007-09-28 | 2009-04-02 | Tasneem Brutch | Virtual tpm keys rooted in a hardware tpm |
Non-Patent Citations (2)
| Title |
|---|
| 凌冲等: "《一种硬件虚拟化技术的Rootkit及其检测》", 《西安科技大学学报》 * |
| 易再尧等: "《一种基于虚拟化哈佛体系结构的Rootkit技术》", 《微电子学与计算机》 * |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104008327B (en) * | 2013-02-26 | 2017-12-01 | 腾讯科技(深圳)有限公司 | A kind of secured inputting method and system |
| CN104008327A (en) * | 2013-02-26 | 2014-08-27 | 腾讯科技(深圳)有限公司 | Safe input method and system |
| CN103257893B (en) * | 2013-05-28 | 2016-06-15 | 腾讯科技(深圳)有限公司 | A kind of methods, devices and systems obtaining input state-event |
| CN103257893A (en) * | 2013-05-28 | 2013-08-21 | 腾讯科技(深圳)有限公司 | Method, device and system for obtaining input event state |
| US9672367B2 (en) | 2013-06-03 | 2017-06-06 | Huawei Technologies Co., Ltd. | Method and apparatus for inputting data |
| US9058500B2 (en) | 2013-06-03 | 2015-06-16 | Huawei Technologies Co., Ltd. | Method and apparatus for inputting data |
| CN103473508B (en) * | 2013-09-17 | 2016-07-27 | 肖楠 | Safe verification method when operating system nucleus runs |
| CN103473508A (en) * | 2013-09-17 | 2013-12-25 | 肖楠 | Security verification method during kernel operation of operation system |
| CN106022096A (en) * | 2016-05-23 | 2016-10-12 | 北京金山安全软件有限公司 | Information processing method and device and terminal |
| CN106203066A (en) * | 2016-08-03 | 2016-12-07 | 深圳中电长城信息安全系统有限公司 | Power on password protection method, terminal and server |
| CN106096455A (en) * | 2016-08-08 | 2016-11-09 | 王波 | A kind of main frame kernel data reduction protection method |
| CN109800570A (en) * | 2018-12-29 | 2019-05-24 | 360企业安全技术(珠海)有限公司 | A kind of safety protecting method and device of virtual platform |
| CN110069920A (en) * | 2019-03-06 | 2019-07-30 | 上海交通大学 | Guarantee the method and system of SGX safety based on virtualization |
| CN111737656A (en) * | 2019-05-30 | 2020-10-02 | 中国科学院计算技术研究所 | Privileged hardware resource access method for application program and electronic equipment |
| CN111737656B (en) * | 2019-05-30 | 2023-10-27 | 中国科学院计算技术研究所 | Application program-oriented privileged hardware resource access method and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102521531B (en) | 2014-11-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102521531B (en) | Password protection system based on hardware virtualization | |
| US7996836B1 (en) | Using a hypervisor to provide computer security | |
| Shi et al. | Deconstructing Xen. | |
| US9858411B2 (en) | Execution profiling mechanism | |
| CN103955438B (en) | Proceeding internal memory guard method based on hardware auxiliary Intel Virtualization Technology | |
| Gu et al. | Process implanting: A new active introspection framework for virtualization | |
| US8869294B2 (en) | Mitigating branch prediction and other timing based side channel attacks | |
| KR20160030385A (en) | Process Evaluation for Malware Detection in Virtual Machines | |
| Xiao et al. | Kernel data attack is a realistic security threat | |
| Mi et al. | (mostly) exitless {VM} protection from untrusted hypervisor through disaggregated nested virtualization | |
| Li et al. | A VMM-based system call interposition framework for program monitoring | |
| CN103996004B (en) | A kind of high-availability system design method based on virtualization | |
| Burdonov et al. | Virtualization-based separation of privilege: working with sensitive data in untrusted environment | |
| Korkin et al. | Detect kernel-mode rootkits via real time logging & controlling memory access | |
| Zhu et al. | HA-VMSI: A lightweight virtual machine isolation approach with commodity hardware for ARM | |
| Tang et al. | Secure and efficient in-hypervisor memory introspection using nested virtualization | |
| Tian et al. | An Online Approach for Kernel-level Keylogger Detection and Defense. | |
| Pouraghily et al. | Hardware support for embedded operating system security | |
| Tsifountidis | Virtualization security: Virtual machine monitoring and introspection | |
| Zhan et al. | Cfwatcher: A novel target-based real-time approach to monitor critical files using vmi | |
| Jiang et al. | Efficient and trusted detection of rootkit in IoT devices via offline profiling and online monitoring | |
| Jia et al. | Defending return‐oriented programming based on virtualization techniques | |
| Luţaş et al. | VE-VMI: high-performance virtual machine introspection based on virtualization exception | |
| Yan et al. | MOSKG: countering kernel rootkits with a secure paging mechanism | |
| Moon et al. | Architectural supports to protect os kernels from code-injection attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20141112 Termination date: 20201124 |