CN102819712B - Method and device for ensuring security of virtual machine operation system - Google Patents
Method and device for ensuring security of virtual machine operation system Download PDFInfo
- Publication number
- CN102819712B CN102819712B CN201210271625.2A CN201210271625A CN102819712B CN 102819712 B CN102819712 B CN 102819712B CN 201210271625 A CN201210271625 A CN 201210271625A CN 102819712 B CN102819712 B CN 102819712B
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- address
- state
- operating system
- vme operating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Memory System Of A Hierarchy Structure (AREA)
Abstract
The invention relates to a method and a device for ensuring security of a virtual machine operation system. The method comprises the following steps: a, the virtual machine operation system is compiled into an address which can be accessed under a management sate, but cannot be accessed under a user state; b, a virtual machine monitor (VMM) is arranged so as to judge the state of the virtual machine when a host machine falls into the virtual machine, and c, the virtual machine operates under the management state when the virtual machine is under the state of operating the virtual machine operation system. According to the method, the virtual machine operation system can be safely used under the MIPS (microprocessor without interlocked piped stages) architecture just by recompiling the virtual machine operation system and properly modifying the virtual machine monitor (VMM) under the condition of not modifying hardware.
Description
Technical field
The present invention relates to computer hardware architectures and system virtualization field, relate in particular to a kind of method and device that ensures VME operating system security.
Background technology
Popular along with cloud computing, system virtualization has obtained more and more faster development, and increasing framework is attempting increasing virtualized support, and MIPS framework is no exception.
Different from other framework, MIPS has the privilege section of the method for own a set of protection operating system: MIPS and the space of non-privilege section access separates.Taking MIPS64 framework as example:
The space that can access under kernel mode is 0x0,000 0,000 0,000 0000 to 0xffff ffff ffff ffff.
The space that can access under management state is 0x0,000 0,000 0,000 0000 to 0x7fff ffff ffff ffff.
The space that can access under user's state is 0x0,000 0,000 0,000 0000 to 0x3fff ffff ffff ffff.
Therefore, only VME operating system need to be compiled into the address that only can access under kernel mode, just can ensure the security of VME operating system.But virtual machine is can not run under kernel mode, may be overlapping with user address space, cause safety issue.This is that MIPS framework increases the problem that virtual machine support must solve.
Typical processing mode is in inner segmentation (Segment) mechanism that increases of CPU, similar x86 framework, although make VME operating system and user program access identical address by fragmentation scheme, because fragmentation scheme mapping is different, therefore the address of access is also just different.But there is no segmented architecture in the MIPS processor of current main-stream, therefore this mode all cannot be used at CPU in the market.And the method complexity is very high.
So, need at present a kind of more simple and effective way to ensure the address subregion of VME operating system and user program, to ensure the method for security of VME operating system.
Summary of the invention
For achieving the above object, the invention provides a kind of method and device that ensures VME operating system security.The method comprises:
Step a, is compiled in that management can be accessed under state and the address that can not access under user's state by VME operating system; Step b, arranges virtual machine monitor VMM, makes host in the time being absorbed in virtual machine, judges the state of virtual machine; Step c, described virtual machine is under the state of operation VME operating system, and virtual machine runs on management state.
Wherein, step a, specifically comprises: the compiling address of amendment VME operating system, replaces with the compiling address of VME operating system acquiescence the address that can access under management state and can not access under user's state; Meanwhile, the use address of amendment VME operating system, all replaces with management state address by the inner VME operating system kernel mode address using.Then, amended VME operating system address is mapped as to corresponding physical address.It is described that amended VME operating system address is mapped as to corresponding physical address is to realize by the TLB miss function in amendment virtual machine monitor VMM.
In step b, judge that virtual machine state is that host is realized by the status register of checking the virtual coprocessor of virtual machine on host.
Step c also comprises, virtual machine is under the state of run user program time, and virtual machine runs on user's state.
The method of guarantee VME operating system provided by the invention security applies to the CPU of MIPS framework.
Accordingly, the present invention also provides a kind of device that ensures VME operating system security.The device of this guarantee VME operating system security comprises: collector, for VME operating system being compiled in to management can be accessed under state and the address that can not access under user's state; Judge module, for virtual machine monitor VMM is set, makes host in the time entering virtual machine, judges the state of virtual machine; Operation module, in the time that described virtual machine is under the state of operation VME operating system, makes virtual machine run on management state.
Further, described collector comprises: the first collector, for revising the compiling address of VME operating system, replaces with the compiling address of VME operating system acquiescence the address that can access under management state and can not access under user's state; The second collector, for revising the use address of VME operating system, all replaces with management state address by the inner VME operating system kernel mode address using.
Further, described operation module also, in the time that described virtual machine is under the state of run user program, makes virtual machine run on user's state.
Provided by the inventionly do not need to revise hardware for the method and the device that ensure VME operating system security, only need to recompilate VME operating system and suitably amendment virtual machine monitor (VMM) just can be in the use VME operating system of MIPS framework safety.And the method is applicable to the CPU of any one MIPS framework of current main-stream.
Brief description of the drawings
Fig. 1 is according to realizing the process flow diagram of distinguishing VME operating system address and user program address approach in one embodiment of the invention;
Fig. 2 is according to the corresponding relation figure before and after Kseg0 section amendment in one embodiment of the invention;
Fig. 3 is the mapping relations figure with the physical address obtaining by amendment TLB miss function according to amended Kseg0 section in one embodiment of the invention;
Fig. 4 is that host judges the process flow diagram of mode of operation according to an embodiment of the invention;
Fig. 5 is the apparatus structure schematic diagram that ensures according to an embodiment of the invention VME operating system security.
Embodiment
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Find the Linux on MIPS framework by investigation, the address of the operating system such as VxWorks acquiescence is all the address (being the address that 0x 0,000 0,000 0,000 0000 arrives between 0x3ffff ffff ffff ffff) that can access under the address (being the address between 0x8,000 0,000 0,000 0000 to 0xffff ffff ffff ffff) that can access under kernel mode and user's state, and user program address is only the address (being the address that 0x0,000 0,000 0,000 0000 arrives between 0x3ffff ffff ffff ffff) that can access under user's state.Not user program address is not under management state, can access and the address (being the address that 0x4,000 0,000 0,000 0000 arrives between 0x7fff ffff ffff ffff) that can not access under user's state.
Based on above-mentioned thought, the invention provides a kind of VME operating system address and user program address distinguished, it is not conflicted mutually, while being virtual machine run user program, run on user's state, and when virtual machine operation VME operating system, run on management state, to ensure the method for VME operating system security.
Fig. 1 is the process flow diagram of realizing the method, and concrete performing step is as follows:
Step 101, is compiled in that management can be accessed under state and the address that can not access under user's state by VME operating system.
This step mainly comprises two aspects: be the compiling address of amendment VME operating system on the one hand, make the compiling address of VME operating system be revised as the address that can access and can not access under user's state under management state; Be the use address of amendment VME operating system on the other hand, the inner VME operating system kernel mode address using is all replaced with to management state address.Both ensured by this two aspect that VME operating system code operated under management state, ensured again that in VME operating system, the reference address of data was all positioned under management state.
And then amendment VMM(virtual machine monitor) in corresponding TLB miss function, amended VME operating system address is mapped as to corresponding physical address and realizes by amendment TLB miss function.
In a specific embodiment, taking (SuSE) Linux OS as example, the compiling address mode of retouching operation system is as follows: in the vmlinux.lds.s of operating system files specify the start address of operating system, the start address of giving tacit consent in MIPS framework is from a certain address 0xffff ffff 8,000 0000 to 0xffff ffff9000 0000, if therefore want the compiling address of retouching operation system, only need to replace the default value in above-mentioned file.The use address mode of retouching operation system is as follows: operating system can show the address under the kernel mode of use, for example 0xffff ffff 8,000 000, for the use address of generating run system, therefore the mode that changes the use address of operating system is all use addresses under kernel mode of search operaqtion internal system, replace one by one, to guarantee that all uses of operating system address is not all under kernel mode.
Therefore,, no matter be that amendment VME operating system compiling address or amendment VME operating system are used address all to relate to the replacement of address, specifically describe the process that replace address that realizes below on Godson CPU:
Taking Kseg0(in MIPS framework under kernel mode 0xffff ffff 8,000 0000 to the address field title of 0xffff ffff a000 0000) as example, VME operating system is some values in Kseg0 section in the start address of MIPS framework acquiescence, under kernel mode, could access.Because the address that can access under user's state is the address between 0x0,000 0,000 0,000 0000 to 0x3fff ffff ffff ffff, therefore during to the amendment of VME operating system compiling address, substitute Kseg0 section with 0x4,000 0,000 8,000 0000 to 0x4,000 0000 a000 0000 this address field, the corresponding relation before and after the amendment of Kseg0 section as shown in Figure 2.By after the amendment of Kseg0 section, VME operating system, in the also corresponding some values that become in 0x4,000 0,000 8,000 0000 to 0x4,000 0000 a000 0000 of start address of MIPS framework acquiescence, makes VME operating system be compiled into the address that can access and can not access under user's state under management state.
Simultaneously, the use address of amendment VME operating system, the use address of the inner each use of replacement VME operating system Kseg0 section one by one, recompile kernel is operated in a certain section of continuation address in 0x4,000 0,000 8,000 0000 to 0x4,000 0,000 9,000 0000, and VME operating system operates in that management can be accessed under state and the address that can not access under user's state.
In addition, TLB disappearance (miss) in amendment virtual monitor (VMM) is processed function and is made 0,x40,000,000 8,000 0000 to 0x4,000 0000 a000 0000 map directly to 0 to 2,000 0000 virtual machine physical address, to guarantee the correctness of corresponding physical address.The mapping relations of amended Kseg0 section and the physical address obtaining by amendment TLB miss function as shown in Figure 3.
By step 101, can under management state, simulate the characteristic of Kseg0 section completely.Same, the method is not limited only to Kseg0 section.Other similar address field as Kseg1 etc. also can be by said method by its compiling and operate in the address that can access under management state and can not access under user's state.
Step 102, arranges VMM(virtual machine monitor), make host in the time being absorbed in virtual machine, judge the state of virtual machine.
By judging the state of virtual machine, determine which kind of state virtual machine runs on.
Step 103, if virtual machine is moving under the state of VME operating system, virtual machine runs on management state; If virtual machine operates under the state of user program, virtual machine runs on user's state.
Fig. 4 is the process flow diagram that host judges mode of operation.
Host is before entering virtual machine, by checking the virtual coprocessor 0(Coprocessor 0 of virtual machine on host) status register judge the state of virtual machine.Generally, if virtual machine is moving under the state of VME operating system, virtual machine should run on kernel mode.But because modified for accessing the address that can not access under user's state under management state, so virtual machine runs on management state in the compiling address of VME operating system and use address in step 101; If virtual machine is under the state of run user program, virtual machine runs on user's state.
Because switching operation modes belongs to sensitive operation on MIPS framework, be certain to be captured by virtual machine monitor (VMM), therefore can ensure in the time carrying out VME operating system it must is in management state.
According to above-mentioned three steps, realize a kind of method that ensures simply and effectively VME operating system security under MIPS framework.The method makes user program operation under user's state, and VME operating system operates under management state, and therefore both address interconnect are not conflicted.If user program has been accessed VME operating system address, must produce extremely, just ensured thus the security of VME operating system.
Accordingly, the invention provides a kind of device that ensures VME operating system security, as shown in Figure 5, it is the apparatus structure schematic diagram of the present embodiment guarantee VME operating system security.
The device of this guarantee VME operating system security comprises: collector 510, judge module 520 and operation module 530.
Concrete, collector 510 is for being compiled in VME operating system the address that can access under management state and can not access under user's state.
Collector 510 also comprises the first collector 511 and the second collector 512.Wherein, the first collector 511 is for revising the compiling address of VME operating system, the compiling address of VME operating system acquiescence replaced with to the address that can access under management state and can not access under user's state.The second collector 512, for revising the use address of VME operating system, all replaces with management state address by the inner VME operating system kernel mode address using.
Judge module 520, for virtual machine monitor VMM is set, makes host in the time entering virtual machine, judges the state of virtual machine.
By judging the state of virtual machine, determine which kind of state virtual machine runs on.
Operation module 530, in the time that virtual machine is under the state of operation VME operating system, makes virtual machine run on management state.
If virtual machine is under the state of operation VME operating system, virtual machine should run on kernel mode.But because can access the address that can not access under user's state under collector 510 is modified as management state by the compiling address of VME operating system and use address, so the first operation module 530 makes virtual machine run on management state.
Operation module 530, also in the time that virtual machine is under the state of run user program, makes virtual machine run on user's state.
Above-described embodiment; object of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the foregoing is only the specific embodiment of the present invention; the protection domain being not intended to limit the present invention; within the spirit and principles in the present invention all, any amendment of making, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (8)
1. a method that ensures VME operating system security, is characterized in that, comprising:
Step a, is compiled in that management can be accessed under state and the address that can not access under user's state by VME operating system;
Step b, arranges virtual machine monitor VMM, makes host in the time entering virtual machine, judges the state of virtual machine;
Step c, described virtual machine is under the state of operation VME operating system, and virtual machine runs on management state;
Step a, specifically comprises:
The compiling address of amendment VME operating system, replaces with the compiling address of VME operating system acquiescence the address that can access under management state and can not access under user's state;
Meanwhile, the use address of amendment VME operating system, all replaces with management state address by the inner VME operating system kernel mode address using.
2. method according to claim 1, is characterized in that, step a also comprises:
Amended VME operating system address is mapped as to corresponding physical address.
3. method according to claim 2, is characterized in that, described amended VME operating system address is mapped as to corresponding physical address is to realize by the TLB miss function in amendment virtual machine monitor VMM.
4. according to the method described in claim 1, it is characterized in that, in step b,
The state of described judgement virtual machine is that host is realized by the status register of checking the virtual coprocessor of virtual machine on host.
5. according to the method described in claim 1, it is characterized in that, step c also comprises:
Described virtual machine is under the state of run user program, and virtual machine runs on user's state.
6. method according to claim 1, is characterized in that, the method for described guarantee VME operating system security applies to the CPU of MIPS framework.
7. a device for VME operating system security, is characterized in that, comprising:
Collector, for VME operating system being compiled in to management can be accessed under state and the address that can not access under user's state;
Judge module, for virtual machine monitor VMM is set, makes host in the time entering virtual machine, judges the state of virtual machine;
Operation module, in the time that described virtual machine is under the state of operation VME operating system, makes virtual machine run on management state;
Described collector comprises:
The first collector, for revising the compiling address of VME operating system, replaces with the compiling address of VME operating system acquiescence the address that can access under management state and can not access under user's state;
The second collector, for revising the use address of VME operating system, all replaces with management state address by the inner VME operating system kernel mode address using.
8. device according to claim 7, is characterized in that, described operation module also, in the time that described virtual machine is under the state of run user program, makes virtual machine run on user's state.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210271625.2A CN102819712B (en) | 2012-08-01 | 2012-08-01 | Method and device for ensuring security of virtual machine operation system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210271625.2A CN102819712B (en) | 2012-08-01 | 2012-08-01 | Method and device for ensuring security of virtual machine operation system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102819712A CN102819712A (en) | 2012-12-12 |
| CN102819712B true CN102819712B (en) | 2014-11-26 |
Family
ID=47303822
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210271625.2A Active CN102819712B (en) | 2012-08-01 | 2012-08-01 | Method and device for ensuring security of virtual machine operation system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102819712B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104050017B (en) * | 2014-07-01 | 2017-05-03 | 龙芯中科技术有限公司 | Method and device for controlling operating virtual machine |
| US11513811B2 (en) * | 2020-12-08 | 2022-11-29 | Citrix Systems, Inc. | Device identifier translation systems and methods |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101470633A (en) * | 2007-12-24 | 2009-07-01 | 联想(北京)有限公司 | Virtual machine monitor, virtual machine system and its internal memory processing method |
| CN101968746A (en) * | 2010-09-02 | 2011-02-09 | 北京航空航天大学 | Method for implementing organizational architecture mode of kernel-based virtual machine (KVM) |
| CN102402453A (en) * | 2012-01-04 | 2012-04-04 | 北京航空航天大学 | System virtual machine for microprocessor without interlocked piped stages (MIPS) platform |
| CN102567217A (en) * | 2012-01-04 | 2012-07-11 | 北京航空航天大学 | MIPS platform-oriented memory virtualization method |
-
2012
- 2012-08-01 CN CN201210271625.2A patent/CN102819712B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101470633A (en) * | 2007-12-24 | 2009-07-01 | 联想(北京)有限公司 | Virtual machine monitor, virtual machine system and its internal memory processing method |
| CN101968746A (en) * | 2010-09-02 | 2011-02-09 | 北京航空航天大学 | Method for implementing organizational architecture mode of kernel-based virtual machine (KVM) |
| CN102402453A (en) * | 2012-01-04 | 2012-04-04 | 北京航空航天大学 | System virtual machine for microprocessor without interlocked piped stages (MIPS) platform |
| CN102567217A (en) * | 2012-01-04 | 2012-07-11 | 北京航空航天大学 | MIPS platform-oriented memory virtualization method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102819712A (en) | 2012-12-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11841966B2 (en) | Inhibiting memory disclosure attacks using destructive code reads | |
| US10445494B2 (en) | Attack protection for valid gadget control transfers | |
| CN109923546B (en) | Event filtering for virtual machine security applications | |
| US9569613B2 (en) | Techniques for enforcing control flow integrity using binary translation | |
| US9792222B2 (en) | Validating virtual address translation by virtual machine monitor utilizing address validation structure to validate tentative guest physical address and aborting based on flag in extended page table requiring an expected guest physical address in the address validation structure | |
| EP3198425B1 (en) | Compiler caching for runtime routine redundancy tracking | |
| US7886293B2 (en) | Optimizing system behavior in a virtual machine environment | |
| JP6006248B2 (en) | Instruction emulation processor, method and system | |
| US9529614B2 (en) | Automatically bridging the semantic gap in machine introspection | |
| Kim et al. | RevARM: A platform-agnostic ARM binary rewriter for security applications | |
| US10140448B2 (en) | Systems and methods of asynchronous analysis of event notifications for computer security applications | |
| US20180157531A1 (en) | Technologies for dynamic acceleration of general-purpose code using hardware accelerators | |
| Stüttgen et al. | Acquisition and analysis of compromised firmware using memory forensics | |
| US9852052B2 (en) | Trusted execution of called function | |
| US20160048458A1 (en) | Computer Security Systems and Methods Using Hardware-Accelerated Access To Guest Memory From Below The Operating System | |
| US10514945B2 (en) | Host-based virtual machine introspection with dynamic guest assistance | |
| CN102819712B (en) | Method and device for ensuring security of virtual machine operation system | |
| CN110968394A (en) | Method and system for controlling partition of page attribute between virtual machine and monitor thereof | |
| d'Antras et al. | Hypermambo-x64: Using virtualization to support high-performance transparent binary translation | |
| CN112416821A (en) | Apparatus, system, and method for defining memory information leakage areas in a computing system | |
| US20190050232A1 (en) | Method and apparatus to gather platform configuration profile in a trustworthy manner | |
| CN102855154B (en) | A kind of system virtual machine and method improving non-sensitive privileged instruction execution efficiency | |
| CN108958879B (en) | Monitoring method and device for virtual machine | |
| US20210157601A1 (en) | Exception interception | |
| Brookes | Mitigating Privilege Escalation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 100095 Building 2, Longxin Industrial Park, Zhongguancun environmental protection technology demonstration park, Haidian District, Beijing Patentee after: Loongson Zhongke Technology Co.,Ltd. Address before: 100190 No. 10 South Road, Zhongguancun Academy of Sciences, Haidian District, Beijing Patentee before: LOONGSON TECHNOLOGY Corp.,Ltd. |
|
| CP03 | Change of name, title or address |