CN102930213A - Security monitoring system and security monitoring method based on virtual machine - Google Patents
Security monitoring system and security monitoring method based on virtual machine Download PDFInfo
- Publication number
- CN102930213A CN102930213A CN2012104130471A CN201210413047A CN102930213A CN 102930213 A CN102930213 A CN 102930213A CN 2012104130471 A CN2012104130471 A CN 2012104130471A CN 201210413047 A CN201210413047 A CN 201210413047A CN 102930213 A CN102930213 A CN 102930213A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- security
- assembly
- monitor
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a security monitoring system and a security monitoring method based on a virtual machine. The security monitoring system based on the virtual machine is characterized in that a trusted cryptography module is embedded on a mainboard; a measurement assembly is arranged in a virtual machine monitor; a knowledge base is arranged in a trustable management virtual machine; an internal security monitoring assembly is arranged inside an operation system kernel space of a monitored virtual machine; an external security monitoring assembly is arranged in the virtual machine monitor; a comprehensive analysis assembly is arranged in the virtual machine monitor; and a security control assembly is arranged in the virtual machine monitor. The security monitoring method comprises the following steps of carrying out trusted starting on a platform; safely loading the monitoring assembly; performing the internal security monitor; comprehensively analyzing abnormal behaviors; judging whether abnormality exists or not; performing security control on the abnormal behaviors if abnormality exists; and protecting each security monitoring assembly by utilizing a security isolation mechanism of the virtual machine so as to reduce the damage of malicious software to the security monitor assembly, and simultaneously protecting the completeness of each assembly by utilizing a completeness measurement mechanism.
Description
Technical field
The present invention relates to a kind of method for safety monitoring, particularly relate to a kind of safety monitoring system based on virtual machine and method for safety monitoring.
Background technology
Along with the fast development of infotech and the continuous expansion of network size, day by day frequent for malicious attack and the destruction of computer and network, attack strength constantly increases.By computational resource state and Host behavior are carried out Real Time Monitoring.Find that in time malicious attack has great significance for the normal operation that guarantees cyber-net.
At present, mainly be to realize at operating system layer and application layer for the method for safety monitoring of computing machine, by the supervision to system journal, api interface, port, CONFIG.SYS etc., find variation and the abnormal behaviour of computer mode.Although the security monitoring measure that increases at operating system aspect and application can be satisfied the demand for security of computing machine to a certain extent, also exposes some problem and shortage simultaneously.Be that actual monitored is limited in one's ability on the one hand: the monitoring size ratio of current method for safety monitoring is thicker, mainly be passive analytic system daily record and the state variation that monitors resource, can't carry out profound level analysis initiatively to abnormal behaviour, the behavior of upper strata or same level can only be monitored simultaneously, the malicious act that supervisory system lower floor may exist can't be found; It is obviously not enough from protective capacities on the other hand: the integrality of the dependence operating system that current method for safety monitoring is too much, and operate in the same space with monitored object, self be easy to be attacked and lose the security monitoring ability, and present forbidding edit the registry or forbidding that the safeguard procedures that malice finishes process are difficult to reply for the attack of supervisory system self of taking.
Summary of the invention
The object of the invention is to provide a kind of safety monitoring system based on virtual machine and method, and it is limited to solve the safety monitoring system monitoring capacity, the problem of self-protection scarce capacity.
The present invention adopts following technological means to realize:
A kind of safety monitoring system based on virtual machine comprises credible password module, integrity measurement assembly, knowledge base, internal security monitor component, external security monitoring component, analysis-by-synthesis assembly and security control assembly;
Credible password module embeds on the mainboard as the physics root of trust, and credible calculation services is provided;
The integrity measurement assembly is arranged in described virtual machine monitor, and knowledge base, internal security monitor component, external security monitor component, analysis-by-synthesis assembly and security control assembly are carried out integrity measurement and protection;
Knowledge base is arranged in believable managing virtual machines, and the support in status flag storehouse and behavior pattern storehouse is provided for the monitoring activity of internal security monitoring component and exterior monitoring assembly;
The internal security monitoring component is positioned at the operating system nucleus space of monitored virtual machine, in interior monitoring operation system state and behavior;
The external security monitoring component is arranged in virtual machine monitor, and by monitoring state and the change of event channel, virtual memory, virtual network, virtual i/o, virtual cpu, state and behavior from the outside to operating system monitor;
The analysis-by-synthesis assembly is arranged in virtual machine monitor, and internally the exterior monitoring situation is carried out analysis-by-synthesis, determines whether unusual;
The security control assembly is arranged in virtual machine monitor, according to the safety control strategy of formulating current abnormal behaviour is implemented security control.
The present invention can also realize in the following ways:
A kind of method for safety monitoring based on virtual machine may further comprise the steps:
Start the platform credible step; Corresponding to the credible password module of secure virtual machine supervisory system, take credible password module as the physics root of trust, the credible startup by transitive trust mechanism implementation platform guarantees the credibility of platform computing environment with this;
Load the monitor component security step; Integrity measurement assembly corresponding to the secure virtual machine supervisory system, the proof test value of calculation knowledge storehouse, internal security monitoring component, external security monitoring component, analysis-by-synthesis assembly and security control assembly, proof test value and the reference value that is stored in credible password module are compared, pass through such as tolerance, then component safety loads; Otherwise the standard mirror image of utilization backup recovers and loads;
Carry out internal security and monitor step; Internal security monitoring component and knowledge base corresponding to the secure virtual machine supervisory system, the internal security monitoring component carries out alternately with knowledge base by intercommunication mechanism, the status flag storehouse and the behavior pattern storehouse that provide according to knowledge base monitor state and the behavior of monitored VME operating system;
Carry out external security and monitor step; Corresponding to external security monitoring component and the knowledge base of secure virtual machine supervisory system, corresponding virtual hardware resource status and the behavior of virtual hardware resource access monitor the external security monitoring component to monitored virtual machine;
Abnormal behaviour is carried out the analysis-by-synthesis step; Corresponding to the analysis-by-synthesis assembly of secure virtual machine supervisory system, situation and the exterior monitoring situation of interior monitoring are carried out analysis-by-synthesis, determine whether to exist unusually; As unusually, then;
Abnormal behaviour is carried out the security control step; Corresponding to the security control assembly of secure virtual machine supervisory system, according to the result of analysis-by-synthesis abnormal behaviour is implemented security control, guarantee the safety of computing environment.
Aforesaid a kind of method for safety monitoring based on virtual machine is characterized in that, carries out external security and monitors that the described virtual hardware resource of step comprises: event channel, virtual memory, virtual network, virtual i/o, virtual cpu.
The security feature of combined with virtual machine technology of the present invention mainly has the following advantages:
1, more comprehensive security monitoring ability: utilize virtual machine monitor to be positioned at and have the very characteristic of highly privileged under the operating system, externally realize more profound, more fine-grained security monitoring, the combination of monitoring by the inside and outside has more comprehensive security monitoring ability;
2, stronger self-shield ability: the security monitoring assembly is dispersed to different running spaces, utilize the safe isolation mech isolation test of virtual machine that each security monitoring assembly is protected, reduce Malware for the destruction of security monitoring assembly, utilize simultaneously integrity measurement mechanism that the integrality of each assembly is implemented protection;
3, software layer is realized the security monitoring of hardware level: utilize virtual machine monitor that hardware resource is carried out characteristic abstract and management, by monitoring the access of the virtual hardware resources such as virtual cpu, virtual memory, virtual i/o, thereby realize the monitoring of hardware level at software layer.
Description of drawings
Fig. 1 is the safety monitoring system structural representation based on virtual machine;
Fig. 2 is the method for safety monitoring schematic flow sheet based on virtual machine.
Wherein, 1 is credible password module; 2 is the integrity measurement module; 3 is knowledge base; 4 is the internal security monitoring component; 5 is the external security monitoring component; 6 is the analysis-by-synthesis assembly; 7 are the security control assembly.
Embodiment
Below in conjunction with Figure of description, specific embodiments of the invention are illustrated:
Virtual machine technique is mainly utilized a software layer-virtual machine monitor (Virtual Machine Monitor, VMM) to carry out abstract to hardware resource and is cut apart, for the upper strata VME operating system provides independently virtual computation environmental.Be isolated from each other between the virtual machine and between virtual machine and the virtual machine monitor, the running status of a virtual machine can not affect the normal operation of other virtual machines and virtual machine monitor.Simultaneously because virtual machine monitor is positioned at the lower floor of VME operating system, have very high privilege, can Real Time Monitoring to the behavior of upper strata virtual machine.
See also shown in Figure 1ly, be the safety monitoring system structural representation based on virtual machine.Comprise credible password module 1, integrity measurement assembly 2, knowledge base 3, internal security monitor component 4, external security monitoring component 5, analysis-by-synthesis assembly 6 and security control assembly 7.Wherein, credible password module 1 embeds on the mainboard as the physics root of trust, and credible calculation services is provided; Integrity measurement assembly 2 is arranged in virtual machine monitor, and knowledge base 3, internal security monitor component 4, external security monitor component 5, analysis-by-synthesis assembly 6 and security control assembly 7 are carried out integrity measurement and protection; Knowledge base 3 is arranged in believable managing virtual machines, and the support in status flag storehouse and behavior pattern storehouse is provided for the monitoring activity of internal security monitoring component 4 and exterior monitoring assembly 5; Internal security monitoring component 4 is positioned at the operating system nucleus space of monitored virtual machine, in interior monitoring operation system state and behavior; External security monitoring component 5 is arranged in virtual machine monitor, and by monitoring state and the change of event channel, virtual memory, virtual network, virtual i/o, virtual cpu, state and behavior from the outside to operating system monitor; Analysis-by-synthesis assembly 6 is arranged in virtual machine monitor, and internally the exterior monitoring situation is carried out analysis-by-synthesis, determines whether unusual; Security control assembly 7 is arranged in virtual machine monitor, according to the strategy of formulating current abnormal behaviour is implemented the security control measure.
See also shown in Figure 2ly, be the method for safety monitoring schematic flow sheet based on virtual machine.Concrete steps are:
The first step: start the platform credible step;
Corresponding to the credible password module 1 of secure virtual machine supervisory system, take credible password module 1 as the physics root of trust, the credible startup by transitive trust mechanism implementation platform guarantees the credibility of platform computing environment with this;
Second step: load the monitor component security step;
Integrity measurement assembly 2 corresponding to the secure virtual machine supervisory system, the proof test value of calculation knowledge storehouse 3, internal security monitoring component 4, external security monitoring component 5, analysis-by-synthesis assembly 6 and security control assembly 7, proof test value and the reference value that is stored in credible password module 1 are compared, tolerance is by then component safety loading, otherwise the standard mirror image of utilization backup recovers and loads;
The 3rd step: carry out internal security and monitor step;
Internal security monitoring component 4 and knowledge base 3 corresponding to the secure virtual machine supervisory system, internal security monitoring component 4 carries out alternately with knowledge base 3 by intercommunication mechanism, the status flag storehouse and the behavior pattern storehouse that provide according to knowledge base 3 monitor state and the behavior of monitored VME operating system;
The 4th step: carry out external security and monitor step;
Corresponding to external security monitoring component 5 and the knowledge base 3 of secure virtual machine supervisory system, the virtual hardware resource that 5 pairs of monitored virtual machines of external security monitoring component are corresponding (event channel, virtual memory, virtual network, virtual i/o, virtual cpu) state and the behavior of virtual hardware resource access monitor;
The 5th step: abnormal behaviour is carried out the analysis-by-synthesis step;
Corresponding to the analysis-by-synthesis assembly 6 of secure virtual machine supervisory system, situation and the exterior monitoring situation of interior monitoring are carried out analysis-by-synthesis, determine whether to exist unusually;
The 6th step: abnormal behaviour is carried out the security control step;
Corresponding to the security control assembly 7 of secure virtual machine supervisory system, according to the result of analysis-by-synthesis abnormal behaviour is implemented security control, guarantee the safety of computing environment.
So far, the secure virtual machine control method has effectively guaranteed the controlled of computer resource state and behavior by above every security control measure.
Claims (3)
1. the safety monitoring system based on virtual machine comprises credible password module, integrity measurement assembly, knowledge base, internal security monitor component, external security monitoring component, analysis-by-synthesis assembly and security control assembly; It is characterized in that:
Described credible password module embeds on the mainboard as the physics root of trust, and credible calculation services is provided;
Described integrity measurement assembly is arranged in described virtual machine monitor, and knowledge base, internal security monitor component, external security monitor component, analysis-by-synthesis assembly and security control assembly are carried out integrity measurement and protection;
Described knowledge base is arranged in believable managing virtual machines, and the support in status flag storehouse and behavior pattern storehouse is provided for the monitoring activity of internal security monitoring component and exterior monitoring assembly;
Described internal security monitoring component is positioned at the operating system nucleus space of monitored virtual machine, in interior monitoring operation system state and behavior;
Described external security monitoring component is arranged in virtual machine monitor, and by monitoring state and the change of event channel, virtual memory, virtual network, virtual i/o, virtual cpu, state and behavior from the outside to operating system monitor;
Described analysis-by-synthesis assembly is arranged in virtual machine monitor, and internally the exterior monitoring situation is carried out analysis-by-synthesis, determines whether unusual;
Described security control assembly is arranged in virtual machine monitor, according to the safety control strategy of formulating current abnormal behaviour is implemented security control.
2. the method for safety monitoring based on virtual machine is characterized in that, may further comprise the steps:
Start the platform credible step; Corresponding to the credible password module of secure virtual machine supervisory system, take credible password module as the physics root of trust, the credible startup by transitive trust mechanism implementation platform guarantees the credibility of platform computing environment with this;
Load the monitor component security step; Integrity measurement assembly corresponding to the secure virtual machine supervisory system, the proof test value of calculation knowledge storehouse, internal security monitoring component, external security monitoring component, analysis-by-synthesis assembly and security control assembly, proof test value and the reference value that is stored in credible password module are compared, pass through such as tolerance, then component safety loads; Otherwise the standard mirror image of utilization backup recovers and loads;
Carry out internal security and monitor step; Internal security monitoring component and knowledge base corresponding to the secure virtual machine supervisory system, the internal security monitoring component carries out alternately with knowledge base by intercommunication mechanism, the status flag storehouse and the behavior pattern storehouse that provide according to knowledge base monitor state and the behavior of monitored VME operating system;
Carry out external security and monitor step; Corresponding to external security monitoring component and the knowledge base of secure virtual machine supervisory system, corresponding virtual hardware resource status and the behavior of virtual hardware resource access monitor the external security monitoring component to monitored virtual machine;
Abnormal behaviour is carried out the analysis-by-synthesis step; Corresponding to the analysis-by-synthesis assembly of secure virtual machine supervisory system, situation and the exterior monitoring situation of interior monitoring are carried out analysis-by-synthesis, determine whether to exist unusually; As unusually, then;
Abnormal behaviour is carried out the security control step; Corresponding to the security control assembly of secure virtual machine supervisory system, according to the result of analysis-by-synthesis abnormal behaviour is implemented security control, guarantee the safety of computing environment.
3. a kind of method for safety monitoring based on virtual machine according to claim 2 is characterized in that, carries out external security and monitors that the described virtual hardware resource of step comprises: event channel, virtual memory, virtual network, virtual i/o, virtual cpu.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012104130471A CN102930213A (en) | 2012-10-25 | 2012-10-25 | Security monitoring system and security monitoring method based on virtual machine |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012104130471A CN102930213A (en) | 2012-10-25 | 2012-10-25 | Security monitoring system and security monitoring method based on virtual machine |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102930213A true CN102930213A (en) | 2013-02-13 |
Family
ID=47645010
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2012104130471A Pending CN102930213A (en) | 2012-10-25 | 2012-10-25 | Security monitoring system and security monitoring method based on virtual machine |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102930213A (en) |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103500304A (en) * | 2013-10-13 | 2014-01-08 | 西安电子科技大学 | Virtual machine personalized security monitoring system and method based on Xen |
CN103605557A (en) * | 2013-10-25 | 2014-02-26 | 普华基础软件股份有限公司 | Virtual device management system and management method |
CN103793646A (en) * | 2014-02-14 | 2014-05-14 | 浪潮通信信息系统有限公司 | Virtual machine safety monitoring method based on behavior recognition |
CN103810422A (en) * | 2014-02-20 | 2014-05-21 | 东莞中国科学院云计算产业技术创新与育成中心 | Safety virtualization isolation method based on mirror image intelligent management |
CN104216743A (en) * | 2014-08-27 | 2014-12-17 | 中国船舶重工集团公司第七0九研究所 | Method and system for maintaining start completeness of configurable virtual machine |
CN104714877A (en) * | 2015-03-30 | 2015-06-17 | 上海交通大学 | Mixed monitoring and measurement method and system used on virtual machines |
CN104866407A (en) * | 2015-06-23 | 2015-08-26 | 山东中孚信息产业股份有限公司 | Monitoring system and method in virtual machine environment |
CN105184164A (en) * | 2015-09-08 | 2015-12-23 | 成都博元科技有限公司 | Data processing method |
WO2016026129A1 (en) * | 2014-08-22 | 2016-02-25 | Nokia Technologies Oy | A security and trust framework for virtualized networks |
CN106529284A (en) * | 2016-11-02 | 2017-03-22 | 深圳前海生生科技有限公司 | Security chip-based security reinforcement method for virtual machine monitor |
CN106529342A (en) * | 2016-11-02 | 2017-03-22 | 深圳前海生生科技有限公司 | Virtual machine monitor dynamic integrity detection method based on security chip |
CN106778257A (en) * | 2016-12-08 | 2017-05-31 | 北京国电通网络技术有限公司 | A kind of anti-release apparatus of virtual machine |
CN107231352A (en) * | 2017-05-27 | 2017-10-03 | 郑州云海信息技术有限公司 | A kind of system journal monitoring method and device towards Xen virtualized environments |
WO2017177801A1 (en) * | 2016-04-15 | 2017-10-19 | 中兴通讯股份有限公司 | Method and apparatus for realising integrity protection for operating system |
CN107357629A (en) * | 2017-07-10 | 2017-11-17 | 成都虫洞奇迹科技有限公司 | A kind of virtual machine based on internal memory online analyzing is without agent monitors method and device |
CN108009423A (en) * | 2017-12-04 | 2018-05-08 | 山东浪潮通软信息科技有限公司 | A kind of virtual machine password processing method, system and a kind of password generated instrument |
US9971623B2 (en) | 2014-03-24 | 2018-05-15 | Huawei Technologies Co., Ltd. | Isolation method for management virtual machine and apparatus |
CN108763935A (en) * | 2018-05-30 | 2018-11-06 | 郑州云海信息技术有限公司 | A kind of operating system OS virtual machine kernels integrality monitoring system and method |
CN109358945A (en) * | 2018-09-27 | 2019-02-19 | 郑州云海信息技术有限公司 | A kind of complete method and apparatus of verifying virtual machines hardware resource |
CN110008092A (en) * | 2019-04-15 | 2019-07-12 | 苏州浪潮智能科技有限公司 | A kind of secure virtual machine monitoring method, device, equipment and readable storage medium storing program for executing |
CN106445641B (en) * | 2016-11-02 | 2020-11-06 | 深圳前海生生科技有限公司 | Data migration method between secure virtual platforms on discrete computing nodes |
JP7473608B2 (en) | 2021-08-16 | 2024-04-23 | ベイジン バイドゥ ネットコム サイエンス テクノロジー カンパニー リミテッド | Method, apparatus and electronic device for determining instance risk level in a cloud server |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101957900A (en) * | 2010-10-26 | 2011-01-26 | 中国航天科工集团第二研究院七○六所 | Credible virtual machine platform |
-
2012
- 2012-10-25 CN CN2012104130471A patent/CN102930213A/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101957900A (en) * | 2010-10-26 | 2011-01-26 | 中国航天科工集团第二研究院七○六所 | Credible virtual machine platform |
Non-Patent Citations (2)
Title |
---|
段翼真 等: "《全国抗恶劣环境计算机第二十界学术年会论文集》", 2 September 2011 * |
段翼真 等: "《第26次全国计算机安全学术交流会(论文集)》", 30 September 2011 * |
Cited By (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103500304A (en) * | 2013-10-13 | 2014-01-08 | 西安电子科技大学 | Virtual machine personalized security monitoring system and method based on Xen |
CN103500304B (en) * | 2013-10-13 | 2016-06-29 | 西安电子科技大学 | Virtual machine personalized secure based on Xen monitors system and monitoring method |
CN103605557A (en) * | 2013-10-25 | 2014-02-26 | 普华基础软件股份有限公司 | Virtual device management system and management method |
CN103793646A (en) * | 2014-02-14 | 2014-05-14 | 浪潮通信信息系统有限公司 | Virtual machine safety monitoring method based on behavior recognition |
CN103810422A (en) * | 2014-02-20 | 2014-05-21 | 东莞中国科学院云计算产业技术创新与育成中心 | Safety virtualization isolation method based on mirror image intelligent management |
CN103810422B (en) * | 2014-02-20 | 2017-05-17 | 东莞中国科学院云计算产业技术创新与育成中心 | Safety virtualization isolation method based on mirror image intelligent management |
US9971623B2 (en) | 2014-03-24 | 2018-05-15 | Huawei Technologies Co., Ltd. | Isolation method for management virtual machine and apparatus |
WO2016026129A1 (en) * | 2014-08-22 | 2016-02-25 | Nokia Technologies Oy | A security and trust framework for virtualized networks |
US10491594B2 (en) | 2014-08-22 | 2019-11-26 | Nokia Technologies Oy | Security and trust framework for virtualized networks |
CN104216743A (en) * | 2014-08-27 | 2014-12-17 | 中国船舶重工集团公司第七0九研究所 | Method and system for maintaining start completeness of configurable virtual machine |
CN104216743B (en) * | 2014-08-27 | 2017-08-25 | 中国船舶重工集团公司第七0九研究所 | Configurable virtual machine starts the method and system of completeness maintaining |
CN104714877B (en) * | 2015-03-30 | 2018-06-15 | 上海交通大学 | A kind of mixing monitoring measure and system on virtual machine |
CN104714877A (en) * | 2015-03-30 | 2015-06-17 | 上海交通大学 | Mixed monitoring and measurement method and system used on virtual machines |
CN104866407A (en) * | 2015-06-23 | 2015-08-26 | 山东中孚信息产业股份有限公司 | Monitoring system and method in virtual machine environment |
CN105184164A (en) * | 2015-09-08 | 2015-12-23 | 成都博元科技有限公司 | Data processing method |
CN105184164B (en) * | 2015-09-08 | 2017-11-24 | 成都博元科技有限公司 | A kind of data processing method |
WO2017177801A1 (en) * | 2016-04-15 | 2017-10-19 | 中兴通讯股份有限公司 | Method and apparatus for realising integrity protection for operating system |
CN107301082A (en) * | 2016-04-15 | 2017-10-27 | 中兴通讯股份有限公司 | A kind of method and apparatus for realizing operating system integrity protection |
CN107301082B (en) * | 2016-04-15 | 2020-10-09 | 南京中兴软件有限责任公司 | Method and device for realizing integrity protection of operating system |
CN106529284A (en) * | 2016-11-02 | 2017-03-22 | 深圳前海生生科技有限公司 | Security chip-based security reinforcement method for virtual machine monitor |
CN106529342A (en) * | 2016-11-02 | 2017-03-22 | 深圳前海生生科技有限公司 | Virtual machine monitor dynamic integrity detection method based on security chip |
CN106445641B (en) * | 2016-11-02 | 2020-11-06 | 深圳前海生生科技有限公司 | Data migration method between secure virtual platforms on discrete computing nodes |
CN106778257A (en) * | 2016-12-08 | 2017-05-31 | 北京国电通网络技术有限公司 | A kind of anti-release apparatus of virtual machine |
CN107231352A (en) * | 2017-05-27 | 2017-10-03 | 郑州云海信息技术有限公司 | A kind of system journal monitoring method and device towards Xen virtualized environments |
CN107357629A (en) * | 2017-07-10 | 2017-11-17 | 成都虫洞奇迹科技有限公司 | A kind of virtual machine based on internal memory online analyzing is without agent monitors method and device |
CN108009423A (en) * | 2017-12-04 | 2018-05-08 | 山东浪潮通软信息科技有限公司 | A kind of virtual machine password processing method, system and a kind of password generated instrument |
CN108009423B (en) * | 2017-12-04 | 2021-06-22 | 浪潮通用软件有限公司 | Virtual machine password processing method and system and password generation tool |
CN108763935A (en) * | 2018-05-30 | 2018-11-06 | 郑州云海信息技术有限公司 | A kind of operating system OS virtual machine kernels integrality monitoring system and method |
CN109358945A (en) * | 2018-09-27 | 2019-02-19 | 郑州云海信息技术有限公司 | A kind of complete method and apparatus of verifying virtual machines hardware resource |
CN110008092A (en) * | 2019-04-15 | 2019-07-12 | 苏州浪潮智能科技有限公司 | A kind of secure virtual machine monitoring method, device, equipment and readable storage medium storing program for executing |
CN110008092B (en) * | 2019-04-15 | 2020-03-06 | 苏州浪潮智能科技有限公司 | Virtual machine safety monitoring method, device, equipment and readable storage medium |
JP7473608B2 (en) | 2021-08-16 | 2024-04-23 | ベイジン バイドゥ ネットコム サイエンス テクノロジー カンパニー リミテッド | Method, apparatus and electronic device for determining instance risk level in a cloud server |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102930213A (en) | Security monitoring system and security monitoring method based on virtual machine | |
CN109871695B (en) | Trusted computing platform with computing and protection parallel dual-architecture | |
US9075410B2 (en) | Abnormality detection for isolating a control system | |
EP3654218B1 (en) | Method for detecting malicious code and deferring countermeasures | |
JP6568654B2 (en) | System and method for identifying compromised devices in an industrial control system | |
CN110175457B (en) | Trusted operating system and method of dual-architecture | |
CN107301082B (en) | Method and device for realizing integrity protection of operating system | |
CN105095768A (en) | Virtualization-based credible server trust chain construction method | |
CN102436566A (en) | Dynamic trusted measurement method and safe embedded system | |
CN103561045A (en) | Safety monitoring system and method for Android system | |
CN103258160A (en) | Method for monitoring cloud security under virtualization environment | |
CN103347027A (en) | Trusted network connecting method and system | |
CN103929502A (en) | Cloud platform safe monitor system and method based on virtual machine introspection technology | |
CN101303716B (en) | Embedded system recuperation mechanism based on TPM | |
CN102708330B (en) | Method for preventing system from being invaded, invasion defense system and computer | |
CN112446029A (en) | Trusted computing platform | |
Song | Analysis of risks for virtualization technology | |
CN114625074A (en) | Safety protection system and method for DCS (distributed control System) of thermal power generating unit | |
CN109711161A (en) | A kind of monitoring method and electronic equipment | |
Xiao et al. | A workflow-based non-intrusive approach for enhancing the survivability of critical infrastructures in cyber environment | |
Hartmann et al. | Reactive security for smart grids using models@ run. time-based simulation and reasoning | |
CN101727554B (en) | Method for dynamically reconfiguring trust chain | |
JP5955165B2 (en) | Management apparatus, management method, and management program | |
US20190243953A1 (en) | Enhanced security for multiple node computing platform | |
CN109992351A (en) | Fictitious host computer program safety control method, device, equipment and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130213 |