CN106775941A - 一种虚拟机内核完整性保护方法和装置 - Google Patents
一种虚拟机内核完整性保护方法和装置 Download PDFInfo
- Publication number
- CN106775941A CN106775941A CN201611119135.5A CN201611119135A CN106775941A CN 106775941 A CN106775941 A CN 106775941A CN 201611119135 A CN201611119135 A CN 201611119135A CN 106775941 A CN106775941 A CN 106775941A
- Authority
- CN
- China
- Prior art keywords
- page
- virtual machine
- page table
- host
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611119135.5A CN106775941A (zh) | 2016-12-08 | 2016-12-08 | 一种虚拟机内核完整性保护方法和装置 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611119135.5A CN106775941A (zh) | 2016-12-08 | 2016-12-08 | 一种虚拟机内核完整性保护方法和装置 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106775941A true CN106775941A (zh) | 2017-05-31 |
Family
ID=58882355
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611119135.5A Pending CN106775941A (zh) | 2016-12-08 | 2016-12-08 | 一种虚拟机内核完整性保护方法和装置 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106775941A (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113791873A (zh) * | 2021-11-16 | 2021-12-14 | 统信软件技术有限公司 | 一种虚拟机创建方法、计算设备及存储介质 |
WO2024007944A1 (zh) * | 2022-07-08 | 2024-01-11 | 华为技术有限公司 | 扩展内存隔离域的方法和电子设备 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050138370A1 (en) * | 2003-12-23 | 2005-06-23 | Goud Gundrala D. | Method and system to support a trusted set of operational environments using emulated trusted hardware |
CN101226577A (zh) * | 2008-01-28 | 2008-07-23 | 南京大学 | 基于可信硬件与虚拟机的微内核操作系统完整性保护方法 |
US20120117614A1 (en) * | 2007-12-31 | 2012-05-10 | Ravi Sahita | System and method for high performance secure access to a trusted platform module on a hardware virtualization platform |
CN102750471A (zh) * | 2012-05-22 | 2012-10-24 | 中国科学院计算技术研究所 | 基于tpm 的本地验证式启动方法 |
CN103020518A (zh) * | 2012-11-06 | 2013-04-03 | 中国科学院计算技术研究所 | 一种基于TPM的Linux内核初始化中的数据结构保护方法及系统 |
CN104809401A (zh) * | 2015-05-08 | 2015-07-29 | 南京大学 | 一种操作系统内核完整性保护方法 |
-
2016
- 2016-12-08 CN CN201611119135.5A patent/CN106775941A/zh active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050138370A1 (en) * | 2003-12-23 | 2005-06-23 | Goud Gundrala D. | Method and system to support a trusted set of operational environments using emulated trusted hardware |
US20120117614A1 (en) * | 2007-12-31 | 2012-05-10 | Ravi Sahita | System and method for high performance secure access to a trusted platform module on a hardware virtualization platform |
CN101226577A (zh) * | 2008-01-28 | 2008-07-23 | 南京大学 | 基于可信硬件与虚拟机的微内核操作系统完整性保护方法 |
CN102750471A (zh) * | 2012-05-22 | 2012-10-24 | 中国科学院计算技术研究所 | 基于tpm 的本地验证式启动方法 |
CN103020518A (zh) * | 2012-11-06 | 2013-04-03 | 中国科学院计算技术研究所 | 一种基于TPM的Linux内核初始化中的数据结构保护方法及系统 |
CN104809401A (zh) * | 2015-05-08 | 2015-07-29 | 南京大学 | 一种操作系统内核完整性保护方法 |
Non-Patent Citations (2)
Title |
---|
张磊 等: "基于虚拟机的内核完整性保护技术", 《电子科技大学学报》 * |
陈兴蜀 等: "基于虚拟化的不可信模块运行监控", 《华中科技大学学报(自然科学版)》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113791873A (zh) * | 2021-11-16 | 2021-12-14 | 统信软件技术有限公司 | 一种虚拟机创建方法、计算设备及存储介质 |
WO2024007944A1 (zh) * | 2022-07-08 | 2024-01-11 | 华为技术有限公司 | 扩展内存隔离域的方法和电子设备 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1939754B1 (en) | Providing protected access to critical memory regions | |
EP3047419B1 (en) | Virtual secure mode for virtual machines | |
KR101799261B1 (ko) | 하드웨어 모드와 보안 플래그에 의존하여 판독된 명령어에 대한 메모리 영역의 제한 | |
US7418584B1 (en) | Executing system management mode code as virtual machine guest | |
KR102189296B1 (ko) | 가상 머신 보안 어플리케이션을 위한 이벤트 필터링 | |
US10146962B2 (en) | Method and apparatus for protecting a PCI device controller from masquerade attacks by malware | |
US20070067590A1 (en) | Providing protected access to critical memory regions | |
US8327415B2 (en) | Enabling byte-code based image isolation | |
CN103460179A (zh) | 用于透明地对应用程序进行插桩的方法和设备 | |
WO2007005718A2 (en) | Computer system protection based on virtualization | |
US10621340B2 (en) | Hybrid hypervisor-assisted security model | |
CN109074321B (zh) | 用于保护虚拟计算实例的存储器的方法和系统 | |
US20170220795A1 (en) | Information-processing device, information-processing monitoring method, and recording medium | |
CN105512550A (zh) | 用于活跃的操作系统内核保护的系统和方法 | |
US11734430B2 (en) | Configuration of a memory controller for copy-on-write with a resource controller | |
CN107368739B (zh) | 一种内核驱动的监视方法和装置 | |
CN103425563B (zh) | 基于虚拟化技术的在线i/o电子取证系统及其取证方法 | |
CN106775941A (zh) | 一种虚拟机内核完整性保护方法和装置 | |
US10073710B2 (en) | Host-driven application memory protection for virtual machines | |
CN108052415B (zh) | 一种恶意软件检测平台快速恢复方法及系统 | |
US20050138263A1 (en) | Method and apparatus to retain system control when a buffer overflow attack occurs | |
CN107103251B (zh) | 包含映射访问接口的处理器 | |
CN117688552B (zh) | 栈空间防护方法、电子设备、存储介质及计算机程序产品 | |
CN108958879A (zh) | 一种虚拟机的监控方法和装置 | |
US20230281304A1 (en) | Method for switching execution environment and related device thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 100070 the 28 tier of fortune Fortune Plaza, No.1, hang Feng Road, Fengtai District, Beijing. Applicant after: BEIJING GUODIANTONG NETWORK TECHNOLOGY Co.,Ltd. Applicant after: STATE GRID LIAONING ELECTRIC POWER Research Institute Applicant after: STATE GRID CORPORATION OF CHINA Applicant after: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd. Address before: 100070 the 28 tier of fortune Fortune Plaza, No.1, hang Feng Road, Fengtai District, Beijing. Applicant before: BEIJING GUODIANTONG NETWORK TECHNOLOGY Co.,Ltd. Applicant before: STATE GRID LIAONING ELECTRIC POWER Research Institute Applicant before: State Grid Corporation of China Applicant before: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd. |
|
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20190610 Address after: 100085 Beijing city Haidian District Qinghe small Camp Road No. 15 Applicant after: BEIJING CHINA POWER INFORMATION TECHNOLOGY Co.,Ltd. Applicant after: STATE GRID LIAONING ELECTRIC POWER Research Institute Applicant after: STATE GRID CORPORATION OF CHINA Applicant after: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd. Address before: 100070 the 28 tier of fortune Fortune Plaza, No.1, hang Feng Road, Fengtai District, Beijing. Applicant before: BEIJING GUODIANTONG NETWORK TECHNOLOGY Co.,Ltd. Applicant before: STATE GRID LIAONING ELECTRIC POWER Research Institute Applicant before: STATE GRID CORPORATION OF CHINA Applicant before: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd. |
|
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170531 |