CN106845215A - Based on safety protecting method and device under virtualized environment - Google Patents
Based on safety protecting method and device under virtualized environment Download PDFInfo
- Publication number
- CN106845215A CN106845215A CN201611269685.5A CN201611269685A CN106845215A CN 106845215 A CN106845215 A CN 106845215A CN 201611269685 A CN201611269685 A CN 201611269685A CN 106845215 A CN106845215 A CN 106845215A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- cpu usage
- file event
- cpu
- secure virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/3024—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a central processing unit [CPU]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Mathematical Physics (AREA)
- Quality & Reliability (AREA)
- Storage Device Security (AREA)
- Debugging And Monitoring (AREA)
Abstract
The present invention provides a kind of safety protecting method and device based under virtualized environment.Wherein method includes:Secure virtual machine receives active scan task, and the guest virtual machine specified to active scan task sends security protection and instructs;Secure virtual machine receives guest virtual machine and processes request in response to the file event that the security protection is instructed;Secure virtual machine obtains the CPU usage of safe handling flow;With the CPU usage predetermined threshold value of safe handling flow be compared CPU usage by the secure virtual machine;If CPU usage is more than CPU usage predetermined threshold value, secure virtual machine refusal is processed the file event in file event treatment request.The safety protecting method and device, it is defined by the CPU usage to active scan process in secure virtual machine, enabling to secure virtual machine can make quick response to the file event of file monitor in guest virtual machine, so as to improve the speed of service of guest virtual machine.
Description
Technical field
The present invention relates to technical field of virtualization, more particularly to based on the safety protecting method and dress under virtualized environment
Put.
Background technology
With the extensive use of hardware virtualization technology, multiple operation systems can be simultaneously run on a physical host
System, it is mutually isolated between operating system so that the management to hardware facility is more efficient, flexible and saves.But based on virtualization
The security threat problem that can be faced in the allocating operating system of technology.
In order to solve the problems, such as secure virtual machine under virtualized environment, traditional solution is needed in every physical host
On each virtual machine in dispose a set of protection capacity of safety protection software, so as to reach with General Physics hands- operation system install peace
Full protection software has identical function.
However, all disposing a set of security protection product in multiple virtual machines on Same Physical main frame, can cause to meter
The occupancy of resource and storage resource is calculated, and processor CPU will also carry out active scan while monitoring to other virtual machines,
So that states of the processor CPU often in oepration at full load, file process speed in each virtual machine is caused during monitoring
Rate is slack-off.
The content of the invention
Based on this, it is necessary to which the protection capacity of safety protection software for traditional light agency cannot pacify to virtual machine anywhere or anytime
The problem of full protection, there is provided one kind can be improved in virtual machine, file process speed based under virtualized environment safety prevent
Maintaining method and device.
A kind of safety protecting method based under virtualized environment, wherein, multiple client virtuals are deployed with physical host
Machine and secure virtual machine;Methods described includes:
The secure virtual machine receives active scan task, and the guest virtual machine specified to the active scan task sends
Security protection is instructed;
The secure virtual machine receives guest virtual machine and processes request in response to the file event that the security protection is instructed;
The secure virtual machine obtains the CPU usage of safe handling flow;
Be compared for the CPU usage and predetermined threshold value by the secure virtual machine;
If the CPU usage is more than the predetermined threshold value, the secure virtual machine is refused to the file event
File event in reason request is processed.
Wherein in one embodiment, when the secure virtual machine receives active scan task, to the active scan
The virtual machine that task is specified is sent the step of security protection is instructed to be included:
The secure virtual machine extracts the guest virtual machine that the active scan task is specified from active scan task
Designated identification;
The secure virtual machine according to the designated identification and the default mark of each guest virtual machine, in default mark
Security protection is sent with the guest virtual machine that the designated identification matches to instruct.
Wrapped wherein in one embodiment, the step of the secure virtual machine obtains the CPU usage of safe handling flow
Include:
Obtain multiple cpu load values of the secure virtual machine in scheduled time slot;
The average value of multiple cpu load values is calculated, the cpu load average value in the scheduled time slot is obtained, as safe place
Manage the CPU usage of flow.
Wherein in one embodiment, the file event during the secure virtual machine refusal is asked the file event is entered
Also include after row treatment:
Continue the CPU usage of the acquisition safe handling flow;
CPU usage is proceeded to compare with the predetermined threshold value;
When the CPU usage of the safe handling flow is less than the CPU usage predetermined threshold value, then to the file
File event in event handling request is processed.
It is described when the CPU usage of the safe handling flow is less than the predetermined threshold value wherein in one embodiment
When, then also include the step of process the file event:
Obtain the priority of the file event treatment request of each guest virtual machine return;
When the CPU usage of safe handling flow is less than the CPU usage predetermined threshold value, according to priority to institute
The file event stated in file event treatment request is processed.
A kind of safety device based under virtualized environment, wherein, physical host is deployed with multiple guest virtual machines
And secure virtual machine, the safety device is applied in secure virtual machine;The safety device includes:
Instruction sending module, for receiving during active scan task, the client specified to the active scan task is empty
Plan machine sends security protection instruction;
Request receiving module, please in response to the file event treatment that the security protection is instructed for receiving guest virtual machine
Ask;
CPU usage acquisition module, the CPU usage for obtaining safe handling flow;
CPU usage comparison module, for the CPU usage of the CPU usage and safe handling flow to be preset into threshold
Value is compared;
Event processing module, for when the CPU usage is more than the CPU usage predetermined threshold value, refusing to institute
The file event stated in file event treatment request is processed.
Wherein in one embodiment, the instruction sending module includes:
Marker extraction unit, for extracting the guest virtual machine that the active scan task is specified from active scan task
Designated identification;
Instruction sending unit, for according to the designated identification and the default mark of each guest virtual machine, to pre- bidding
The guest virtual machine matched with the designated identification in knowledge sends security protection instruction.
Wherein in one embodiment, the CPU usage acquisition module also includes:
Cpu load value acquiring unit, the multiple cpu load values for obtaining the secure virtual machine in scheduled time slot;
CPU usage computing unit, the average value for calculating multiple cpu load values, obtains the CPU in the scheduled time slot
Load mean value, as the CPU usage of safe handling flow.
Wherein in one embodiment, in event processing module refusal to the text in file event treatment request
After part event is processed, the CPU that the CPU usage acquisition module is additionally operable to continue to obtain the safe handling flow is accounted for
With rate;The CPU usage comparison module is additionally operable to for CPU usage and the CPU usage predetermined threshold value to proceed ratio
Compared with;When the CPU usage of the safe handling flow is less than the CPU usage predetermined threshold value, the event handling mould
Block is additionally operable to process the file event in file event treatment request.
Wherein in one embodiment, the event processing module also includes:
Priority acquiring unit, it is preferential suitable that the file event treatment for obtaining the return of each guest virtual machine is asked
Sequence;
File event processing unit, threshold is preset for the CPU usage when safe handling flow less than the CPU usage
During value, the file event in file event treatment request is processed again according to priority.
Above-mentioned safety protecting method and device based under virtualized environment, by secure virtual machine, being swept to active
The CPU usage for retouching process is defined so that secure virtual machine can have disposal ability simultaneously to file in guest virtual machine
The file event of monitoring makes quick response, so as to improve the speed of service of guest virtual machine.
Brief description of the drawings
Fig. 1 is the structural representation of the physical host for being deployed with secure virtual machine in one embodiment;
Fig. 2 is the schematic flow sheet based on the safety protecting method under virtualized environment in one embodiment;
Fig. 3 is the structural representation based on the safety device under virtualized environment in one embodiment.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with drawings and Examples pair
The present invention is further elaborated based on the safety protecting method and device under virtualized environment.It should be appreciated that this place
The specific embodiment of description is only used to explain the present invention, is not intended to limit the present invention.
Safety protecting method based under virtualized environment provided in an embodiment of the present invention, can be applied to the peace shown in Fig. 1
In full protection system, security protection system is run in physical host.The physical host includes the place connected by system bus
Reason device, non-volatile memory medium, internal memory, network interface, display screen and input system.Multiple visitors are deployed with the physical host
Family virtual machine and secure virtual machine, the secure virtual machine are configured with safety device, for processing the file event under monitoring,
For example the file in guest virtual machine is monitored and processed;And the file event under active scan, for example actively start
To the checking and killing virus of guest virtual machine.The processor is used to provide calculating and control ability, supports the operation of whole physical host.
The method is based on " without agent security preventing mechanism ", and multiple virtual machines are deployed with a physical host, is had in multiple virtual machines
The virtual machine of predetermined number is secure virtual machine, and remaining is the guest virtual machine for being configured without protection capacity of safety protection software.This is without generation
Security mechanism is managed due to the virtual memory correspondence Same Physical memory headroom of each virtual machine, i.e., equivalent to each virtual machine
A physical memory space is shared, just can be by physical memory space realization each other straight between so multiple virtual machines
Connect letter.Wherein, task manager is the equal of to operate in VMM (Virtual Machine Monitor, virtual machine monitor)
One software of layer, the transmission for realizing security protection event and data in Same Physical main frame between each virtual machine,
It is equivalent to the communication pipe between each virtual machine.Virtual memory is deposited a section in VMM layer using traditional simulation software
Storage space simulation is obtained.VMM is used to planning each virtual machine, dispose, pipeline and optimization.
It will be understood by those skilled in the art that the structure shown in Fig. 1, part knot only related to application scheme
The block diagram of structure, does not constitute the restriction of the physical host being applied thereon to application scheme, and specific physical host can be with
Including than more or less part shown in figure, or some parts are combined, or arranged with different parts.
In one embodiment, also referring to Fig. 1 and Fig. 2, there is provided a kind of safety based under virtualized environment is prevented
Maintaining method, the method is comprised the following steps:
S10, secure virtual machine receives active scan task, and the guest virtual machine specified to active scan task sends safety
Protection instruction;
S20, secure virtual machine receives guest virtual machine and processes request in response to the file event that the security protection is instructed;
S30, secure virtual machine obtains the CPU usage of safe handling flow;
Be compared for the CPU usage and predetermined threshold value by S40, secure virtual machine;
S50, if the CPU usage is more than the CPU usage predetermined threshold value, secure virtual machine refusal performs described
File event treatment request.
In step slo, secure virtual machine is after active scan task is received, according in active scan task to specifying
Guest virtual machine send security protection instruction, active scan is carried out to the file in specified guest virtual machine.
In step S20, guest virtual machine receive secure virtual machine transmission security protection instruction after, to safety
Virtual machine returns to file event treatment request, the file in guest virtual machine is sent to secure virtual machine to be scanned and is looked into
Kill.
In step s 30, secure virtual machine is first after the file event treatment request for receiving guest virtual machine return
The CPU usage of the current safe handling flow of secure virtual machine is obtained, the CPU usage of the safe handling flow refers to institute
The ratio of the CPU disposal abilities of the CPU line journey occupancy that safe handling flow is used is stated, generally as a percentage.
In step s 40, secure virtual machine takes the CPU after the CPU usage for getting safe handling flow
Rate is compared with default CPU usage predetermined threshold value in secure virtual machine, to judge what current safety handling process took
Whether CPU alreadys exceed default CPU and takes threshold value.
In step s 50, if the CPU usage of safe handling flow alreadys exceed default CPU usage threshold value, say
The current active scan event of bright secure virtual machine has reached the limit value of disposal ability.To avoid the secure virtual machine can also
Timely guest virtual machine is monitored, is timely responded to the file event under monitoring, secure virtual machine will be refused to perform
This document event handling request, so that the occupancy of the CPU of safe handling flow is default less than or equal to above-mentioned in secure virtual machine
CPU take threshold value.By limiting occupancy during secure virtual machine CPU active scans so that secure virtual machine can retain
Enough CPU disposal abilities such that it is able to respectively can virtual machine occur file monitor event be monitored, therefore, it is possible to timely
To monitoring under file event respond.
The above-mentioned safety protecting method based under virtualized environment, based on without agent security preventing mechanism, can realize peace
Active safety protection of the full virtual machine to other virtual machines in Same Physical main frame, i.e., secure virtual machine scans other on one's own initiative
The file data of virtual machine.And the above method can be avoided in multiple virtual machines of Same Physical main frame, deployment is repeated many
To computing resource and the occupancy of storage resource during individual protection capacity of safety protection software;Meanwhile, in secure virtual machine, by active scan
The CPU usage of process is defined, and enables to the secure virtual machine can be to the file thing of file monitor in guest virtual machine
Part makes quick response, so as to improve the speed of service of guest virtual machine.
It should be noted that being provided with the virtual of protection capacity of safety protection software with traditional when secure virtual machine carries out safety detection
The detection process of machine is similar, and here is omitted.
In one embodiment, step S10 also includes:
S11, after secure virtual machine receives active scan task, the active scan is extracted from active scan task and is appointed
The designated identification of the guest virtual machine that business is specified;
S12, secure virtual machine according to the designated identification and the default mark of each guest virtual machine, in default mark
Security protection is sent with the guest virtual machine that the designated identification matches to instruct.
Security protection instruction can be issued the guest virtual machine for needing to carry out security protection in above-described embodiment, reduced non-
Necessary protection process, improves the efficiency of security protection.
In one embodiment, step S30 includes:
S31, obtains multiple cpu load values of the secure virtual machine in scheduled time slot;
S32, calculates the average value of multiple cpu load values, the cpu load average value in the scheduled time slot is obtained, as peace
The CPU usage of full handling process.
In step S31, when secure virtual machine obtains the CPU usage of safe handling flow, except can in real time obtain safety
Outside the CPU usage of handling process, the multiple cpu load values in scheduled time slot also can be first obtained.Due to safe handling flow
The instantaneous occupancy of CPU may rise and fall frequently, but fall after rise quickly, on the file event influence under secure virtual machine monitoring relatively
It is small.To avoid subsequently excessively frequently being compared CPU usage, limiting, the multiple CPU that can first obtain in scheduled time slot bear
Load value.In the scheduled time slot, secure virtual machine can obtain multiple cpu load values with preset frequency, and the preset frequency can be with root
Selected according to needs.
In step s 32, secure virtual machine can first obtain the average value of multiple cpu load values in the above-mentioned scheduled time, and
Using the average value of the plurality of cpu load value as the CPU usage of safe handling flow in the scheduled time slot, enter with predetermined threshold value
Row compares.
If the average value of cpu load value is more than default CPU usage predetermined threshold value in the scheduled time, illustrate
In the scheduled time slot, the CPU that the file event under secure virtual machine treatment active scan takes is more, then secure virtual machine is rear
After continued access is asked to the file event treatment that guest virtual machine sends, the file event wouldn't be processed at request
Reason.
The method that above-described embodiment is provided, by assessing the CPU usage in scheduled time slot, can more accurately assess
The CPU shared by file event under secure virtual machine active scan, while secure virtual machine can be utilized more fully
The disposal ability of CPU.
In one embodiment, the CPU usage predetermined threshold value of safe handling flow can be 70%-80% in step S40,
Can as needed be selected, have enough abilities can be in each guest virtual machine with the CPU for ensureing secure virtual machine
File be monitored, and timely respond to.For example, the predetermined threshold value can be set as into 75%.When the CPU of safe handling flow is accounted for
Reached with rate or during more than 75%, then illustrated that treatment of the current safety virtual machine to the file event under active scan had reached
Saturation.
In one embodiment, when the CPU of safe handling flow in secure virtual machine is higher than CPU usage predetermined threshold value,
And after refusing to process the file event in the file event request, also include:
S51, continues to obtain the CPU usage of the safe handling flow;
S52, CPU usage is proceeded to compare with the CPU usage predetermined threshold value;
S53, when the CPU usage of the safe handling flow is less than the CPU usage predetermined threshold value, then to described
File event in file event treatment request is processed.
In above-described embodiment, after the CPU usage of safe handling flow reaches predetermined threshold value in secure virtual machine, continue
The CPU usage of safe handling flow is monitored, and is compared with predetermined threshold value;When the CPU for monitoring safe place flow takes
Rate is less than after predetermined threshold value, then carries out real-time processing to the file event in file event treatment request, to improve treatment effect
Rate.
In one embodiment, when the CPU usage of the safe handling flow in secure virtual machine takes less than the CPU
During rate predetermined threshold value, then to the file event treatment request in file event process the step of also include:
S531, obtains the priority of the file event treatment request of each guest virtual machine transmission;
S532, when the CPU usage of safe handling flow is less than the CPU usage predetermined threshold value, according to preferential suitable
File event in file event treatment request described in ordered pair is processed.
In the above-described embodiments, the time of the file event treatment request that secure virtual machine can send according to guest virtual machine
Sequentially, priority orders, are ranked up to file event treatment request.If the CPU of the safe handling flow of secure virtual machine is accounted for
When being less than predetermined threshold value with rate, above-mentioned priority can be installed file event treatment request is processed, so that safety
Virtual machine can the significantly more efficient file event to each guest virtual machine process, improve file event treatment effeciency and
It is ageing.
Secure virtual machine in active scan guest virtual machine, typically to file under particular category on each guest virtual machine
Active scan.File directory information in security protection event obtains the data under assigned catalogue, and by these data
In writing physical memory space as data to be tested safety detection is carried out for secure virtual machine.Guest virtual machine is treated generation
During detection data write-in physical memory space, first data to be tested can be buffered in the virtual memory of itself, then according to it
The mapping relations in virtual memory and physical memory space are by data to be tested write-in physical memory space.By data to be tested
During write-in physical memory, preferably write in a serial fashion.
For example:Secure virtual machine sends security protection event to virtual machine A, B, C, D simultaneously, when the priority of A, B, C, D
When identical, the reception time sequencing that secure virtual machine can process request according to file event is processed the file event of each virtual machine
Request is processed.In addition, the priority that can pre-set virtual machine A and virtual machine B is excellent higher than virtual machine C and virtual machine D
First level, and virtual machine A is identical with the priority of virtual machine B, virtual machine C is identical with the priority of virtual machine D.In secure virtual machine
Safe handling flow CPU occupancy be more than predetermined threshold value when, secure virtual machine wouldn't be to the file event of virtual machine at
Reason request is processed, but the file event treatment request to virtual machine A, B, C, D is ranked up.Can be empty by physical memory
Between and the mapping relations between the secure virtual internal memory of secure virtual machine, by virtual machine A, B, C and the data to be tested of virtual machine D
It is buffered in secure virtual internal memory, to mitigate occupancy of the data to be tested to physical memory space;When the safety of secure virtual machine
When the occupancy of the CPU of handling process is less than predetermined threshold value, the data to be tested of virtual machine A and virtual machine B are first write into physics
Memory headroom, secure virtual machine carries out safety detection simultaneously to the data to be tested of virtual machine A and virtual machine B, improves safety inspection
While the efficiency of survey, the occupancy to physical resource is reduced, improve the treatment effeciency of physical host.
Also referring to Fig. 3, in one embodiment, a kind of security protection dress based under virtualized environment is additionally provided
Put, be configured in physical host, physical host is deployed with multiple guest virtual machines and secure virtual machine;The safety device can
It is arranged in secure virtual machine, the safety device includes:
Instruction sending module 100, for receiving during active scan task, to the client that the active scan task is specified
Virtual machine sends security protection instruction;
Request receiving module 200, for receiving at the file event that guest virtual machine is instructed in response to the security protection
Reason request;
CPU usage acquisition module 300, the CPU usage for obtaining safe handling flow;
CPU usage comparison module 400, for the CPU usage to be preset with the CPU usage of safe handling flow
Threshold value is compared;
Event processing module 500, for when the CPU usage is more than the CPU usage predetermined threshold value, it to be right to refuse
File event in the file event treatment request is processed.
The above-mentioned safety device based under virtualized environment, based on without agent security preventing mechanism, secure virtual machine
The active safety protection to other virtual machines in Same Physical main frame can be realized, i.e., secure virtual machine scans other on one's own initiative
The file data of virtual machine.Meanwhile, in secure virtual machine, it is defined by the CPU usage to active scan process, energy
Enough enable that secure virtual machine makes quick response to the file event under being monitored in guest virtual machine, so as to improve client
The speed of service of virtual machine.
In one embodiment, the instruction sending module 100 includes:Marker extraction unit 110, for from active scan
The designated identification of the guest virtual machine that the active scan task is specified is extracted in task;Instruction sending unit 120, for basis
The default mark of the designated identification and each guest virtual machine, to the client matched with the designated identification in default mark
Virtual machine sends security protection instruction.
In above-described embodiment, instruction sending module 100 can according to designated identification, security protection instruction is issued need into
The guest virtual machine of row security protection, reduces non-essential protection process, improves the efficiency of security protection.
In one embodiment, the CPU usage acquisition module 300 also includes:Cpu load value acquiring unit 310, uses
In the multiple cpu load values for obtaining secure virtual machine in scheduled time slot;CPU usage computing unit 320, for calculating multiple
The average value of cpu load value, obtains the cpu load average value in the scheduled time slot, is taken as the CPU of safe handling flow
Rate.
In above-described embodiment, the CPU usage in scheduled time slot, Neng Gougeng are assessed by cpu load value acquiring unit 310
Plus accurately assessment processes the CPU shared by the file event under active scan, while more fully utilizing secure virtual
The disposal ability of machine CPU.
In one embodiment, event processing module 500 is refused to carry out the file event in file event treatment request
After treatment, CPU usage acquisition module 500 is additionally operable to the CPU usage for continuing to obtain safe handling flow;CPU usage
CPU usage then is proceeded to compare by comparison module 400 with the CPU usage predetermined threshold value;If the safe handling stream
When the CPU usage of journey is less than the CPU usage predetermined threshold value, the event processing module 500 is additionally operable to the file
File event in event handling request is processed.
In one embodiment, the event processing module 500 also includes:Priority acquiring unit 510, it is each for obtaining
The priority of the file event treatment request that individual guest virtual machine is returned;File event processing unit 520, for working as safe place
When the CPU usage for managing flow is less than the CPU usage predetermined threshold value, according to priority again to file event treatment
File event in request is processed.
In the above-described embodiments, the time of the file event treatment request that secure virtual machine can send according to guest virtual machine
Sequentially, priority orders, are ranked up to file event treatment request.If the CPU of the safe handling flow of secure virtual machine is accounted for
When being less than predetermined threshold value with rate, above-mentioned priority can be installed file event treatment request is processed, so that safety
Virtual machine can the significantly more efficient file event to each guest virtual machine process, improve file event treatment effeciency and
It is ageing.
One of ordinary skill in the art will appreciate that all or part of flow in realizing above-described embodiment method, can be
The hardware of correlation is instructed to complete by computer program, described program can be stored in a computer read/write memory medium
In, the program is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, described storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
Each technical characteristic of embodiment described above can be combined arbitrarily, to make description succinct, not to above-mentioned reality
Apply all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, the scope of this specification record is all considered to be.
Embodiment described above only expresses several embodiments of the invention, and its description is more specific and detailed, but simultaneously
Can not therefore be construed as limiting the scope of the patent.It should be pointed out that coming for one of ordinary skill in the art
Say, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to protection of the invention
Scope.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.
Claims (10)
1. a kind of safety protecting method based under virtualized environment, it is characterised in that multiple clients are deployed with physical host
Virtual machine and secure virtual machine;Methods described includes:
The secure virtual machine receives active scan task, and the guest virtual machine specified to the active scan task sends safety
Protection instruction;
The secure virtual machine receives guest virtual machine and processes request in response to the file event that the security protection is instructed;
The secure virtual machine obtains the CPU usage of safe handling flow;
Be compared for the CPU usage and predetermined threshold value by the secure virtual machine;
If the CPU usage is more than the predetermined threshold value, the secure virtual machine refusal please to file event treatment
File event in asking is processed.
2. the safety protecting method based under virtualized environment according to claim 1, it is characterised in that the safety is empty
When plan machine receives active scan task, the guest virtual machine specified to the active scan task sends what security protection was instructed
Step includes:
The secure virtual machine extracts specifying for the guest virtual machine that the active scan task is specified from active scan task
Mark;
The secure virtual machine according to the designated identification and the default mark of each guest virtual machine, in default mark with institute
State the guest virtual machine transmission security protection instruction that designated identification matches.
3. the safety protecting method based under virtualized environment according to claim 1, it is characterised in that the safety is empty
The step of plan machine obtains the CPU usage of safe handling flow includes:
Obtain multiple cpu load values of the secure virtual machine in scheduled time slot;
The average value of multiple cpu load values is calculated, the cpu load average value in the scheduled time slot is obtained, as safe handling stream
The CPU usage of journey.
4. the safety protecting method based under virtualized environment according to claim 1, it is characterised in that the safety is empty
Plan machine refusal also includes after being processed the file event in file event request:
Continue the CPU usage of the acquisition safe handling flow;
CPU usage and predetermined threshold value are proceeded to compare;
When the CPU usage of the safe handling flow is less than the predetermined threshold value, then file event treatment is asked
In file event processed.
5. the safety protecting method based under virtualized environment according to claim 4, it is characterised in that described when described
Include when the CPU usage of safe handling flow is less than the predetermined threshold value, then the step of process the file event:
Obtain the priority of the file event treatment request of each guest virtual machine return;
When the CPU usage of safe handling flow is less than the predetermined threshold value, according to the priority to the file thing
File event in part treatment request is processed.
6. a kind of safety device based under virtualized environment, it is characterised in that it is empty that physical host is deployed with multiple clients
Plan machine and secure virtual machine, the safety device are applied in secure virtual machine;The safety device includes:
Instruction sending module, for receiving during active scan task, to the guest virtual machine that the active scan task is specified
Send security protection instruction;
Request receiving module, request is processed for receiving guest virtual machine in response to the file event that the security protection is instructed;
CPU usage acquisition module, the CPU usage for obtaining safe handling flow;
CPU usage comparison module, for the CPU usage and predetermined threshold value to be compared;
Event processing module, for when the CPU usage is more than the predetermined threshold value, refusal to be to file event treatment
File event in request is processed.
7. the safety device based under virtualized environment according to claim 6, it is characterised in that the instruction hair
Sending module includes:
Marker extraction unit, the finger for extracting the guest virtual machine that the active scan task is specified from active scan task
Calibration is known;
Instruction sending unit, for according to the designated identification and the default mark of each guest virtual machine, in default mark
Security protection is sent with the guest virtual machine that the designated identification matches to instruct.
8. the safety device based under virtualized environment according to claim 7, it is characterised in that the CPU is accounted for
Also included with rate acquisition module:
Cpu load value acquiring unit, the multiple cpu load values for obtaining the secure virtual machine in scheduled time slot;
CPU usage computing unit, the average value for calculating multiple cpu load values, obtains the cpu load in the scheduled time slot
Average value, as the CPU usage of safe handling flow.
9. the safety device based under virtualized environment according to claim 8, it is characterised in that in the event
After processing module refusal is processed the file event in file event treatment request, the CPU usage is obtained
Module is additionally operable to the CPU usage for continuing to obtain the safe handling flow;The CPU usage comparison module be additionally operable to by
CPU usage proceeds to compare with the CPU usage predetermined threshold value;Until the CPU usage of the safe handling flow
During less than the CPU usage predetermined threshold value, the event processing module is additionally operable to in file event treatment request
File event is processed.
10. the safety device based under virtualized environment according to claim 9, it is characterised in that the event
Processing module also includes:
Priority acquiring unit, the priority of the file event treatment request for obtaining the return of each guest virtual machine;
File event processing unit, the CPU usage predetermined threshold value is less than for the CPU usage when safe handling flow
When, the file event in file event treatment request is processed again according to priority.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611269685.5A CN106845215B (en) | 2016-12-30 | 2016-12-30 | Safety protection method and device based on virtualization environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611269685.5A CN106845215B (en) | 2016-12-30 | 2016-12-30 | Safety protection method and device based on virtualization environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106845215A true CN106845215A (en) | 2017-06-13 |
| CN106845215B CN106845215B (en) | 2020-04-14 |
Family
ID=59116964
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611269685.5A Active CN106845215B (en) | 2016-12-30 | 2016-12-30 | Safety protection method and device based on virtualization environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106845215B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107544845A (en) * | 2017-06-26 | 2018-01-05 | 新华三大数据技术有限公司 | GPU resource dispatching method and device |
| CN110740100A (en) * | 2019-10-22 | 2020-01-31 | 新华三信息安全技术有限公司 | transmission rate determination method, device, network equipment and storage medium |
| CN111585949A (en) * | 2020-03-18 | 2020-08-25 | 平安科技(深圳)有限公司 | Vulnerability scanning method and related equipment |
| CN113190276A (en) * | 2020-01-13 | 2021-07-30 | 奇安信科技集团股份有限公司 | Intelligent virus scanning processing method and device |
| CN114615035A (en) * | 2022-02-28 | 2022-06-10 | 亚信科技(成都)有限公司 | Security detection method, server and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102654841A (en) * | 2011-03-02 | 2012-09-05 | 中国电信股份有限公司 | Method and device for allocating computing resource of virtual machine based on fine granularity |
| CN102811239A (en) * | 2011-06-03 | 2012-12-05 | 中兴通讯股份有限公司 | Virtual machine system and safety control method thereof |
| CN103178988A (en) * | 2013-02-06 | 2013-06-26 | 中电长城网际系统应用有限公司 | Method and system for monitoring virtualized resources with optimized performance |
| CN104714851A (en) * | 2015-03-30 | 2015-06-17 | 中国联合网络通信集团有限公司 | Method and device for realizing resource distribution |
| CN104766010A (en) * | 2015-03-10 | 2015-07-08 | 北京汉柏科技有限公司 | Method for solving scanning storm of antivirus program |
-
2016
- 2016-12-30 CN CN201611269685.5A patent/CN106845215B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102654841A (en) * | 2011-03-02 | 2012-09-05 | 中国电信股份有限公司 | Method and device for allocating computing resource of virtual machine based on fine granularity |
| CN102811239A (en) * | 2011-06-03 | 2012-12-05 | 中兴通讯股份有限公司 | Virtual machine system and safety control method thereof |
| CN103178988A (en) * | 2013-02-06 | 2013-06-26 | 中电长城网际系统应用有限公司 | Method and system for monitoring virtualized resources with optimized performance |
| CN104766010A (en) * | 2015-03-10 | 2015-07-08 | 北京汉柏科技有限公司 | Method for solving scanning storm of antivirus program |
| CN104714851A (en) * | 2015-03-30 | 2015-06-17 | 中国联合网络通信集团有限公司 | Method and device for realizing resource distribution |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107544845A (en) * | 2017-06-26 | 2018-01-05 | 新华三大数据技术有限公司 | GPU resource dispatching method and device |
| CN107544845B (en) * | 2017-06-26 | 2020-08-11 | 新华三大数据技术有限公司 | GPU resource scheduling method and device |
| CN110740100A (en) * | 2019-10-22 | 2020-01-31 | 新华三信息安全技术有限公司 | transmission rate determination method, device, network equipment and storage medium |
| CN110740100B (en) * | 2019-10-22 | 2022-04-22 | 新华三信息安全技术有限公司 | Transmission rate determining method, device, network equipment and storage medium |
| CN113190276A (en) * | 2020-01-13 | 2021-07-30 | 奇安信科技集团股份有限公司 | Intelligent virus scanning processing method and device |
| CN111585949A (en) * | 2020-03-18 | 2020-08-25 | 平安科技(深圳)有限公司 | Vulnerability scanning method and related equipment |
| CN111585949B (en) * | 2020-03-18 | 2023-04-07 | 平安科技(深圳)有限公司 | Vulnerability scanning method and related equipment |
| CN114615035A (en) * | 2022-02-28 | 2022-06-10 | 亚信科技(成都)有限公司 | Security detection method, server and storage medium |
| CN114615035B (en) * | 2022-02-28 | 2023-12-08 | 亚信科技(成都)有限公司 | Security detection method, server and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106845215B (en) | 2020-04-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106845215A (en) | Based on safety protecting method and device under virtualized environment | |
| US10264063B2 (en) | Method and apparatus for scheduling cloud server | |
| CN108399101B (en) | Method, device and system for scheduling resources | |
| US10635473B2 (en) | Setting support program, setting support method, and setting support device | |
| CN109586952B (en) | Server capacity expansion method and device | |
| CN104410543B (en) | Automated testing method and system based on cloud resource | |
| US8762538B2 (en) | Workload-aware placement in private heterogeneous clouds | |
| US10853489B2 (en) | Data-driven identification of malicious files using machine learning and an ensemble of malware detection procedures | |
| CN104392175A (en) | System and method and device for processing cloud application attack behaviors in cloud computing system | |
| US8938648B2 (en) | Multi-entity test case execution workflow | |
| CN109379347B (en) | Safety protection method and equipment | |
| CN105607986A (en) | Acquisition method and device of user behavior log data | |
| US10579299B2 (en) | Method, apparatus, server and storage medium of erasing cloud host in cloud-computing environment | |
| US20150019722A1 (en) | Determining, managing and deploying an application topology in a virtual environment | |
| CN110049028B (en) | Method and device for monitoring domain control administrator, computer equipment and storage medium | |
| CN110221845A (en) | Using dispositions method, device, equipment and medium | |
| US20170302588A1 (en) | Method and apparatus for provisioning of resources to support applications and their varying demands | |
| CN104008038B (en) | The evaluating method and device of software | |
| CN107329914A (en) | It is a kind of that the out of order method and device of hard disk is detected based on linux system | |
| CN106845231A (en) | Based on safety protecting method and device under virtualized environment | |
| CN107329836A (en) | Multi-system memory management method and device and mobile terminal | |
| KR101994664B1 (en) | Vulnerability checking system based on cloud service | |
| CN106844004B (en) | Security protection method and system based on virtualization environment | |
| US20220206836A1 (en) | Method and Apparatus for Processing Virtual Machine Migration, Method and Apparatus for Generating Virtual Machine Migration Strategy, Device and Storage Medium | |
| CN107239689A (en) | A kind of recognition methods of checking information based on mass-rent and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100190 Zhongguancun street, Haidian District, Beijing, No. 22, A1305, 13 Applicant after: Beijing net an Technology Limited by Share Ltd Address before: 100190 Beijing City, Haidian District Zhongguancun street, No. 22, building 1301 Applicant before: Beijing Rising Information Technology Co., Ltd |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |