CN106845245A - A kind of hot restorative procedure of leak based on Xen virtual platforms - Google Patents

A kind of hot restorative procedure of leak based on Xen virtual platforms Download PDF

Info

Publication number
CN106845245A
CN106845245A CN201611191813.9A CN201611191813A CN106845245A CN 106845245 A CN106845245 A CN 106845245A CN 201611191813 A CN201611191813 A CN 201611191813A CN 106845245 A CN106845245 A CN 106845245A
Authority
CN
China
Prior art keywords
xen
patch
dom0
virtual
hypercalls
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611191813.9A
Other languages
Chinese (zh)
Other versions
CN106845245B (en
Inventor
贾晓启
郑小妹
唐静
杜海超
白璐
武希耀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201611191813.9A priority Critical patent/CN106845245B/en
Publication of CN106845245A publication Critical patent/CN106845245A/en
Application granted granted Critical
Publication of CN106845245B publication Critical patent/CN106845245B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of hot restorative procedure of the leak based on Xen virtual platforms.The method repairs Xen platform leaks by privileged domain Dom0, the operation without restarting virtual machine on machine and pause platform, realizes the hot repair function of virtual platform leak based on Xen;The method completes the insertion and application of patch by privileged domain Dom0, it is ensured that the controllability and security of patch;The Xen hypercalls operation increased newly in the method, for realizing being communicated between Xen and Dom0, flag bit is respectively provided with before patch insertion and after insertion, the additions and deletions not comprising patch change looks into operation, it is to avoid malicious attacker utilizes the mode of virtual machine application hypercalls to destroy Xen kernel functions.The present invention can exactly repair virtual platform leak, without restarting machine, it is ensured that the normal operation of virtual machine on virtual platform, and be repaired safer using Dom0.

Description

A kind of hot restorative procedure of leak based on Xen virtual platforms
Technical field
The invention belongs to cloud computing security technology area, a kind of method for being related to virtual platform leak to repair especially is related to And the hot restorative procedure of leak based on Xen virtual platforms.
Background technology
Cloud computing receives the extensive concern of government, industrial quarters, academia as a kind of computation schema of rapid emergence, Brought to whole IT industries and thoroughly changed.Cloud computing refers to apply to be delivered for use by internet with service form, and And the hardware and software of data center can provide these services.Cloud computing helps enterprise, government, public organizations, private sector With research institution formed more effectively, have the computing system of requirement drive.Intel Virtualization Technology is as the basic module of cloud computing The support most important technology foundation stone of cloud computing.
Virtualization brings a certain degree of property of can customize and controllability, substantially a kind of to create different computing environments Technology.Three kinds of the most commonly used Intel Virtualization Technologies are that the Full-virtualization based on software, the virtualization of hardware auxiliary and class are virtual Change technology.Intel Virtualization Technology occurs in that the products of many maturations by development for many years, using also from initial server to The broader field such as desktop.The mainstream vendor of virtualization software includes VMware, Xen, KVM and Microsoft.Wherein, as The open source software project that one community for originating from univ cambridge uk drives, Xen has attracted many companies and scientific research institutions Developer, develops very fast.Xen initial virtualization thinking is class virtualization, by changing linux kernel, realization treatment The virtualization of device and internal memory, drives framework to realize that the class of equipment is virtualized by introducing input and output front and back end.With Xen communities Develop, hardware Full-virtualization technology is also added in Xen.Current highly developed, the void based on Xen of Xen Planization product is also a lot, and such as Ctrix, Virtuallron, Redhat and Novell, Ali's cloud have corresponding product.
While Intel Virtualization Technology is developed rapidly, many safety problems are also inevitably brought, it is flat using virtualization The malicious act that platform leak is attacked emerges in an endless stream, and seriously compromises the interests of cloud service manufacturer and cloud service user.Leakage Hole once exposes, in order to not influence service security, it is necessary to cloud computing company is quickly repaired to leak.Presently, there are cold start-up With the multiple two kinds of Xen leak repair modes of hot repair.As its name suggests, cold start-up mode, refers to by changing and compiling Xen source codes and restart The mode of machine repairs Xen plateform system leaks.Cold start-up mode is realized simple and crude, but restarting for server necessarily affect The normal operation of layer user's business.Hot repair mode, during referring to that server runs, change Installed System Memory insertion patch.Hot repair Compound formula does not influence upper layer cloud service user's service operation, and technical threshold is high, while needing to consider various combination thereofs, gives Cloud computing manufacturer brings great challenge.A kind of method multiple it is therefore desirable to propose virtual platform leak hot repair, efficiently Repair virtual platform leak, it is to avoid the generation of malicious attack.
The content of the invention
Problem is repaired for virtual platform leak, the present invention proposes a kind of leak heat based on Xen virtual platforms Restorative procedure.Xen virtual platforms are carried out environmental structure, using and source code analyze after, it can be found that Xen virtual platforms Under there is privileged domain Dom0, Dom0 dma operation can access Xen internal memories.It is of the invention that Xen is leaked using privileged domain Dom0 mainly Hole carries out internal memory reparation.
The technical solution adopted by the present invention is as follows:
A kind of hot restorative procedure of leak based on Xen virtual platforms, its step includes:
1) the e820 meters according to Xen systems calculate Xen physical memory initial addresses, and the wherein e820 tables of Xen systems are to be System physical memory distribution table, in being generated in Xen start-up courses and exporting system journal;
2) according to physical memory initial address and Xen the internal memories distribution for calculating, the virtual address of complex function to be repaired is calculated The physical address be mappeding to, wherein Xen internal memories are distributed as the internal memory distribution in system virtual address space, have in Xen source codes Clear stipulaties;
3) patch machine code is obtained by privileged domain Dom0, and patch is write into internal memory, record patch function is physically Location;
4) privileged domain Dom0 using hypercalls notify Xen have patch need insertion;
5) the hypercalls request of Xen treatment privileged domains Dom0, sets flag bit, notifies Dom0 insertion patches;
6) privileged domain Dom0 insertions patch, meanwhile, Xen intercepts VMEXIT requests, waits patch insertion to complete;
7) after patch is inserted successfully, privileged domain Dom0 notifies that Xen patches are inserted and completes using hypercalls;
8) request of Xen treatment privileged domain Dom0 hypercalls, resets flag bit.
In the above method, the insertion of patch using privileged domain Dom0 DMA (Direct Memory Access, directly in Deposit access) completion is operated, it is necessary to calculate the physical address that complex function place to be repaired memory virtual address of cache is arrived, grasped as DMA The physical memory addresses of work.Meanwhile, all patches write internal memory in the form of machine code.
In the above method, Xen communicates with privileged domain Dom0 by way of hypercalls and event are notified.As the visitor of Xen When family machine needs to perform the operation of authority higher, such as renewal of page table, the access to physical resource, due to from non-privileged Domain cannot complete these operations, then need to be completed by calling hypercalls to give Xen.
In the above method, it is trapped in, it is necessary to perform VMEXIT operations when fully virtualized lower virtual machine performs privileged instruction Xen, Xen perform kernel function and replace virtual machine to process privileged instruction.
The beneficial effects of the invention are as follows:
1. the present invention repairs Xen platform leaks by privileged domain Dom0, without restarting virtual machine on machine and pause platform Operation, realize the hot repair function of virtual platform leak based on Xen.
2. the present invention completes the insertion and application of patch by privileged domain Dom0, it is ensured that the controllability and safety of patch Property.
3. the newly-increased Xen hypercalls operation of the present invention, only for realizing being communicated between Xen and Dom0, before patch insertion With flag bit is respectively provided with after insertion, the additions and deletions not comprising patch change looks into operation, it is to avoid malicious attacker utilizes virtual machine Shen Please the mode of hypercalls destroy Xen kernel functions.
To sum up, the hot restorative procedure of the leak based on Xen virtual platforms proposed by the present invention, can accurately repair void Planization platform leak, without restarting machine, it is ensured that the normal operation of virtual machine on virtual platform, and repaiied using Dom0 It is multiple safer.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the hot restorative procedure of leak based on Xen virtual platforms.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is to be understood that described embodiment is only a part of embodiment of the invention, rather than whole implementation Example.Based on the embodiment in the present invention, it is all that those skilled in the art are obtained under the premise of creative work is not made Other embodiment, belongs to the scope of protection of the invention.
Realize that a kind of specific embodiment of the invention is as follows, the hot restorative procedure of leak based on Xen virtual platforms, its Step is:
1) the e820 meters according to Xen systems calculate Xen physical memory initial addresses;
2) it is distributed according to the above-mentioned physical memory initial address for calculating and Xen internal memories, calculates the virtual of complex function to be repaired The physical address that address be mapped to;
3) patch machine code is obtained by privileged domain Dom0, and patch is write into internal memory, physics where record patch function Memory address;
4) privileged domain Dom0 using hypercalls notify Xen have patch need insertion;
5) the hypercalls request of Xen treatment privileged domains Dom0, sets flag bit, notifies Dom0 insertion patches;
6) privileged domain Dom0 insertions patch, meanwhile, Xen intercepts VMEXIT requests, waits patch insertion to complete;
7) after patch is inserted successfully, privileged domain Dom0 notifies that Xen patches are inserted and completes using hypercalls;
8) request of Xen treatment privileged domain Dom0 hypercalls, resets flag bit.
The virtualized environment that this method is used is Xen virtual platforms, and virtual machine is divided into privileged virtual machine under Xen platforms Dom0 and non-privileged virtual machine DomU.Xen Installed System Memories are the internal memory of strict isolation, before the versions of Xen 4.0, privileged domain The dma operation of Dom0 can have access to Xen Installed System Memories.
The e820 tables of Xen systems refer to current system physical memory distribution table, describe the use feelings of current system physical memory Condition, in being generated in Xen start-up courses and exporting system journal.
Xen physical memory initial addresses, refer to the first address of kernel function after Xen starts.By kernel dynamic after Xen startups It is remapped to a high-end physical address.
The physical address that the virtual address of complex function to be repaired be mapped to, refers to position of the complex function to be repaired in physical memory Put, the present invention accesses Xen Installed System Memories by the dma operation of privileged domain Dom0, the address that dma operation is used is physical memory ground Location.
Communicated using hypercalls and event between privileged domain Dom0 and Xen.The user of privileged domain Dom0 from Program applies for hypercalls using a special Kernel Driver privcmd, through kernel processes after, transfer at lower floor Xen Reason hypercalls request.
Xen sends event and notifies to privileged domain Dom0, in the form of virtual interrupt, after Dom0 receives event notice, and treatment Process is similar with treatment physical discontinuity.
Hypercalls can be constantly produced to ask and VMEXIT, VMENTRY operation in virtual machine running.VMEXIT refers to , it is necessary to by Xen treatment in being trapped in Xen during virtual machine execution privileged instruction.Xen is returned the result to after having performed privileged instruction In virtual machine, perform during VMENTRY operations are switched to virtual machine and run.Wherein the processing procedure of VMEXIT includes preserving virtual machine Buffer status, load host buffer status, perform VMEXIT treatment functions, perform VMENTRY and continue scheduling virtual machine Operation.
Fig. 1 is the schematic flow sheet of the above-mentioned hot restorative procedure of the leak based on Xen virtual platforms, detailed to its each step It is described as follows:
1. Xen physical memory initial addresses are calculated.
Xen Hypervisor are dynamically loaded into the high-end address xen_phys_start of internal memory in start-up course.The height End address is determined by below equation:
Xen_phys_start=end-reloc_size;
Wherein end is represented in physical address space, maximum free memory first address within 4G.Reloc_size is Xen's The size of the memory headroom shared by code and data segment, is defaulted as 4M.In one embodiment of this invention, we are by another Same version Xen is installed in the compiling of platform main frame source code, obtains reloc_size sizes values.
2. the internal memory physical address where calculating complex function to be repaired.
The Xen Hypervisor pages are linearly mapped to high-end virtual address, in one embodiment of this invention, by looking into See that the distribution of Xen internal memories obtains Xen memory virtual initial address xen_virt_start, separately obtained by checking Xen-syms files Complex function virtual address VA to be repaired, according to above-mentioned gained Xen physical memory initial addresses, extrapolates interior store function physics to be repaired The computing formula of address PA:
1. offset=VA-xen_virt_start
2. PA=xen_phys_start+offset
3. patch machine code is obtained.
Because patch needs the physical memory that writes direct, to ensure the lattice of patch machine code and internal memory functional machine code Formula is consistent.The present invention combines kernel restorative procedure kpatch and kgraft realization principle under existing Linux, on the same host Kernel function source code is repaired, is recompilated and Xen is installed, reading Xen binary files finally by privileged domain Dom0 obtains patch The machine code of function.Privileged domain Dom0 performs DMA write operation and patch machine code is write into internal memory.
In other embodiments, can also recompilate and Xen is installed by repairing kernel function source code on another main frame, The machine code of patch function is read finally by the dma operation of privileged domain Dom0.The write-in of patch can be by privileged domain Dom0's Read the kernel spacing that machine code write-in kmalloc operation applications are arrived in file operation.
4. patch is inserted in privileged domain Dom0 requests.
Privileged domain Dom0 and Xen are communicated by hypercalls and event.System under hypercalls and Linux Calling the user program of similar, privileged domain Dom0 can apply for super tune using a special Kernel Driver privcmd With.The newly-increased hypercalls of the present invention operate HYPERVISOR_set_worktodo and two child-operation, are respectively intended to set Flag bit and clear flag position.
The hypercalls request of Xen treatment Dom0, sets flag bit, and sends event notice to privileged domain Dom0, notifies Dom0 can carry out patch insertion operation.The present invention increases a virtual interrupt newly, for the communication between Xen and Dom0.Xen to It is virtual interrupt request that Dom0 sends an event notice, and privileged domain Dom0 processes the virtual interrupt, in processing procedure and physics It is disconnected similar.
5. privileged domain Dom0 inserts patch.
To realize in Xen runnings store function in dynamic replacement Xen Hypervisor, the present invention passes through privileged domain DMA read operation of Dom0, by original function machine code, first five byte is changed to a JMP jump instruction, and original function is performed When, instruction jumps to new function and continues executing with from original function.
For complex function to be repaired correctly runs during ensureing insertion patch, the present invention is by setting flag bit livepatch_ Work and works_to_do, being respectively intended to mark currently has patch to need insertion and is carrying out patch insertion operation.
Hypercalls can be constantly produced to ask and VMEXIT, VMENTRY operation in virtual machine running.VMEXIT refers to , it is necessary to by Xen treatment in being trapped in Xen during virtual machine execution privileged instruction.To avoid complex function to be repaired in patch insertion process Called, the present invention first determines whether livepatch_work flag bits in the VMEXIT treatment functions of Xen, if being set, There is patch needs insertion, and continuation judges works_to_do flag bits, if being set, there is CPU and is carrying out patch insertion Operation, now suspends the VMEXIT processing procedures, waits patch insertion operation to complete, while dispatching the operation of other virtual machines.
6. privileged domain Dom0 notifies that the insertion of Xen patches is completed.
At the end of patch is inserted Xen internal memories, dma operation by privileged domain Dom0 by a dma operation, privileged domain Dom0 hairs Send hypercalls to ask, notify that the insertion of Xen patches is completed, Xen resets flag bit livepatch_work and works_to_do, Continue the VMEXIT processing procedures being suspended.
Experimental result:
Function validity test, test result table are carried out to the hot restorative procedure of leak based on Xen virtual platforms first It is bright that Xen virtual platforms can be repaired on the premise of it need not restart system and pause virtual machine by method proposed by the present invention Leak, meets design object of the invention.
Secondly in order to weigh the performance impact that the method is brought to virtual machine, the performance in the case of following two is carried out Analysis and assessment:Virtual machine performance during virtual machine performance and hot repair are multiple when not carrying out hot repair again.Memory read-write is can Reflect the typical operation of systematic function, as a result show, the virtual platform and primary platform of leak reparation are carried out using the method Though occurring difference in performance, pause is virtual while ensureing to repair Xen virtual platform leaks with existing certain methods Machine operation is compared, and experimental result of the present invention is lost in tolerance interval to virtual machine performance, and systematic function after the completion of reparation Recover, the Detection results of the inventive method are more preferable.

Claims (8)

1. the hot restorative procedure of a kind of leak based on Xen virtual platforms, it is characterised in that comprise the following steps:
1) the e820 meters according to Xen systems calculate Xen physical memory initial addresses;
2) according to physical memory initial address and Xen the internal memories distribution for calculating, the virtual address for calculating complex function to be repaired is reflected The physical address being mapped to;
3) patch machine code is obtained by privileged domain Dom0, and patch is write into internal memory, physical memory where record patch function Address;
4) privileged domain Dom0 using hypercalls notify Xen have patch need insertion;
5) the hypercalls request of Xen treatment privileged domains Dom0, notifies Dom0 insertion patches;
6) after patch is inserted successfully, privileged domain Dom0 notifies that Xen patches are inserted and completes using hypercalls, that is, complete leak hot repair It is multiple.
2. the method for claim 1, it is characterised in that:In virtual machine running constantly produce hypercalls request and VMEXIT, VMENTRY are operated, it is necessary to by Xen in being trapped in Xen when wherein VMEXIT refers to virtual machine execution privileged instruction Reason;Xen has been performed in return the result to after privileged instruction virtual machine, is performed during VMENTRY operations are switched to virtual machine and is run.
3. method as claimed in claim 2, it is characterised in that:During privileged domain Dom0 insertion patches, Xen intercepts VMEXIT please Ask, wait patch insertion to complete.
4. method as claimed in claim 2, it is characterised in that be respectively provided with flag bit before patch insertion and after insertion, use Complex function to be repaired correctly runs during insertion patch is ensured, i.e.,:Xen sets flag bit first, then notifies Dom0 insertions Patch;After the completion of patch insertion, Xen resets flag bit.
5. method as claimed in claim 4, it is characterised in that:The flag bit includes livepatch_work and works_ To_do, being respectively intended to mark currently has patch to need insertion and is carrying out patch insertion operation;In the VMEXIT treatment of Xen Livepatch_work flag bits are first determined whether in function, if being set, there is patch needs insertion, continuation to judge works_ , if being set, there is CPU and be carrying out patch insertion operation in to_do flag bits, now suspend the VMEXIT processing procedures, Patch insertion operation is waited to complete, while dispatching the operation of other virtual machines;After the completion of patch insertion, Xen resets flag bit Livepatch_work and works_to_do, continues the VMEXIT processing procedures being suspended.
6. the method for claim 1, it is characterised in that:The insertion of patch is completed using the dma operation of privileged domain Dom0, Physical memory addresses of the physical address that memory virtual address of cache where complex function to be repaired is arrived as dma operation.
7. the method for claim 1, it is characterised in that:Xen and privileged domain Dom0 is notified by hypercalls and event Mode communicate, when the client computer of Xen needs to perform the operation of authority higher, Xen is given come complete by calling hypercalls Into.
8. the method for claim 1, it is characterised in that:Increase a virtual interrupt for logical between Xen and Dom0 Letter, it is that virtual interrupt is asked that Xen sends an event notice to Dom0, and privileged domain Dom0 processes the virtual interrupt.
CN201611191813.9A 2016-12-21 2016-12-21 A kind of hot restorative procedure of loophole based on Xen virtual platform Active CN106845245B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611191813.9A CN106845245B (en) 2016-12-21 2016-12-21 A kind of hot restorative procedure of loophole based on Xen virtual platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611191813.9A CN106845245B (en) 2016-12-21 2016-12-21 A kind of hot restorative procedure of loophole based on Xen virtual platform

Publications (2)

Publication Number Publication Date
CN106845245A true CN106845245A (en) 2017-06-13
CN106845245B CN106845245B (en) 2019-11-26

Family

ID=59135119

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611191813.9A Active CN106845245B (en) 2016-12-21 2016-12-21 A kind of hot restorative procedure of loophole based on Xen virtual platform

Country Status (1)

Country Link
CN (1) CN106845245B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108121552A (en) * 2017-11-06 2018-06-05 广东睿江云计算股份有限公司 A kind of automation patch method based on XenServer
CN111078262A (en) * 2018-10-18 2020-04-28 百度在线网络技术(北京)有限公司 Application thermal restoration method and device
CN117573292A (en) * 2024-01-15 2024-02-20 麒麟软件有限公司 Method for Xen running general RTOS virtual machine

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104915595A (en) * 2015-06-30 2015-09-16 北京奇虎科技有限公司 Virtualization bug fixing method and device through cloud platform
CN104978532A (en) * 2011-12-27 2015-10-14 北京奇虎科技有限公司 Vulnerability repair client logic testing method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104978532A (en) * 2011-12-27 2015-10-14 北京奇虎科技有限公司 Vulnerability repair client logic testing method and system
CN104915595A (en) * 2015-06-30 2015-09-16 北京奇虎科技有限公司 Virtualization bug fixing method and device through cloud platform

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
姜俊方等: "基于监视代理的Iaas平台漏洞扫描框架", 《四川大学学报(工程科学版)》 *
孟江涛等: "一个基于虚拟机的日志审计和分析系统", 《计算机应用》 *
蔡志强等: "一种基于虚拟机的动态内存泄露检测方法", 《计算机应用与软件》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108121552A (en) * 2017-11-06 2018-06-05 广东睿江云计算股份有限公司 A kind of automation patch method based on XenServer
CN108121552B (en) * 2017-11-06 2021-01-12 广东睿江云计算股份有限公司 Automatic patching method based on XenServer
CN111078262A (en) * 2018-10-18 2020-04-28 百度在线网络技术(北京)有限公司 Application thermal restoration method and device
CN111078262B (en) * 2018-10-18 2023-04-11 百度在线网络技术(北京)有限公司 Application thermal restoration method and device
CN117573292A (en) * 2024-01-15 2024-02-20 麒麟软件有限公司 Method for Xen running general RTOS virtual machine
CN117573292B (en) * 2024-01-15 2024-04-09 麒麟软件有限公司 Method for Xen running general RTOS virtual machine

Also Published As

Publication number Publication date
CN106845245B (en) 2019-11-26

Similar Documents

Publication Publication Date Title
EP1939754B1 (en) Providing protected access to critical memory regions
Rosenblum et al. Virtual machine monitors: Current technology and future trends
US8464259B2 (en) Migrating virtual machines configured with direct access device drivers
US8151263B1 (en) Real time cloning of a virtual machine
US8661181B2 (en) Memory protection unit in a virtual processing environment
Wu et al. Taming hosted hypervisors with (mostly) deprivileged execution.
US20100262722A1 (en) Dynamic Assignment of Graphics Processing Unit to a Virtual Machine
CN103064796B (en) virtual machine memory sharing method and computer system
WO2017112248A1 (en) Trusted launch of secure enclaves in virtualized environments
JP2005528665A (en) Methods for providing system integrity and legacy environments
Heiser et al. Are virtual-machine monitors microkernels done right?
KR20140111998A (en) Creating an isolated execution environment in a co-designed processor
US20070038996A1 (en) Remote I/O for virtualized systems
KR101640769B1 (en) Virtual system and instruction executing method thereof
JP7461694B2 (en) Program interruption for importing/exporting pages
US20180307516A1 (en) Transparent code patching using a hypervisor
Pfaff et al. The pintos instructional operating system kernel
CN106845245B (en) A kind of hot restorative procedure of loophole based on Xen virtual platform
Yao et al. Sugar: Secure GPU acceleration in web browsers
CN112099916B (en) Virtual machine data migration method and device, computer equipment and storage medium
Peter et al. Virtual machines jailed: virtualization in systems with small trusted computing bases
Kim et al. NHVM: design and implementation of linux server virtual machine using hybrid virtualization technology
CN107239696B (en) A kind of hot restorative procedure of loophole for virtualization hypercalls function
CN107861795A (en) Method, system, device and the readable storage medium storing program for executing of analog physical TCM chips
Jin et al. Administrative domain: security enhancement for virtual TPM

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant