CN106909509B - A kind of virtual machine process code without acting on behalf of paging type gauging system and method - Google Patents
A kind of virtual machine process code without acting on behalf of paging type gauging system and method Download PDFInfo
- Publication number
- CN106909509B CN106909509B CN201710116432.2A CN201710116432A CN106909509B CN 106909509 B CN106909509 B CN 106909509B CN 201710116432 A CN201710116432 A CN 201710116432A CN 106909509 B CN106909509 B CN 106909509B
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- page
- code
- information
- metric
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Memory System Of A Hierarchy Structure (AREA)
- Debugging And Monitoring (AREA)
Abstract
The present invention disclose a kind of virtual machine process code without paging type gauging system and method is acted on behalf of, system includes trapping module, metric module, contrast module, base value library and log;Metric point is arranged in trapping module, the system event occurred in virtual machine is captured, using the progress information of the current executive process of VMI technology reengineering virtual machine;Metric module is divided according to progress information, by virtual machine process code according to virtual machine physical page size, is each page of generation page information, and the code page of virtual machine physical memory is loaded into according to page information measurement, generates metric;Contrast module is compared according to the metric of code page in conjunction with the base value in base value library, analyzes its integrality, and log is written in comparative information;The base value information of store code page in base value library;The comparative information of log recording code page metrics process.The present invention solves the problems, such as that virtual machine dynamic assigning memory mode causes Hypervisor that can not measure full virtual machine process code.
Description
Technical field
The present invention relates to secure virtual machine monitoring technology fields, and in particular to a kind of virtual machine process code divides without agency
Page gauging system and method.
Background technique
Virtualization technology is one of core technology of cloud computing platform, with the extensive application of cloud computing service, cloud computing
Safety in platform becomes focus.Under normal circumstances, the key business being deployed on cloud needs long-play, is user
Service is provided, and the safety of business, stability and availability are then the crucial requirements for guaranteeing service quality.On the one hand, virtually
Carrier of the machine operating system as key business, there are different degrees of safety defects, such as system configuration, code vulnerabilities;Separately
On the one hand, there is also loopholes etc. for key business native codes.Malware can use the loophole of operating system and operation system
Key business code is modified, to pretend itself to exist, steal sensitive data etc., seriously threatens the stable operation of key business.Cause
This, discovery is directed to distorting for key business as early as possible, it is necessary to virtual machine process code integrity progress amount.
Modern operating system generally uses Paging system to realize memory management, continuous logically for the distribution of User space process
Location space, but as unit of Physical Page, physical memory is dynamically distributed by the way of distribution according to need, only load needs to immediately access
Code or data.Integrity verification process generally comprises two parts of measurement and verifying: being responsible in collection system measurement part
Portion's information is simultaneously sent to verification portion;Verification portion is responsible for saving original base value, and be compared with received metric with
Verify integrality.It, can according to the deployed position of measurement part in the method measured under cloud environment for virtual machine system
To be divided into two classes: one kind is will to measure partial deployment in virtual machine;Another kind of is that will measure partial deployment in Hypervisor
In.
The available virtual machine system information abundant of first kind method, but existing defects: 1) target virtual machine version is relied on
This, versatility is not strong;2) attack vulnerable to virtual machine internal Malware needs Hypervisor to provide additional protection and arranges
It applies, increases the complexity of system.The high privilege level and isolation that second class method utilizes Hypervisor to have, avoid measuring
Also faced the challenge simultaneously by the malicious attack for carrying out self virtualizing machine part: virtual machine is that internal process dynamically distributes in physics
Simultaneously loading code or data are deposited, the measurement part in Hypervisor is difficult to completely obtain virtual machine process code or data
And integrity verification is carried out to it.
Summary of the invention
In view of the above-mentioned problems, virtual machine process integrality can be measured the purpose of the present invention is to provide one kind
Virtual machine process code without acting on behalf of paging type gauging system and method, caused in a manner of virtual machine dynamic assigning memory by solving
Hypervisor can not measure the problem of full virtual machine process code section.Technical solution is as follows:
A kind of virtual machine process code without acting on behalf of paging type gauging system, including trapping module, metric module, base value
Library, contrast module and log;
Trapping module captures the system event occurred in virtual machine in Hypervisor layers of setting metric point;It captures and is
After system event, using the introspection of VMI(Virtual Machine Introspection virtual machine) technology progress Semantics Reconstruction, is obtained
The progress information of the current executive process of virtual machine is taken, and progress information is transmitted to metric module;
Metric module receives the virtual machine process information of trapping module transmitting, will as unit of virtual machine physical page size
Virtual machine process code segment is divided into multiple code pages, generates the page information of each code page;According to page information, code page is judged
Whether it is loaded into virtual machine physical memory: if being loaded into virtual machine physical memory, measures this code page, generates
Code page metric;If not being loaded into virtual machine physical memory, ignore the measurement of this code page;And code will be generated
Page metric is transmitted to contrast module;
Base value library is the list of the measurement base value information of all virtual machine process code pages of storage;
Contrast module receives the metric of metric module transmitting, reads the base value information in base value library;By metric
It is compared with base value information, and comparative information is written in log;
Log is used to receive and record the comparative information of measurement comparison transmission.
Further, the metric point is to trigger the virtual machine system event of Hypervisor layers of metrics process.
Further, the system event is the system action for causing virtual machine in virtual machine system and exiting event, packet
It includes but is not limited to processes calling, process switching, page fault.
Further, the progress information is essential information needed for Hypervisor measures virtual machine process code,
Including but not limited to virtual machine process title, virtual machine process code initial address, virtual machine process code length;It is described virtual
Machine process code initial address is to be measured the virtual address of virtual machine process code.
Further, the page information is essential information needed for Hypervisor measures virtual machine process code page,
Including but not limited to virtual machine process title, page number, start of Page address and page length degree;The start of Page address be virtual machine into
The virtual address of range code page.
Further, the metric is essential information needed for contrast module executes comparison process, including but not
It is limited to virtual machine process title, code page number, code page metric and code page length.
Further, the base value information is the credible metric of code page in normal state, credible measurement letter
Breath includes but is not limited to process name, code page number and code page metric.
Further, the comparative information is virtual machine process code page metric and virtual machine process code page base value
The comparing result of information, including but not limited to process name, code page number, metric, base value, comparing result, reduced time.
A kind of virtual machine process code without acting on behalf of paging type measure, comprising the following steps:
A: in virtual machine operational process, process falls into instruction access core system by system calling and calls processing journey
Sequence;
B: virtual machine generates virtual machine and moves back when calling system calling falls into instruction access core system and calls processing routine
Outgoing event;
C: the virtual machine that generates exits event in trapping module capture virtual machine, and by VMI technology reengineering virtual machine into
Journey semantic information, then it is transmitted to metric module;
D: after metric module receives virtual machine process information, according to virtual machine process code initial address and virtual machine into
Range code length divides multiple code pages with virtual machine physical page size, and generates page information;Further according to virtual in page information
Machine process code page number and virtual machine process code page initial address, access virtual machine physical memory judge code page whether by
Load;If being loaded, code page is measured, metric is generated and is transmitted to contrast module;If not being loaded, ignore
The metrics process of this code page;
E: contrast module compares the metric received and the base value information read from base value library, and by comparative information
It is transmitted in log;Restore the execution that virtual machine system calls processing routine;
F: system calls processing routine to continue to execute in virtual machine kernel according to normal flow, and system is called after being finished
System calls the normal operation of exit instruction recovering process.
The beneficial effects of the present invention are:
(1) virtual machine process code is divided into multiple pages by the present invention, and to the code for being loaded into virutal machine memory
Page is measured, and solving virtual machine dynamic assigning memory mode causes Hypervisor that can not measure full virtual machine process generation
The problem of code;
(2) measurement process is deployed in Hypervisor layers by the present invention, transparent by the way of no agency, dynamically measure
Virtual machine process code, it is not necessary to modify virtual machine kernels;Meanwhile measuring process and being located at except virtual machine, it avoids in virtual machine
The attack of portion's Malware, improves safety;
(3) metric form that the present invention uses, can be used for measuring virtual machine other information, including but not limited to virtual machine
Kernel static data, virtual machine process static data etc..
Detailed description of the invention
Fig. 1 is that the non-proxy virtual machine process system of the present invention calls behavior monitoring method block diagram.
Fig. 2 is the transparent capture virtual machine system call flow chart of the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with the drawings and specific embodiments pair
The present invention, which is done, to be further described in detail.The realization principle of this system is as follows:
In Hypervisor layers of setting metric point, the system event that virtual machine process causes is intercepted, is read using VMI technology
Virtual machine process information.According to the virtual machine process information of reading, as unit of virtual machine Physical Page, by virtual machine process code
Multiple code pages are divided into, determine the number and initial address of each code page.At Hypervisor layers according to each code page
Initial address, judge whether each code page is loaded into virtual machine physical memory;If code page is loaded into void
In quasi- machine physical memory, then in this code page of Hypervisor depth amount;If not being loaded into virtual machine physical memory,
Ignore the measurement to this code page.According to progress information, code page number and metric, corresponding base value is read in base value library simultaneously
It compares, verifies the integrality of each code page, and be recorded in log.
As shown in Figure 1, the virtual machine process code of the present embodiment without act on behalf of paging type gauging system include trapping module,
Metric module, base value library, contrast module and log.
1) trapping module captures the system event occurred in virtual machine in Hypervisor layers of setting metric point;It captures
After system event, Semantics Reconstruction is carried out using VMI technology, obtains the progress information of the current executive process of virtual machine, and by process
Information is transmitted to metric module.
In the present embodiment, metric point is to trigger the virtual machine system event of Hypervisor layers of metrics process.System event
Exit the process behavior of event to cause virtual machine in virtual machine system, including but not limited to processes calling, process switching,
Page fault etc..
The progress information is essential information needed for Hypervisor measurement virtual machine process code, including but not limited to
Virtual machine process title, virtual machine process code initial address, virtual machine process code length etc..Wherein, virtual machine process generation
Code initial address is to be measured the virtual address of virtual machine process code.
Under type such as can be used and define progress information:
name address size
The information shows the entitled name of virtual machine process, and the initial address of virtual machine process code segment is address,
The length of virtual machine code section is size.
2) metric module receives the virtual machine process information of trapping module transmitting, as unit of virtual machine physical page size,
Virtual machine process code is divided into multiple code pages, generates the page information of each code page;According to page information, code page is judged
Whether it is loaded into virtual machine physical memory: if being loaded into virtual machine physical memory, measures this code page, generates
Code page metric;If not being loaded into virtual machine physical memory, ignore the measurement of this code page;And code will be generated
Page metric is transmitted to contrast module.
The page information is essential information set needed for Hypervisor measurement virtual machine process code page, including but not
It is limited to virtual machine process title, page number, start of Page address and page length degree etc..Wherein, start of Page address is virtual machine process generation
The virtual address of code page.
Under type such as can be used and define page information:
name number page_address page_size
The information shows the entitled name of virtual machine process, and the number of virtual machine process code page is number, virtual machine
The initial address of process code page is page_address, and the length of virtual machine process code page is page_size.
The metric is essential information set needed for contrast module executes comparison process, including but not limited to virtually
Machine process title, code page number, code page metric and code page gage length etc..
Under type such as can be used and define metric:
name number hash(value) page_size
The information shows the entitled name of virtual machine process, and the number of virtual machine process code page is number, virtual machine
The metric of process code page is hash (value), and the length of virtual machine process code page is page_size.
3) base value library is the list of the measurement base value information of all virtual machine process code pages of storage.Base value library include but
It is not limited to the presence of the forms such as file, database, the acquisition modes of base value information are included in pure operating system, to normal condition
Under process code section carry out paging type measurement.
The base value information is the credible metric of code page in normal state, and credible measurement information includes but unlimited
In process name, code page number and code page metric etc..
4) contrast module receives the metric of metric module transmitting, reads the base value information in base value library;Measurement is believed
Breath is compared with base value information, and comparative information is written in log.
5) log is used for the comparative information received and Record Comparison module transmits.
The comparative information is the comparison of virtual machine process code page metric Yu virtual machine process code page base value information
As a result, including but not limited to process name, code page number, metric, base value, comparing result, reduced time etc..
Under type such as can be used and define comparative information:
name number hash(value) baseline result time
The information shows the entitled name of virtual machine process, and the number of virtual machine process code page is number, virtual machine
The metric of process code page is hash (value), and the base value of virtual machine process code page is baseline, and comparing result is
Result, reduced time time.
The stream compression of each intermodule is as follows:
1) before virtual machine starting, metric point is arranged in Hypervisor in trapping module;In virtual machine operational process, block
The system event occurred in setup module capture virtual machine is cut, the progress information of the current executive process of virtual machine is read using VMI,
And it is transmitted in metric module.
2) metric module receives the progress information of trapping module transmitting;According in progress information virtual machine process title,
Virtual machine code segment base and virtual machine code segment length information carry out paging activity by virtual machine physical page size, and
Generate page information;According in page information virtual machine code page number and virtual machine code start of Page address, determine code respectively
Whether page is loaded into virtual machine physical memory: if being loaded, reading code page and is measured, generates code page degree
Measure information;If not being loaded, ignore the metrics process of this page;The code page metric of generation is transmitted to contrast module.
3) base value library provides the base value information of virtual machine process code page for contrast module.
4) contrast module receives the metric of metric module transmitting;According in metric virtual machine process title and
Virtual machine process code page number indexes corresponding base value information in base value library;According to the virtual machine process generation in metric
Code page metric is compared with base value;Log is written into comparative information result.
5) log receives the comparative information of contrast module transmitting.
Based on above-mentioned gauging system, paging type measure such as Fig. 2's of virtual machine process code disclosed in the present embodiment
Shown in flow chart, steps are as follows:
A: in virtual machine operational process, process falls into instruction access core system by system calling and calls processing journey
Sequence;
B: virtual machine generates virtual machine and moves back when calling system calling falls into instruction access core system and calls processing routine
Outgoing event;
C: the virtual machine that generates exits event in trapping module capture virtual machine, and by VMI technology reengineering virtual machine into
Journey semantic information, then it is transmitted to metric module;
D: after metric module receives virtual machine process information, according to virtual machine process code initial address and virtual machine into
Range code length divides multiple code pages with virtual machine physical page size, and generates page information;Further according to virtual in page information
Machine process code page number and virtual machine process code page initial address, access virtual machine physical memory judge code page whether by
Load;If being loaded, code page is measured, metric is generated and is transmitted to contrast module;If not being loaded, ignore
The metrics process of this code page;
E: contrast module compares the metric received and the base value information read from base value library, and by comparative information
It is transmitted in log;Restore the execution that virtual machine system calls processing routine;
F: system calls processing routine to continue to execute in virtual machine kernel according to normal flow, and system is called after being finished
System calls the normal operation of exit instruction recovering process.
Claims (9)
1. a kind of virtual machine process code without acting on behalf of paging type gauging system, which is characterized in that including trapping module, measurement mould
Block, base value library, contrast module and log;
Trapping module captures the system event occurred in virtual machine in Hypervisor layers of setting metric point;Capture system thing
After part, Semantics Reconstruction is carried out using VMI technology, obtains the progress information of the current executive process of virtual machine, and progress information is passed
It is delivered to metric module;
The virtual machine process information that metric module receives trapping module transmitting will be virtual as unit of virtual machine physical page size
Machine process code is divided into multiple code pages, generates the page information of each code page;According to page information, judge code page whether by
It is loaded into virtual machine physical memory: if being loaded into virtual machine physical memory, measuring this code page, generate code page
Metric;If not being loaded into virtual machine physical memory, ignore the measurement of this code page;And code page measurement will be generated
Information is transmitted to contrast module;
Base value library is the list of the measurement base value information of all virtual machine process code pages of storage;
Contrast module receives the metric of metric module transmitting, reads the base value information in base value library;By metric and base
Value information compares, and comparative information is written in log;
Log is used to receive and the comparative information of Record Comparison module transmission.
2. virtual machine process code according to claim 1 without acting on behalf of paging type gauging system, which is characterized in that it is described
Metric point is to trigger the virtual machine system event of Hypervisor layers of metrics process.
3. virtual machine process code according to claim 1 or 2 without acting on behalf of paging type gauging system, which is characterized in that
The system event is the system action for causing virtual machine in virtual machine system and exiting event, including processes call, process
Switching, page fault.
4. virtual machine process code according to claim 1 without acting on behalf of paging type gauging system, which is characterized in that it is described
Progress information is essential information needed for Hypervisor measures virtual machine process code, including virtual machine process title, virtual
Machine process code initial address, virtual machine process code length;The virtual machine process code initial address is to be measured virtually
The virtual address of machine process code.
5. virtual machine process code according to claim 1 without acting on behalf of paging type gauging system, which is characterized in that it is described
Page information is essential information needed for Hypervisor measures virtual machine process code page, including virtual machine process title, page are compiled
Number, start of Page address and page length degree;The start of Page address is the virtual address of virtual machine process code page.
6. virtual machine process code according to claim 1 without acting on behalf of paging type gauging system, which is characterized in that it is described
Metric is essential information needed for contrast module executes comparison process, including virtual machine process title, code page number, generation
Code page metric and code page length.
7. virtual machine process code according to claim 1 without acting on behalf of paging type gauging system, which is characterized in that it is described
Base value information is the credible metric of code page in normal state, and credible measurement information includes process name, code page number
With code page metric.
8. virtual machine process code according to claim 1 without acting on behalf of paging type gauging system, which is characterized in that it is described
Comparative information is the comparing result of virtual machine process code page metric and virtual machine process code page base value information, including process
Name, code page number, metric, base value, comparing result, reduced time.
9. a kind of virtual machine process code without acting on behalf of paging type measure, which comprises the following steps:
A: in virtual machine operational process, process falls into instruction access core system by system calling and calls processing routine;
B: virtual machine generates virtual machine and exits thing when calling system calling falls into instruction access core system and calls processing routine
Part;
C: the virtual machine generated in trapping module capture virtual machine exits event, and passes through VMI technology reengineering virtual machine process language
Adopted information, then it is transmitted to metric module;
D: after metric module receives virtual machine process information, according to virtual machine process code initial address and virtual machine process generation
Code length divides multiple code pages with virtual machine physical page size, and generates page information;Further according to the virtual machine in page information into
Range code page number and virtual machine process code page initial address, access virtual machine physical memory judge whether code page is added
It carries;If being loaded, code page is measured, metric is generated and is transmitted to contrast module;If not being loaded, ignore this
The metrics process of code page;
E: contrast module compares the metric received and the base value information read from base value library, and comparative information is transmitted
Into log;Restore the execution that virtual machine system calls processing routine;
F: system calls processing routine to continue to execute in virtual machine kernel according to normal flow, calling system tune after being finished
With the normal operation of exit instruction recovering process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710116432.2A CN106909509B (en) | 2017-03-01 | 2017-03-01 | A kind of virtual machine process code without acting on behalf of paging type gauging system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710116432.2A CN106909509B (en) | 2017-03-01 | 2017-03-01 | A kind of virtual machine process code without acting on behalf of paging type gauging system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106909509A CN106909509A (en) | 2017-06-30 |
| CN106909509B true CN106909509B (en) | 2019-06-25 |
Family
ID=59208984
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710116432.2A Active CN106909509B (en) | 2017-03-01 | 2017-03-01 | A kind of virtual machine process code without acting on behalf of paging type gauging system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106909509B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108121593B (en) * | 2017-12-22 | 2019-06-25 | 四川大学 | A kind of virtual machine process anomaly detection method and system |
| CN110764995B (en) * | 2019-09-05 | 2023-06-06 | 北京字节跳动网络技术有限公司 | Method, device, medium and electronic equipment for detecting file access abnormality |
| CN111831609B (en) * | 2020-06-18 | 2024-01-02 | 中国科学院数据与通信保护研究教育中心 | Method and system for unified management and distribution of binary metric values in virtualized environments |
| CN114048485B (en) * | 2021-11-12 | 2023-04-07 | 四川大学 | Dynamic monitoring method for integrity of process code segment in Docker container |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101344904A (en) * | 2008-09-02 | 2009-01-14 | 中国科学院软件研究所 | Dynamic measurement method |
| CN104134038A (en) * | 2014-07-31 | 2014-11-05 | 浪潮电子信息产业股份有限公司 | Safe and credible operation protective method based on virtual platform |
| CN106055385A (en) * | 2016-06-06 | 2016-10-26 | 四川大学 | System and method for monitoring virtual machine process, and method for filtering page fault anomaly |
-
2017
- 2017-03-01 CN CN201710116432.2A patent/CN106909509B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101344904A (en) * | 2008-09-02 | 2009-01-14 | 中国科学院软件研究所 | Dynamic measurement method |
| CN104134038A (en) * | 2014-07-31 | 2014-11-05 | 浪潮电子信息产业股份有限公司 | Safe and credible operation protective method based on virtual platform |
| CN106055385A (en) * | 2016-06-06 | 2016-10-26 | 四川大学 | System and method for monitoring virtual machine process, and method for filtering page fault anomaly |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106909509A (en) | 2017-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106909509B (en) | A kind of virtual machine process code without acting on behalf of paging type gauging system and method | |
| KR102306568B1 (en) | Processor trace-based enforcement of control flow integrity in computer systems | |
| Loscocco et al. | Linux kernel integrity measurement using contextual inspection | |
| CN101515316B (en) | Trusted computing terminal and trusted computing method | |
| US7904278B2 (en) | Methods and system for program execution integrity measurement | |
| US8978141B2 (en) | System and method for detecting malicious software using malware trigger scenarios | |
| US9230106B2 (en) | System and method for detecting malicious software using malware trigger scenarios in a modified computer environment | |
| US10091216B2 (en) | Method, apparatus, system, and computer readable medium for providing apparatus security | |
| CN111638936B (en) | Virtual machine static measurement method and device based on built-in security architecture | |
| Chow et al. | Multi-stage replay with crosscut | |
| CN106649084A (en) | Function call information obtaining method and apparatus, and test device | |
| Pagani et al. | Introducing the temporal dimension to memory forensics | |
| CN107038373A (en) | A kind of Process Debugging detection method and device | |
| CN108255716A (en) | A kind of software assessment method based on cloud computing technology | |
| CN107301082A (en) | A kind of method and apparatus for realizing operating system integrity protection | |
| CN104205113A (en) | Reporting malicious activity to operating system | |
| Milenkoski et al. | Evaluation of intrusion detection systems in virtualized environments using attack injection | |
| CN106650434B (en) | A kind of virtual machine anomaly detection method and system based on I/O sequence | |
| Stirparo et al. | In-memory credentials robbery on android phones | |
| US11361077B2 (en) | Kernel-based proactive engine for malware detection | |
| Sekar et al. | eaudit: A fast, scalable and deployable audit data collection system | |
| Schwarz et al. | Keydrown: eliminating keystroke timing side-channel attacks | |
| CN113190869B (en) | TEE-based mandatory access control security enhancement framework performance evaluation method and system | |
| US20230385413A1 (en) | Preventing activation of malware by exhibiting sandbox behavior in a non-sandbox environment | |
| CN116414722B (en) | Fuzzy test processing method and device, fuzzy test system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |