CN107239700A - A kind of safety protecting method based on xen virtual platforms - Google Patents
A kind of safety protecting method based on xen virtual platforms Download PDFInfo
- Publication number
- CN107239700A CN107239700A CN201710508569.2A CN201710508569A CN107239700A CN 107239700 A CN107239700 A CN 107239700A CN 201710508569 A CN201710508569 A CN 201710508569A CN 107239700 A CN107239700 A CN 107239700A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- secure
- guest
- secure virtual
- libvmi
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of safety protecting method based on xen virtual platforms, this method includes:A secure virtual machine is configured in xen virtual platforms;Antivirus engine and antivirus module are installed on secure virtual machine;It is highly privileged virtual machine by secure virtual machine mandate, the resource information of each guest virtual machine is accessed using secure virtual machine;Internal memory is carried out to guest virtual machine to examine oneself, the suspicious operation of guest virtual machine is searched in analysis, prevent the operation of suspicious operation by secure virtual machine.This method is realized need not install corresponding antivirus software to each virtual machine, reduce system resources consumption.
Description
Technical field
The present invention relates to virtual machine technique field, more particularly to a kind of security protection side based on xen virtual platforms
Method.
Background technology
At present, virtualization solution has been correspondingly improved utilization rate of equipment and installations, flexibility and the elasticity of data center etc., excellent
The scheme in production environment is changed, has improved production efficiency, reduced the complexity of system maintenance, gradually bud out into popularity.
The related node such as data center from be physically transferred to it is virtual during, also drawn corresponding safety problem.In physical rings
In border, we configure antivirus service on every server, reach the purpose of checking and killing virus;But in virtualized environment, virtually
Machine takes server hardware resource in proportion, if the configuration antivirus service on every virtual machine, when simultaneously antivirus task is performed
When, great system resources consumption can be caused, the consumption of this part can not ignore, and when updating the tasks such as virus base, it is right
Internet resources also have very big consumption.Although antivirus service provider greatly optimizes related software in recent years, reduce to money
The occupancy in source, but in virtualized environment, with the increase of virtual machine quantity, still can not fundamentally solve the huge of resource and disappear
Consumption problem.So, it is necessary to disinfection schemes are done with corresponding change, virtualized environment is deacclimatized, and after configuration antivirus service, reduction
Antivirus task reduces the influence to production environment, accomplished as far as possible to user " transparent " to the occupancy of system resource.
The content of the invention
, need not be to every with realization it is an object of the invention to provide a kind of safety protecting method based on xen virtual platforms
Individual virtual machine all installs corresponding antivirus software, reduces system resources consumption.
In order to solve the above technical problems, the present invention provides a kind of safety protecting method based on xen virtual platforms, bag
Include:
A secure virtual machine is configured in xen virtual platforms;
Antivirus engine and antivirus module are installed on secure virtual machine;
It is highly privileged virtual machine by secure virtual machine mandate, the resource of each guest virtual machine is accessed using secure virtual machine
Information;
Internal memory is carried out by secure virtual machine to guest virtual machine to examine oneself, the suspicious behaviour of guest virtual machine is searched in analysis
Make, prevent the operation of suspicious operation.
It is preferred that, the utilization secure virtual machine is accessed before the resource information of each guest virtual machine, in addition to:
The bottom communication passage set up between secure virtual machine and guest virtual machine.
It is preferred that, the bottom communication passage set up using libVMI program libraries between secure virtual machine and guest virtual machine.
It is preferred that, the bottom communication that the use libVMI program libraries are set up between secure virtual machine and guest virtual machine leads to
Road, including:
LibVMI program libraries are inserted into the kernel of xen virtual machine platforms to there is provided secure virtual machine and guest virtual machine
Between bottom communication passage.
It is preferred that, it is described to be inserted into libVMI program libraries in the kernel of xen virtual machine platforms, including:
LibVMI program libraries are installed in compiling, and libVMI program libraries are inserted into kernel module;
System.map symbol tables are inquired about, relative offset amount is determined;
Need to client virtual machine information to be protected and relative offset amount be stored in secure virtual machine.
It is preferred that, the resource information includes memory information, CPU information and the register information of guest virtual machine.
It is preferred that, described that guest virtual machine progress internal memory is examined oneself by secure virtual machine, client virtual is searched in analysis
The suspicious operation of machine, after the operation for preventing suspicious operation, in addition to:
Antivirus task is performed to each guest virtual machine by secure virtual machine.
A kind of safety protecting method based on xen virtual platforms provided by the present invention, matches somebody with somebody in xen virtual platforms
Put a secure virtual machine;Antivirus engine and antivirus module are installed on secure virtual machine;It is height by secure virtual machine mandate
Privileged virtual machine, the resource information of each guest virtual machine is accessed using secure virtual machine;It is empty to client by secure virtual machine
Plan machine carries out examining oneself for internal memory, and the suspicious operation of guest virtual machine is searched in analysis, prevents the operation of suspicious operation.It can be seen that, safety
Virtual machine is responsible for the work such as the checking and killing virus of all guest virtual machines, the internal memory inspection by secure virtual machine to guest virtual machine
Reach the purpose of antivirus protection, it is not necessary to which antivirus software is installed in every virtual machine in the environment, but centralized integration is killed virus
Service as a secure virtual machine, the antivirus task of all virtual machines has secure virtual machine to be responsible in environment, so as to reduce
The complexity of environment deployment, reduces maintenance cost, reduces the unnecessary consumption of system resource.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
The embodiment of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 is a kind of flow chart of the safety protecting method based on xen virtual platforms provided by the present invention.
Embodiment
The core of the present invention is to provide a kind of safety protecting method based on xen virtual platforms, need not be to every with realization
Individual virtual machine all installs corresponding antivirus software, reduces system resources consumption.
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention
Accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only
A part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Fig. 1 is refer to, Fig. 1 is a kind of stream of the safety protecting method based on xen virtual platforms provided by the present invention
Cheng Tu, this method includes:
S11:A secure virtual machine is configured in xen virtual platforms;
S12:Antivirus engine and antivirus module are installed on secure virtual machine;
S13:It is highly privileged virtual machine by secure virtual machine mandate, each guest virtual machine is accessed using secure virtual machine
Resource information;
S14:Internal memory is carried out by secure virtual machine to guest virtual machine to examine oneself, the suspicious of guest virtual machine is searched in analysis
Operation, prevents the operation of suspicious operation.
It can be seen that, secure virtual machine is responsible for the work such as the checking and killing virus of all guest virtual machines, by secure virtual machine to visitor
The internal memory inspection of family virtual machine reaches the purpose of antivirus protection, it is not necessary to install antivirus in every virtual machine in the environment soft
Part, but the antivirus task that centralized integration antivirus service is all virtual machines in a secure virtual machine, environment has safe void
Plan machine is responsible for, so as to reduce the complexity of environment deployment, reduces maintenance cost, reduces the unnecessary consumption of system resource.
Based on the above method, further, in step S13, the money of each guest virtual machine is accessed using secure virtual machine
Before source information, in addition to:The bottom communication passage set up between secure virtual machine and guest virtual machine.
Wherein, the bottom communication passage set up using libVMI program libraries between secure virtual machine and guest virtual machine.
Specifically, the bottom communication passage set up using libVMI program libraries between secure virtual machine and guest virtual machine
Process is specially:LibVMI program libraries are inserted into the kernel of xen virtual machine platforms to there is provided secure virtual machine and client virtual
Bottom communication passage between machine.
Wherein, process libVMI program libraries being inserted into the kernel of xen virtual machine platforms is specifically included:Compiling is installed
LibVMI program libraries, kernel module is inserted into by libVMI program libraries;System.map symbol tables are inquired about, relative offset is determined
Amount;Need to client virtual machine information to be protected and relative offset amount be stored in secure virtual machine.
Wherein, in step S13, the resource information includes memory information, CPU information and the register letter of guest virtual machine
Breath.
Further, after step S14, in addition to:Antivirus is performed by secure virtual machine to each guest virtual machine to appoint
Business.
This method is applied in xen virtualized environments, solves the safety problem of part virtual machine in virtualized environment, side
The attack for preferably protecting virtual machines from virus is helped, so that interrupting the situation of service.This method provides a kind of centralized management
Scheme, it is not necessary to install antivirus software in every virtual machine in the environment, but centralized integration antivirus service is a secure virtual
The antivirus task of all virtual machines has secure virtual machine to be responsible in machine security vm, environment, so as to reduce environment deployment
Complexity, reduce maintenance cost, reduce the unnecessary consumption of system resource, adapt to requirement of the virtualized environment to safety.
Detailed, the specific channel from secure virtual machine to guest virtual machine is built, this passage need to pass through hypervisor
Layer, the bottom communication passage set up between secure virtual machine and guest virtual machine is to set up hypervisor layers of specific channel,
Secure virtual machine is set to monitor the operating system aspect resource such as internal memory, CPU, register of any virtual machine, secure virtual
Machine provides antivirus engine, gets through the passage from secure virtual machine to guest virtual machine Guest VM so that operating system is to client
The modification energy synchronization notice of virtual machine is to secure virtual machine, while the instruction of secure virtual machine can be issued to guest virtual machine.
In this method, on physical host, secure virtual machine is responsible for the work such as the checking and killing virus of all virtual machines of the main frame,
The purpose of antivirus protection etc. is reached to the internal memory inspection of guest virtual machine by secure virtual machine.While monitoring, safety is empty
Plan machine can provide the killing of virus, the security service such as the inspection of authority, and intercept the tasks such as startup, the operation of virus, logical
The form that plug-in unit is installed in guest virtual machine is crossed, overall scanning and checking and killing virus can be further provided, isolates doubtful disease
Malicious file, prevents the higher level security services such as the bootlegging of virus document, it is ensured that the safety of user environment.
In this method, to realize that secure virtual machine accesses guest virtual machine passage, inserted using libVMI as kernel module
Into xen platform operating systems, to provide passage so that secure virtual machine is able to access that the internal memory of guest virtual machine.Safety is empty
The passage of plan machine and guest virtual machine can be realized using libVMI projects of increasing income come integrated in Domain0 compiling libVMI projects.
Under Xen platform structures, connection secure virtual machine is used as to the bridge of guest virtual machine using libVMI open source projects.
LibVMI projects are a C storehouses of examining oneself for being directed to virtual machine read/write memory, while also providing for CPU registers
The functions such as virtual machine, printing binary data are accessed, suspended and recovered, further also support to read with the form for preserving file
Physical memory mirror image, LibVMI is designed to support multiple virtualization platform, and that supports at present has xen and kvm.
LibVMI is a C storehouse, what the operation details that it provides the underlying virtual machine in operation that aligns was monitored
Function, the function of monitoring is, by observation internal memory details, to be absorbed in hardware event and reading CPU registers to complete, this mode
Examine oneself referred to as virtual machine.
In a variety of functions that libvmi is provided, most importantly internal memory is examined oneself function, internal memory examine oneself can allow user from
Internal storage data is namely read in dom0 monitoring, and control operation system namely rewrites internal storage data.
For libvmi operating mechanisms, specifically, libvmi obtains the flow of interior nuclear symbol, application requests first are looked into
Interior nuclear symbol is seen, libvmi obtains the virtual address of interior nuclear symbol by the System.map of system, and next finds virtual address
Corresponding kernel page directory, and corresponding page table is obtained, correct data page is found by page table, final data page is returned
To libvmi, libvmi returns data to libvmi application programs.
This method is exempted installs antivirus software on each virtual machine, and this method specific implementation process includes:
1st, a secure virtual machine is configured on each physical host;
The 2nd, antivirus engine and each antivirus module are installed on the secure virtual machine;
3rd, it is highly privileged machine virtual machine, the internal memory, CPU, deposit for it is accessed guest virtual machine to authorize the virtual machine
The resource informations such as device;
4th, in the case where accessing guest virtual machine resource, examining oneself for internal memory is carried out, it is suspicious that guest virtual machine is searched in analysis
Action, prevents the operation of suspicious operation process etc..
Wherein, secure virtual machine configures libVMI to get through the bottom communication problem of secure virtual machine and guest virtual machine;
Wherein, libVMI modules are configured and are inserted into kernel, following steps are specifically included:
Step one:LibVMI is installed in compiling, while configuring and being inserted into kernel module;
Step 2:System.map symbol tables are inquired about, relative offset amount is determined;
Step 3:Configuration needs client virtual machine information to be protected and relative offset amount, is stored in secure virtual machine.
To sum up, a kind of safety protecting method based on xen virtual platforms provided by the present invention is flat in xen virtualizations
A secure virtual machine is configured in platform;Antivirus engine and antivirus module are installed on secure virtual machine;Secure virtual machine is awarded
Weigh as highly privileged virtual machine, utilize secure virtual machine to access the resource information of each guest virtual machine;Pass through secure virtual machine pair
Guest virtual machine carries out examining oneself for internal memory, and the suspicious operation of guest virtual machine is searched in analysis, prevents the operation of suspicious operation.Can
See, secure virtual machine is responsible for the work such as the checking and killing virus of all guest virtual machines, by secure virtual machine to guest virtual machine
Internal memory inspection reaches the purpose of antivirus protection, it is not necessary to installs antivirus software in every virtual machine in the environment, but concentrates
Integrating the antivirus task that antivirus service is all virtual machines in a secure virtual machine, environment has secure virtual machine to be responsible for,
So as to reduce the complexity of environment deployment, maintenance cost is reduced, the unnecessary consumption of system resource is reduced.
Detailed Jie has been carried out to a kind of safety protecting method based on xen virtual platforms provided by the present invention above
Continue.Specific case used herein is set forth to the principle and embodiment of the present invention, and the explanation of above example is only
It is the method and its core concept for being used to help understand the present invention.It should be pointed out that for those skilled in the art
For, under the premise without departing from the principles of the invention, some improvement and modification can also be carried out to the present invention, these improve and repaiied
Decorations are also fallen into the protection domain of the claims in the present invention.
Claims (7)
1. a kind of safety protecting method based on xen virtual platforms, it is characterised in that including:
A secure virtual machine is configured in xen virtual platforms;
Antivirus engine and antivirus module are installed on secure virtual machine;
It is highly privileged virtual machine by secure virtual machine mandate, the resource for accessing each guest virtual machine using secure virtual machine is believed
Breath;
Internal memory is carried out by secure virtual machine to guest virtual machine to examine oneself, the suspicious operation of guest virtual machine, resistance are searched in analysis
The only operation of suspicious operation.
2. the method as described in claim 1, it is characterised in that the utilization secure virtual machine accesses each guest virtual machine
Before resource information, in addition to:
The bottom communication passage set up between secure virtual machine and guest virtual machine.
3. method as claimed in claim 2, it is characterised in that secure virtual machine is set up using libVMI program libraries and client is empty
Bottom communication passage between plan machine.
4. method as claimed in claim 3, it is characterised in that the use libVMI program libraries set up secure virtual machine and visitor
Bottom communication passage between the virtual machine of family, including:
LibVMI program libraries are inserted into the kernel of xen virtual machine platforms to there is provided between secure virtual machine and guest virtual machine
Bottom communication passage.
5. method as claimed in claim 4, it is characterised in that described that libVMI program libraries are inserted into xen virtual machine platforms
Kernel in, including:
LibVMI program libraries are installed in compiling, and libVMI program libraries are inserted into kernel module;
System.map symbol tables are inquired about, relative offset amount is determined;
Need to client virtual machine information to be protected and relative offset amount be stored in secure virtual machine.
6. the method as described in claim 1, it is characterised in that memory information of the resource information including guest virtual machine,
CPU information and register information.
7. the method as described in any one in claim 1 to 6, it is characterised in that it is described by secure virtual machine to client
Virtual machine carries out examining oneself for internal memory, and the suspicious operation of guest virtual machine is searched in analysis, after the operation for preventing suspicious operation, is also wrapped
Include:
Antivirus task is performed to each guest virtual machine by secure virtual machine.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710508569.2A CN107239700A (en) | 2017-06-28 | 2017-06-28 | A kind of safety protecting method based on xen virtual platforms |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710508569.2A CN107239700A (en) | 2017-06-28 | 2017-06-28 | A kind of safety protecting method based on xen virtual platforms |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107239700A true CN107239700A (en) | 2017-10-10 |
Family
ID=59991222
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710508569.2A Pending CN107239700A (en) | 2017-06-28 | 2017-06-28 | A kind of safety protecting method based on xen virtual platforms |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107239700A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108563491A (en) * | 2018-04-17 | 2018-09-21 | 哈尔滨工业大学 | A kind of automatic management of examining oneself based on virtual machine configures and method of examining oneself |
| CN108958884A (en) * | 2018-06-22 | 2018-12-07 | 郑州云海信息技术有限公司 | A kind of method and relevant apparatus of Virtual Machine Manager |
| WO2022228287A1 (en) * | 2021-04-26 | 2022-11-03 | 华为技术有限公司 | Memory data acquisition method and apparatus, and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120011499A1 (en) * | 2010-07-08 | 2012-01-12 | Symantec Corporation | Techniques for interaction with a guest virtual machine |
| CN102467637A (en) * | 2011-07-28 | 2012-05-23 | 中标软件有限公司 | Anti-virus system under virtualization environment and anti-virus method thereof |
| CN103500304A (en) * | 2013-10-13 | 2014-01-08 | 西安电子科技大学 | Virtual machine personalized security monitoring system and method based on Xen |
| CN105159744A (en) * | 2015-08-07 | 2015-12-16 | 浪潮电子信息产业股份有限公司 | Virtual machine measurement method and apparatus |
-
2017
- 2017-06-28 CN CN201710508569.2A patent/CN107239700A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120011499A1 (en) * | 2010-07-08 | 2012-01-12 | Symantec Corporation | Techniques for interaction with a guest virtual machine |
| CN102467637A (en) * | 2011-07-28 | 2012-05-23 | 中标软件有限公司 | Anti-virus system under virtualization environment and anti-virus method thereof |
| CN103500304A (en) * | 2013-10-13 | 2014-01-08 | 西安电子科技大学 | Virtual machine personalized security monitoring system and method based on Xen |
| CN105159744A (en) * | 2015-08-07 | 2015-12-16 | 浪潮电子信息产业股份有限公司 | Virtual machine measurement method and apparatus |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108563491A (en) * | 2018-04-17 | 2018-09-21 | 哈尔滨工业大学 | A kind of automatic management of examining oneself based on virtual machine configures and method of examining oneself |
| CN108563491B (en) * | 2018-04-17 | 2022-03-29 | 哈尔滨工业大学 | Virtual machine-based introspection automation management, configuration and introspection method |
| CN108958884A (en) * | 2018-06-22 | 2018-12-07 | 郑州云海信息技术有限公司 | A kind of method and relevant apparatus of Virtual Machine Manager |
| CN108958884B (en) * | 2018-06-22 | 2022-02-18 | 郑州云海信息技术有限公司 | Virtual machine management method and related device |
| WO2022228287A1 (en) * | 2021-04-26 | 2022-11-03 | 华为技术有限公司 | Memory data acquisition method and apparatus, and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11809891B2 (en) | Multi-hypervisor virtual machines that run on multiple co-located hypervisors | |
| CN105393255B (en) | Process assessment for the malware detection in virtual machine | |
| Reshetova et al. | Security of OS-level virtualization technologies | |
| CN108475217B (en) | System and method for auditing virtual machines | |
| EP1939754B1 (en) | Providing protected access to critical memory regions | |
| CN100547515C (en) | Support the dummy machine system of Trusted Computing to reach the method that realizes Trusted Computing thereon | |
| CN106970823B (en) | Efficient nested virtualization-based virtual machine security protection method and system | |
| US9703726B2 (en) | Systems and methods for dynamically protecting a stack from below the operating system | |
| DE112017004980T5 (en) | TECHNOLOGIES FOR OBJECT-ORIENTED STORAGE MANAGEMENT WITH ADVANCED SEGMENTATION | |
| KR102551936B1 (en) | Host virtual address space for secure interface control storage | |
| CN105393229A (en) | Page fault injection in virtual machines to cause mapping of swapped-out memory pages into (VM) virtu alized memory | |
| US10489185B2 (en) | Hypervisor-assisted approach for locating operating system data structures based on attribute matching | |
| CN106778275A (en) | Based on safety protecting method and system and physical host under virtualized environment | |
| US10620985B2 (en) | Transparent code patching using a hypervisor | |
| US20180267818A1 (en) | Hypervisor-assisted approach for locating operating system data structures based on notification data | |
| CN103345604A (en) | Sandbox system based on light-weight virtual machine monitor and method for monitoring OS with sandbox system | |
| CN105117649A (en) | Anti-virus method and anti-virus system for virtual machine | |
| CN107239700A (en) | A kind of safety protecting method based on xen virtual platforms | |
| CN113544678A (en) | Transparent interpretation of guest instructions in a secure virtual machine environment | |
| US9292324B2 (en) | Virtual machine supervision by machine code rewriting to inject policy rule | |
| JP2022522339A (en) | Program interrupts for page import / export | |
| AU2020238889B2 (en) | Secure storage isolation | |
| Chakrabarti et al. | Intel® software guard extensions (Intel® SGX) architecture for oversubscription of secure memory in a virtualized environment | |
| KR20210118877A (en) | Security Interface Controls High-Level Page Management | |
| JP2022522664A (en) | Secure paging with page change detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171010 |