CN108268306A - Virutal machine memory isolation technology based on internet - Google Patents
Virutal machine memory isolation technology based on internet Download PDFInfo
- Publication number
- CN108268306A CN108268306A CN201710005494.6A CN201710005494A CN108268306A CN 108268306 A CN108268306 A CN 108268306A CN 201710005494 A CN201710005494 A CN 201710005494A CN 108268306 A CN108268306 A CN 108268306A
- Authority
- CN
- China
- Prior art keywords
- security
- memory
- internet
- flask
- technology based
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45583—Memory management, e.g. access or allocation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Abstract
Virutal machine memory isolation technology based on internet.This technology supports extension and configuration of the Xen security modules to Flask security strategies with Xen Hypervisor, completes the security isolation between privileged domain and common domain memory;This technology ensures the reliability and secret of common domain memory information;Enhance the maintainability of common domain memory information management simultaneously;For DomU memory information read operations, so as to achieve the purpose that DomU and Dom0 memory security isolations.
Description
Technical field
The invention belongs to Internet technical fields, are related to a kind of computer information technology field.
Background technology
With the continuous development of Internet technology, network technology is used by people, and existing memory configurations cannot be to letter
Breath carries out security isolation, and particularly common domain memory, memory is the core component of a host, its operation is directly related to whole
The operation of a computer system, the safety of memory are also all used in the security performance of virtual machine, and many criminals steal
The information of content host causes the interests of people to receive damage, and the virutal machine memory isolation technology of internet can ensure people
Computer security.
Invention content
Virutal machine memory isolation technology based on internet, technology are as follows:
1. Flask security frameworks are made of tactful mandatory services device and security server, TE is applied in Flask security frameworks(
Type is strengthened)Model, with Type security attributes come unifying identifier subject and object in Security Context, with RABC moulds
Type directly to provide an additional level of abstraction to User and Domain;
2. for DomU memory information read operations, so as to achieve the purpose that DomU and Dom0 memory security isolations;Pass through
Onclick is write in the event inside html drives privcmd to call Hypercall using Libxc libraries by privilege, attempts to read
Take the running memory information of DomU.Assuming that Xen Hypervisor under the premise of believable, it is any except Hypervisor
Have no right to access and obtain other domain system memory private room information in domain;
3. in the existing Type Enforcement models of virtualization software security module Flask security frameworks, handset is marked
For special safety label, realize spread F lask about specific safety mark with reference to Hook Function in current FLASK security strategies
The strategy of label ensures that the normal of DomU is created and run.
Claims (1)
1. the virutal machine memory isolation technology based on internet, it is characterised in that:Mainly according to virtualization software security module
The existing Type Enforcement models of Flask security frameworks, by handset labeled as special safety label, with reference to current
Hook Function realizes strategies of the spread F lask about specific safety label in FLASK security strategies, ensures the normal establishment of DomU
And operation;When opening Xen Hypervisor, file can be loaded matter virtualization software kernel, the safety of virtualization software
Module can control the fictitious host computer on Xen platforms, the relevant operation of authorization list, Memory control carries out safety detection
, it can just be performed operation when satisfactory.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710005494.6A CN108268306A (en) | 2017-01-04 | 2017-01-04 | Virutal machine memory isolation technology based on internet |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710005494.6A CN108268306A (en) | 2017-01-04 | 2017-01-04 | Virutal machine memory isolation technology based on internet |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108268306A true CN108268306A (en) | 2018-07-10 |
Family
ID=62770712
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710005494.6A Withdrawn CN108268306A (en) | 2017-01-04 | 2017-01-04 | Virutal machine memory isolation technology based on internet |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108268306A (en) |
-
2017
- 2017-01-04 CN CN201710005494.6A patent/CN108268306A/en not_active Withdrawn
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zhang et al. | Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization | |
Pék et al. | A survey of security issues in hardware virtualization | |
US8341749B2 (en) | Preventing malware attacks in virtualized mobile devices | |
US9201674B2 (en) | Migrating functionality in virtualized mobile devices | |
US8233882B2 (en) | Providing security in mobile devices via a virtualization software layer | |
US8302094B2 (en) | Routing a physical device request using transformer stack to an equivalent physical device in a virtualized mobile device | |
EP2446354B1 (en) | Controlling usage in virtualized mobile devices | |
US20150088982A1 (en) | Load balanced inter-device messaging | |
CN105069383B (en) | A kind of method and system of cloud desktop USB storages peripheral hardware management and control | |
Rutkowska et al. | Qubes OS architecture | |
Stumpf et al. | Enhancing trusted platform modules with hardware-based virtualization techniques | |
JP2010517164A5 (en) | ||
CN104318179A (en) | File redirection technology based virtualized security desktop | |
CN103699498A (en) | Application key data protection system and protection method | |
CN105373727B (en) | The equipment blocking method redirected based on virtual unit | |
CN103902884A (en) | System and method for protecting data of virtual machine | |
CN113987599B (en) | Method, device, equipment and readable storage medium for realizing firmware trusted root | |
CN108268306A (en) | Virutal machine memory isolation technology based on internet | |
CN107992755A (en) | A kind of configurable research of virutal machine memory partition method | |
CN104021354A (en) | Data anti-leaking method in computer virtualization environment | |
CN105701400A (en) | Virtual machine platform safety control method and device | |
Verma et al. | Next-generation optimization models and algorithms in cloud and fog computing virtualization security: the present state and future | |
CN106650463A (en) | System and method for preventing window system service description table from being tampered | |
Banga et al. | Trustworthy computing for the cloud-mobile era: A leap forward in systems architecture | |
Win et al. | Handling the hypervisor hijacking attacks on virtual cloud environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20180710 |
|
WW01 | Invention patent application withdrawn after publication |