CN108268306A - Virutal machine memory isolation technology based on internet - Google Patents

Virutal machine memory isolation technology based on internet Download PDF

Info

Publication number
CN108268306A
CN108268306A CN201710005494.6A CN201710005494A CN108268306A CN 108268306 A CN108268306 A CN 108268306A CN 201710005494 A CN201710005494 A CN 201710005494A CN 108268306 A CN108268306 A CN 108268306A
Authority
CN
China
Prior art keywords
security
memory
internet
flask
technology based
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201710005494.6A
Other languages
Chinese (zh)
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changsha Yun Hao Mdt Infotech Ltd
Original Assignee
Changsha Yun Hao Mdt Infotech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changsha Yun Hao Mdt Infotech Ltd filed Critical Changsha Yun Hao Mdt Infotech Ltd
Priority to CN201710005494.6A priority Critical patent/CN108268306A/en
Publication of CN108268306A publication Critical patent/CN108268306A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Abstract

Virutal machine memory isolation technology based on internet.This technology supports extension and configuration of the Xen security modules to Flask security strategies with Xen Hypervisor, completes the security isolation between privileged domain and common domain memory;This technology ensures the reliability and secret of common domain memory information;Enhance the maintainability of common domain memory information management simultaneously;For DomU memory information read operations, so as to achieve the purpose that DomU and Dom0 memory security isolations.

Description

Virutal machine memory isolation technology based on internet
Technical field
The invention belongs to Internet technical fields, are related to a kind of computer information technology field.
Background technology
With the continuous development of Internet technology, network technology is used by people, and existing memory configurations cannot be to letter Breath carries out security isolation, and particularly common domain memory, memory is the core component of a host, its operation is directly related to whole The operation of a computer system, the safety of memory are also all used in the security performance of virtual machine, and many criminals steal The information of content host causes the interests of people to receive damage, and the virutal machine memory isolation technology of internet can ensure people Computer security.
Invention content
Virutal machine memory isolation technology based on internet, technology are as follows:
1. Flask security frameworks are made of tactful mandatory services device and security server, TE is applied in Flask security frameworks( Type is strengthened)Model, with Type security attributes come unifying identifier subject and object in Security Context, with RABC moulds Type directly to provide an additional level of abstraction to User and Domain;
2. for DomU memory information read operations, so as to achieve the purpose that DomU and Dom0 memory security isolations;Pass through Onclick is write in the event inside html drives privcmd to call Hypercall using Libxc libraries by privilege, attempts to read Take the running memory information of DomU.Assuming that Xen Hypervisor under the premise of believable, it is any except Hypervisor Have no right to access and obtain other domain system memory private room information in domain;
3. in the existing Type Enforcement models of virtualization software security module Flask security frameworks, handset is marked For special safety label, realize spread F lask about specific safety mark with reference to Hook Function in current FLASK security strategies The strategy of label ensures that the normal of DomU is created and run.

Claims (1)

1. the virutal machine memory isolation technology based on internet, it is characterised in that:Mainly according to virtualization software security module The existing Type Enforcement models of Flask security frameworks, by handset labeled as special safety label, with reference to current Hook Function realizes strategies of the spread F lask about specific safety label in FLASK security strategies, ensures the normal establishment of DomU And operation;When opening Xen Hypervisor, file can be loaded matter virtualization software kernel, the safety of virtualization software Module can control the fictitious host computer on Xen platforms, the relevant operation of authorization list, Memory control carries out safety detection , it can just be performed operation when satisfactory.
CN201710005494.6A 2017-01-04 2017-01-04 Virutal machine memory isolation technology based on internet Withdrawn CN108268306A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710005494.6A CN108268306A (en) 2017-01-04 2017-01-04 Virutal machine memory isolation technology based on internet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710005494.6A CN108268306A (en) 2017-01-04 2017-01-04 Virutal machine memory isolation technology based on internet

Publications (1)

Publication Number Publication Date
CN108268306A true CN108268306A (en) 2018-07-10

Family

ID=62770712

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710005494.6A Withdrawn CN108268306A (en) 2017-01-04 2017-01-04 Virutal machine memory isolation technology based on internet

Country Status (1)

Country Link
CN (1) CN108268306A (en)

Similar Documents

Publication Publication Date Title
Zhang et al. Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization
Pék et al. A survey of security issues in hardware virtualization
US8341749B2 (en) Preventing malware attacks in virtualized mobile devices
US9201674B2 (en) Migrating functionality in virtualized mobile devices
US8233882B2 (en) Providing security in mobile devices via a virtualization software layer
US8302094B2 (en) Routing a physical device request using transformer stack to an equivalent physical device in a virtualized mobile device
EP2446354B1 (en) Controlling usage in virtualized mobile devices
US20150088982A1 (en) Load balanced inter-device messaging
CN105069383B (en) A kind of method and system of cloud desktop USB storages peripheral hardware management and control
Rutkowska et al. Qubes OS architecture
Stumpf et al. Enhancing trusted platform modules with hardware-based virtualization techniques
JP2010517164A5 (en)
CN104318179A (en) File redirection technology based virtualized security desktop
CN103699498A (en) Application key data protection system and protection method
CN105373727B (en) The equipment blocking method redirected based on virtual unit
CN103902884A (en) System and method for protecting data of virtual machine
CN113987599B (en) Method, device, equipment and readable storage medium for realizing firmware trusted root
CN108268306A (en) Virutal machine memory isolation technology based on internet
CN107992755A (en) A kind of configurable research of virutal machine memory partition method
CN104021354A (en) Data anti-leaking method in computer virtualization environment
CN105701400A (en) Virtual machine platform safety control method and device
Verma et al. Next-generation optimization models and algorithms in cloud and fog computing virtualization security: the present state and future
CN106650463A (en) System and method for preventing window system service description table from being tampered
Banga et al. Trustworthy computing for the cloud-mobile era: A leap forward in systems architecture
Win et al. Handling the hypervisor hijacking attacks on virtual cloud environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20180710

WW01 Invention patent application withdrawn after publication