CN109800570A - A kind of safety protecting method and device of virtual platform - Google Patents
A kind of safety protecting method and device of virtual platform Download PDFInfo
- Publication number
- CN109800570A CN109800570A CN201811645508.1A CN201811645508A CN109800570A CN 109800570 A CN109800570 A CN 109800570A CN 201811645508 A CN201811645508 A CN 201811645508A CN 109800570 A CN109800570 A CN 109800570A
- Authority
- CN
- China
- Prior art keywords
- instruction
- virtual platform
- target
- target word
- behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000012545 processing Methods 0.000 claims abstract description 14
- 230000006399 behavior Effects 0.000 claims description 142
- 238000004891 communication Methods 0.000 claims description 22
- 238000004321 preservation Methods 0.000 claims 1
- 238000005516 engineering process Methods 0.000 abstract description 9
- 230000008569 process Effects 0.000 description 13
- 239000011800 void material Substances 0.000 description 6
- 230000009977 dual effect Effects 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 239000000203 mixture Substances 0.000 description 2
- 238000012216 screening Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of safety protecting method of virtual platform and devices, are related to field of information security technology, invent to solve the problems, such as in the prior art cannot effectively protect virtual platform.This method specifically includes that reception target instruction target word, the target instruction target word are used to indicate virtual platform and execute processing operation;Whether the source for judging the target instruction target word is virtual platform;If it is judged that be it is yes, then judge whether the target instruction target word is stored in preset virtual platform behavior library;If the target instruction target word is not held in the preset virtual platform behavior library, stop executing the target instruction target word.Present invention is mainly applied to during virtual platform security protection.
Description
Technical field
The present invention relates to a kind of field of information security technology, more particularly to a kind of safety protecting method of virtual platform
And device.
Background technique
With the development of virtualization technology and cloud computing technology, it is flat that IT basis instrument is gradually moved to virtualization by user
Application program and data are showed client in different levels with virtualization technology in different ways, realized based on interconnection by platform
The increase of the related service of net, use and delivery mode with calculating.Virtual platform, which refers to, utilizes virtualization technology building
Infrastructure platform realizes multiple operating system common hardwares.
In the prior art, in order to guarantee the communication security of virtual platform, according between the equipment on virtual platform extremely
Communication interaction is carried out by a virtual switch less, and if the received data packet of use virtual switch meets preset net
The method that network security strategy forwards the data packet again, to realize the security protection of virtual platform, which may be interactive
Data execute instruction.
The data packet that the prior art only receives virtual switch carries out screening, in virtual switch by data packet to hair
During sending virtual platform to send, still there may be the risks attacked, and cannot carry out effectively to virtual platform
Security protection.
Summary of the invention
In view of this, the present invention provides the safety protecting method and device of a kind of virtual platform, main purpose is to solve
The problem of certainly virtual platform cannot effectively being protected in the prior art.
According to the present invention on one side, a kind of safety protecting method of virtual platform is provided, comprising:
Target instruction target word is received, the target instruction target word is used to indicate virtual platform and executes processing operation;
Whether the source for judging the target instruction target word is virtual platform;
If it is judged that be it is yes, then judge whether the corresponding instruction behavior of the target instruction target word is stored in preset virtualization
In platform behavior library;
If the target instruction target word is not held in the preset virtual platform behavior library, stop executing the target
Instruction.
Further, whether the source for judging the target instruction target word is virtual platform, comprising:
Generate the memory stack call instruction of the target instruction target word;
The memory stack call instruction is sent to host, obtains the memory sequence with the memory stack call instruction,
The host refers to the equipment for carrying the virtual platform;
Search the command source mark of the memory sequence;
According to described instruction source identification, judge whether the source of the target instruction target word is virtual platform.
Further, described according to described instruction source identification, judge whether the source of the target instruction target word is virtualization
Platform, comprising:
Judge whether described instruction source identification and preset virtual platform command identification are identical;
If it is judged that being yes, it is determined that the source of the target instruction target word is the virtual platform;
If it is judged that being no, it is determined that the source of the target instruction target word is not the virtual platform.
Further, described to judge whether the corresponding instruction behavior of the target instruction target word is stored in preset virtual platform row
Before in library, the method also includes:
Virtual platform behavior library, the virtual platform behavior are established in local system and cloud system respectively
Library is for saving instruction behavior all in the virtual platform.
It is further, described to establish virtual platform behavior library in local system and cloud system respectively, comprising:
Obtain the executable instruction of the virtual platform;
Search the corresponding instruction behavior of the executable instruction;
Described instruction behavior is counted, virtual platform behavior library is generated.
Further, the executable instruction for obtaining the virtual platform, comprising:
From the execution journal of the virtual platform, the executable instruction of the virtual platform is obtained.
Further, it is described judge whether the target instruction target word is stored in preset virtual platform behavior library after, institute
State method further include:
If the target instruction target word is stored in the preset virtual platform behavior library, the target instruction target word is executed.
According to the present invention on the other hand, a kind of safety device of virtual platform is provided, comprising:
Receiving unit, for receiving target instruction target word, the target instruction target word is used to indicate virtual platform and executes processing operation;
Judging unit, for judging whether the source of the target instruction target word is virtual platform;
The judging unit, be also used to if it is judged that be it is yes, then judge the corresponding instruction behavior of the target instruction target word
Whether it is stored in preset virtual platform behavior library;
Stop unit stops if be not held in the preset virtual platform behavior library for the target instruction target word
Only execute the target instruction target word.
According to another aspect of the invention, a kind of storage medium is provided, at least one is stored in the storage medium can
It executes instruction, the executable instruction makes processor execute the corresponding operation of safety protecting method such as above-mentioned virtual platform.
In accordance with a further aspect of the present invention, a kind of computer equipment is provided, comprising: processor, memory, communication interface
And communication bus, the processor, the memory and the communication interface complete mutual lead to by the communication bus
Letter;
For the memory for storing an at least executable instruction, it is above-mentioned that the executable instruction executes the processor
The corresponding operation of the safety protecting method of virtual platform.
By above-mentioned technical proposal, technical solution provided in an embodiment of the present invention is at least had the advantage that
The present invention provides a kind of safety protecting method of virtual platform and devices, receive target instruction target word first, then
Whether the source for judging target instruction target word is virtual platform, then judges whether target instruction target word is stored in preset virtual platform behavior
In library, finally stop performance objective instruction if target instruction target word is not held in preset virtual platform behavior library.With it is existing
Technology is compared, and whether the embodiment of the present invention is stored in by the source of target instruction target word and the corresponding instruction behavior of target instruction target word
It is dual to judge whether target instruction target word is safe, and virtual platform execute in preset virtual platform behavior library, it can be to virtualization
Platform is effectively protected.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field
Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows a kind of safety protecting method flow chart of virtual platform provided in an embodiment of the present invention;
Fig. 2 shows the safety protecting method flow charts of another virtual platform provided in an embodiment of the present invention;
Fig. 3 shows a kind of safety device composition block diagram of virtual platform provided in an embodiment of the present invention;
Fig. 4 shows the safety device composition block diagram of another virtual platform provided in an embodiment of the present invention;
Fig. 5 shows a kind of structural schematic diagram of computer equipment provided in an embodiment of the present invention.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
It is fully disclosed to those skilled in the art.
The embodiment of the invention provides a kind of safety protecting methods of virtual platform, as shown in Figure 1, this method comprises:
101, target instruction target word is received.
Virtual platform refers to the Infrastructure platform constructed using virtualization technology, realizes that multiple operating systems share
Hardware, common hardware are exactly the host of virtual platform.Virtual platform is real on common hardware by executing various instructions
Now to the processing of various instructions.Target instruction target word is used to indicate virtual platform and executes processing operation, appoints in embodiments of the present invention
The instruction that meaning virtual platform is able to carry out can be target instruction target word.Target instruction target word, can be by user on virtual platform
Operation generates, and can be operated and be generated on control virtual platform by remote controlled manner by user, can also be by third party
Virtual platform simulated operation is invaded by internet to generate.The security protection of virtual platform be exactly in order to prevent third party enter
Virtualization operations platform is invaded, the operational order that third party generates is executed, steals the data of virtual platform, or is flat to virtualization
Platform even host is destroyed.
102, whether the source for judging target instruction target word is virtual platform.
If target instruction target word threatens to the safety of virtual platform, target instruction target word can from virtual platform
Energy property is smaller, so whether this step causes virtual platform as screening target instruction target word to the first step of security threat.With
Family operates the target instruction target word of generation on virtual platform, usually some routine operations, for example, creation list, statistical data,
Data etc. are transmitted, security risk will not be caused to virtual platform.
In the judgment process, judged according to the source of target instruction target word.The source of target instruction target word, can be in target instruction target word
Searched in corresponding log, the mode that can gradually date back initial position since target instruction target word is searched, mesh can also be saved
It marks and is searched in the memory sequence of instruction.In embodiments of the present invention without limitation to the lookup mode in target instruction target word source.
103, if it is judged that be it is yes, then judge whether the corresponding instruction behavior of target instruction target word is stored in preset virtualization
In platform behavior library.
If the source of target instruction target word is virtual platform, secondary judgement is carried out to target instruction target word, judges target instruction target word
Whether corresponding instruction behavior is stored in preset virtual platform behavior library.Instruction behavior refer to and target instruction target word relative to
Concrete operations with special object and execution condition, for example be repeated continuously and execute creation list operation, delete host
Environmental parameter.
In preset virtual platform behavior library, the behavior for allowing virtual platform to execute is saved.If target instruction target word pair
The instruction behavior answered is stored in preset virtual platform behavior library, then operational objective instruction is to virtual platform without safety
Hidden danger.If the corresponding instruction behavior of target instruction target word is not held in preset virtual platform behavior library, operational objective instruction
To virtual platform, there are security risks.
The case where source for target instruction target word is not virtual platform, does not inquire into inventive embodiments.
If 104, target instruction target word is not held in preset virtual platform behavior library, stop performance objective instruction.
Halt instruction target instruction target word prevents performance objective instruction from causing security risk to virtual platform.In halt instruction
After target instruction target word, it can also will stop the reason of performance objective instructs and be sent to virtual platform, it should to remind user to execute
The risk of target instruction target word.After making safety instruction, it independently can be chosen whether to continue to hold by user according to the demand of user
Row target instruction target word or delete target instruction.
The present invention provides a kind of safety protecting method of virtual platform, then reception target instruction target word first judges mesh
Whether the source of mark instruction is virtual platform, then judges whether target instruction target word is stored in preset virtual platform behavior library,
Finally stop performance objective instruction if target instruction target word is not held in preset virtual platform behavior library.With prior art phase
Than whether the embodiment of the present invention is stored in preset void by the source of target instruction target word and the corresponding instruction behavior of target instruction target word
In quasi-ization platform behavior library, it is dual judge target instruction target word whether safety, can virtual platform execute, can to virtual platform into
Row effectively protects.
The embodiment of the invention provides the safety protecting methods of another virtual platform, as shown in Fig. 2, this method packet
It includes:
201, target instruction target word is received.
Virtual platform is that it is hard to realize that more operating systems share using the basis instrument platform of virtualization technology building
Part, common hardware are exactly the host of virtual platform.Target instruction target word is used to indicate virtual platform and executes processing operation, including
The operation such as replicated, deleted, being modified to the data in virtual platform, system, software.
202, the memory stack call instruction of target instruction target word is generated.
Memory stack call instruction is used to indicate the corresponding memory sequence of process of host invocation target instruction.Process is
Program in computer is that system carries out the substantially single of Resource Distribution and Schedule about the primary operation activity on certain data acquisition system
Position, is the basis of operating system configuration.Process is primary fortune of the program with standalone feature about some data acquisition system
Row activity.It can apply for and possess system resource, be a dynamic concept, be a movable entity.It is more than journey
The code of sequence further includes current activity, is indicated by the value of program counter and the content of processing register.So target
The process of instruction is the state to be carried in the practical execution of the target instruction target word, can find the practical mesh of target instruction target word
's.The specific data for being related to process are stored in memory sequence, so this step generates the memory stack call instruction of target instruction target word,
To indicate the corresponding memory sequence of process of host invocation target instruction.
203, memory stack call instruction is sent to host, obtains the memory sequence with memory stack call instruction.
The equipment that host refers to carrying virtual platform, is the common hardware of virtual platform.Host is according to memory
Stack call instruction transfers corresponding memory sequence.Virtual platform obtains the memory sequence.Obtain the acquisition side of memory sequence
Formula can be and carry return call result instruction when sending memory stack call instruction, can send memory stack call instruction
Send the execution for obtaining memory sequence again later, in embodiments of the present invention without limitation to the acquisition modes of memory sequence.
204, the command source mark of memory sequence is searched.
Memory sequence is actually a string of characters, and each character in memory sequence has specific meaning, according to
The corresponding meaning of each character of preset memory sequence searches the command source mark in memory sequence.Pass through command source mark
It is virtualization process or host process that knowledge, which can distinguish the corresponding process of target instruction target word,.
205, it is identified according to command source, judges whether the source of target instruction target word is virtual platform.
Preset virtual platform command identification refers to and can be identified for that coming for the process on the process identification (PID) position of memory sequence
Source is the identifier of virtual platform.Judge target instruction target word source whether be virtual platform process, specifically include: judging institute
It states command source mark and whether preset virtual platform command identification is identical;If it is judged that being yes, it is determined that the mesh
The source of mark instruction is the virtual platform;If it is judged that being no, it is determined that the source of the target instruction target word is not institute
State virtual platform.Source for target instruction target word is not the situation of virtual platform, is not discussed in embodiments of the present invention.
206, virtual platform behavior library is established in local system and cloud system respectively.
Virtual platform behavior library is for saving instruction behavior all in the virtual platform.It specifically includes: obtaining
The executable instruction of virtual platform;Search the corresponding instruction behavior of executable instruction;Instruction behavior is counted, it is flat to generate virtualization
Platform behavior library.Wherein, behavior command is the instruction that operating system executes concrete behavior, such as is replicated, and is pasted, typing, read etc.,
The embodiment of the present invention is not specifically limited.From the execution journal of virtual platform, the executable instruction of virtual platform is obtained.
The executable instruction of virtual platform can search in the execution journal of virtual platform, can also use phase according to other
It is searched in execution journal in the virtual platform of biconditional operation system.In embodiments of the present invention, to obtain all can be performed
Instruction be target, to obtain executable instruction acquisition modes without limitation.
It should be noted that in order to improve the inquiry accuracy of instruction behavior, and ensure the advisability of instruction behavior, it needs
Virtual platform behavior library is established respectively in local system and cloud system respectively, also, due to virtual platform library
Method for building up is to be established, therefore, local system and cloud system according to the executable instruction for getting virtual platform
In the instruction that can be performed it is different, the virtual platform library of foundation is also different.In the embodiment of the present invention, it is preferred that for virtualization
The executable instruction of platform is searched from the virtual platform library established in local system first, when inquiry not then, then
Virtual platform library in request cloud system is inquired, and if it exists, is then obtained by request, the embodiment of the present invention pair
The instruction behavior stored in virtual platform library is not specifically limited.
207, if it is judged that be it is yes, then judge whether the corresponding instruction behavior of target instruction target word is stored in preset virtualization
In platform behavior library.
Whether successively compare instruction behavior instruction behavior corresponding with target instruction target word in preset virtual platform behavior library
It is identical, judge whether the corresponding instruction behavior of target instruction target word is stored in preset virtual platform behavior library with this.
If 208, target instruction target word is not held in preset virtual platform behavior library, stop performance objective instruction.
Arranged side by side with step 208, if target instruction target word is stored in preset virtual platform behavior library, performance objective refers to
It enables.If the source of target instruction target word is virtual platform, and the corresponding instruction behavior of target instruction target word is stored in preset virtualization and puts down
In platform behavior library, it can determine that target instruction target word generates in virtual platform really and is lawful acts, then performance objective refers to
Order be it is safe, i.e., when the source of instruction is virtual platform and the corresponding behavior of instruction is in preset virtual platform behavior
It was saved in library, behavior corresponding to such instruction is safe.Opposite, when the source of instruction is not that virtualization is flat
This instruction and corresponding behavior are directly determined as source that is unsafe, or working as instruction without carrying out secondary judgement by platform
For virtual platform, but corresponding behavior is instructed to be not held in preset virtual platform library, such instruction and corresponding
Behavior is also unsafe.It is achieved in the security protection to virtual platform.For example, if target instruction target word be not held in it is preset
In virtual platform behavior library, then illustrating that the corresponding instruction behavior of target instruction target word is not belonging to the instruction of normal virtual platform
Behavior stops performance objective instruction to guarantee the safety of virtual platform.
The present invention provides a kind of safety protecting method of virtual platform, then reception target instruction target word first judges mesh
Whether the source of mark instruction is virtual platform, then judges whether target instruction target word is stored in preset virtual platform behavior library,
Finally stop performance objective instruction if target instruction target word is not held in preset virtual platform behavior library.With prior art phase
Than whether the embodiment of the present invention is stored in preset void by the source of target instruction target word and the corresponding instruction behavior of target instruction target word
In quasi-ization platform behavior library, it is dual judge target instruction target word whether safety, can virtual platform execute, can to virtual platform into
Row effectively protects.
Further, as the realization to method shown in above-mentioned Fig. 1, the embodiment of the invention provides a kind of virtual platforms
Safety device, as shown in figure 3, the device includes:
Receiving unit 31, for receiving target instruction target word, the target instruction target word is used to indicate virtual platform and executes processing behaviour
Make;
Judging unit 32, for judging whether the source of the target instruction target word is virtual platform;
The judging unit 32, be also used to if it is judged that be it is yes, then judge the corresponding dos command line DOS of the target instruction target word
Whether to be stored in preset virtual platform behavior library;
Stop unit 33, if be not held in the preset virtual platform behavior library for the target instruction target word,
Stop executing the target instruction target word.
The present invention provides a kind of safety device of virtual platform, then reception target instruction target word first judges mesh
Whether the source of mark instruction is virtual platform, then judges whether target instruction target word is stored in preset virtual platform behavior library,
Finally stop performance objective instruction if target instruction target word is not held in preset virtual platform behavior library.With prior art phase
Than whether the embodiment of the present invention is stored in preset void by the source of target instruction target word and the corresponding instruction behavior of target instruction target word
In quasi-ization platform behavior library, it is dual judge target instruction target word whether safety, can virtual platform execute, can to virtual platform into
Row effectively protects.
Further, as the realization to method shown in above-mentioned Fig. 2, the embodiment of the invention provides another kind virtualization is flat
The safety device of platform, as shown in figure 4, the device includes:
Receiving unit 41, for receiving target instruction target word, the target instruction target word is used to indicate virtual platform and executes processing behaviour
Make;
Judging unit 42, for judging whether the source of the target instruction target word is virtual platform;
The judging unit 42, be also used to if it is judged that be it is yes, then judge the corresponding dos command line DOS of the target instruction target word
Whether to be stored in preset virtual platform behavior library;
Stop unit 43, if be not held in the preset virtual platform behavior library for the target instruction target word,
Stop executing the target instruction target word.
Further, the judging unit 42, comprising:
Generation module 421, for generating the memory stack call instruction of the target instruction target word;
Module 422 is obtained, for the memory stack call instruction to be sent to host, obtains and is called with the memory stack
The memory sequence of instruction, the host refer to the equipment for carrying the virtual platform;
Searching module 423, the command source for searching the memory sequence identify;
Judgment module 424, for judging whether the source of the target instruction target word is virtual according to described instruction source identification
Change platform.
Further, the judgment module 424, comprising:
Judging submodule 4241, for judge described instruction source identification and preset virtual platform command identification whether phase
Together;
Submodule 4242 is determined, for if it is judged that being yes, it is determined that the source of the target instruction target word is the void
Quasi-ization platform;
The determining submodule 4242 is also used to if it is judged that being no, it is determined that the source of the target instruction target word is not
It is the virtual platform.
Further, described device further include:
Unit 44 is established, judges whether the corresponding instruction behavior of the target instruction target word is stored in preset virtualization for described
Before in platform behavior library, virtual platform behavior library is established in local system and cloud system respectively, it is described virtual
Change platform behavior library for saving instruction behavior all in the virtual platform.
It is further, described to establish unit 44, comprising:
Module 441 is obtained, for obtaining the executable instruction of the virtual platform;
Searching module 442, for searching the corresponding instruction behavior of the executable instruction;
Statistical module 443 generates virtual platform behavior library for counting described instruction behavior.
Further, the acquisition module 441, is used for:
From the execution journal of the virtual platform, the executable instruction of the virtual platform is obtained.
Further, described device further include:
Execution unit 45 judges whether the target instruction target word is stored in it in preset virtual platform behavior library for described
Afterwards, if the target instruction target word is stored in the preset virtual platform behavior library, the target instruction target word is executed.
The present invention provides a kind of safety device of virtual platform, then reception target instruction target word first judges mesh
Whether the source of mark instruction is virtual platform, then judges whether target instruction target word is stored in preset virtual platform behavior library,
Finally stop performance objective instruction if target instruction target word is not held in preset virtual platform behavior library.With prior art phase
Than whether the embodiment of the present invention is stored in preset void by the source of target instruction target word and the corresponding instruction behavior of target instruction target word
In quasi-ization platform behavior library, it is dual judge target instruction target word whether safety, can virtual platform execute, can to virtual platform into
Row effectively protects.
A kind of storage medium is provided according to an embodiment of the present invention, and it is executable that the storage medium is stored at least one
The safety protecting method of the virtual platform in above-mentioned any means embodiment can be performed in instruction, the computer executable instructions.
Fig. 5 shows a kind of structural schematic diagram of the computer equipment provided according to an embodiment of the present invention, the present invention
Specific embodiment does not limit the specific implementation of computer equipment.
As shown in figure 5, the computer equipment may include: processor (processor) 502, communication interface
(Communications Interface) 504, memory (memory) 506 and communication bus 508.
Wherein: processor 502, communication interface 504 and memory 506 complete mutual lead to by communication bus 508
Letter.
Communication interface 504, for being communicated with the network element of other equipment such as client or other servers etc..
Processor 502, for executing program 510, the safety protecting method that can specifically execute above-mentioned virtual platform is real
Apply the correlation step in example.
Specifically, program 510 may include program code, which includes computer operation instruction.
Processor 502 may be central processor CPU or specific integrated circuit ASIC (Application
Specific Integrated Circuit), or be arranged to implement the integrated electricity of one or more of the embodiment of the present invention
Road.The one or more processors that computer equipment includes can be same type of processor, such as one or more CPU;?
It can be different types of processor, such as one or more CPU and one or more ASIC.
Memory 506, for storing program 510.Memory 506 may include high speed RAM memory, it is also possible to further include
Nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.
Program 510 specifically can be used for so that processor 502 executes following operation:
Target instruction target word is received, the target instruction target word is used to indicate virtual platform and executes processing operation;
Whether the source for judging the target instruction target word is virtual platform;
If it is judged that be it is yes, then judge whether the corresponding instruction behavior of the target instruction target word is stored in preset virtualization
In platform behavior library;
If the target instruction target word is not held in the preset virtual platform behavior library, stop executing the target
Instruction.
Obviously, those skilled in the art should be understood that each module of the above invention or each step can be with general
Computing device realize that they can be concentrated on a single computing device, or be distributed in multiple computing devices and formed
Network on, optionally, they can be realized with the program code that computing device can perform, it is thus possible to which they are stored
It is performed by computing device in the storage device, and in some cases, it can be to be different from shown in sequence execution herein
Out or description the step of, perhaps they are fabricated to each integrated circuit modules or by them multiple modules or
Step is fabricated to single integrated circuit module to realize.In this way, the present invention is not limited to any specific hardware and softwares to combine.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair
Change, equivalent replacement, improvement etc., should all include within protection scope of the present invention.
The embodiment of the present invention provides technical solution:
A1, a kind of safety protecting method of virtual platform, comprising:
Target instruction target word is received, the target instruction target word is used to indicate virtual platform and executes processing operation;
Whether the source for judging the target instruction target word is virtual platform;
If it is judged that be it is yes, then judge whether the corresponding instruction behavior of the target instruction target word is stored in preset virtualization
In platform behavior library;
If the target instruction target word is not held in the preset virtual platform behavior library, stop executing the target
Instruction.
Whether A2, method as described in a1, the source for judging the target instruction target word are virtual platform, comprising:
Generate the memory stack call instruction of the target instruction target word;
The memory stack call instruction is sent to host, obtains the memory sequence with the memory stack call instruction,
The host refers to the equipment for carrying the virtual platform;
Search the command source mark of the memory sequence;
According to described instruction source identification, judge whether the source of the target instruction target word is virtual platform.
A3, as described in A2 method, it is described according to described instruction source identification, judge the target instruction target word source whether
For virtual platform, comprising:
Judge whether described instruction source identification and preset virtual platform command identification are identical;
If it is judged that being yes, it is determined that the source of the target instruction target word is the virtual platform;
If it is judged that being no, it is determined that the source of the target instruction target word is not the virtual platform.
A4, method as described in a1, it is described to judge whether the corresponding instruction behavior of the target instruction target word is stored in preset void
Before in quasi-ization platform behavior library, the method also includes:
Virtual platform behavior library, the virtual platform behavior are established in local system and cloud system respectively
Library is for saving instruction behavior all in the virtual platform.
A5, the method as described in A4, it is described to establish the virtual platform row in local system and cloud system respectively
For library, comprising:
Obtain the executable instruction of the virtual platform;
Search the corresponding instruction behavior of the executable instruction;
Described instruction behavior is counted, virtual platform behavior library is generated.
A6, method as described in a5, the executable instruction for obtaining the virtual platform, comprising:
From the execution journal of the virtual platform, the executable instruction of the virtual platform is obtained.
A7, method as described in a1, it is described to judge whether the target instruction target word is stored in preset virtual platform behavior library
In after, the method also includes:
If the target instruction target word is stored in the preset virtual platform behavior library, the target instruction target word is executed.
B8, a kind of safety device of virtual platform, comprising:
Receiving unit, for receiving target instruction target word, the target instruction target word is used to indicate virtual platform and executes processing operation;
Judging unit, for judging whether the source of the target instruction target word is virtual platform;
The judging unit, be also used to if it is judged that be it is yes, then judge the corresponding instruction behavior of the target instruction target word
Whether it is stored in preset virtual platform behavior library;
Stop unit stops if be not held in the preset virtual platform behavior library for the target instruction target word
Only execute the target instruction target word.
B9, the device as described in B8, state judging unit, comprising:
Generation module, for generating the memory stack call instruction of the target instruction target word;
Module is obtained, for the memory stack call instruction to be sent to host, obtains and refers to memory stack calling
The memory sequence of order, the host refer to the equipment for carrying the virtual platform;
Searching module, the command source for searching the memory sequence identify;
Judgment module, for judging whether the source of the target instruction target word is virtualization according to described instruction source identification
Platform.
B10, the device as described in B9, the judgment module, comprising:
Judging submodule, for judging whether described instruction source identification and preset virtual platform command identification are identical;
Submodule is determined, for if it is judged that being yes, it is determined that the source of the target instruction target word is the virtualization
Platform;
The determining submodule is also used to if it is judged that being no, it is determined that the source of the target instruction target word is not institute
State virtual platform.
B11, the device as described in B1, described device further include:
Unit is established, judges whether the corresponding instruction behavior of the target instruction target word is stored in preset virtualization and puts down for described
Before in platform behavior library, virtual platform behavior library, the virtualization are established in local system and cloud system respectively
Platform behavior library is for saving instruction behavior all in the virtual platform.
B12, device as described in b11, it is described to establish unit, comprising:
Module is obtained, for obtaining the executable instruction of the virtual platform;
Searching module, for searching the corresponding instruction behavior of the executable instruction;
Statistical module generates virtual platform behavior library for counting described instruction behavior.
B13, as described in B12 device, the acquisition module, are used for:
From the execution journal of the virtual platform, the executable instruction of the virtual platform is obtained.
B14, the device as described in B8, described device further include:
Execution unit judges whether the target instruction target word is stored in it in preset virtual platform behavior library for described
Afterwards, if the target instruction target word is stored in the preset virtual platform behavior library, the target instruction target word is executed.
C15, a kind of storage medium are stored with an at least executable instruction, the executable instruction in the storage medium
The corresponding operation of safety protecting method for the virtual platform for executing processor as described in any one of A1-A7.
D16, a kind of computer equipment, comprising: processor, memory, communication interface and communication bus, the processor,
The memory and the communication interface complete mutual communication by the communication bus;
The memory executes the processor such as storing an at least executable instruction, the executable instruction
The corresponding operation of the safety protecting method of virtual platform described in any one of A1-A7.
Claims (10)
1. a kind of safety protecting method of virtual platform characterized by comprising
Target instruction target word is received, the target instruction target word is used to indicate virtual platform and executes processing operation;
Whether the source for judging the target instruction target word is virtual platform;
If it is judged that be it is yes, then judge whether the corresponding instruction behavior of the target instruction target word is stored in preset virtual platform
In behavior library;
If the target instruction target word is not held in the preset virtual platform behavior library, stops executing the target and refer to
It enables.
2. the method as described in claim 1, which is characterized in that whether the source for judging the target instruction target word is virtualization
Platform, comprising:
Generate the memory stack call instruction of the target instruction target word;
The memory stack call instruction is sent to host, obtains the memory sequence with the memory stack call instruction, it is described
Host refers to the equipment for carrying the virtual platform;
Search the command source mark of the memory sequence;
According to described instruction source identification, judge whether the source of the target instruction target word is virtual platform.
3. method according to claim 2, which is characterized in that it is described according to described instruction source identification, judge the target
Whether the source of instruction is virtual platform, comprising:
Judge whether described instruction source identification and preset virtual platform command identification are identical;
If it is judged that being yes, it is determined that the source of the target instruction target word is the virtual platform;
If it is judged that being no, it is determined that the source of the target instruction target word is not the virtual platform.
4. the method as described in claim 1, which is characterized in that described whether to judge the corresponding instruction behavior of the target instruction target word
Before being stored in preset virtual platform behavior library, the method also includes:
Virtual platform behavior library is established in local system and cloud system respectively, virtual platform behavior library is used
All instruction behaviors in the preservation virtual platform.
5. method as claimed in claim 4, which is characterized in that described respectively in local system and cloud system described in foundation
Virtual platform behavior library, comprising:
Obtain the executable instruction of the virtual platform;
Search the corresponding instruction behavior of the executable instruction;
Described instruction behavior is counted, virtual platform behavior library is generated.
6. method as claimed in claim 5, which is characterized in that the executable instruction for obtaining the virtual platform, packet
It includes:
From the execution journal of the virtual platform, the executable instruction of the virtual platform is obtained.
7. the method as described in claim 1, which is characterized in that described to judge whether the target instruction target word is stored in preset virtual
After changing in platform behavior library, the method also includes:
If the target instruction target word is stored in the preset virtual platform behavior library, the target instruction target word is executed.
8. a kind of safety device of virtual platform characterized by comprising
Receiving unit, for receiving target instruction target word, the target instruction target word is used to indicate virtual platform and executes processing operation;
Judging unit, for judging whether the source of the target instruction target word is virtual platform;
The judging unit, be also used to if it is judged that be it is yes, then whether judge the corresponding instruction behavior of the target instruction target word
It is stored in preset virtual platform behavior library;
Stop unit, if be not held in the preset virtual platform behavior library for the target instruction target word, stopping is held
The row target instruction target word.
9. a kind of storage medium, it is stored with an at least executable instruction in the storage medium, the executable instruction makes to handle
Device executes the corresponding operation of safety protecting method such as the described in any item virtual platforms of claim 1-7.
10. a kind of computer equipment, comprising: processor, memory, communication interface and communication bus, the processor described are deposited
Reservoir and the communication interface complete mutual communication by the communication bus;
The memory executes the processor as right is wanted for storing an at least executable instruction, the executable instruction
Ask the corresponding operation of safety protecting method of the described in any item virtual platforms of 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811645508.1A CN109800570A (en) | 2018-12-29 | 2018-12-29 | A kind of safety protecting method and device of virtual platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811645508.1A CN109800570A (en) | 2018-12-29 | 2018-12-29 | A kind of safety protecting method and device of virtual platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109800570A true CN109800570A (en) | 2019-05-24 |
Family
ID=66558164
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811645508.1A Pending CN109800570A (en) | 2018-12-29 | 2018-12-29 | A kind of safety protecting method and device of virtual platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109800570A (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102521531A (en) * | 2011-11-24 | 2012-06-27 | 华中科技大学 | Password protection system based on hardware virtualization |
| CN103399812A (en) * | 2013-07-22 | 2013-11-20 | 西安电子科技大学 | Magnetic disc file operation monitoring system and monitoring method based on Xen hardware virtualization |
| CN105159744A (en) * | 2015-08-07 | 2015-12-16 | 浪潮电子信息产业股份有限公司 | Virtual machine measurement method and apparatus |
| CN105607945A (en) * | 2015-12-22 | 2016-05-25 | 中国科学院信息工程研究所 | Asynchronous monitoring interception system and method of host behavior on the basis of virtualization |
| US20160205116A1 (en) * | 2015-01-13 | 2016-07-14 | Sangfor Technologies Company Limited | Method and system for virtual security isolation |
| CN106156621A (en) * | 2016-06-30 | 2016-11-23 | 北京奇虎科技有限公司 | A kind of method and device detecting virtual machine escape |
| CN106528269A (en) * | 2016-11-08 | 2017-03-22 | 西安电子科技大学 | Light weight virtual machine access control system and method |
| CN106709330A (en) * | 2016-07-29 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Method and device for recording file execution behavior |
| CN106778258A (en) * | 2016-12-08 | 2017-05-31 | 北京国电通网络技术有限公司 | A kind of host safety protecting method and device |
| US20180060572A1 (en) * | 2016-08-24 | 2018-03-01 | Citrix Systems, Inc. | Tracking and Managing Virtual Desktops Using Signed Tokens |
| CN108123939A (en) * | 2017-12-14 | 2018-06-05 | 华中师范大学 | Malicious act real-time detection method and device |
-
2018
- 2018-12-29 CN CN201811645508.1A patent/CN109800570A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102521531A (en) * | 2011-11-24 | 2012-06-27 | 华中科技大学 | Password protection system based on hardware virtualization |
| CN103399812A (en) * | 2013-07-22 | 2013-11-20 | 西安电子科技大学 | Magnetic disc file operation monitoring system and monitoring method based on Xen hardware virtualization |
| US20160205116A1 (en) * | 2015-01-13 | 2016-07-14 | Sangfor Technologies Company Limited | Method and system for virtual security isolation |
| CN105159744A (en) * | 2015-08-07 | 2015-12-16 | 浪潮电子信息产业股份有限公司 | Virtual machine measurement method and apparatus |
| CN105607945A (en) * | 2015-12-22 | 2016-05-25 | 中国科学院信息工程研究所 | Asynchronous monitoring interception system and method of host behavior on the basis of virtualization |
| CN106156621A (en) * | 2016-06-30 | 2016-11-23 | 北京奇虎科技有限公司 | A kind of method and device detecting virtual machine escape |
| CN106709330A (en) * | 2016-07-29 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Method and device for recording file execution behavior |
| US20180060572A1 (en) * | 2016-08-24 | 2018-03-01 | Citrix Systems, Inc. | Tracking and Managing Virtual Desktops Using Signed Tokens |
| CN106528269A (en) * | 2016-11-08 | 2017-03-22 | 西安电子科技大学 | Light weight virtual machine access control system and method |
| CN106778258A (en) * | 2016-12-08 | 2017-05-31 | 北京国电通网络技术有限公司 | A kind of host safety protecting method and device |
| CN108123939A (en) * | 2017-12-14 | 2018-06-05 | 华中师范大学 | Malicious act real-time detection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111492624B (en) | Method and control system for controlling and/or monitoring a device | |
| Tanenbaum et al. | An overview of the Amoeba distributed operating system | |
| US9998490B2 (en) | Security management in a networked computing environment | |
| EP3652885B1 (en) | Secure token passing via blockchains | |
| CN100428168C (en) | Method, system and program product for capturing central processing unit (CPU) utilization for a virtual machine | |
| EP1526456B1 (en) | Integration of high-assurance features into an application through application factoring | |
| CN114723447A (en) | Agent-based graph-based transaction-intensive integrated feedback within blockchain systems | |
| EP1271282A2 (en) | Multiple trusted computing environments | |
| CN111543031A (en) | Method and control system for controlling and/or monitoring a device | |
| AU2021268917B2 (en) | Quantum computing machine learning for security threats | |
| CN108475223A (en) | The stack return address protected by caller in the stack construction of hardware management | |
| CN111492355B (en) | Method and control system for controlling and/or monitoring a device | |
| US11412047B2 (en) | Method and control system for controlling and/or monitoring devices | |
| US11650869B2 (en) | Quantum computing service with local edge devices supporting multiple quantum computing technologies | |
| CN111538558A (en) | System and method for automatically selecting secure virtual machines | |
| CN112396521A (en) | Reducing risk of intelligent contracts in blockchains | |
| JP7358005B2 (en) | Native code generation for cloud services | |
| AU2020233906B2 (en) | Secure execution guest owner controls for secure interface control | |
| EP4071600A1 (en) | Method and system for generating and executing a software appliance | |
| CN113220475A (en) | Transaction data processing method and device, computer equipment and storage medium | |
| CN109800570A (en) | A kind of safety protecting method and device of virtual platform | |
| CN114969832B (en) | Private data management method and system based on server-free architecture | |
| CN112425121A (en) | Usage control data network for distributed databases | |
| CN114039751B (en) | Network dynamic sensing device, system and method | |
| KR102541888B1 (en) | Image-based malicious code analysis method and apparatus and artificial intelligence-based endpoint detection and response system using the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 519085 No. 501, 601, building 14, kechuangyuan, Gangwan No. 1, Jintang Road, Tangjiawan Town, high tech Zone, Zhuhai City, Guangdong Province Applicant after: Qianxin Safety Technology (Zhuhai) Co.,Ltd. Applicant after: QAX Technology Group Inc. Address before: 519085 No. 501, 601, building 14, kechuangyuan, Gangwan No. 1, Jintang Road, Tangjiawan Town, high tech Zone, Zhuhai City, Guangdong Province Applicant before: 360 ENTERPRISE SECURITY TECHNOLOGY (ZHUHAI) Co.,Ltd. Applicant before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190524 |