CN110457909A - Loophole restorative procedure, device and the computer equipment of virutal machine memory - Google Patents
Loophole restorative procedure, device and the computer equipment of virutal machine memory Download PDFInfo
- Publication number
- CN110457909A CN110457909A CN201910755291.8A CN201910755291A CN110457909A CN 110457909 A CN110457909 A CN 110457909A CN 201910755291 A CN201910755291 A CN 201910755291A CN 110457909 A CN110457909 A CN 110457909A
- Authority
- CN
- China
- Prior art keywords
- memory
- code
- region
- loophole
- paging
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 142
- 230000008569 process Effects 0.000 claims abstract description 88
- 230000008439 repair process Effects 0.000 claims abstract description 13
- 238000012360 testing method Methods 0.000 claims description 35
- 238000004590 computer program Methods 0.000 claims description 16
- 238000005516 engineering process Methods 0.000 claims description 15
- 238000004886 process control Methods 0.000 claims description 9
- 230000002159 abnormal effect Effects 0.000 claims description 7
- 230000004048 modification Effects 0.000 abstract description 8
- 238000012986 modification Methods 0.000 abstract description 8
- 238000011112 process operation Methods 0.000 abstract description 6
- 238000011084 recovery Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 11
- 238000006243 chemical reaction Methods 0.000 description 4
- 238000013507 mapping Methods 0.000 description 4
- 239000011800 void material Substances 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000009467 reduction Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000005611 electricity Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000006641 stabilisation Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 210000004556 brain Anatomy 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 239000011248 coating agent Substances 0.000 description 1
- 238000000576 coating method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 230000007717 exclusion Effects 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000006386 memory function Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000000465 moulding Methods 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 235000015170 shellfish Nutrition 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45583—Memory management, e.g. access or allocation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Abstract
The present invention relates to loophole restorative procedure, device and the computer equipments of virutal machine memory, belong to loophole recovery technique field.This method comprises: determining the first region of memory where bug code;Loophole patch is loaded into the second region of memory, to carry out loophole reparation to the bug code in the second region of memory;Second region of memory is shadow EMS memory corresponding with the first region of memory region;Bug code is preserved in second region of memory;The operation process for controlling virtual machine becomes running second code from operation first code;First code is the code in the first region of memory, and second code is the code in the second region of memory by loophole reparation.Above-mentioned technical proposal, the patching bugs code in shadow EMS memory region, and control operation process operation loophole repair after shadow EMS memory region, do not need modification main memory in code it is ensured that virtual machine business normal operation.
Description
Technical field
The present invention relates to loophole recovery technique fields, more particularly to loophole restorative procedure, device, the meter of virutal machine memory
Calculate machine equipment and storage medium.
Background technique
Current cloud can install one simulated by software virtual machine to make full use of resource on entity device
Platform virtual machine, i.e., server in logic, in the virtual machine operational process, user can be as the operation one to actual physical machine
Sample operates virtual machine.For example, when detect start a leak in virtual machine when, can be right by way of upgrade code
The high-risk loophole is repaired, and still, the premise for completing the reparation of system level vulnerability is to close or restart the virtual machine, such as
The problem of this virtual machine interruption will occurs or shut down;Due in virtual machine simultaneously run multiple application programs, if close or
Person restarts the virtual machine, will cause the interruption of virtual machine business.
In view of the above-mentioned problems, traditional solution is that directly loophole reparation patch is injected into region of memory, modify
The corresponding program code of loophole in region of memory.But due to the diversity of system running environment and the complexity of loophole, directly
It is high for connecing the risk modified to existing internal storage code, once mistake occur will be irretrievable.
Summary of the invention
Based on this, the embodiment of the invention provides the loophole restorative procedure of virutal machine memory, device, computer equipment and deposit
Loophole patch can be loaded into shadow EMS memory by storage media, without directly modifying existing memory, guarantee virtual machine business just
Often operation.
The content of the embodiment of the present invention is as follows:
In a first aspect, the embodiment of the present invention provides a kind of loophole restorative procedure of virutal machine memory, comprising the following steps: really
Determine the first region of memory where bug code;Loophole patch is loaded into the second region of memory, to second memory
Bug code in region carries out loophole reparation;Second region of memory is in shadow corresponding with first region of memory
Deposit region;The bug code is preserved in second region of memory;Bug code in second region of memory is repaired
After multiple completion, the operation process for controlling the virtual machine becomes running second code from operation first code;The first generation
Code is the code in the first region of memory, and the second code is by the generation in second region of memory of loophole reparation
Code.
Second aspect, the embodiment of the present invention provide a kind of loophole prosthetic device of virutal machine memory, comprising: region determines mould
Block, for determining the first region of memory where bug code;Loophole repair module, for loophole patch to be loaded into second
It deposits in region, to carry out loophole reparation to the bug code in second region of memory;Second region of memory for institute
State the corresponding shadow EMS memory region of the first region of memory;The bug code is preserved in second region of memory;Process control
Molding block, for after the bug code reparation in second region of memory is completed, control the operation of the virtual machine into
Journey becomes running second code from operation first code;The first code be the first region of memory in code, described second
Code is by the code in second region of memory of loophole reparation.
The third aspect, the embodiment of the present invention provide a kind of computer equipment, including memory and processor, the memory
It is stored with computer program, the processor is performed the steps of when executing the computer program where determining bug code
The first region of memory;Loophole patch is loaded into the second region of memory, to the loophole generation in second region of memory
Code carries out loophole reparation;Second region of memory is shadow EMS memory region corresponding with first region of memory;Described
The bug code is preserved in two region of memory;After the bug code reparation in second region of memory is completed, control
The operation process for making the virtual machine becomes running second code from operation first code;The first code is the first memory field
Code in domain, the second code are by the code in second region of memory of loophole reparation.
Fourth aspect, the embodiment of the present invention provide a kind of computer readable storage medium, are stored thereon with computer program,
The computer program performs the steps of the first region of memory where determining bug code when being executed by processor;It will leakage
Hole patch is loaded into the second region of memory, to carry out loophole reparation to the bug code in second region of memory;It is described
Second region of memory is shadow EMS memory region corresponding with first region of memory;It is saved in second region of memory
State bug code;After the bug code reparation in second region of memory is completed, control the operation of the virtual machine into
Journey becomes running second code from operation first code;The first code be the first region of memory in code, described second
Code is by the code in second region of memory of loophole reparation.
Loophole restorative procedure, device, computer equipment and the storage medium of above-mentioned virutal machine memory determine bug code institute
The first region of memory, create the first region of memory shadow EMS memory region, the patching bugs code in shadow EMS memory region,
And the shadow EMS memory region after operation process operation loophole is repaired is controlled, the code in modification main memory is not needed it is ensured that void
The normal operation of quasi- machine business.
Detailed description of the invention
Fig. 1 is the applied environment figure of the loophole restorative procedure of virutal machine memory in one embodiment;
Fig. 2 is the flow diagram of the loophole restorative procedure of virutal machine memory in one embodiment;
Fig. 3 is the structural schematic diagram that memory is virtualized in one embodiment;
Fig. 4 is the structural schematic diagram of paging in one embodiment;
Fig. 5 is the structural schematic diagram that memory is virtualized in another embodiment;
Fig. 6 is the structural schematic diagram of paging in another embodiment;
Fig. 7 is the flow diagram of the loophole restorative procedure of virutal machine memory in another embodiment;
Fig. 8 is the flow diagram of the loophole restorative procedure of virutal machine memory in further embodiment;
Fig. 9 is the structural block diagram of the loophole prosthetic device of virutal machine memory in one embodiment.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
Referenced herein " embodiment " is it is meant that a particular feature, structure, or characteristic described can wrap in conjunction with the embodiments
It is contained at least one embodiment of the application.Each position in the description occur the phrase might not each mean it is identical
Embodiment, nor the independent or alternative embodiment with other embodiments mutual exclusion.Those skilled in the art explicitly and
Implicitly understand, embodiment described herein can be combined with other embodiments.
The loophole restorative procedure of virutal machine memory provided by the present application can be applied to computer equipment as shown in Figure 1
In.The computer equipment can be server, be also possible to terminal device, and internal structure chart can be as shown in Figure 1.The calculating
Machine equipment includes that the computer equipment includes processor, memory, network interface and the input unit connected by system bus
Deng.Wherein, memory includes non-volatile memory medium and built-in storage.The non-volatile memory medium of the computer equipment is deposited
Operating system is contained, computer program can be also stored with, when which is executed by processor, processor may make to realize
The loophole restorative procedure of virutal machine memory.Computer program can also be stored in the built-in storage, the computer program is processed
When device executes, processor may make to execute the loophole restorative procedure of virutal machine memory.The input unit of computer equipment can be
The touch layer covered on display screen is also possible to the key being arranged on computer equipment shell, trace ball or Trackpad, can be with
It is external keyboard, Trackpad or mouse etc., the network interface of computer equipment is used to pass through network connection with external terminal
Communication.Wherein, when which is server, the service of the either multiple server compositions of independent server can be used
Device cluster is realized;When the computer equipment is terminal device, it can be, but not limited to be various personal computers, notebook electricity
Brain, smart phone, tablet computer and portable wearable device.
It will be understood by those skilled in the art that structure shown in Fig. 1, only part relevant to application scheme is tied
The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme, specific computer equipment
It may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.
Loophole restorative procedure, device, computer equipment and the storage that the embodiment of the present invention provides a kind of virutal machine memory are situated between
Matter.It is described in detail separately below.
In one embodiment, as shown in Fig. 2, providing a kind of loophole restorative procedure of virutal machine memory.In this way
Applied to being illustrated for the computer equipment in Fig. 1, comprising the following steps:
S201, the first region of memory where bug code is determined.
Explain first to virtualization technology: virtualization (English: Virtualization) is a kind of resource management skill
Art is by the various actual resources of computer, such as server, network, memory and storage, be abstracted, convert after show
Come, breaks the not cleavable obstacle between entity structure, allow user than the configuration better way of script to apply these
Resource.The virtual part of these resources is not limited by the erection mode of existing resource, region or configuration.General meaning
Virtualization resource includes computing capability and data storage.Virtual machine refers to the equipment simulated by virtualization technology, it is benefit
With virtualization technology simulate with complete hardware system function, operate in complete computers system in an isolation environment
System.Virtualization memory is a part of virtualization technology, it is responsible for virtual machine and provides internal memory virtualization, is sense in virtual machine
Know less than existing for virtualization memory, is used just as true physical memory.Further, main memory is virtual owner
Memory to be used, system in virtual machine and memory required for servicing are used from main memory.
Loophole may occur for virtual machine after running for a period of time, and what virtual machine referred in embodiments of the present invention is mainly
The goal systems for needing to repair.Loophole is being lacked present on hardware, software, the specific implementation of agreement or System Security Policy
It falls into, so as to so that attacker can access or destroy system in the case where unauthorized.And the application program of virtual machine occurs
When loophole, this loophole is tended to occur in the particular address range in virtualization main memory.
In one embodiment, the step of determining the first region of memory where bug code is specifically as follows: obtaining empty
The loophole description information of quasi- machine;According to the loophole description information, the first region of memory where bug code is determined.
Wherein, loophole description information refers to the information that loophole address, loophole severity etc. can be described.
Further, loophole description information can refer to the loophole patch details that service supplier provides, and can determine leakage by the information
The memory address in hole;In addition, if service supplier does not provide, it can be by the way that by upgrade file, (upgrade file can be pair
The file that loophole in existing file obtains after being repaired) and existing file compare to determine.
Further, computer equipment receives loophole description information, determines the position to start a leak in virtual machine main memory
It sets, and the corresponding address area in the position can be used as the first region of memory.
Certainly, in some embodiments, the first region of memory may not be the region in main memory, such as: Ke Yiwei
The region in external memory except main memory, in such a case, it is possible to be leaked when external memory starts a leak code
Hole is repaired and the replacement of region of memory, guarantees the normal operation of virtual machine operation process.
S202, loophole patch is loaded into the second region of memory, to the bug code in second region of memory
Carry out loophole reparation;Second region of memory is shadow EMS memory region corresponding with first region of memory;Described second
The bug code is preserved in region of memory.
Wherein, loophole patch refers to that the code for replacement can be can be to the data that bug code is repaired,
It can be instruction staff or computer equipment carry out the related data of code revision.It can be provided by service supplier,
It can also be write, can also be generated according to certain patch generating algorithm according to bug code by administrative staff.To the second memory
Bug code progress loophole reparation in region, which can be, replaces bug code with the corresponding code of loophole patch, is also possible to root
It modifies, can also be the generation in the second region of memory directly to the sentence to go wrong in bug code according to loophole patch
Code replaces with the code segment of not bug code, can also be other loophole repair modes.
The realization process for creating the second region of memory can be with are as follows: determines the size of first region of memory;In outside
Deposit middle creation the second region of memory corresponding with the size of first region of memory;The external memory is virtual machine main memory
Region of memory in addition;Object code in first region of memory is copied in second region of memory;Wherein, institute
Stating in object code includes the bug code.As shown in figure 3, having applied for one and the first memory field main memory area is overseas
Domain shadow EMS memory region of the same size (includes leakage as the second region of memory, and by the code in the first region of memory
The object code of hole code) it copies in the second region of memory, loophole to be repaired is just contained in the second region of memory at this time
Code.Loophole patch is loaded into the second region of memory, it can be by the loophole patch to the loophole generation in the second region of memory
Code is repaired.It is the first memory since the code that the second region of memory and the first region of memory are in the same size, are included is consistent
The duplication of code, it can be understood as the replacement area of the first region of memory.Therefore, the second region of memory is become into the first memory field
The shadow EMS memory in domain.
Further, the size of the second region of memory can also be inconsistent with the first region of memory, it might even be possible to only with leakage
The address range of hole code is corresponding.
Further, it is can wrap in region of memory containing multiple pagings, and the first region of memory and the second memory
Region can correspond to one, two even more than paging.In some embodiments, a paging can also correspond to
Multiple first region of memory or multiple second region of memory.
In this step, computer equipment creates shadow EMS memory corresponding with the first region of memory region, obtains in second
Region (being referred to as patch memory or loophole memory) is deposited, and loophole patch is loaded into the second region of memory, to
Bug code in two region of memory is repaired.
S203, in second region of memory bug code reparation complete after, control the operation of the virtual machine
Process becomes running second code from operation first code;The first code is the code in the first region of memory, described the
Two codes are by the code in second region of memory of loophole reparation.
Virtual machine has multiple processes in the process of running and is running, and can access first in need in these operation processes
The process of region of memory.Information relevant to first code in these operation processes can be substituted for and second code phase at this time
The information of pass, by such operation, these operation processes will directly access the second region of memory, and the second memory field at this time
Code in domain has been completed loophole reparation, therefore there is no need to run the bug code in the first region of memory, in this way
Operation being normally carried out for operation process can be effectively ensured.
In the case of corresponding with the address range of bug code for aforementioned second region of memory, the specific implementation of loophole reparation
Process can be with are as follows: creates shadow EMS memory corresponding with a bug code B region (i.e. patch memory) in external memory, will leak
Hole patch is loaded into progress loophole reparation in patch memory.It in the steps afterwards, can be by the operation process of the virtual machine
Code in middle bug code B replaces with the code in patch memory, so that the code that operation process is run all is accurate nothing
Accidentally.
It further, can also be by these business if being stored with the business datum except code in the first region of memory
Data copy in the second region of memory, and operation process directly accesses second when needing to read or corresponding service data being written
Region of memory simultaneously operates corresponding business datum.
The loophole restorative procedure of virutal machine memory provided in this embodiment determines bug code institute in virtual machine main memory
The first region of memory, create the first region of memory shadow EMS memory region, the patching bugs code in shadow EMS memory region,
And the shadow EMS memory region after operation process operation loophole is repaired is controlled, the code in modification main memory is not needed it is ensured that void
The normal operation of quasi- machine business, can effectively prevent the risk directly modified to existing internal storage code.
In one embodiment, the operation process of the control virtual machine becomes operation second from operation first code
The step of code, comprising: obtain the control register page table of the operation process;By first in the control register page table
Paging is mounted in the second paging;First paging is corresponding with first region of memory, second paging and described the
Two region of memory are corresponding.In the present embodiment, the first paging can directly be interpreted as the first region of memory, and the second paging can be straight
It connects and is interpreted as the second region of memory.
Currently used virtualization memory is EPT (Shadow Page Tables extends page table) technology by Intel
It generates, it is of course also possible to which the NPT technology by AMD generates.
By taking EPT technology as an example, control register page table can (control register 3, the memory for representing process be empty for CR3
Between) in page table.Further, EPT (EPT is a kind of page mapping mechanisms) draws on the basis of original CR3 page table address maps
EPT page table is entered to realize another layer of mapping, i.e., memory uses two layers of address conversion under virtualized environment, realizes GVA-
The address conversion twice of > GPA- > HPA is all completed by hardware: the visible Guest virtual memory address of Guest application program
(Guest Virtual Address's, GVA) to guest physical address (Guest Physical Address, GPA) turns
It changes, then from guest physical address to the conversion of host physical address (Host Physical Address, HPA).
Further, paging mapping is exactly that entire big memory is divided into small internal storage location page by page, every page
Memory all can be managed individually, and region of memory is exactly multiple pagings.The virtualization memory generated by EPT technology can
With as shown in figure 4, in Fig. 4, memory is divided into multiple regions, and each region is as a paging, wherein 401 be first
Paging, 402 be the second paging.Before carry, operation process accesses the first paging 401 (such as Fig. 4 a) in the process of running, and hangs
After load, operation process becomes accessing the second paging 402 (such as Fig. 4 b).
In some embodiments, the case where corresponding to multiple pagings for the first region of memory and the second region of memory carries out
When carry, some where bug code or certain pagings can be subjected to carry;And multiple first are corresponded to for a paging
Paging where bug code when carrying out carry, can be carried out carry by the case where region of memory or multiple second region of memory.
That is, it needs to be determined paging shared by bug code be which or which, this or these paging is subjected to carry.
Specifically, first paging by the control register page table is mounted to the step in the second paging, wraps
It includes: locking first paging;According to extension page table technology (i.e. EPT technology), by the first paging described in the operation program
Address replace with the address of second paging;Release the locking of first paging.Virtual machine CPU can also be referred to as
VCPU。
Wherein, the first paging is locked, that is, is arranged to not can be performed.If the first paging quilt in the replacement process of address
Modification, and the second paging is also broken down, then corresponding code can not be just performed, therefore by way of locking the first paging
The integrality and correctness of code in region of memory can be effectively ensured.
VCPU state can be modified in the replacement process of address, it is therefore desirable to the contextual information of portion VCPU is saved in advance,
After completing address replacement process, the normal operation of VCPU context can be restored.
Further, first paging by the control register page table is mounted to the step in the second paging,
It include: locking first paging;Save the contextual information of virtual machine CPU;According to extension page table technology, by the operation journey
The address of first paging described in sequence replaces with the address of second paging;Release the locking of first paging.
The loophole restorative procedure of virutal machine memory provided by the above embodiment, due to the influence of Multi-core, using straight
The normal operation that the mode of copy may influence the course is connect, the embodiment of the present invention is repaired by the way of EPT replacement, by
It is a kind of page mapping mechanisms in EPT, therefore the paging of hole area in main memory is substituted for the paging of shadow EMS memory, in this way
Modification can be effectively prevented from direct copying main memory and cause various stationary problems, guarantee the normal operation of virtual machine process.
In some embodiments, the first paging can be released after a period of stabilisation in operation process, it can be used for
Store other information;Alternatively, it is also possible to the information preservation that will be originally stored in the first paging on hard disk, to prevent in memory
Repetition saves unnecessary information, improves the utilization rate of memory.
In one embodiment, described to be created and the size corresponding second of first region of memory in external memory
After the step of region of memory, further includes: created in the external memory corresponding with the size of first region of memory
Archive memory region;The object code is copied in the archive memory region (can also be referred to as archive memory);It copies
Shellfish is to the object code in the archive memory region for backing up to second region of memory.Wherein, archive memory
The size in region can be consistent with the first region of memory, can also be inconsistent with the first region of memory, it might even be possible to only and loophole
The address range of code is corresponding.
Wherein, archive memory region is same it can be appreciated that shadow EMS memory region, schematic diagram can be as shown in Figure 5.
The realization process backed up to the second region of memory can be as shown in Figure 6.Before backup operation, process is run
The second paging 402 (such as Fig. 6 a) is accessed, and after backup operation, operation process becomes accessing third paging 601 (such as Fig. 6 b).
Code in archive memory region may be repaired can also be without repairing, in the code of the second region of memory
The code in failure luck traveling Cheng Yunhang archive memory region is run, the case where for being repaired without archive memory,
It can be right so that virtual machine is restored to the preprosthetic state of loophole (can be understood as being reduced to the preprosthetic state of loophole)
In carry out archive memory reparation the case where, then it can guarantee the correctness of the run code of operation process of the virtual machine and complete
Whole property.
Further, the operation process of the control virtual machine becomes running second code from operation first code
After step, further includes: monitor the operation process to the first operating status of the second code;If according to first fortune
It is abnormal that row state determines that second code occurs, and control the operation process becomes running third code from operation second code;Institute
Stating third code is the code in the archive memory region.
Further, the operation process of the control virtual machine becomes running second code from operation first code
The step of after, further includes: monitor the operation process to the first operating status of the second code;If according to described first
It is abnormal that operating status determines that second code occurs, and the loophole patch is loaded into the archive memory region to bug code
Carry out loophole reparation;Control the operation process becomes running forth generation code from operation second code;The forth generation code is warp
Cross the code in the archive memory region of loophole reparation.
Further, in one embodiment, shadow EMS memory region is the local copies of main memory, when needing patching bugs
When, copy twice is carried out to the hole area in main memory and generates archive memory and patch memory.Archive memory and patch memory
Function be described as follows:
A) it archive memory: is restored when occurring abnormal after repair.
B) patch memory: loophole is repaired in patch memory first, and the patch memory and main memory by loophole reparation are same
Step.
In some embodiments, if it is determined that exception occurs in the code in patch memory, and by archive memory region
Backup has been carried out to patch memory to repair, then can discharge patch memory.Meanwhile operation process after a period of stabilisation,
Archive memory can be discharged, and only retain patch memory.Such processing mode can improve the utilization rate of virutal machine memory.
The loophole restorative procedure of virutal machine memory provided by the above embodiment is monitored virtual after loophole reparation using EPT
The internal storage access of machine, in case of exception, can use archive memory and carry out in time so as to monitor whether loophole is repaired
Early warning and reduction avoid the risk of virtual machine delay machine.
In one embodiment, the operation process for controlling the virtual machine becomes running second code from operation first code
The step of, further includes: creation test process;It controls the test process and runs the second code;Acquire test process
To the second operating status of the second code;If determining that loophole reparation is successful according to second operating status, described in control
Operation process becomes running second code from operation first code.
The present embodiment can be understood as the process tested patch, which can start a test in virtual machine
The CR3 of the process is mounted on shadow EMS memory region by process using EPT, and then the operation test code in test process, is looked into
See whether generate exception.The specific method is as follows:
A) virtual machine creates test process by CreateProcess.
B) virtual machine management program capture syscall is called, and is the discovery that test process.
C) test process CR3 page table is modified, the paging of hole area is mounted in the corresponding paging of patch memory, that is,
It will be in patch memory applications to test process.
D) test process is continued to run.
It further, can if patch test is by (determining loophole reparation success according to second operating status)
To control the code in operation process operation shadow EMS memory;If patch test does not pass through, loophole patch can be added again
It is downloaded to progress loophole reparation in patch memory, loophole patch can also be reacquired and leaked with being re-loaded in patch memory
Hole is repaired, and the process of patch test is repeated after the completion of reparation.
Due to system operation environment be it is complicated and changeable, patch test can confirm that loophole whether repair and this benefit
Fourth can or can not bring other influences.Above-described embodiment can carry out the code Jing Guo loophole reparation after the completion of loophole is repaired
The correctness of the run code of operation process can be effectively ensured in test, such processing mode, guarantee the normal of virtual machine business
It carries out.
In one embodiment, as shown in fig. 7, providing a kind of loophole restorative procedure of virutal machine memory, including following step
It is rapid:
S701, the loophole description information for obtaining virtual machine.
S702, the first region of memory according to loophole description information, in virtual machine main memory where determining bug code.
S703, the size for determining first region of memory.
S704, the second region of memory corresponding with the size of the first region of memory and backup are respectively created in external memory
Region of memory;Wherein, external memory is the region of memory other than virtual machine main memory.
S705, the object code in the first region of memory is individually copied to the second region of memory and archive memory region
In;It wherein, include the bug code in object code.
S706, loophole patch is loaded into the second region of memory, to be carried out to the bug code in the second region of memory
Loophole reparation.
S707, creation test process;Control test process operation second code;Wherein, second code is by loophole
The code in the second region of memory repaired.
S708, test process is obtained to the operating status of second code.
If S709, determining loophole reparation success according to the operating status, the CR3 page table of the operation process of virtual machine is obtained.
S710, locking the first paging corresponding with the first region of memory, and save the contextual information of virtual machine CPU.
S711, according to EPT technology, the first paging in CR3 page table is mounted to the second paging;Release the lock to the first paging
It is fixed;Wherein, the second paging is corresponding with the second region of memory.
S712, the operation process is monitored to the operating status of second code.
If S713, determining that exception occurs in second code according to the operating status, loophole patch is loaded into archive memory area
Loophole reparation is carried out to bug code in domain.
S714, control the operation process from operation second code become run third code;Wherein, third code is to pass through
Code in the archive memory region of loophole reparation.
Above-described embodiment can test the code Jing Guo loophole reparation, such processing after the completion of loophole is repaired
The correctness of the run code of operation process can be effectively ensured in mode, guarantee being normally carried out for virtual machine business.
The above method in order to better understand, as shown in figure 8, the leakage of a virutal machine memory of the present invention detailed below
The application example of hole restorative procedure.
S801, positioning loophole: the loophole patch information that service supplier provides is obtained, loophole can be determined by the information
Memory address, the region where the memory address is the first paging.If service supplier does not provide, can will upgrade
File and existing file compare to determine the first paging.
S802, creation shadow EMS memory: apply for that two pieces of first pagings of correspondence are big outside main memory according to the size of the first paging
Small region of memory generates in shadow by the code copies in the first paging in main memory into two pieces of new region of memory
(including archive memory and patch memory) is deposited, which completes outside virtual machine, has no effect on virtual machine operation.
S803, it imports patch: upgrade file (with leaky patch) being loaded into patch memory, by loophole generation therein
Code is repaired, which equally completes outside virtual machine, has no effect on virtual machine operation.
S804, patch test: start a test process in virtual machine, using EPT by the CR3 carry of the test process
Onto shadow EMS memory, then the operation test code in test process, checks whether to generate abnormal.
S805, memory replacement: after patch test passes through, it is necessary to by patch memory applications into main memory, at this time may be used
The first paging in main memory to be substituted for the second paging of patch memory.Such modification can effectively avoid directly modifying in main
It deposits and causes various stationary problems.The specific method is as follows:
A) it in virtual machine management program, checks the EPT page table entry of main memory hole area, that is, determines the first paging.
B) the EPT page table entry is locked, is set as not can be performed.
C) context of VCPU is recorded.
D) EPT memory address is replaced with to the address of patch memory.
E) EPT lockings are released, VCPU context is restored.
S806, abnormal monitoring: after repair, using the internal storage access of EPT monitoring virtual machine, it is so as to monitor loophole
No reparation can then execute the step of restoring memory (S807) progress early warning in time and memory reduction, such as in case of exception
Fruit then continues to monitor there is no exception.In addition, the loophole that can carry out next round was repaired after memory reduction
Journey.
The loophole restorative procedure of virutal machine memory provided in this embodiment (utilizes virtualization by shadow EMS memory technology
Existing memory is carried out a local copies by memory techniques (EPT)), loophole patch can be completely loaded into shadow from hard disk
In sub- memory, without directly modifying existing memory;Then it can use shadow EMS memory and carry out the reliability test of patch on backstage,
It will not influence the operation of current system;Finally shadow EMS memory is applied on existing memory, completes loophole reparation;If repaired
There is exception in memory after multiple, then the shadow EMS memory that can use backup restores rapidly, not will lead to delay machine.
It should be noted that for the various method embodiments described above, describing for simplicity, it is all expressed as a series of
Combination of actions, but those skilled in the art should understand that, the present invention is not limited by the sequence of acts described, because according to
According to the present invention, certain steps can use other sequences or carry out simultaneously.
Based on thought identical with the loophole restorative procedure of the virutal machine memory in above-described embodiment, the present invention also provides void
The loophole prosthetic device of quasi- machine memory, the device can be used for executing the loophole restorative procedure of above-mentioned virutal machine memory.For the ease of
Illustrate, in the structural schematic diagram of the loophole prosthetic device embodiment of virutal machine memory, illustrate only and phase of the embodiment of the present invention
The part of pass, it will be understood by those skilled in the art that the restriction of schematic structure not structure twin installation, may include than illustrating more
More or less component perhaps combines certain components or different component layouts.
In one embodiment, as shown in figure 9, the embodiment of the present invention provides a kind of loophole reparation dress of virutal machine memory
It sets, including area determination module 901, loophole repair module 902 and PROCESS CONTROL MODULE 903, detailed description are as follows:
Area determination module 901, for determining the first region of memory where bug code.
Loophole repair module 902, for loophole patch to be loaded into the second region of memory, to second memory field
Bug code in domain carries out loophole reparation;Second region of memory is shadow EMS memory corresponding with first region of memory
Region;The bug code is preserved in second region of memory.
PROCESS CONTROL MODULE 903, for controlling institute after the bug code reparation in second region of memory is completed
The operation process for stating virtual machine becomes running second code from operation first code;The first code is in the first region of memory
Code, the second code be by the code in second region of memory of loophole reparation.
The loophole prosthetic device of virutal machine memory provided in this embodiment determines bug code institute in virtual machine main memory
The first region of memory, create the first region of memory shadow EMS memory region, the patching bugs code in shadow EMS memory region,
And the shadow EMS memory region after operation process operation loophole is repaired is controlled, the code in modification main memory is not needed it is ensured that void
The normal operation of quasi- machine business.
In one embodiment, PROCESS CONTROL MODULE 903, comprising: page table acquisition submodule, for obtain it is described run into
The control register page table of journey;Paging carry submodule, for the first paging in the control register page table to be mounted to
In second paging;First paging is corresponding with first region of memory, second paging and second region of memory
It is corresponding.
In one embodiment, paging carry submodule, comprising: paging lock cell, for locking first paging;
Information holding unit, for saving the contextual information of virtual machine CPU;Address replacement unit is used for according to extension page table technology,
The address of first paging described in the operation program is replaced with to the address of second paging;Latch-release unit, is used for
Release the locking of first paging.
In one embodiment, the loophole prosthetic device of virutal machine memory, further includes: area size determining module is used for
Determine the size of first region of memory;First area creation module is used in external memory in creation and described first
Deposit corresponding second region of memory of size in region;The external memory is the region of memory other than virtual machine main memory;First
Code copies module, for copying the object code in first region of memory in second region of memory to;Wherein,
It include the bug code in the object code.
In one embodiment, the loophole prosthetic device of virutal machine memory, further includes: second area creation module is used for
Archive memory region corresponding with the size of first region of memory is created in the external memory;Second code copies mould
Block, for copying the object code in the archive memory region to;Copy the target in the archive memory region to
Code is for backing up second region of memory.
In one embodiment, the loophole prosthetic device of virutal machine memory, further includes: running state monitoring module is used for
The operation process is monitored to the first operating status of the second code;Patch loading module, if for according to described first
It is abnormal that operating status determines that second code occurs, and the loophole patch is loaded into the archive memory region to bug code
Carry out loophole reparation;Process code conversion module becomes running third for controlling the operation process from operation second code
Code;The third code is by the code in the archive memory region of loophole reparation.
In one embodiment, PROCESS CONTROL MODULE 903, further includes: test process creates submodule, for creating test
Process;Test process control submodule runs the second code for controlling the test process;Operating status determines submodule
Block, for acquiring test process to the second operating status of the second code;Process code transformation submodule, if for
Loophole reparation success is determined according to second operating status, and controlling the operation process from operation first code becomes operation the
Two codes.
It should be noted that the leakage of the loophole prosthetic device of virutal machine memory of the invention and virutal machine memory of the invention
Hole restorative procedure correspond, above-mentioned virutal machine memory loophole restorative procedure embodiment illustrate technical characteristic and its have
For beneficial effect suitable for the embodiment of the loophole prosthetic device of virutal machine memory, particular content can be found in the method for the present invention implementation
Narration in example, details are not described herein again, hereby give notice that.
In addition, in the embodiment of the loophole prosthetic device of the virutal machine memory of above-mentioned example, the logic of each program module
Division is merely illustrative of, and can according to need in practical application, such as the configuration requirement or software of corresponding hardware
The convenient of realization considers, above-mentioned function distribution is completed by different program modules, i.e., is repaired the loophole of the virutal machine memory
The internal structure of apparatus for coating is divided into different program modules, to complete all or part of the functions described above.
In one embodiment, the loophole prosthetic device of virutal machine memory provided by the present application can be implemented as a kind of calculating
The form of machine program, computer program can be run in computer equipment as shown in Figure 1.It can in the memory of computer equipment
Storage forms each program module of the loophole prosthetic device of the virutal machine memory, for example, area determination module shown in Fig. 9
901, loophole repair module 902 and PROCESS CONTROL MODULE 903.The computer program that each program module is constituted holds processor
Step in the loophole restorative procedure of the virutal machine memory of the row each embodiment of the application described in this specification.
For example, computer equipment shown in FIG. 1 can be by the loophole prosthetic device of virutal machine memory as shown in Figure 9
Area determination module 901 execute S201, can by loophole repair module 902 execute S202, PROCESS CONTROL MODULE 903 can be passed through
Execute S203.
In one embodiment, a kind of computer equipment, including memory and processor are provided, memory is stored with meter
Calculation machine program, when computer program is executed by processor, so that processor executes the loophole restorative procedure of above-mentioned virutal machine memory
The step of.The step of loophole restorative procedure of virutal machine memory can be the leakage of the virutal machine memory of above-mentioned each embodiment herein
Step in the restorative procedure of hole.
In one embodiment, a kind of computer readable storage medium is provided, computer program, computer journey are stored with
When sequence is executed by processor, so that the step of processor executes the loophole restorative procedure of above-mentioned virutal machine memory.Virtual machine herein
The step of loophole restorative procedure of memory, can be the step in the loophole restorative procedure of the virutal machine memory of above-mentioned each embodiment
Suddenly.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in a non-volatile computer and can be read
In storage medium, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, provided herein
Each embodiment used in any reference to memory, storage, database or other media, may each comprise non-volatile
And/or volatile memory.Nonvolatile memory may include that read-only memory (ROM), programming ROM (PROM), electricity can be compiled
Journey ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include random access memory
(RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms, such as static state RAM
(SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhanced SDRAM
(ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) directly RAM (RDRAM), straight
Connect memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of above embodiments can be combined arbitrarily, for simplicity of description, not to above-described embodiment
In each technical characteristic it is all possible combination be all described, as long as however, the combination of these technical characteristics be not present lance
Shield all should be considered as described in this specification.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
The limitation to the application the scope of the patents therefore cannot be interpreted as.It should be pointed out that for those of ordinary skill in the art
For, without departing from the concept of this application, various modifications and improvements can be made, these belong to the guarantor of the application
Protect range.Therefore, the scope of protection shall be subject to the appended claims for the application patent.
Claims (10)
1. a kind of loophole restorative procedure of virutal machine memory characterized by comprising
Determine the first region of memory where bug code;
Loophole patch is loaded into the second region of memory, is repaired with carrying out loophole to the bug code in second region of memory
It is multiple;Second region of memory is shadow EMS memory region corresponding with first region of memory;In second region of memory
Preserve the bug code;
After the bug code reparation in second region of memory is completed, the operation process of the virtual machine is controlled from operation
First code becomes running second code;The first code is the code in the first region of memory, and the second code is warp
Cross the code in second region of memory of loophole reparation.
2. the method according to claim 1, wherein the operation process of the control virtual machine is from operation the
One code becomes the step of running second code, comprising:
Obtain the control register page table of the operation process;
The first paging in the control register page table is mounted in the second paging;In first paging and described first
It is corresponding to deposit region, second paging is corresponding with second region of memory.
3. according to the method described in claim 2, it is characterized in that, first paging by the control register page table
The step being mounted in the second paging, comprising:
Lock first paging;
Save the contextual information of virtual machine CPU;
According to extension page table technology, the address of the first paging described in the operation program is replaced with to the ground of second paging
Location;
Release the locking of first paging.
4. the method according to claim 1, wherein described be loaded into loophole patch in the second region of memory
Before step, further includes:
Determine the size of first region of memory;
The second region of memory corresponding with the size of first region of memory is created in external memory;The external memory is
Region of memory other than virtual machine main memory;
Object code in first region of memory is copied in second region of memory;Wherein, the object code
In include the bug code.
5. according to the method described in claim 4, it is characterized in that, the creation in external memory and first memory field
After the step of size in domain corresponding second region of memory, further includes:
Archive memory region corresponding with the size of first region of memory is created in the external memory;
The object code is copied in the archive memory region;Copy the object code in the archive memory region to
For being backed up to second region of memory.
6. according to the method described in claim 5, it is characterized in that, the operation process of the control virtual machine is from operation the
One code became after the step of running second code, further includes:
The operation process is monitored to the first operating status of the second code;
If it is abnormal to determine that the second code occurs according to first operating status, the operation process is controlled from operation second
Code becomes running third code;The third code is the code in the archive memory region.
7. method according to any one of claims 1 to 6, which is characterized in that the operation of the control virtual machine into
Journey becomes the step of running second code from operation first code, further includes:
Create test process;
It controls the test process and runs the second code;
Test process is acquired to the second operating status of the second code;
If determining loophole reparation success according to second operating status, control the operation process becomes from operation first code
Run second code.
8. a kind of loophole prosthetic device of virutal machine memory characterized by comprising
Area determination module, for determining the first region of memory where bug code;
Loophole repair module, for loophole patch to be loaded into the second region of memory, in second region of memory
Bug code carries out loophole reparation;Second region of memory is shadow EMS memory region corresponding with first region of memory;
The bug code is preserved in second region of memory;
PROCESS CONTROL MODULE, it is described virtual for controlling after the bug code reparation in second region of memory is completed
The operation process of machine becomes running second code from operation first code;The first code is the generation in the first region of memory
Code, the second code are by the code in second region of memory of loophole reparation.
9. a kind of computer equipment, including memory and processor, the memory are stored with computer program, feature exists
In, the processor realizes claim 1 to 7 described in any item methods when executing computer program the step of.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The step of claim 1 to 7 described in any item methods are realized when being executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910755291.8A CN110457909A (en) | 2019-08-15 | 2019-08-15 | Loophole restorative procedure, device and the computer equipment of virutal machine memory |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910755291.8A CN110457909A (en) | 2019-08-15 | 2019-08-15 | Loophole restorative procedure, device and the computer equipment of virutal machine memory |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110457909A true CN110457909A (en) | 2019-11-15 |
Family
ID=68486931
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910755291.8A Pending CN110457909A (en) | 2019-08-15 | 2019-08-15 | Loophole restorative procedure, device and the computer equipment of virutal machine memory |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110457909A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112035843A (en) * | 2020-08-20 | 2020-12-04 | 深信服科技股份有限公司 | Vulnerability processing method and device, electronic equipment and storage medium |
CN112631639A (en) * | 2020-12-23 | 2021-04-09 | 苏州三六零智能安全科技有限公司 | Patch code adding method, device, equipment and computer readable storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104679574A (en) * | 2013-11-26 | 2015-06-03 | 谢蓉 | Virtual machine image management system in cloud computing |
CN104915595A (en) * | 2015-06-30 | 2015-09-16 | 北京奇虎科技有限公司 | Virtualization bug fixing method and device through cloud platform |
CN105893850A (en) * | 2016-03-30 | 2016-08-24 | 百度在线网络技术(北京)有限公司 | Bug fixing method and device |
CN109344004A (en) * | 2018-09-03 | 2019-02-15 | 郑州云海信息技术有限公司 | A kind of memory database backup management method, device, terminal and storage medium |
US20190138725A1 (en) * | 2016-06-16 | 2019-05-09 | Virsec Systems, Inc. | Systems And Methods For Remediating Memory Corruption In A Computer Application |
-
2019
- 2019-08-15 CN CN201910755291.8A patent/CN110457909A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104679574A (en) * | 2013-11-26 | 2015-06-03 | 谢蓉 | Virtual machine image management system in cloud computing |
CN104915595A (en) * | 2015-06-30 | 2015-09-16 | 北京奇虎科技有限公司 | Virtualization bug fixing method and device through cloud platform |
CN105893850A (en) * | 2016-03-30 | 2016-08-24 | 百度在线网络技术(北京)有限公司 | Bug fixing method and device |
US20190138725A1 (en) * | 2016-06-16 | 2019-05-09 | Virsec Systems, Inc. | Systems And Methods For Remediating Memory Corruption In A Computer Application |
CN109344004A (en) * | 2018-09-03 | 2019-02-15 | 郑州云海信息技术有限公司 | A kind of memory database backup management method, device, terminal and storage medium |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112035843A (en) * | 2020-08-20 | 2020-12-04 | 深信服科技股份有限公司 | Vulnerability processing method and device, electronic equipment and storage medium |
CN112631639A (en) * | 2020-12-23 | 2021-04-09 | 苏州三六零智能安全科技有限公司 | Patch code adding method, device, equipment and computer readable storage medium |
CN112631639B (en) * | 2020-12-23 | 2022-11-04 | 苏州三六零智能安全科技有限公司 | Patch code adding method, device, equipment and computer readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3652640B1 (en) | Method for dirty-page tracking and full memory mirroring redundancy in a fault-tolerant server | |
US10853179B2 (en) | Information handling system and method for restoring firmware in one or more regions of a flash memory device | |
US9250945B2 (en) | Detecting a repeating execution time sequence in a virtual machine | |
US20200012600A1 (en) | Computing device with increased resistance against rowhammer attacks | |
CN102722665B (en) | Method and system for generating trusted program list based on trusted platform module (TPM)/virtual trusted platform module (VTPM) | |
CN104794393A (en) | Embedded type partition image security certification and kernel trusted boot method and equipment thereof | |
US11775283B2 (en) | Resilient software updates in secure storage devices | |
CN107807839A (en) | A kind of method, apparatus and electronic equipment for changing virtual machine memory data | |
US20170140149A1 (en) | Detecting malign code in unused firmware memory | |
CN110457909A (en) | Loophole restorative procedure, device and the computer equipment of virutal machine memory | |
Voulimeneas et al. | dmvx: Secure and efficient multi-variant execution in a distributed setting | |
Russinovich et al. | Virtual machine preserving host updates for zero day patching in public cloud | |
US20090192780A1 (en) | Hardware emulation using on-the-fly virtualization | |
Xie et al. | Enabling accurate data recovery for mobile devices against malware attacks | |
US9287005B2 (en) | Detecting missing write to cache/memory operations | |
EP3028141B1 (en) | Generating a second code from a first code | |
US9639477B2 (en) | Memory corruption prevention system | |
CN112860380A (en) | Virtual machine trusted migration method based on built-in security chip | |
CN108052415A (en) | A kind of malware detection platform quick recovery method and system | |
Hu et al. | An application-level approach for privacy-preserving virtual machine checkpointing | |
CN115509828A (en) | Data processing method and related device | |
US11726922B2 (en) | Memory protection in hypervisor environments | |
CN115398410A (en) | Memory accessor failure | |
US20240095188A1 (en) | Memory deduplication for encrypted virtual machines | |
CN113239347B (en) | Starting method and device suitable for TEE security application example |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |