CN112363797B - Virtual machine safe operation method, electronic equipment and storage medium - Google Patents
Virtual machine safe operation method, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN112363797B CN112363797B CN202011121813.8A CN202011121813A CN112363797B CN 112363797 B CN112363797 B CN 112363797B CN 202011121813 A CN202011121813 A CN 202011121813A CN 112363797 B CN112363797 B CN 112363797B
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- processor
- security
- storage area
- context
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 230000004044 response Effects 0.000 claims description 8
- 230000006854 communication Effects 0.000 description 11
- 238000004891 communication Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 3
- 239000005441 aurora Substances 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45579—I/O management, e.g. providing access to device drivers or storage
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a safe operation method of a virtual machine, electronic equipment and a storage medium, and relates to the technical field of virtual machines. The method comprises the following steps: the virtual machine stores the security information to be sent to the security processor into the current context of the virtual machine; the virtual machine stores the context containing the safety information into a safety storage area and generates a virtual machine exit event; the virtual machine manager calls an interface of the safety processor according to the virtual machine exit event; and the security processor responds to the call of the virtual machine manager and acquires the security information from the context stored in the security storage area. The security information to be sent to the security processor by the virtual machine is stored in the current context of the virtual machine and is stored in the security storage area, so that the virtual machine manager is prevented from accessing the context, malicious attacks by the virtual machine manager can be avoided, and the security operation of the virtual machine is guaranteed to a certain extent.
Description
Technical Field
The present invention relates to the field of virtual machine technologies, and in particular, to a method for safely operating a virtual machine, an electronic device, and a storage medium.
Background
One manifestation of a Root of trust (ROT, chinese also known as a Root of trust) is a processor independent of a general purpose processor core, also known as a secure processor or Root of trust processor, for providing a Trusted Execution Environment (TEE).
The inventor finds out in the process of realizing the invention: the communication between the virtual machine and the trusted root needs to be completed by means of a virtual machine manager, the virtual machine manager serves as an intermediary role in the process, malicious attacks can be implemented by means of the intermediary role, input and output data information is tampered in the communication process, and normal operation of the virtual machine is threatened.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, an electronic device, and a storage medium for secure operation of a virtual machine, which can guarantee the secure operation of the virtual machine to a certain extent.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
in one aspect, an embodiment of the present invention provides a method for safely operating a virtual machine, including: the virtual machine stores the security information to be sent to the security processor into the current context of the virtual machine;
the virtual machine stores the context containing the safety information into a safety storage area and generates a virtual machine exit event;
the virtual machine manager calls an interface of the safety processor according to the virtual machine exit event;
and the security processor responds to the call of the virtual machine manager and acquires the security information from the context stored in the security storage area.
Optionally, after the security processor obtains the security information from the context stored in the secure storage area in response to the call of the virtual machine manager, the method further includes:
the security processor executes corresponding operation according to the security information to obtain a corresponding operation result, and stores the operation result into the context stored in the security storage area;
the virtual machine manager recovers the running of the virtual machine;
the virtual machine acquires the operation result from the context stored in the secure storage area.
Optionally, the invoking, by the virtual machine manager according to the virtual machine exit event, an interface of the security processor includes:
the virtual machine manager determines an interface of the safety processor to be called according to the information indication in the virtual machine exit event, stores a calling request for calling the interface of the safety processor into a list to be processed, and recovers the running of the virtual machine;
and when the system is idle or the safety processor is idle, the virtual machine manager takes out the calling request from the list to be processed and calls an interface of the safety processor according to the calling request.
Optionally, after the security processor obtains the security information from the context stored in the secure storage area in response to the call of the virtual machine manager, the method further includes:
the security processor executes corresponding operation according to the security information to obtain a corresponding operation result, and stores the operation result into the context stored in the security storage area;
the virtual machine manager injects an interrupt into the virtual machine to restore the running of the virtual machine;
and the virtual machine acquires the operation result from the context stored in the safe storage area according to the interruption.
According to the operation method of the virtual machine provided by the embodiment of the invention, when the virtual machine is communicated with the safety processor, the virtual machine stores the safety information to be sent to the safety processor into the current context of the virtual machine; the virtual machine stores the context containing the safety information into a safety storage area and generates a virtual machine exit event; the virtual machine manager calls an interface of the safety processor according to the virtual machine exit event; and the security processor responds to the call of the virtual machine manager and acquires the security information from the context stored in the security storage area. Because the security information which is sent to the security processor by the virtual machine is stored in the current context of the virtual machine and is stored in the security storage area, the virtual machine manager can be prevented or avoided from accessing the context in which the security information is stored. The secure processor can access the virtual machine context in the secure storage area and acquire the secure information in the secure storage area, thereby realizing the security of the communication between the virtual machine and the secure processor. Therefore, malicious attacks can be prevented from being implemented by the virtual machine manager, and the safe operation of the virtual machine can be guaranteed to a certain extent.
In a second aspect, an embodiment of the present invention provides an electronic device, including: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the server; the memory is used for storing executable program codes; the processor comprises a first processor and a second processor, wherein the first processor is a safety processor, and a virtual machine manager and a virtual machine program are configured on the second processor; wherein,
the virtual machine stores the security information to be sent to the security processor into the current context of the virtual machine;
the virtual machine stores the context containing the safety information into a safety storage area and generates a virtual machine exit event;
the virtual machine manager calls an interface of the safety processor according to the virtual machine exit event;
and the security processor responds to the call of the virtual machine manager and acquires the security information from the context stored in the security storage area.
Optionally, the secure processor is further configured to, after the secure processor responds to the call of the virtual machine manager and obtains the security information from the context stored in the secure storage area, execute a corresponding operation according to the security information to obtain a corresponding operation result, and store the operation result in the context stored in the secure storage area;
the virtual machine manager is also used for recovering the running of the virtual machine;
the virtual machine is further configured to obtain the operation result from the context stored in the secure storage area.
Optionally, the virtual machine manager is specifically configured to determine, according to the information indication in the virtual machine exit event, an interface of the secure processor to be called, store a call request for calling the interface of the secure processor in a to-be-processed list, and resume running of the virtual machine;
and when the system is idle or the safety processor is idle, the system is also used for taking out the calling request from the list to be processed and calling the interface of the safety processor according to the calling request.
Optionally, the secure processor is further configured to execute a corresponding operation according to the secure information, obtain a corresponding operation result, and store the operation result in the context stored in the secure storage area;
the virtual machine manager is further used for injecting an interrupt into the virtual machine so as to recover the running of the virtual machine;
the virtual machine is further configured to obtain the operation result from the context stored in the secure storage area according to the interrupt.
In a third aspect, the present invention also provides a computer-readable storage medium, where one or more programs are stored, and the one or more programs are executable by one or more processors to implement the operation method described in any one of the first aspects.
When the virtual machine communicates with the security processor, the electronic device and the storage medium provided by the embodiment of the invention can prevent or avoid the virtual machine manager from accessing the context in which the security information is stored, because the security information to be sent to the security processor by the virtual machine is stored in the current context of the virtual machine and is stored in the security storage area. The secure processor can access the virtual machine context in the secure storage area and acquire the secure information in the secure storage area, thereby realizing the security of the communication between the virtual machine and the secure processor. Therefore, malicious attacks can be prevented from being implemented by the virtual machine manager, and the safe operation of the virtual machine can be guaranteed to a certain extent.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a diagram of a conventional virtual machine architecture;
FIG. 2 is a schematic diagram illustrating a flow of a virtual machine in the prior art;
FIG. 3 is a flowchart illustrating a secure operation of a virtual machine according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating a secure operation of a virtual machine according to another embodiment of the present invention;
FIG. 5 is a flowchart illustrating a secure operation of a virtual machine according to yet another embodiment of the present invention;
FIG. 6 is a block diagram of a virtual machine architecture according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an embodiment of an electronic device according to the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
The solution described in the following embodiments of the present invention can be implemented in the Virtual Machine system architecture shown in fig. 1, and includes a physical hardware layer, a Virtual Machine Manager (VMM, chinese is also referred to as a Virtual Machine monitor), and a Virtual Machine (VM), where the physical hardware layer provides hardware support for the Virtual Machine management system and the Virtual Machine running thereon, and in this embodiment, the physical hardware layer at least includes a security processor, i.e., a root of trust, also referred to as a root of trust, which is represented in the drawing as a root of trust; the secure processor, which may be, for example, a system on chip (soc) product-integrated secure processor of the glaucomatous processor type, operates in a higher privilege mode, and is considered a trust basis for secure virtualization.
The virtual machine manager and the virtual machine wheel stream run on the physical hardware layer. In the secure virtual technology, the execution environment provided by the virtual machine manager is often regarded as being located outside the trust boundary, and when the virtual machine communicates with the secure processor in the physical hardware layer, security information (sometimes also referred to as sensitive information), such as passing encryption keys, providing authentication information, etc., must be forwarded through the virtual machine manager, and the virtual machine or the trusted root cannot prevent the virtual machine manager from tampering with the passed data. The communication between the virtual machine and the trusted root needs to be completed by means of a virtual machine manager, the virtual machine manager serves as an intermediary role in the process, malicious attacks can be implemented by means of the intermediary role, input and output data information is tampered in the communication process, and the safe operation of the virtual machine and the system is threatened.
In order to solve the above problem, an embodiment of the present invention provides a method for safely operating a virtual machine, which is shown in fig. 1, 3, and 4, and includes:
step S110, the virtual machine stores the security information to be sent to the security processor into the current context of the virtual machine.
The safety information comprises a virtual machine ID, an encryption key, verification information and the like; context is also called process context, and is a term in the technical field of computers, and refers to static description of the whole process of process execution activity, which is the context of the currently running virtual machine in this embodiment, in short, the running environment of the virtual machine. At least the values of variables and parameters to be transmitted to the security processor by the virtual machine in the user mode are saved, and some register values, variables and the like of the virtual machine process are also saved when the security processor runs. The "process context" can be regarded as including at least these parameters passed by the virtual machine to the secure processor, and some variables and register values to be saved by the kernel and the current environment.
And step S120, the virtual machine stores the context containing the safety information into a safety storage area and generates a virtual machine exit event.
Memory (primarily main memory) is made up of many memory addresses, each having a "physical address" that is accessible by the CPU. For a physical CPU, a secure storage area may be a memory space pointed to by an address in main memory that stores data in a hardware isolated, encrypted form and protects the contents of the store from (meaningful) access by roles outside the trust boundary. Like the safety encryption virtualization technology of the aurora and the ARM TrustZone technology, the data can be isolated and encrypted for storage.
For existing hardware virtualization technologies, a set of control structures provided by a virtual machine manager is typically used, see fig. 2. Typically, the vmcb (virtual Machine Control block) defined by the AMD-V virtualization technology is a Control structure for controlling the specified virtual Machine, which is represented as a virtual Machine Control block in fig. 2, and the structure of the virtual Machine Control block includes a specific field for specifying a memory page address for storing a virtual Machine context. The control structure is used for realizing the control of the virtual machine manager on the virtual machine, such as intercepting the execution of a specific instruction, the access of a specific register, the occurrence of a specific event and the like. When the interception condition set by the virtual machine manager is met during the execution of the virtual machine, a virtual machine exit event occurs, and the virtual machine exit event is switched to the execution environment of the virtual machine manager, so that the virtual machine manager performs processing operations such as simulation on the event. When the virtual Machine exits, the processor execution environment is switched back to the virtual Machine manager context (as described above, the context may be simply understood as the running environment of the process), and at this time, the virtual Machine context is usually stored in a designated area, for example, a designated physical storage area, also called a physical memory page, which is abbreviated as vmsa (virtual Machine Save area).
In this embodiment, since the security information is stored in the secure storage area and data is encrypted, only the security processor serving as the root of trust and having the privilege authority can access the security information, and the virtual machine manager located outside the trust boundary cannot access the security information, thereby avoiding malicious attack behavior that the virtual machine manager may implement as a man-in-the-middle role.
Step S130, the virtual machine manager calls an interface of the safety processor according to the virtual machine exit event.
It is understood that there are many reasons for the virtual machine exit event, and in view of protecting the data information communicated between the virtual machine and the root of trust, when the current exit event is detected to be caused by the communication between the virtual machine and the root of trust, the interface provided by the secure processor is invoked according to the exit event.
And the virtual machine manager determines whether the virtual machine is caused by communication between the virtual machine and the trusted root according to the virtual machine exit event indication information. The quit event indication information comprises a quit event code; the specific reason of the quit event can be determined according to the quit event code.
Step S140, the security processor responds to the call of the virtual machine manager, and obtains the security information from the context stored in the security storage area.
According to the operation method of the virtual machine provided by the embodiment of the invention, when the virtual machine is communicated with the security processor, the security information to be sent to the security processor by the virtual machine is stored in the current context of the virtual machine and is stored in the security storage area, so that the virtual machine manager can be prevented or avoided from accessing the context in which the security information is stored. The secure processor can access the virtual machine context in the secure storage area and acquire the secure information in the secure storage area, thereby realizing the security of the communication between the virtual machine and the secure processor. Therefore, malicious attacks can be prevented from being implemented by the virtual machine manager, and the safe operation of the virtual machine can be guaranteed to a certain extent.
Specifically, referring to fig. 4, after the security processor obtains the security information from the context stored in the secure storage area in response to the call of the virtual machine manager in step S140, the method further includes:
and the safety processor executes corresponding operation according to the safety information to obtain a corresponding operation result, and stores the operation result into the context stored in the safety storage area.
And after the safety processor completes the execution of the corresponding operation, the safety processor sends a notice of processing completion to the virtual machine manager.
The virtual machine manager recovers the running of the virtual machine; the virtual machine acquires the operation result from the context stored in the secure storage area;
further, if the virtual machine manager modifies the virtual machine context stored in the secure storage area, the virtual machine is abnormally exited, so that the information of the virtual machine and the trusted root is safe and reliable.
Referring to FIG. 5, for execution efficiency, in some embodiments, the invoking of the interface of the security processor by the virtual machine manager upon the virtual machine exit event comprises:
the virtual machine manager determines an interface of the safety processor to be called according to the information indication in the virtual machine exit event, stores a calling request for calling the interface of the safety processor into a list to be processed, and recovers the running of the virtual machine to enable the virtual machine to execute other tasks; in this way, the virtual machine is not influenced to execute other tasks, and therefore execution efficiency is improved.
And when the system is idle or the safety processor is idle, the virtual machine manager takes out the calling request from the list to be processed and calls an interface of the safety processor according to the calling request.
In this embodiment, in an idle period of the system or the secure processor, an interface of the secure processor is called, so that the secure processor responds to the request, and obtains the secure information from the context stored in the secure storage area, thereby improving efficiency of executing a task.
With continued reference to FIG. 5, after the security processor obtains the security information from the context stored in the secure storage area in response to the virtual machine manager invocation, the method further comprises: the security processor executes corresponding operation according to the security information to obtain a corresponding operation result, and stores the operation result into the context stored in the security storage area; the virtual machine manager injects an interrupt into the virtual machine to restore the running of the virtual machine; and the virtual machine acquires the operation result from the context stored in the safe storage area according to the interruption.
Fig. 6 is a schematic diagram of a system architecture of a virtual machine according to an embodiment of the present invention. Referring to fig. 6, the virtual machine system includes: the physical hardware layer 20 includes a first processor 23 and a second processor, the first processor is a secure processor, the second processor is a main processor, i.e., a general-purpose processor, and the virtual machine manager 21 and the virtual machine 22 are configured on the main processor.
The method for safely operating the virtual machine provided by the foregoing embodiment can be executed on the virtual machine system architecture shown in fig. 6.
In order to facilitate understanding of the technical scheme and the technical effect of the embodiment of the invention, taking the sea light security encryption virtualization as an example, the virtual machine manager sets a physical memory page used when the virtual machine switches context through the VMCB (a group of data structures located in the physical memory), the VMSA is encrypted by hardware when the virtual machine is initialized, and the virtual machine manager cannot access the VMSA plaintext thereafter. At this time, the VMSA is safely stored in the physical memory, and the switching of the context is automatically completed by the hardware when the virtual machine is entered.
The safety processor is used as a credible root, and a group of interface specifications are defined in advance for being called by the virtual machine. When the virtual machine needs to execute the security call, the security information and the parameters can be stored in the context according to the interface specification, and the virtual machine mode is exited; the virtual machine manager informs the security processor to execute security call according to the exit reason; the safety processor obtains parameters from the corresponding VMSA of the virtual machine and processes the parameters, and if a processing result needing to be returned needs to be stored in the VMSA which is safely encrypted according to the specification; and after the safety processor finishes processing, the safety processor informs the virtual machine manager, and the virtual machine manager recovers the execution of the virtual machine. In the communication process of the virtual machine and the trusted root, the virtual machine context containing the safety information is stored in the safety storage, so that the virtual machine manager can be prevented from modifying the safety information and parameters in the virtual machine context, and the safety operation of the virtual machine is ensured.
Example two
Fig. 7 is a schematic structural diagram of an embodiment of an electronic device of the present invention, and as shown in fig. 7, the electronic device may include: the device comprises a shell 71, a processor 72, a memory 73, a circuit board 74 and a power circuit 75, wherein the circuit board 74 is arranged inside a space enclosed by the shell 71, and the processor 72 and the memory 73 are arranged on the circuit board 74; a power supply circuit 75 for supplying power to each circuit or device of the server; the memory 73 is used to store executable program code; the processors include a first processor 23 and a second processor, the first processor 23 is a secure processor, the second processor is a main processor, and a virtual machine manager 21 and a virtual machine 22 are configured on the second processor.
Wherein: the virtual machine 22 stores the security information to be sent to the security processor 23 in the current context of said virtual machine 22;
the virtual machine 22 stores the context containing the security information into a secure storage area and generates a virtual machine 22 exit event;
the virtual machine manager 21 calls an interface of the security processor 23 according to the exit event of the virtual machine 22;
the security processor 23 acquires the security information from the context stored in the secure storage area in response to the call of the virtual machine manager 21.
In the electronic device provided in the embodiment of the present invention, the physical hardware layer 20 includes a first processor 23 and a second processor, the first processor is a security processor, the second processor is a main processor, and the virtual machine manager 21 and the virtual machine 22 are configured on the main processor. When the virtual machine communicates with the security processor, the security information sent to the security processor by the virtual machine is stored in the current context of the virtual machine and is stored in the security storage area, so that the virtual machine manager can be prevented or prevented from accessing the context in which the security information is stored. The secure processor can access the virtual machine context in the secure storage area and acquire the secure information in the secure storage area, thereby realizing the security of the communication between the virtual machine and the secure processor. Therefore, malicious attacks can be prevented from being implemented by the virtual machine manager, and the safe operation of the virtual machine can be guaranteed to a certain extent.
In an embodiment of the present invention, the secure processor 23 is further configured to, after the secure processor 23 responds to the call of the virtual machine manager 21 and obtains the secure information from the context stored in the secure storage area, execute a corresponding operation according to the secure information to obtain a corresponding operation result, and store the operation result into the context stored in the secure storage area;
the virtual machine manager 21 is further configured to resume the running of the virtual machine 22;
the virtual machine 22 is further configured to obtain the operation result from the context stored in the secure storage area.
Specifically, the virtual machine manager 21 is specifically configured to determine, according to the information indication in the exit event of the virtual machine 22, an interface of the secure processor 23 to be called, store a call request for calling the interface of the secure processor 23 in a to-be-processed list, and resume the running of the virtual machine 22;
when the system is idle or the secure processor 23 is idle, the method is further configured to take out the call request from the to-be-processed list, and call an interface of the secure processor 23 according to the call request.
In another embodiment of the present invention, the secure processor 23 is further configured to execute a corresponding operation according to the secure information, obtain a corresponding operation result, and store the operation result in the context stored in the secure storage area;
the virtual machine manager 21 is further configured to inject an interrupt into the virtual machine 22 to resume running of the virtual machine;
the virtual machine 22 is further configured to obtain the operation result from the context stored in the secure storage area according to the interrupt.
The electronic device provided in the embodiment of the present invention is similar to the basic implementation principle and the technical effect of the virtual machine safe operation method in the foregoing embodiment, and reference to embodiment one is not mentioned in this embodiment, and details are not repeated.
The electronic device may be a server, the server is configured to include a processor, a hard disk, a memory, a system bus, and the like, and the server is similar to a general computer architecture, but since a secure virtualization service needs to be provided, the processor needs to support virtualization and can install a virtual machine.
The present invention also provides a computer-readable storage medium storing one or more programs, which are executable by one or more processors to implement the method for secure operation of a virtual machine according to any one of the embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (9)
1. A method for safely operating a virtual machine is characterized by comprising the following steps:
the virtual machine stores the security information to be sent to the security processor into the current context of the virtual machine;
the virtual machine stores the context containing the safety information into a safety storage area and generates a virtual machine exit event;
the virtual machine manager calls an interface of the safety processor according to the virtual machine exit event;
and the security processor responds to the call of the virtual machine manager and acquires the security information from the context stored in the security storage area.
2. The method of claim 1, wherein after the security processor obtains the security information from the context stored in the secure storage area in response to the call by the virtual machine manager, the method further comprises:
the security processor executes corresponding operation according to the security information to obtain a corresponding operation result, and stores the operation result into the context stored in the security storage area;
the virtual machine manager recovers the running of the virtual machine;
the virtual machine acquires the operation result from the context stored in the secure storage area.
3. The method for safely operating the virtual machine according to claim 1, wherein the step of the virtual machine manager calling the interface of the safety processor according to the virtual machine exit event comprises the following steps:
the virtual machine manager determines an interface of the safety processor to be called according to the information indication in the virtual machine exit event, stores a calling request for calling the interface of the safety processor into a list to be processed, and recovers the running of the virtual machine;
and when the system is idle or the safety processor is idle, the virtual machine manager takes out the calling request from the list to be processed and calls an interface of the safety processor according to the calling request.
4. The method of claim 3, wherein after the security processor obtains the security information from the context stored in the secure storage area in response to the call by the virtual machine manager, the method further comprises:
the security processor executes corresponding operation according to the security information to obtain a corresponding operation result, and stores the operation result into the context stored in the security storage area;
the virtual machine manager injects an interrupt into the virtual machine to restore the running of the virtual machine;
and the virtual machine acquires the operation result from the context stored in the safe storage area according to the interruption.
5. An electronic device, comprising: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor comprises a first processor and a second processor, wherein the first processor is a safety processor, and a virtual machine manager and a virtual machine program are configured on the second processor; wherein,
the virtual machine stores the security information to be sent to the security processor into the current context of the virtual machine;
the virtual machine stores the context containing the safety information into a safety storage area and generates a virtual machine exit event;
the virtual machine manager calls an interface of the safety processor according to the virtual machine exit event;
and the security processor responds to the call of the virtual machine manager and acquires the security information from the context stored in the security storage area.
6. The electronic device according to claim 5, wherein the security processor is further configured to, after the security processor obtains the security information from the context stored in the secure storage area in response to the call of the virtual machine manager, perform a corresponding operation according to the security information, obtain a corresponding operation result, and store the operation result in the context stored in the secure storage area;
the virtual machine manager is also used for recovering the running of the virtual machine;
the virtual machine is further configured to obtain the operation result from the context stored in the secure storage area.
7. The electronic device according to claim 5, wherein the virtual machine manager is specifically configured to determine, according to an information indication in the virtual machine exit event, an interface of the secure processor to be called, store a call request for calling the interface of the secure processor in a to-be-processed list, and resume running of the virtual machine;
and when the system is idle or the safety processor is idle, the system is also used for taking out the calling request from the list to be processed and calling the interface of the safety processor according to the calling request.
8. The electronic device according to claim 7, wherein the secure processor is further configured to perform a corresponding operation according to the secure information, obtain a corresponding operation result, and store the operation result in the context stored in the secure storage area;
the virtual machine manager is further used for injecting an interrupt into the virtual machine so as to recover the running of the virtual machine;
the virtual machine is further configured to obtain the operation result from the context stored in the secure storage area according to the interrupt.
9. A computer readable storage medium storing one or more programs, the one or more programs being executable by one or more processors to implement the method of secure operation of a virtual machine as claimed in any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011121813.8A CN112363797B (en) | 2020-10-19 | 2020-10-19 | Virtual machine safe operation method, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011121813.8A CN112363797B (en) | 2020-10-19 | 2020-10-19 | Virtual machine safe operation method, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112363797A CN112363797A (en) | 2021-02-12 |
| CN112363797B true CN112363797B (en) | 2022-04-05 |
Family
ID=74508224
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011121813.8A Active CN112363797B (en) | 2020-10-19 | 2020-10-19 | Virtual machine safe operation method, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112363797B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114489941B (en) * | 2022-01-19 | 2024-05-28 | 上海交通大学 | Virtual machine management method and system operating in host mode user mode |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11249777B2 (en) * | 2014-07-10 | 2022-02-15 | Red Hat Israel, Ltd. | Virtual machine context management |
| US20170031838A1 (en) * | 2015-07-28 | 2017-02-02 | Qualcomm Incorporated | Method and apparatus for using context information to protect virtual machine security |
| CN109901911B (en) * | 2018-11-22 | 2023-07-07 | 海光信息技术股份有限公司 | Information setting method, control method, device and related equipment |
| CN109800050B (en) * | 2018-11-22 | 2021-11-23 | 海光信息技术股份有限公司 | Memory management method, device, related equipment and system of virtual machine |
| CN109858288B (en) * | 2018-12-26 | 2021-04-13 | 中国科学院信息工程研究所 | Method and device for realizing safety isolation of virtual machine |
| CN110825492B (en) * | 2019-10-31 | 2023-05-09 | 海光信息技术股份有限公司 | Method, device, equipment and storage medium for isolating safe data memory |
-
2020
- 2020-10-19 CN CN202011121813.8A patent/CN112363797B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN112363797A (en) | 2021-02-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8621628B2 (en) | Protecting user mode processes from improper tampering or termination | |
| US7996836B1 (en) | Using a hypervisor to provide computer security | |
| KR101019937B1 (en) | Secure operating system switching | |
| CN109871695A (en) | A kind of credible calculating platform of calculating and the parallel dual Architecture of protection | |
| CN107463856B (en) | Anti-attack data processor based on trusted kernel | |
| US10691475B2 (en) | Security application for a guest operating system in a virtual computing environment | |
| CN108959916B (en) | Method, device and system for accessing secure world | |
| US8402539B1 (en) | Systems and methods for detecting malware | |
| CN113051034B (en) | Container access control method and system based on kprobes | |
| WO2014143029A1 (en) | Generic privilege escalation prevention | |
| EP3079057B1 (en) | Method and device for realizing virtual machine introspection | |
| CN112818327A (en) | TrustZone-based user-level code and data security credibility protection method and device | |
| CN112363797B (en) | Virtual machine safe operation method, electronic equipment and storage medium | |
| CN103996004A (en) | Highly-available system design method based on virtualization | |
| Nakajima et al. | Temporal and spatial isolation in a virtualization layer for multi-core processor based information appliances | |
| US20230289204A1 (en) | Zero Trust Endpoint Device | |
| CN109063516B (en) | Data processor | |
| KR102526681B1 (en) | Apparatus and method for preventing security threat to virtual machines | |
| Binun et al. | Self-stabilizing virtual machine hypervisor architecture for resilient cloud | |
| Zhu et al. | Investigating TrustZone: A Comprehensive Analysis | |
| CN113821790A (en) | Industrial credible computing dual-system architecture implementation method based on Trustzone | |
| Van Eyck et al. | Mr-TEE: Practical Trusted Execution of Mixed-Criticality Code | |
| CN110188539B (en) | Method, device and system for running application | |
| CN112269995A (en) | Trusted computing platform for parallel computing and protection of smart power grid environment | |
| US20210109798A1 (en) | Hypervisor secure event handling at a processor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |