CN113127148A - Active dynamic measurement method and system for virtualization environment - Google Patents
Active dynamic measurement method and system for virtualization environment Download PDFInfo
- Publication number
- CN113127148A CN113127148A CN202110256748.8A CN202110256748A CN113127148A CN 113127148 A CN113127148 A CN 113127148A CN 202110256748 A CN202110256748 A CN 202110256748A CN 113127148 A CN113127148 A CN 113127148A
- Authority
- CN
- China
- Prior art keywords
- measurement
- virtual machine
- virtual
- built
- physical host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000691 measurement method Methods 0.000 title abstract description 9
- 238000005259 measurement Methods 0.000 claims abstract description 91
- 238000000034 method Methods 0.000 claims abstract description 24
- 230000007246 mechanism Effects 0.000 claims abstract description 8
- 238000002955 isolation Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 13
- 230000007123 defense Effects 0.000 description 11
- 241000700605 Viruses Species 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 230000005856 abnormality Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011056 performance test Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/76—Architectures of general purpose stored program computers
- G06F15/78—Architectures of general purpose stored program computers comprising a single central processing unit
- G06F15/7807—System on chip, i.e. computer system on a single chip; System in package, i.e. computer system on one or more chips in a single package
- G06F15/781—On-chip cache; Off-chip memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45575—Starting, stopping, suspending or resuming virtual machine instances
Abstract
The invention relates to a method and a system for actively and dynamically measuring a virtualization environment. The invention expands and extends the traditional active dynamic measurement mechanism aiming at the physical host, based on the credible root of the built-in security chip, adds the security measurement to the virtualization layer on the physical host, adds the virtual measurement equipment to the virtualization layer to realize the security measurement to the virtual machine, thereby constructing a credible chain from the built-in security chip to the virtual machine and realizing the extension of the active credibility measurement mechanism to the virtualization environment. The active dynamic measurement method of the virtualization environment based on the built-in security chip combines the active measurement devices of the physical host and the virtual machine, can monitor each layer of the system in time, ensures the integrity of the kernel of the physical host and the virtual machine, completes the extension of the active dynamic measurement to the virtualization layer, and ensures the usability of the virtualization environment.
Description
Technical Field
The invention belongs to the field of equipment control safety, relates to a method and a system for actively and dynamically measuring a virtualization environment based on a built-in safety system structure, and particularly relates to a method and a system for actively and dynamically measuring the extension of physical hardware to a virtualization layer.
Background
The current information technology industry is developing unprecedentedly and rapidly. The 44 th statistical report of the development conditions of the internet of China (China Internet) issued by the information center of the internet of China (CNNIC) in 8 months in 2019 shows that by 6 months this year, the scale of the netizens in China has reached 8.54 hundred million, and the popularization rate reaches 61.2%. Information technology also carries a great risk. The national internet emergency center (CNCERT) indicates that the number of terminals infected with network viruses in the internet in China is close to more than 175 ten thousand in a 105 th internet security threat report issued in 2019 and 9 months; the national information security vulnerability sharing platform (CNVD) acquired 2,003 security vulnerabilities in 2019, including 1,765 vulnerabilities that can be exploited to implement remote attacks. Therefore, the maintenance information is very urgent. Cloud computing, as a novel information technology, has the characteristics of dynamic extensibility, deployment as required, high flexibility, high reliability, high cost performance and the like, plays a key role in solving the rapidly-increasing business system demand in the new development peak of the internet, gradually replaces the traditional information system, and becomes an important information technology industry.
Currently, a system security passive defense technology is being applied in a large number, and mainly includes defense means such as a firewall, vulnerability scanning, intrusion detection, and virus network management, which provide great help for maintaining information security. However, conventional passive defense techniques such as this have many fundamental disadvantages: firstly, the passive defense technology has great passivity and time hysteresis, so that the security software cannot make an instant response before a malicious program is damaged and stolen in many practical scenes; secondly, the passive defense technology mostly depends on the existing virus library, for example, most antivirus software in the industry needs to be matched with the virus library which is continuously updated to carry out virus matching, and the update of the virus library lags behind, so that the defense effect is greatly influenced; in addition, with the continuous progress of the vulnerability mining technology, the new attack tools come quickly and are spread, some attack tools even can be hidden in the system for a long time, continuous security threats are generated, and great challenges are brought to the traditional passive defense technology.
Therefore, an active dynamic defense technology based on combination of software and hardware and taking passive as active is receiving more and more attention. Currently, existing security architectures implemented by using hardware in the industry can only take security defense measures such as active measurement for the traditional host operating environment, and have no countermeasures for the virtualization technology widely used today, so that the security of running a virtual machine on a virtualization platform cannot be guaranteed. However, as a core technology of cloud computing, the security problem of a virtualized environment is not a little worth. Therefore, in order to carry out bottom-to-top all-around protection on the system security of a virtualization platform user, the effective range of active defense measures needs to be extended from an original physical host to a virtual machine operating system in a virtualization platform, and the effective range is tightly combined with the active defense technology of the existing hardware-based host system, so that the security of the whole virtualization running environment is improved.
Disclosure of Invention
Aiming at the problem of security protection of a virtualization environment with high security requirements, the invention provides a virtualization environment active dynamic measurement method and system based on a built-in security chip. The invention expands and extends the traditional active dynamic measurement mechanism aiming at the physical host, based on the credible root of the built-in security chip, adds the security measurement to the virtualization layer on the physical host, adds the virtual measurement equipment to the virtualization layer to realize the security measurement to the virtual machine, thereby constructing a credible chain from the built-in security chip to the virtual machine and realizing the extension of the active credibility measurement mechanism to the virtualization environment.
The technical scheme adopted by the invention is as follows:
a virtualization environment active dynamic measurement method based on a built-in security chip comprises the following steps:
1) starting a built-in security chip as a main control device, and randomly generating a memory exchange area of a physical host by using the built-in security chip;
2) a drive module of a built-in security chip in a physical host loads address information of a physical host measurement object to a generated memory exchange area;
3) the built-in security chip measures the security of the measured object according to the address information of the physical host measurement object in the memory exchange area, compares the measurement value with the measurement reference value and generates a measurement report;
4) the built-in security chip judges whether the current operation mechanism of the physical host is credible according to the measurement report;
5) if the running state of the physical host is judged to be credible in the step 4), the virtual measurement equipment is started preferentially to serve as the main control equipment of the virtual machine when the virtual machine is started;
6) the virtual measurement equipment randomly creates a memory exchange area;
7) the virtual measurement equipment drives and loads virtual machine measurement object address information to the generated memory exchange area;
8) the virtual measurement equipment carries out safety measurement on the virtual machine measurement object based on the virtual machine measurement object address information in the memory exchange area, compares the measurement value with a virtual machine measurement reference value and generates a measurement report;
9) and the virtual measurement equipment judges whether the current running mechanism of the virtual machine is credible or not according to the measurement report.
Furthermore, the built-in security chip is an independent security device on the physical server (physical host), ensures security through one-way physical isolation, is started before other software and hardware in the physical host, is a root of trust of a software and hardware system in the whole physical host, and can perform security measurement on the whole boot starting process and the running process of the system so as to prevent or monitor illegal tampering.
Furthermore, the physical host measurement object address information is location information allocated in the memory by a physical host kernel (function, variable, module, etc.), a virtualization component, a system kernel module, an application program, etc., and includes a physical address and a length of each measurement object, which should be protected by the host system.
Furthermore, the virtual metrology device is a device module implemented in a virtualization layer and configured to perform security metrology on the virtual machine, apply an absolute active control operation to the virtual machine, and specify a metrology information loading address in a process of starting the virtual machine. The module is also within the metric range of the built-in security chip.
Furthermore, the address information of the virtual machine measurement object is the location information allocated in the memory by the kernel (function, variable, module, etc.) of the virtual machine, the kernel module of the system, the application program, etc., and includes the physical address and length of the virtual machine of each measurement object, which should be protected by the virtual machine system.
Based on the same invention concept, the invention also provides a virtual environment active dynamic measurement system which comprises a built-in security chip arranged on the physical host and a virtual measurement device arranged on the virtualization layer, wherein the built-in security chip and the virtual measurement device adopt the method of the invention to carry out virtual environment active dynamic measurement.
Compared with the prior art, the invention has the following beneficial effects:
1. the method ensures the safety and credibility of the virtualization component by adding the active dynamic measurement of the built-in security chip to the virtualization component;
2. the method and the device realize active dynamic measurement of the virtual measurement equipment on the running state of the virtual machine system, solve the problems that the memory loading address of the virtual machine is not fixed, the built-in safety chip is difficult to directly measure the virtual machine and the like, and ensure the safety of the virtual machine system environment;
3. according to the invention, through the combination of the built-in security chip and the virtual measurement equipment, the effects of trusted chain extension (the built-in security chip- > physical host system/virtualization layer- > virtual machine system) and security transmission are achieved, and the overall operation security of the virtualization environment can be ensured;
4. the virtual measurement equipment in the invention is key virtual equipment extended by a trusted chain, and a low coupling strategy is adopted in the design of the virtual measurement equipment, so that the virtual measurement equipment is independent of a virtual machine monitor, is convenient to transplant among different virtualization systems, is convenient for subsequent upgrading of the virtualization systems, and has wider application range.
In summary, the active dynamic measurement method for the virtualization environment based on the built-in security chip provided by the invention combines the active measurement devices of the physical host and the virtual machine, can monitor each layer of the system in time, ensures the integrity of the kernel of the physical host and the virtual machine, completes the extension of the active dynamic measurement to the virtualization layer, and ensures the availability of the virtualization environment.
Drawings
FIG. 1 is a diagram of a virtualized environment active dynamics metrology system architecture.
FIG. 2 is a flow chart of a method for active dynamic measurement in a virtualized environment.
Detailed Description
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. It is to be understood that the described embodiments are merely a subset of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A specific implementation way for realizing the invention is as follows, a virtualization environment active dynamic measurement method based on a built-in security chip comprises the following steps:
1) in the starting process of a physical host, a built-in security chip is started preferentially, and a memory exchange area is created randomly by the built-in security chip;
2) when the physical host operating system is started, a built-in security chip writes in an allocated memory exchange area after a drive module in the physical host acquires the physical address and the length of a moderate-quantity object in the system;
3) after the built-in security chip reads the physical address and the length of the quantitative object in the memory exchange area, the data is read at regular time to carry out measurement operation;
4) the built-in security chip compares the measurement result with the measurement reference value, determines the current state and outputs a corresponding log; when the measurement result is equal to the measurement reference value, judging that the running state of the physical host is credible, and when the measurement result is not equal to the measurement reference value, judging that the running state of the physical host is not credible;
5) if the running state of the physical host is judged to be credible in the step 4), the virtual measurement equipment is started preferentially when the virtual machine is started;
6) the virtual measurement equipment creates a memory exchange area;
7) the virtual machine measurement equipment driver writes the physical address and length of the virtual machine of the measurement object into the exchange area;
8) virtual measurement equipment reads address information of a measurement object in a switching area, realizes access to a specified physical address of a virtual machine through an address conversion interface provided by a virtualization layer, and regularly reads data of the virtual machine to perform measurement operation;
9) the virtual measuring equipment compares the measuring result with the measuring reference value, determines the current state and outputs a corresponding log; and when the measurement result is equal to the measurement reference value, judging that the running state of the virtual machine is credible, and when the measurement result is not equal to the measurement reference value, judging that the running state of the virtual machine is not credible.
In an embodiment of the present invention, the built-in security chip is integrated into the expansion card on the PCI slot of the motherboard, and the built-in security chip is started first after the motherboard is powered on by customizing the motherboard.
In an embodiment of the present invention, the built-in security chip is an independent architecture having an absolute control right for the host, and is started before other software and hardware in the physical host, and performs active measurement on the software and hardware, and stores a measurement report into the security storage module of the built-in security chip after being encrypted.
In an embodiment of the present invention, the virtual metrology device is a part of a virtualization component, which is preferentially started during the virtual machine startup process, and can indirectly access the virtual machine memory through the virtual machine monitor and directly access the file stored in the physical host disk.
In an embodiment of the present invention, the virtual metrology device indirectly accesses the virtual machine memory through an input/output control interface provided by the virtual machine monitor, and the virtual machine monitor can perform a memory copy operation through an incoming physical memory address, length of the target virtual machine, and a physical host virtual address where the buffer is located.
In an embodiment of the present invention, the virtual machine metric reference value is a first metric result after a virtual machine image is created and first run by the virtual metric device, and the metric result is recorded in a specified location of a physical host disk; after the virtual machine is restarted, reading a previous virtual machine measurement reference value from the specified position of the physical host disk, thereby ensuring the measurement continuity; and the virtual measuring equipment compares the measuring result with the virtual machine measuring reference value after each measuring operation so as to judge the measuring result.
In one embodiment of the invention, the measured objects include code segments, interrupt descriptor tables, and virtualization components in the physical host kernel, as well as code segments and interrupt descriptor tables in the virtual machine kernel.
In an embodiment of the invention, after the built-in security chip and the virtual measurement device perform measurement operation, the type of the output log is judged according to the result; for the result of measuring for the first time and generating a measurement reference value, outputting an EXIST log; for the judgment measurement result is matched, no log is output; and outputting the MODFIED log when the measurement result is judged not to be matched with the measurement reference value.
Fig. 1 is a schematic diagram of the active dynamic measurement system architecture of the virtualized operating environment with the built-in security chip, which is described in detail from bottom to top as follows:
the built-in security chip is used as independent physical equipment to execute measurement work on a measured object of the physical host operating system under the assistance of the physical host operating system, so that the security of the physical host is ensured;
the virtualization component is used as one of the measurement objects of the physical host, and provides support for the upper layer virtual machine, and it can be seen from the figure that a plurality of virtual machines can exist and execute measurement simultaneously in a single physical host;
the virtual measurement equipment is realized in a virtualization component, and the special equipment as the virtual machine executes measurement work on the operating system of the virtual machine under the assistance of the operating system of the virtual machine and the virtual machine layer, so that the safety of the virtual machine is ensured.
Fig. 2 is a schematic flow chart of the active dynamic measurement method for the virtualization environment based on the built-in security chip, and since the flows of "measurement of the built-in security chip on the physical host system/virtualization layer" and "measurement of the virtual measurement device on the virtual machine system" are basically the same, the schematic chart only shows one flow, but can represent the above two cases. In this section, "active metrology device" is used as a generic name for built-in security chips and virtual metrology devices.
The experimental results are as follows:
firstly, the performance test is carried out on the active dynamic measurement method of the virtualization environment based on the built-in security chip, and the test result shows that the measurement operation on the physical host and the virtual machine can be completed in the virtualization environment through the method provided by the invention, and the influence on the performance of the virtualization layer and the physical layer is small.
And secondly, verifying whether the virtualization environment active dynamic measurement system based on the built-in security chip can detect the abnormality in the system. Firstly, a binary kernel module file of a malicious modification system is transmitted into a virtual machine and a kernel module loading command is executed, a kernel log of the virtual machine shows that the module is normally loaded and executed, kernel data are modified, and virtual measurement equipment finds abnormality at the same time and outputs a log report to the file; secondly, the kernel module file of the system kernel/virtualization component which is maliciously modified is transmitted into a physical host system and loaded, a kernel log of the physical host shows that the module is normally loaded and executed, the kernel/virtualization component data is modified, and the built-in security chip finds abnormality and gives an alarm at the same time. The invention can measure all layers of the system in operation in real time and report the abnormity, namely, the invention is feasible and effective for ensuring the safety of the operation environment of the virtualization system.
Claims (10)
1. A method for active dynamic measurement of a virtualized environment is characterized by comprising the following steps:
starting a built-in security chip as a main control device, and randomly generating a memory exchange area of a physical host by using the built-in security chip;
a drive module of a built-in security chip in a physical host loads address information of a physical host measurement object to a generated memory exchange area;
the built-in security chip measures the security of the measured object according to the address information of the physical host measurement object in the memory exchange area, compares the measurement value with the measurement reference value and generates a measurement report;
the built-in security chip judges whether the current operation mechanism of the physical host is credible according to the measurement report;
if the built-in security chip judges that the running state of the physical host is credible, the virtual measurement equipment is started preferentially to serve as the main control equipment of the virtual machine when the virtual machine is started;
the virtual measurement equipment randomly creates a memory exchange area;
the virtual measurement equipment loads virtual machine measurement object address information to the generated memory exchange area;
the virtual measurement equipment carries out safety measurement on the virtual machine measurement object based on the virtual machine measurement object address information in the memory exchange area, compares the measurement value with a virtual machine measurement reference value and generates a measurement report;
and the virtual measurement equipment judges whether the current running mechanism of the virtual machine is credible or not according to the measurement report.
2. The method according to claim 1, wherein the built-in security chip is an independent security device on the physical host, and the security is guaranteed through unidirectional physical isolation, and the built-in security chip is a root of trust of software and hardware systems in the whole physical host before other software and hardware in the physical host are started.
3. The method of claim 1, wherein the physical host metrology object address information is location information allocated by a physical host kernel, a virtualized component, a system kernel module, and an application program in memory, including the physical address and length of each metrology object.
4. The method according to claim 1, wherein the virtual metrology device is a device module implemented in a virtualization layer for performing security metrology on a virtual machine, and performs an absolute active control operation on the virtual machine, and specifies a metrology information loading address during the startup of the virtual machine; the virtual metrology device is also within the metrology range of the built-in security chip.
5. The method of claim 1, wherein the virtual metrology device accesses virtual machine memory indirectly through an input output control interface provided by a virtual machine monitor.
6. The method according to claim 1, wherein the virtual machine measurement object address information is location information allocated in a memory by a virtual machine kernel, a system kernel module and an application program, and comprises a virtual machine physical address and a length of each measurement object.
7. The method of claim 1, wherein the virtual machine metric reference value is a first metric result after a virtual machine image is created and first run by the virtual metric device, and the metric result is recorded in a specified location of a physical host disk; reading a previous virtual machine measurement reference value from a specified position of the physical host disk after the virtual machine is restarted, thereby ensuring the continuity of measurement; and the virtual measuring equipment compares the measuring result with the virtual machine measuring reference value after each measuring operation so as to judge the measuring result.
8. The method of claim 1, wherein the measured objects comprise code segments, interrupt descriptor tables, and virtualization components in a physical host kernel, and code segments and interrupt descriptor tables in a virtual machine kernel.
9. The method of claim 1, wherein the built-in security chip is integrated into an expansion card on a PCI slot of the motherboard, and the built-in security chip is activated after the motherboard is powered on by customizing the motherboard.
10. A virtualization environment active dynamic measurement system, comprising a built-in security chip disposed on a physical host and a virtual measurement device disposed on a virtualization layer, wherein the built-in security chip and the virtual measurement device perform virtualization environment active dynamic measurement by using the method of any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110256748.8A CN113127148B (en) | 2021-03-09 | 2021-03-09 | Active dynamic measurement method and system for virtualized environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110256748.8A CN113127148B (en) | 2021-03-09 | 2021-03-09 | Active dynamic measurement method and system for virtualized environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113127148A true CN113127148A (en) | 2021-07-16 |
| CN113127148B CN113127148B (en) | 2024-04-09 |
Family
ID=76773231
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110256748.8A Active CN113127148B (en) | 2021-03-09 | 2021-03-09 | Active dynamic measurement method and system for virtualized environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113127148B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155112A (en) * | 2006-09-29 | 2008-04-02 | 联想(北京)有限公司 | Virtual special terminal, network service system and service access method |
| CN202003361U (en) * | 2010-01-22 | 2011-10-05 | 中国长城计算机深圳股份有限公司 | Credible computer system |
| CN111638936A (en) * | 2020-04-16 | 2020-09-08 | 中国科学院信息工程研究所 | Virtual machine static measurement method and device based on built-in security architecture |
-
2021
- 2021-03-09 CN CN202110256748.8A patent/CN113127148B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155112A (en) * | 2006-09-29 | 2008-04-02 | 联想(北京)有限公司 | Virtual special terminal, network service system and service access method |
| CN202003361U (en) * | 2010-01-22 | 2011-10-05 | 中国长城计算机深圳股份有限公司 | Credible computer system |
| CN111638936A (en) * | 2020-04-16 | 2020-09-08 | 中国科学院信息工程研究所 | Virtual machine static measurement method and device based on built-in security architecture |
Non-Patent Citations (1)
| Title |
|---|
| 程戈等: ""基于可信轻量虚拟机监控器的安全架构"", 《计算机应用研究》, no. 08, 15 August 2010 (2010-08-15), pages 251 - 255 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113127148B (en) | 2024-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2014389572B2 (en) | Process evaluation for malware detection in virtual machines | |
| US9852295B2 (en) | Computer security systems and methods using asynchronous introspection exceptions | |
| US9565214B2 (en) | Real-time module protection | |
| US9262246B2 (en) | System and method for securing memory and storage of an electronic device with a below-operating system security agent | |
| US8863283B2 (en) | System and method for securing access to system calls | |
| US8549648B2 (en) | Systems and methods for identifying hidden processes | |
| US9384349B2 (en) | Negative light-weight rules | |
| US9087199B2 (en) | System and method for providing a secured operating system execution environment | |
| US8650642B2 (en) | System and method for below-operating system protection of an operating system kernel | |
| US8549644B2 (en) | Systems and method for regulating software access to security-sensitive processor resources | |
| US20130312099A1 (en) | Realtime Kernel Object Table and Type Protection | |
| US11775649B2 (en) | Perform verification check in response to change in page table base register | |
| WO2007103192A2 (en) | Prevention of executable code modification | |
| US10846405B1 (en) | Systems and methods for detecting and protecting against malicious software | |
| US11899797B2 (en) | System and method for detecting and for alerting of exploits in computerized systems | |
| CN113127148B (en) | Active dynamic measurement method and system for virtualized environment | |
| Mironov et al. | Trusted Boot Mechanisms in Physical and Virtual Environments | |
| Aboughadareh et al. | Detecting rootkits with the RAI runtime application inventory | |
| WO2022044021A1 (en) | Exploit prevention based on generation of random chaotic execution context | |
| Zhang et al. | A multi-core security architecture based on EFI |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |