JP5518865B2 - 感染したホストによる攻撃からの仮想ゲストマシンの保護 - Google Patents
感染したホストによる攻撃からの仮想ゲストマシンの保護 Download PDFInfo
- Publication number
- JP5518865B2 JP5518865B2 JP2011525050A JP2011525050A JP5518865B2 JP 5518865 B2 JP5518865 B2 JP 5518865B2 JP 2011525050 A JP2011525050 A JP 2011525050A JP 2011525050 A JP2011525050 A JP 2011525050A JP 5518865 B2 JP5518865 B2 JP 5518865B2
- Authority
- JP
- Japan
- Prior art keywords
- guest
- host
- host machine
- machine
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000007366 host health Effects 0.000 claims description 44
- 230000036541 health Effects 0.000 claims description 42
- 230000004044 response Effects 0.000 claims description 16
- 238000000034 method Methods 0.000 claims description 15
- 230000002155 anti-virotic effect Effects 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 7
- 238000007689 inspection Methods 0.000 claims description 3
- 241000700605 Viruses Species 0.000 claims description 2
- 238000001994 activation Methods 0.000 claims description 2
- 230000004048 modification Effects 0.000 claims 1
- 238000012986 modification Methods 0.000 claims 1
- 238000005192 partition Methods 0.000 description 15
- 230000009471 action Effects 0.000 description 13
- 238000011156 evaluation Methods 0.000 description 13
- 238000007726 management method Methods 0.000 description 9
- 230000001010 compromised effect Effects 0.000 description 6
- 238000001514 detection method Methods 0.000 description 4
- 230000008520 organization Effects 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000013069 global supply chain management Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000013455 disruptive technology Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 230000001568 sexual effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Debugging And Monitoring (AREA)
- Computer And Data Communications (AREA)
Description
Claims (6)
- 仮想化環境において、マルウェアに感染したホストマシンからゲストマシンを保護するための方法であって、
前記ホストマシン上に実現されるゲストのヘルスエージェントが、前記ホストマシン上に実現されるホストのヘルスエージェントに、前記ホストマシンのヘルスを示す1つ又は複数の要素を検査するための検査要求を送信するステップと、
前記ホストのヘルスエージェントが、前記検査要求に応答して、前記1つ又は複数の要素を検査し、検査実施後、前記ホストマシンのヘルスを示す準拠の宣言を前記ゲストのヘルスエージェントに送信するステップと、
前記ゲストのヘルスエージェントが、前記準拠の宣言を準拠ポリシーと比較して、前記ホストマシンが前記準拠ポリシーに準拠しているか否かを判定するステップと、
前記ホストマシンが前記準拠ポリシーに準拠していると判定された場合に、仮想化環境を作成するために、前記ゲストマシンが起動処理を継続するステップと、
前記ホストマシンが前記準拠ポリシーに準拠していないと判定される場合に、前記ゲストマシンが前記起動処理を終了するステップと
を備えたことを特徴とする方法。 - 前記1つ又は複数の要素は、セキュリティパッチ状態、アンチウイルスのソフトウェアの存在、アンチマルウェアソフトウェアの存在、ウイルスの署名の状態、マルウェアの署名の状態、前記ホストマシンが前記ゲストマシンを実行するために認証されることを示す証明書又はファイルのレジストリー鍵の存在、ファイヤーウォールの存在、又は前記ファイヤーウォールの設定状態の少なくとも1つを含むことを特徴とする請求項1に記載の方法。
- コンピューター読み取り可能な媒体に格納された命令を受け取るステップをさらに含み、前記ホストマシン上に配置された1つ又は複数のプロセッサーにより実行されるとき、前記ホストのヘルスエージェント又は前記ゲストのヘルスエージェントを実装することを特徴とする請求項1又は2に記載の方法。
- 前記コンピューター読み取り可能な媒体は、前記仮想化環境において使用されるデスクトップ画像をさらに含む記憶媒体であることを特徴とする請求項3に記載の方法。
- 前記デスクトップ画像は、前記準拠ポリシー、データー、ユーザー設定、ユーザー優先権又はアプリケーションの1つもしくは複数を含むことを特徴とする請求項4に記載の方法。
- 前記ホストマシンが前記準拠ポリシーに準拠していないと判定されるとき、エラーメッセージを表示するステップをさらに含み、前記エラーメッセージが前記ホストマシンの前記準拠ポリシーに準拠しないことを示し、前記準拠しないことの修正が実行される可能性があることの通知を提供することを特徴とする請求項1又は2に記載の方法。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/199,812 US8954897B2 (en) | 2008-08-28 | 2008-08-28 | Protecting a virtual guest machine from attacks by an infected host |
US12/199,812 | 2008-08-28 | ||
PCT/US2009/052438 WO2010025007A2 (en) | 2008-08-28 | 2009-07-31 | Protecting a virtual guest machine from attacks by an infected host |
Publications (3)
Publication Number | Publication Date |
---|---|
JP2012510650A JP2012510650A (ja) | 2012-05-10 |
JP2012510650A5 JP2012510650A5 (ja) | 2012-09-13 |
JP5518865B2 true JP5518865B2 (ja) | 2014-06-11 |
Family
ID=41722206
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2011525050A Active JP5518865B2 (ja) | 2008-08-28 | 2009-07-31 | 感染したホストによる攻撃からの仮想ゲストマシンの保護 |
Country Status (5)
Country | Link |
---|---|
US (1) | US8954897B2 (ja) |
EP (1) | EP2318975B1 (ja) |
JP (1) | JP5518865B2 (ja) |
CN (1) | CN102132287B (ja) |
WO (1) | WO2010025007A2 (ja) |
Families Citing this family (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9015789B2 (en) * | 2009-03-17 | 2015-04-21 | Sophos Limited | Computer security lock down methods |
US9426179B2 (en) | 2009-03-17 | 2016-08-23 | Sophos Limited | Protecting sensitive information from a secure data store |
US9621584B1 (en) | 2009-09-30 | 2017-04-11 | Amazon Technologies, Inc. | Standards compliance for computing data |
US9087188B2 (en) * | 2009-10-30 | 2015-07-21 | Intel Corporation | Providing authenticated anti-virus agents a direct access to scan memory |
US8321940B1 (en) * | 2010-04-30 | 2012-11-27 | Symantec Corporation | Systems and methods for detecting data-stealing malware |
US9111079B2 (en) | 2010-09-30 | 2015-08-18 | Microsoft Technology Licensing, Llc | Trustworthy device claims as a service |
US9218461B2 (en) * | 2010-12-01 | 2015-12-22 | Cisco Technology, Inc. | Method and apparatus for detecting malicious software through contextual convictions |
US9100425B2 (en) | 2010-12-01 | 2015-08-04 | Cisco Technology, Inc. | Method and apparatus for detecting malicious software using generic signatures |
US20120144489A1 (en) * | 2010-12-07 | 2012-06-07 | Microsoft Corporation | Antimalware Protection of Virtual Machines |
US20130031371A1 (en) * | 2011-07-25 | 2013-01-31 | Alcatel-Lucent Usa Inc. | Software Run-Time Provenance |
US8843915B2 (en) * | 2011-07-28 | 2014-09-23 | Hewlett-Packard Development Company, L.P. | Signature-based update management |
US8788763B2 (en) | 2011-10-13 | 2014-07-22 | International Business Machines Corporation | Protecting memory of a virtual guest |
US8782351B2 (en) | 2011-10-13 | 2014-07-15 | International Business Machines Corporation | Protecting memory of a virtual guest |
US9032520B2 (en) | 2012-02-22 | 2015-05-12 | iScanOnline, Inc. | Remote security self-assessment framework |
US8839447B2 (en) * | 2012-02-27 | 2014-09-16 | Ca, Inc. | System and method for virtual image security in a cloud environment |
US9058504B1 (en) * | 2013-05-21 | 2015-06-16 | Malwarebytes Corporation | Anti-malware digital-signature verification |
GB2515757A (en) * | 2013-07-02 | 2015-01-07 | Ibm | Managing virtual machine policy compliance |
US9065854B2 (en) * | 2013-10-28 | 2015-06-23 | Citrix Systems, Inc. | Systems and methods for managing a guest virtual machine executing within a virtualized environment |
US9762603B2 (en) * | 2014-05-10 | 2017-09-12 | Informatica Llc | Assessment type-variable enterprise security impact analysis |
US9851998B2 (en) * | 2014-07-30 | 2017-12-26 | Microsoft Technology Licensing, Llc | Hypervisor-hosted virtual machine forensics |
US10425447B2 (en) * | 2015-08-28 | 2019-09-24 | International Business Machines Corporation | Incident response bus for data security incidents |
US9990222B2 (en) * | 2016-03-18 | 2018-06-05 | Airwatch Llc | Enforcing compliance rules against hypervisor and virtual machine using host management component |
US10142364B2 (en) | 2016-09-21 | 2018-11-27 | Upguard, Inc. | Network isolation by policy compliance evaluation |
US10795991B1 (en) * | 2016-11-08 | 2020-10-06 | Fireeye, Inc. | Enterprise search |
US10554492B2 (en) | 2017-06-09 | 2020-02-04 | Microsoft Technology Licensing, Llc | Physical machine management in distributed computing systems |
US11030057B2 (en) * | 2018-07-06 | 2021-06-08 | EMC IP Holding Company LLC | System and method for critical virtual machine protection |
US11604671B2 (en) | 2020-03-19 | 2023-03-14 | Red Hat, Inc. | Secure virtual machine and peripheral device communication |
Family Cites Families (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6609199B1 (en) | 1998-10-26 | 2003-08-19 | Microsoft Corporation | Method and apparatus for authenticating an open system application to a portable IC device |
GB2376765B (en) | 2001-06-19 | 2004-12-29 | Hewlett Packard Co | Multiple trusted computing environments with verifiable environment identities |
GB2376764B (en) | 2001-06-19 | 2004-12-29 | Hewlett Packard Co | Multiple trusted computing environments |
US7127597B2 (en) * | 2002-09-24 | 2006-10-24 | Novell, Inc. | Mechanism for controlling boot decisions from a network policy directory based on client profile information |
US7370324B2 (en) | 2003-09-30 | 2008-05-06 | Intel Corporation | Switching between a service virtual machine and a guest virtual machine in a virtual machine monitor environment |
US20050132122A1 (en) | 2003-12-16 | 2005-06-16 | Rozas Carlos V. | Method, apparatus and system for monitoring system integrity in a trusted computing environment |
JP2007226277A (ja) | 2004-04-02 | 2007-09-06 | Matsushita Electric Ind Co Ltd | 仮想マシン改ざん検査方法、および仮想マシン改ざん検査装置 |
US7370166B1 (en) | 2004-04-30 | 2008-05-06 | Lexar Media, Inc. | Secure portable storage device |
AU2005222507B2 (en) | 2004-10-15 | 2010-10-28 | Microsoft Corporation | Portable computing environment |
CN1885788B (zh) | 2005-06-22 | 2010-05-05 | 杭州华三通信技术有限公司 | 网络安全防护方法及系统 |
BRPI0612995A2 (pt) | 2005-07-14 | 2010-12-14 | Matsushita Electric Ind Co Ltd | mÉtodo de verificaÇço, dispositivo de processamento de informaÇço, circuito integrado implementado em um dispositivo de processamento de informaÇço, meio de armazenamento e programa de verificaÇço |
US20070074192A1 (en) | 2005-08-30 | 2007-03-29 | Geisinger Nile J | Computing platform having transparent access to resources of a host platform |
CN100437420C (zh) | 2005-09-30 | 2008-11-26 | 联想(北京)有限公司 | 计算机系统及其安全加固方法 |
CN100420202C (zh) | 2005-10-20 | 2008-09-17 | 联想(北京)有限公司 | 计算机管理系统以及计算机管理方法 |
US20070280509A1 (en) | 2006-04-24 | 2007-12-06 | Encryptakey, Inc. | Systems and methods for storing data to a handheld device |
US8738786B2 (en) | 2006-05-18 | 2014-05-27 | Sanggyu Lee | Method for protecting client and server |
US7743422B2 (en) | 2006-08-21 | 2010-06-22 | International Business Machines Corporation | System and method for validating a computer platform when booting from an external device |
US8510859B2 (en) | 2006-09-26 | 2013-08-13 | Intel Corporation | Methods and arrangements to launch trusted, co-existing environments |
US9015703B2 (en) | 2006-10-17 | 2015-04-21 | Manageiq, Inc. | Enforcement of compliance policies in managed virtual systems |
US8949825B1 (en) | 2006-10-17 | 2015-02-03 | Manageiq, Inc. | Enforcement of compliance policies in managed virtual systems |
US8099786B2 (en) | 2006-12-29 | 2012-01-17 | Intel Corporation | Embedded mechanism for platform vulnerability assessment |
US7765374B2 (en) | 2007-01-25 | 2010-07-27 | Microsoft Corporation | Protecting operating-system resources |
US8959568B2 (en) | 2007-03-14 | 2015-02-17 | Microsoft Corporation | Enterprise security assessment sharing |
CN100555298C (zh) | 2007-06-08 | 2009-10-28 | 北京飞天诚信科技有限公司 | 虚拟个人办公环境的方法和设备 |
US8418173B2 (en) * | 2007-11-27 | 2013-04-09 | Manageiq, Inc. | Locating an unauthorized virtual machine and bypassing locator code by adjusting a boot pointer of a managed virtual machine in authorized environment |
US20090178131A1 (en) | 2008-01-08 | 2009-07-09 | Microsoft Corporation | Globally distributed infrastructure for secure content management |
-
2008
- 2008-08-28 US US12/199,812 patent/US8954897B2/en active Active
-
2009
- 2009-07-31 WO PCT/US2009/052438 patent/WO2010025007A2/en active Application Filing
- 2009-07-31 JP JP2011525050A patent/JP5518865B2/ja active Active
- 2009-07-31 EP EP09810429.2A patent/EP2318975B1/en active Active
- 2009-07-31 CN CN200980134101.5A patent/CN102132287B/zh active Active
Also Published As
Publication number | Publication date |
---|---|
EP2318975A4 (en) | 2013-11-20 |
CN102132287A (zh) | 2011-07-20 |
WO2010025007A2 (en) | 2010-03-04 |
EP2318975A2 (en) | 2011-05-11 |
US8954897B2 (en) | 2015-02-10 |
EP2318975B1 (en) | 2018-08-22 |
CN102132287B (zh) | 2015-02-11 |
WO2010025007A3 (en) | 2010-04-22 |
US20100058432A1 (en) | 2010-03-04 |
JP2012510650A (ja) | 2012-05-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5518865B2 (ja) | 感染したホストによる攻撃からの仮想ゲストマシンの保護 | |
US9674215B2 (en) | Software program identification based on program behavior | |
US9531740B2 (en) | Software program identification based on program behavior | |
US8353036B2 (en) | Method and system for protecting cross-domain interaction of a web application on an unmodified browser | |
US8572750B2 (en) | Web application exploit mitigation in an information technology environment | |
US9251343B1 (en) | Detecting bootkits resident on compromised computers | |
US20090165132A1 (en) | System and method for security agent monitoring and protection | |
US7886065B1 (en) | Detecting reboot events to enable NAC reassessment | |
US20100175108A1 (en) | Method and system for securing virtual machines by restricting access in connection with a vulnerability audit | |
US20100199351A1 (en) | Method and system for securing virtual machines by restricting access in connection with a vulnerability audit | |
US9183377B1 (en) | Unauthorized account monitoring system and method | |
US20090271863A1 (en) | Identifying unauthorized privilege escalations | |
WO2017160765A1 (en) | System and method for process hollowing detection | |
US20060069692A1 (en) | Electronic computer system secured from unauthorized access to and manipulation of data | |
US20130246685A1 (en) | System and method for passive threat detection using virtual memory inspection | |
EP2998901B1 (en) | Unauthorized-access detection system and unauthorized-access detection method | |
GB2549546A (en) | Boot security | |
US20070294699A1 (en) | Conditionally reserving resources in an operating system | |
US8862730B1 (en) | Enabling NAC reassessment based on fingerprint change | |
US20220391506A1 (en) | Automated Interpreted Application Control For Workloads | |
Zeng et al. | Full-stack vulnerability analysis of the cloud-native platform | |
US20120174206A1 (en) | Secure computing environment | |
US11729176B2 (en) | Monitoring and preventing outbound network connections in runtime applications | |
Ramachandran et al. | New Client Virtualization Usage Models Using Intel Virtualization Technology. | |
US20230418933A1 (en) | Systems and methods for folder and file sequestration |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20120724 |
|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20120724 |
|
RD03 | Notification of appointment of power of attorney |
Free format text: JAPANESE INTERMEDIATE CODE: A7423 Effective date: 20130701 |
|
RD04 | Notification of resignation of power of attorney |
Free format text: JAPANESE INTERMEDIATE CODE: A7424 Effective date: 20130718 |
|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20131030 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20131114 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20140212 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20140304 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20140402 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 5518865 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
S111 | Request for change of ownership or part of ownership |
Free format text: JAPANESE INTERMEDIATE CODE: R313113 |
|
R350 | Written notification of registration of transfer |
Free format text: JAPANESE INTERMEDIATE CODE: R350 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |