KR101405319B1 - Apparatus and method for protecting system in virtualization - Google Patents

Apparatus and method for protecting system in virtualization Download PDF

Info

Publication number
KR101405319B1
KR101405319B1 KR1020070110296A KR20070110296A KR101405319B1 KR 101405319 B1 KR101405319 B1 KR 101405319B1 KR 1020070110296 A KR1020070110296 A KR 1020070110296A KR 20070110296 A KR20070110296 A KR 20070110296A KR 101405319 B1 KR101405319 B1 KR 101405319B1
Authority
KR
South Korea
Prior art keywords
domain
access
access control
system
system resource
Prior art date
Application number
KR1020070110296A
Other languages
Korean (ko)
Other versions
KR20080093359A (en
Inventor
이성민
정복득
서상범
모상덕
Original Assignee
삼성전자 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US91193007P priority Critical
Priority to US60/911,930 priority
Application filed by 삼성전자 주식회사 filed Critical 삼성전자 주식회사
Priority claimed from US12/034,178 external-priority patent/US8689288B2/en
Priority claimed from JP2008074946A external-priority patent/JP5496464B2/en
Publication of KR20080093359A publication Critical patent/KR20080093359A/en
Publication of KR101405319B1 publication Critical patent/KR101405319B1/en
Application granted granted Critical

Links

Images

Abstract

A secure system protection apparatus in a virtualization environment according to an embodiment of the present invention includes a domain unit having a plurality of domains including at least one device driver, a system resource unit constituting hardware of the device, and a DMA (Direct Memory Access And a control unit having an access control module for controlling an access operation of the domain unit to the system resource unit in a driver and a virtualization environment. According to the present invention, system resources can be protected from malicious accesses such as malware in a virtualized environment, and a security service can be guaranteed by solving a system failure.
VMM, DMA, domain, driver, memory

Description

Technical Field [0001] The present invention relates to an apparatus and method for protecting a system in a virtual environment,

The present invention relates to an apparatus and method for protecting a system, and more particularly, to an apparatus and method for safely protecting a system in a virtual environment for protecting system resources from a malicious access in a virtualized environment and ensuring a secure security service.

In general, devices such as a PC, a PDA, a wireless terminal, and a DTV can use a virtualization technology to realize safety and various applications and services. These virtualization technologies require features such as Secure Boot, Secure Software, and Access Control to provide a secure environment.

1 is a block diagram showing a configuration of a conventional virtualization system apparatus.

1, in a virtualization environment using a virtual machine monitor (VMM) 10, a conventional virtualization system apparatus includes a domain unit 20 having a plurality of domains 21, 22, A system resource section 30 including a ROM, a central processing unit (CPU), a memory, a battery, an input / output device (I / O DEVICE), and the like.

Each domain 21 of the domain unit 20 includes at least one device driver 21a, 22a, ..., and a plurality of domains 21, 22, At least one of the domains 21 includes a DMA driver 21b. Such a conventional virtualization system device performs processing for the DMA in the domain unit 20, and there is no limitation in forming a channel between the domains. When the respective domains 21, 22, ... access the system resource unit 30, a simple access control is performed in either the domain unit 20 or the VMM 10.

However, in the above-described conventional virtualization system, the DMA processing is performed in the domain unit 20 and the access control for preventing the malicious access of the domain unit 20 to the system resource unit 30 in the VMM 10 There is a problem in system security.

More specifically, since the DMA is performed in the domain 21 and access control to the physical memory is not provided, access to the physical domain of the VMM or another domain is performed when an unstable domain or a buggy device driver exists in the domain There is a problem that confidential data is fetched or dummy data is overwritten, resulting in a system failure.

Also, if a particular domain uses excessive system memory, there is a problem that system failure occurs and system availability is hindered.

In addition, the number of event channels formed between the two domains is limited. If all of the event channels available for a malicious specific domain are used, an event channel can not be formed among the remaining domains , Resulting in a system failure.

SUMMARY OF THE INVENTION The present invention has been made to solve the above problems, and it is an object of the present invention to provide a virtual environment in which system resources are protected from malicious accesses such as malware in a virtualized environment, And more particularly, to a system and method for safely protecting the system.

The objects of the present invention are not limited to the above-mentioned objects, and other objects not mentioned can be clearly understood by those skilled in the art from the following description.

In order to achieve the above object, a secure system protection apparatus in a virtualization environment according to an embodiment of the present invention includes a domain unit having a plurality of domains including at least one device driver, a system resource unit A DMA (Direct Memory Access) driver, and an access control module for controlling an access operation of the domain unit to the system resource unit in a virtualization environment.

According to another aspect of the present invention, there is provided a method for protecting a system in a virtual environment, including: requesting allocation of an I / O space and an IRQ (interrupt request) number of a device driver of each domain to a system resource unit; Determining whether an access right to the system resource unit is allowed according to a predetermined access control policy of the domain in which the device driver is executed; and determining, based on the access control policy, And allocating the requested I / O space IRQ number to the device driver of the domain if the access right of the domain is allowed, otherwise not allocating the requested I / O space IRQ number.

According to another aspect of the present invention, there is provided a method of protecting a secure system in a virtualization environment, comprising: requesting a specific device driver of a domain to access a memory of a system resource unit through a DMA; Determining whether the domain executing the access control policy attempts to access the memory to which the access right is granted by a predetermined access control policy; and if the domain attempts to access the memory by the access control policy, Allowing access to a specific device driver of the domain, and otherwise not allowing access to a specific device driver of the domain for the requested memory.

According to another aspect of the present invention, there is provided a method of protecting a secure system in a virtualization environment, the method comprising: requesting allocation of system resources in at least one domain among a plurality of domains; Determining whether an allocation amount of the system resources does not exceed a reference value set by a predetermined access control policy, and if the allocation amount of system resources requested by the domain is equal to or less than the set reference value, Allowing allocation of resources, and otherwise not allowing allocation of the requested system resources to the domain.

The details of other embodiments are included in the detailed description and drawings.

According to the apparatus and method for safely protecting the system in the virtualization environment of the present invention as described above, it is possible to protect the system resources from malicious accesses such as malware in the virtualization environment, .

The effects of the present invention are not limited to the effects mentioned above, and other effects not mentioned can be clearly understood by those skilled in the art from the description of the claims.

BRIEF DESCRIPTION OF THE DRAWINGS The advantages and features of the present invention and the manner of achieving them will become apparent with reference to the embodiments described in detail below with reference to the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. To fully disclose the scope of the invention to those skilled in the art, and the invention is only defined by the scope of the claims. Like reference numerals refer to like elements throughout the specification.

Hereinafter, an apparatus and method for protecting a secure system in a virtualized environment according to a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings. In the following description, well-known functions or constructions are not described in detail to avoid unnecessarily obscuring the subject matter of the present invention.

2 is a block diagram illustrating a configuration of a secure system protection apparatus in a virtualization environment according to an embodiment of the present invention.

As shown in FIG. 2, a secure system protection apparatus in a virtualization environment according to an embodiment of the present invention includes a domain unit 100, a system resource unit 200, a control unit 300, and the like.

The domain unit 100 includes a plurality of domains 110, 120, ... including at least one device driver 111, 121, .... For example, the domain unit 100 includes at least one security domain 110 that is secured and a plurality of general domains 120, ...., which are somewhat vulnerable.

In the present invention, a domain means an environment in which a corresponding device driver can be executed by each operating system (OS).

The system resource unit 200 constitutes hardware of a device. The system resource block 200 includes a ROM 210, a central processing unit (CPU) 220, a battery 230, a memory 240, an event channel 250 An input / output device (I / O device) 260, and the like.

The ROM 210 is a storage area that can not be illegally changed due to a user or system.

The memory 240 is a storage for storing data information, and a nonvolatile memory such as a flash memory is applied.

The memory 240 includes a system memory and a physical memory related to the DMA to be described later.

The memory 240 is divided into a plurality of storage areas so that various data can be classified and stored according to type and security, and important data information is encrypted and stored in a predetermined storage area of the storage areas.

The control unit 300 controls the operation of the domain unit 100 so that the domain unit 100 can access the system resource unit 200 in a virtualized environment such as a wireless Internet environment using a VMM (Virtual Machine Monitor).

The control unit 300 includes a direct memory access (DMA) driver 310 and an access control module 320 for controlling an access operation of the domain unit 100 to the system resource unit 200 in a virtualization environment.

The DMA driver 310 is a module for performing DMA operations.

The access control module 320 controls the access of the device drivers 111, 121, ... of the respective domains 110, 120, ... to the system resource unit 200 through the DMA driver 310 . In particular, the access control module 320 may cause the malicious device driver 121 installed in the general domain 120, which is vulnerable to security, among the domains 110, 120, (I / O space) and IRQ associated with the I / O space. More specifically, when the specific device driver of the domains 110, 120, ... accesses the system resource unit 200 through the DMA according to a predetermined access control policy, O space associated with the DMA driver 310 and access to the IRQ, and otherwise allows access to the I / O space and IRQ number associated with the DMA driver 310, Block access.

The access control module 320 sets different access rights to the system resource unit 200 for each domain 110 and 120 according to access rights to the system resource unit 200, O space and IRQ number allocation to the device drivers 111, 121,. More specifically, when the access control module 320 permits the access of the device drivers 111, 121, ... to the system resource unit 200 according to a predetermined access control policy, the device drivers 111, 121, ,,,) to the requested I / O space and IRQ number, and if access is not allowed, does not allocate the requested I / O space and IRQ number.

The access control module 320 restricts excessive use of each domain 110, 120,... To the system resource unit 200. The access control module 320 determines whether or not the device drivers 111, 121, ... of the respective domains 110, 120, ... access the memory 240 of the system resource block 200 The access to the memory 240 is blocked according to a predetermined access control policy. The access control module 320 may be configured such that when an event channel is formed between each domain 110, 120, ..., each domain 110, 120, ..., Can not be formed.

Hereinafter, a secure system protection method in a virtualization environment according to an embodiment of the present invention will be described in detail with reference to FIGS.

3 is a flowchart illustrating an I / O space allocation process of a device driver according to a method of protecting a safe system in a virtualization environment according to the present invention.

3, the access control module 320 of the control unit 300 sets access rights to the system resource unit 200 differently for each domain 110, 120, ..., And controls the allocation of the requested I / O space and the IRQ number to the device drivers 111, 121, ... of the respective domains 110, 120, ... according to the access right to the resource unit 200.

More specifically, the I / O space allocation request of the device drivers 111, 121, ... of the respective domains 110, 120, ... to the system resource unit 200 is requested (S101). Next, the domains 110, 120, ... executing the device drivers 111, 121, ... are controlled according to a predetermined access control policy determined by the access control module 320 of the control unit 300 It is determined whether the access right to the system resource unit 200 is allowed (S102). If access rights to the domains 110, 120, ... are granted to the system resource unit 200 according to the access control policy, the device drivers 111, 121, ... of the domains 110, 120, ...) to the I / O space and the IRQ number (S103). However, according to the access control policy, the requested I / O space and the IRQ number are not allocated if the access right of the domain is not allowed to the system resource unit.

FIG. 4 is a flowchart for explaining a process of access control when a device driver accesses a system memory through a DMA by a secure system protection method in a virtualization environment of the present invention.

The device drivers 111, 121, ... of the respective domains 110, 120, ... in the access control module 320 of the control unit 300 are connected to the DMA driver And controls access to the system resource unit 200 through the control unit 310.

More specifically, a specific device driver of the domain 110, 120,... Requests access to the memory 240 of the system resource unit 200 through DMA (S201). Next, it is determined whether the domain that is executing the specific device driver attempts to access the memory 240 to which the access right is permitted by a predetermined access control policy (S202). Next, when the domain 110, 120, ... accesses the memory 240 according to the access control policy, the specific memory device 240 of the domain 110, 120, (S203). However, if the access control policy does not attempt to access the memory 240 from the domain 110, 120, ..., the specific memory device 240 of the domain 110, 120, .

FIG. 5 is a flowchart illustrating a domain access control process for system resources according to a secure system protection method in a virtualization environment of the present invention.

As shown in FIG. 5, the present invention restricts excessive use of each domain to the system resource in the access control module of the control unit.

In more detail, at least one of the plurality of domains 110, 120,... Requests allocation of system resources (S301). Next, it is determined whether the allocation amount of the requested system resource in the domain does not exceed the reference value set by the predetermined access control policy (S302). Next, if the allocation amount of the system resource requested by the domain is equal to or less than the set reference value, the allocation of the requested system resource to the domain is allowed (S303). However, if the allocation amount of the system resources requested by the domain is equal to or greater than the set reference value by the access control policy, allocation of the requested system resources to the domain is not permitted. For example, the access control module 320 determines whether or not the device drivers 111, 121, ... of the respective domains 110, 120, ... are storing the memory 240 of the system resource block 200 If used, access to the memory 240 is blocked. In addition, the access control module 320 blocks each domain 110, 120, ... from being unable to form an event channel exceeding the allowable reference value when an event channel is formed between the domains 110, 120, ... .

While the present invention has been described in connection with what is presently considered to be practical exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, You will understand. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. The scope of the present invention is defined by the appended claims rather than the detailed description and all changes or modifications derived from the meaning and scope of the claims and their equivalents are to be construed as being included within the scope of the present invention do.

1 is a block diagram showing the configuration of a conventional virtualization system apparatus;

2 is a block diagram illustrating a configuration of a secure system protection apparatus in a virtualization environment according to an embodiment of the present invention;

FIG. 3 is a flowchart illustrating an I / O space and an IRQ number allocation process of a device driver according to a method for safely protecting a system in a virtualization environment of the present invention. FIG.

FIG. 4 is a flowchart for explaining a process of access control when a device driver accesses a system memory through a DMA by a secure system protection method in a virtualization environment of the present invention. FIG.

FIG. 5 is a flowchart illustrating a domain access control process for a system resource by a secure system protection method in a virtualization environment of the present invention. FIG.

Description of the Related Art

100: domain unit 110, 120, ...: domain

111, 121, ...: Device driver 200:

300: control unit 310: DMA driver

320: access control module

Claims (18)

  1. A domain unit having a plurality of domains including at least one device driver;
    A system resource section constituting hardware of the device; And
    A DMA (Direct Memory Access) driver, and an access control module for determining whether the domain unit accesses the system resource unit in a virtualization environment,
    Wherein the control unit is controlled using a VMM (Virtual Machine Monitor), and the access control module is located in the VMM.
  2. The method according to claim 1,
    Wherein the domain unit includes at least one domain whose security is guaranteed.
  3. The method according to claim 1,
    Wherein the system resource block includes at least one of a system memory, a physical memory related to the DMA, and an event channel between the domains.
  4. delete
  5. The method according to claim 1,
    Wherein the access control module controls access of the device drivers of the respective domains to the system resource through the DMA driver.
  6. 6. The method of claim 5,
    Wherein the access control module is operable in a virtualization environment in which a malicious device driver installed in a vulnerable domain among the respective domains restricts access to an input / output space (I / O space) and an IRQ number (interrupt) Safe system protection device.
  7. The method according to claim 1,
    Wherein the access control module sets access rights to the system resources differently for each domain.
  8. 8. The method of claim 7,
    Wherein the access control module controls the allocation of the requested I / O space and the IRQ number to the device driver of the domain according to the access right to the system resource block.
  9. 9. The method of claim 8,
    Wherein the access control module allocates the requested I / O space and the IRQ number to the device driver when the device driver access to the system resource unit is permitted, and if the access is not allowed, requests the I / O space and the IRQ number A secure system protection device in an unassigned virtualized environment.
  10. The method according to claim 1,
    Wherein the access control module restricts excessive use of access to each of the domains with respect to the system resources.
  11. 11. The method of claim 10,
    Wherein the access control module blocks an access of a corresponding domain to the memory when the device driver of each domain uses the memory of the system resource part in excess of the allowable reference value.
  12. 11. The method of claim 10,
    Wherein the access control module blocks an event channel of each domain from forming an event channel of an allowable reference value or more when an event channel is formed between the domains.
  13. Requesting an access control module located in a virtual machine monitor (VMM) to allocate I / O space and an IRQ number of a device driver of each domain to a system resource unit;
    Determining whether the domain executing the device driver is allowed access to the system resource by a predetermined access control policy; And
    O space and IRQ number to the device driver of the domain if the access right of the domain is allowed to the system resource unit according to the access control policy, otherwise, the requested I / O space and IRQ number are allocated A method of securing a secure system in a virtualized environment that includes an unassigned step.
  14. Requesting a specific device driver of a domain to access a memory of a system resource unit through a DMA to an access control module located in a virtual machine monitor (VMM);
    Determining whether a domain executing the specific device driver attempts to access the memory to which access authority is granted by a predetermined access control policy; And
    If the domain attempts to access the memory according to the access control policy, access to a specific device driver of the domain is permitted to the requested memory; otherwise, access to a specific device driver of the domain is permitted to the requested memory How to safely protect your system in a virtualized environment that includes no steps.
  15. Requesting an access control module located in a virtual machine monitor (VMM) to allocate system resources in at least one of a plurality of domains;
    Determining whether an allocation amount of a requested system resource in the domain does not exceed a reference value set by a predetermined access control policy; And
    Allowing the allocation of the requested system resource to the domain if the allocation amount of the system resource requested by the domain is equal to or less than the preset reference value according to the access control policy and otherwise not allocating the requested system resource to the domain How to securely protect your system in the embedded virtual environment.
  16. 16. The method of claim 15,
    Wherein the amount of system resource allocation includes a memory usage amount in a system resource unit.
  17. 16. The method of claim 15,
    Wherein the allocation of the system resources includes an event channel formation count between the domains in the system resource unit.
  18. 16. The method according to any one of claims 13 to 15,
    Wherein the predetermined access control policy is determined by the access control module.
KR1020070110296A 2007-04-16 2007-10-31 Apparatus and method for protecting system in virtualization KR101405319B1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US91193007P true 2007-04-16 2007-04-16
US60/911,930 2007-04-16

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US12/034,178 US8689288B2 (en) 2007-04-16 2008-02-20 Apparatus and method for protecting system in virtualized environment
JP2008074946A JP5496464B2 (en) 2007-04-16 2008-03-24 Apparatus and method for secure system protection in a virtualized environment
EP08153591.6A EP1983460B1 (en) 2007-04-16 2008-03-28 Apparatus and method for protecting system in virtualized environment
CN2008100911004A CN101290646B (en) 2007-04-16 2008-04-16 Apparatus and method for protecting system in virtualized environment

Publications (2)

Publication Number Publication Date
KR20080093359A KR20080093359A (en) 2008-10-21
KR101405319B1 true KR101405319B1 (en) 2014-06-10

Family

ID=40034900

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020070110296A KR101405319B1 (en) 2007-04-16 2007-10-31 Apparatus and method for protecting system in virtualization

Country Status (2)

Country Link
KR (1) KR101405319B1 (en)
CN (1) CN101290646B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012058613A2 (en) * 2010-10-31 2012-05-03 Mark Lowell Tucker System and method for securing virtual computing environments
KR101323858B1 (en) * 2011-06-22 2013-11-21 한국과학기술원 Apparatus and method for controlling memory access in virtualized system
KR101469894B1 (en) * 2011-08-12 2014-12-08 한국전자통신연구원 Method and apparatus for providing secure execution environment based on domain separation
KR101710684B1 (en) 2015-09-10 2017-03-02 (주) 세인트 시큐리티 System and method of recovering operating system anayzing malicious code not operating in virtual environment
KR20190021673A (en) * 2017-08-23 2019-03-06 주식회사 수산아이앤티 Apparatus and method for preventing ransomware

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002041304A (en) 2000-07-28 2002-02-08 Hitachi Ltd Automatic imparting method of backup resource of logical section and logical section based computer system
US20030187904A1 (en) * 2002-04-01 2003-10-02 Bennett Joseph A. Device virtualization and assignment of interconnect devices
JP2004199561A (en) 2002-12-20 2004-07-15 Hitachi Ltd Computer resource assignment method, resource management server for executing it, and computer system
JP2006506754A (en) * 2002-11-18 2006-02-23 エイアールエム リミテッド Controlling device access to memory

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2325061B (en) 1997-04-30 2001-06-06 Advanced Risc Mach Ltd Memory access protection
JP4519738B2 (en) 2005-08-26 2010-08-04 株式会社東芝 Memory access control device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002041304A (en) 2000-07-28 2002-02-08 Hitachi Ltd Automatic imparting method of backup resource of logical section and logical section based computer system
US20030187904A1 (en) * 2002-04-01 2003-10-02 Bennett Joseph A. Device virtualization and assignment of interconnect devices
JP2006506754A (en) * 2002-11-18 2006-02-23 エイアールエム リミテッド Controlling device access to memory
JP2004199561A (en) 2002-12-20 2004-07-15 Hitachi Ltd Computer resource assignment method, resource management server for executing it, and computer system

Also Published As

Publication number Publication date
KR20080093359A (en) 2008-10-21
CN101290646A (en) 2008-10-22
CN101290646B (en) 2013-05-01

Similar Documents

Publication Publication Date Title
US9191202B2 (en) Information processing device and computer program product
JP5055380B2 (en) Protection agent and privileged mode
JP6218859B2 (en) Memory introspection engine for virtual machine integrity protection
JP4556144B2 (en) Information processing apparatus, recovery apparatus, program, and recovery method
JP4811271B2 (en) Information communication apparatus and program execution environment control method
US8904190B2 (en) Method and apparatus including architecture for protecting sensitive code and data
EP1347384A2 (en) Internal memory type tamper resistant microprocessor with secret protection function
US20040003273A1 (en) Sleep protection
Koeberl et al. TrustLite: A security architecture for tiny embedded devices
JP5249399B2 (en) Method and apparatus for secure execution using secure memory partition
CN1331056C (en) Control function based on requesting master id and a data address within an integrated system
US7380049B2 (en) Memory protection within a virtual partition
Brasser et al. TyTAN: tiny trust anchor for tiny devices
US20110289294A1 (en) Information processing apparatus
US9405570B2 (en) Low latency virtual machine page table management
US8220029B2 (en) Method and system for enforcing trusted computing policies in a hypervisor security module architecture
TWI470471B (en) Protecting operating-system resources
US10114958B2 (en) Protected regions
KR101536486B1 (en) Method and apparatus for enforcing a mandatory security policy on an operating system(os) independent anti-virus(av) scanner
US7444668B2 (en) Method and apparatus for determining access permission
US8904552B2 (en) System and method for protecting data information stored in storage
Strackx et al. Efficient isolation of trusted subsystems in embedded systems
US20110197256A1 (en) Methods for securing a processing system and devices thereof
EP1966706B1 (en) Identifier associated with memory locations for managing memory accesses
WO1998000846A1 (en) Method and apparatus for protecting flash memory

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20170529

Year of fee payment: 4

FPAY Annual fee payment

Payment date: 20180530

Year of fee payment: 5

FPAY Annual fee payment

Payment date: 20190530

Year of fee payment: 6