WO2013082749A1 - Procédé et système de protection de ressources matérielles, et gestionnaire de machine virtuelle - Google Patents

Procédé et système de protection de ressources matérielles, et gestionnaire de machine virtuelle Download PDF

Info

Publication number
WO2013082749A1
WO2013082749A1 PCT/CN2011/083499 CN2011083499W WO2013082749A1 WO 2013082749 A1 WO2013082749 A1 WO 2013082749A1 CN 2011083499 W CN2011083499 W CN 2011083499W WO 2013082749 A1 WO2013082749 A1 WO 2013082749A1
Authority
WO
WIPO (PCT)
Prior art keywords
virtual machine
application
hardware resource
machine manager
exit
Prior art date
Application number
PCT/CN2011/083499
Other languages
English (en)
Chinese (zh)
Inventor
俞柏峰
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201180058592.7A priority Critical patent/CN103270491B/zh
Priority to PCT/CN2011/083499 priority patent/WO2013082749A1/fr
Publication of WO2013082749A1 publication Critical patent/WO2013082749A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation

Definitions

  • the present invention relates to the field of computers, and in particular, to a hardware resource protection method and system, and a virtual machine manager. Background technique
  • Hardware resources are usually protected by dedicated hardware, such as hard disk protection cards to protect hard disks.
  • the main body of the hard disk protection card is a hardware chip that is inserted into the motherboard and works in conjunction with the main boot sector of the hard disk.
  • the working principle is as follows:
  • the hard disk protection card takes over an INT13 interrupt for reading and writing operations on the hard disk when the system starts, and will be FAT (Fi le Al location Table), Shield 1 guide, CMOS (Complementary Metal Oxide Semiconductor, Information such as the complementary metal oxide semiconductor), the original interrupt vector table, etc. are saved to the temporary storage unit in the card or stored in the hidden sector of the hard disk, and the original interrupt vector table is replaced with the own interrupt vector table.
  • FAT Fi le Al location Table
  • Shield 1 guide Shield 1 guide
  • CMOS Complementary Metal Oxide Semiconductor
  • Information such as the complementary metal oxide semiconductor
  • the original interrupt vector table etc.
  • the hard disk protection card can restore the previous content to the hard disk, thereby achieving the right The purpose of hard disk protection.
  • the embodiment of the invention provides a hardware resource protection method and system and a virtual machine manager.
  • the technical solution is as follows:
  • a method for protecting a hardware resource comprising:
  • the virtual machine manager monitors hardware resources and touches when detecting that the application accesses the hardware resources Sending a virtual machine to exit, and the virtual machine manager takes over control of the system;
  • the virtual machine manager determines whether the operation of the application is legal. If it is legal, the application is allowed to access the hardware resource. If it is illegal, the application is prohibited from accessing the hardware resource.
  • a virtual machine manager, the virtual machine manager includes:
  • a monitoring module configured to monitor a hardware resource, when detecting that the application accesses the hardware resource, triggering the virtual machine to exit, and the virtual machine manager takes over control of the system;
  • the determining module is configured to determine whether the operation of the application is legal. If it is legal, the application is allowed to access the hardware resource. If it is illegal, the application is prohibited from accessing the hardware resource.
  • a hardware resource protection system comprising: a virtual machine manager, a hardware resource, and a virtual machine;
  • the virtual machine manager is configured to monitor the hardware resource, when detecting that the application accesses the hardware resource, triggering the virtual machine to exit, and the virtual machine manager takes over control of the system; and determining the application Whether the operation is legal, if legal, allows the application to access the hardware resource, and if it is illegal, the application is prohibited from accessing the hardware resource.
  • the virtual machine manager monitors the hardware resources. When detecting that the application accesses the hardware resources, the virtual machine is triggered to exit, and the virtual machine manager takes over the control of the system, and then determines whether the operation of the application is legal. If it is legal, the application is allowed to access. Hardware resources, if illegal, prohibit applications from accessing hardware resources, achieve the purpose of using virtualization technology to achieve hardware resource protection, get rid of the dependence of hardware resource protection on specialized hardware devices, improve flexibility of use, and reduce costs.
  • FIG. 1 is a flowchart of a hardware resource protection method according to Embodiment 1 of the present invention.
  • FIG. 2 is a flow chart of a method for protecting a hardware resource for an input/output address according to Embodiment 1 of the present invention
  • FIG. 3 is a flowchart of hardware resource protection for a memory space according to Embodiment 1 of the present invention
  • FIG. 4 is a schematic structural diagram of a virtual machine manager according to Embodiment 2 of the present invention
  • FIG. 5 is a schematic diagram of another structure of a virtual machine manager according to Embodiment 2 of the present invention
  • FIG. 6 is a schematic structural diagram of a hardware resource protection system according to Embodiment 3 of the present invention.
  • this embodiment provides a hardware resource protection method, where the method includes:
  • the virtual machine manager monitors the hardware resource, and when detecting that the application accesses the hardware resource, triggers the virtual machine to exit, and the virtual machine manager takes over control of the system;
  • the virtual machine manager runs in the root mode
  • the virtual machine runs in the non-root mode
  • the virtual machine exit refers to the switch from the non-root mode to the root mode
  • the system control right transfer is controlled by the virtual machine manager takeover system. right.
  • the virtual machine manager determines whether the operation of the application is legal. If it is legal, the application is allowed to access the hardware resource. If it is illegal, the application is prohibited from accessing the hardware resource.
  • the hardware resources involved in this embodiment may be an input/output address, a memory space, or the like.
  • the following describes the protection process for the input and output addresses and memory space of the above methods.
  • the hardware resource protection method includes the following steps:
  • the virtual machine manager monitors an input and output address of a device where the virtual machine manager is located, and when detecting that the application reads and writes the input and output addresses, triggers the virtual machine to exit, and the virtual machine manager takes over control of the system;
  • the virtual machine manager runs in the root mode
  • the virtual machine runs in the non-root mode
  • the virtual machine exit refers to the switch from the non-root mode to the root mode
  • the system control right transfer is controlled by the virtual machine manager takeover system. right.
  • the input and output addresses can be specific input and output addresses in the system, or they can be all input and output addresses in the system.
  • the virtual machine manager determines whether the operation of the application is legal
  • the virtual machine manager compares the public key of the application with the private key provided by the application, and if yes, determines that the operation of the application is legal, and if not, determines that the operation of the application is illegal. . 203: If it is legal, the application is allowed to access the input and output address, and if it is illegal, the application is prohibited from accessing the input and output address.
  • the virtual machine manager triggers the virtual machine to enter, and the virtual machine takes over control of the system.
  • the entry of the virtual machine refers to the switch from the root mode to the non-root mode, and the control of the system is transferred, and the virtual machine takes over the control of the system.
  • the hardware resource protection method includes the following steps:
  • the virtual machine manager monitors a control register, prevents an application from using the control register to map a memory space, and detects that a page fault exception occurs when the application accesses the memory space;
  • the control register (Control Regi ster, CR) may specifically be CR3.
  • the virtual machine manager sets the preset exit condition to be set, triggers the virtual machine to exit, and the virtual machine manager takes over control of the system;
  • the virtual machine manager sets PFEC—MASK and PFEC—MATCH.
  • PFEC & PFEC—MASK PFEC—MATCH
  • PFEC—MATCH PFEC—MATCH
  • PFEC indicates (Page Fault Error Code)
  • PFEC_MASK indicates the page fault mask
  • PFEC_MATCH indicates the page fault match code. For example, if both PFEC_MASK and PFEC_MATCH can be set to 0, the above relationship is established when a page fault exception occurs, triggering the virtual machine to exit, and the virtual machine manager takes over control of the system.
  • the virtual machine manager runs in the root mode
  • the virtual machine runs in the non-root mode
  • the virtual machine exit refers to the switch from the non-root mode to the root mode
  • the system control right transfer is controlled by the virtual machine manager takeover system. right.
  • the virtual machine manager determines whether the operation of the application is legal
  • the virtual machine manager compares the public key of the application with the private key provided by the application, and if yes, determines that the operation of the application is legal, and if not, determines that the operation of the application is illegal. .
  • step 304 the virtual machine manager triggers the virtual machine to enter, and the virtual machine takes over control of the system.
  • the entry of the virtual machine refers to the switch from the root mode to the non-root mode, and the control of the system is transferred, and the virtual machine takes over the control of the system.
  • the hardware resource is monitored by the virtual machine manager, and when the application accesses the hardware resource is detected
  • the virtual machine is triggered to exit, and the virtual machine manager takes over control of the system, and then determines whether the operation of the application is legal. If it is legal, the application is allowed to access the hardware resource. If it is illegal, the application is prohibited from accessing the hardware resource, and the utilization is achieved.
  • the virtualization technology realizes the purpose of hardware resource protection, frees the dependence of hardware resource protection on specialized hardware devices, improves the flexibility of use, and reduces the cost.
  • the embodiment provides a virtual machine manager.
  • the virtual machine manager includes: a monitoring module 401, configured to monitor hardware resources, and when detecting that the application accesses the hardware resources, trigger the virtual machine to exit, by the virtual machine.
  • the manager takes over control of the system;
  • the determining module 402 is configured to determine whether the operation of the application is legal. If it is legal, the application is allowed to access the hardware resource. If it is illegal, the application is prohibited from accessing the hardware resource.
  • the monitoring module 401 is specifically configured to monitor an input and output address of the device where the virtual machine manager is located, and when detecting that the application reads and writes the input and output addresses, triggering the virtual machine to exit, by virtual The machine manager takes over control of the system.
  • the input and output addresses can be specific input and output addresses in the system, or they can be all input and output addresses in the system.
  • the monitoring module 401 is specifically configured to monitor the control register, prevent the application from using the control register to map the memory space, and detect that the page fault is generated when the application accesses the memory space, and the preset is made by setting The exit condition is established, triggering the virtual machine to exit.
  • the monitoring module 401 is specifically used when the preset exit condition is established by setting
  • the control register may specifically be CR3.
  • the determining module 402 is specifically configured to compare the public key of the application and the private key provided by the application, and if yes, determine that the operation of the application is legal, and if not, determine that the operation of the application is illegal.
  • the virtual machine manager further includes: a triggering module 403, configured to trigger the virtual machine to enter after the determining module 402 allows or prohibits the application from accessing the hardware resource, and the virtual machine takes over control of the system.
  • a triggering module 403 configured to trigger the virtual machine to enter after the determining module 402 allows or prohibits the application from accessing the hardware resource, and the virtual machine takes over control of the system.
  • the virtual machine manager runs in the root mode, and the virtual machine runs in the non-root mode.
  • the quasi-machine exit means that the non-root mode is switched to the root mode, and at the same time, the system control rights are transferred, and the virtual machine manager takes over the control of the system.
  • Virtual machine entry refers to switching from root mode to non-root mode, while system control is transferred, and the virtual machine takes over control of the system.
  • the virtual machine manager provided in this embodiment is the same as the virtual machine manager in the method embodiment. For details, refer to the method embodiment, and details are not described herein.
  • the virtual machine manager provided by the embodiment monitors the hardware resources, and when detecting that the application accesses the hardware resources, triggers the virtual machine to exit, and the virtual machine manager takes over the control of the system, and then determines whether the operation of the application is legal, if legal. Allows the application to access hardware resources. If it is illegal, it prohibits the application from accessing hardware resources, achieves the purpose of using virtualization technology to achieve hardware resource protection, and gets rid of the dependence of hardware resource protection on specialized hardware devices, improving the flexibility of use and reducing The cost.
  • this embodiment provides a hardware resource protection system, where the system includes: a virtual machine manager 40, a hardware resource 30, and a virtual machine 20;
  • the virtual machine manager 40 is configured to monitor the hardware resource 30, when detecting that the application accesses the hardware resource 30, triggers the virtual machine 20 to exit, and the virtual machine manager 40 takes over the system control right; and determines whether the operation of the application is legal, if Legitimate, allowing the application to access hardware resources 30, if illegal, prohibits the application from accessing hardware resources 30.
  • the virtual machine manager 40 includes: a monitoring module 401 and a determining module 402;
  • the monitoring module 401 is configured to monitor the hardware resource 30. When detecting that the application accesses the hardware resource 30, the virtual machine 20 is triggered to exit, and the virtual machine manager 40 takes over the system control right;
  • the determining module 402 is configured to determine whether the operation of the application is legal. If it is legal, the application is allowed to access the hardware resource 30. If it is illegal, the application is prohibited from accessing the hardware resource 30.
  • the monitoring module 401 is specifically configured to monitor the input and output addresses of the device where the virtual machine manager is located.
  • the virtual machine 20 is triggered to exit. The system control is taken over by the virtual machine manager.
  • the input and output addresses can be specific input and output addresses in the system, or they can be all input and output addresses in the system.
  • the monitoring module 401 is specifically configured to monitor the control register, and prevent the application from using the control register to map the memory space, so that the application accesses the memory space.
  • the virtual machine 20 is triggered to exit.
  • the monitoring module 401 is specifically used when the preset exit condition is established by setting
  • the control register may specifically be CR3.
  • the determining module 402 is specifically configured to compare the public key of the application and the private key provided by the application, and if yes, determine that the operation of the application is legal, and if not, determine that the operation of the application is illegal.
  • the virtual machine manager further includes: a triggering module 403, configured to trigger the virtual machine to enter after the determining module 402 allows or prohibits the application from accessing the hardware resource, and the virtual machine takes over control of the system.
  • a triggering module 403 configured to trigger the virtual machine to enter after the determining module 402 allows or prohibits the application from accessing the hardware resource, and the virtual machine takes over control of the system.
  • the virtual machine manager runs in the root mode
  • the virtual machine runs in the non-root mode
  • the virtual machine exit refers to the switch from the non-root mode to the root mode
  • the system control right transfer is controlled by the virtual machine manager takeover system.
  • Virtual machine entry refers to switching from root mode to non-root mode, and system control transfer, and the virtual machine takes over control of the system.
  • the virtual machine manager, the hardware resource, and the virtual machine provided in this embodiment are respectively in the same concept as the virtual machine manager, the hardware resource, and the virtual machine in the method embodiment, and the specific implementation process is described in the method embodiment, and details are not described herein again. .
  • the system provided in this embodiment monitors hardware resources through the virtual machine manager.
  • the virtual machine When detecting that the application accesses the hardware resources, the virtual machine is triggered to exit, and the virtual machine manager takes over control of the system, and then determines whether the operation of the application is legal. If it is legal, it allows the application to access the hardware resources. If it is illegal, it prohibits the application from accessing the hardware resources, and achieves the purpose of using the virtualization technology to realize the hardware resource protection. It is free from the dependence of the hardware resource protection on the specialized hardware devices, and improves the flexibility of use. , reducing costs.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

Des modes de réalisation de la présente invention concernent un procédé et un système de protection de ressources matérielles, ainsi qu'un gestionnaire de machine virtuelle, et se rapportent au domaine des ordinateurs. Le procédé comprend les étapes suivantes : un gestionnaire de machine virtuelle surveille des ressources matérielles, et dès qu'il est détecté qu'un programme d'application accède aux ressources matérielles, le gestionnaire de machine virtuelle déclenche la sortie d'une machine virtuelle et reprend le droit de contrôle du système ; le gestionnaire de machine virtuelle détermine si une opération du programme d'application est autorisée ; le cas échéant, il autorise le programme d'application à accéder aux ressources matérielles et, dans le cas contraire, il empêche le programme d'application d'accéder aux ressources matérielles. Le gestionnaire de machine virtuelle comprend un module de surveillance et un module de détermination. Le système comprend un gestionnaire de machine virtuelle, des ressources matérielles et une machine virtuelle. Au moyen de la solution précitée, la présente invention protège les ressources matérielles au moyen de la technologie de virtualisation ; la protection des ressources matérielles ne repose plus sur le dispositif matériel dédié, ce qui permet d'améliorer la flexibilité d'utilisation et de réduire les coûts.
PCT/CN2011/083499 2011-12-06 2011-12-06 Procédé et système de protection de ressources matérielles, et gestionnaire de machine virtuelle WO2013082749A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201180058592.7A CN103270491B (zh) 2011-12-06 2011-12-06 一种硬件资源保护方法和系统以及虚拟机管理器
PCT/CN2011/083499 WO2013082749A1 (fr) 2011-12-06 2011-12-06 Procédé et système de protection de ressources matérielles, et gestionnaire de machine virtuelle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/083499 WO2013082749A1 (fr) 2011-12-06 2011-12-06 Procédé et système de protection de ressources matérielles, et gestionnaire de machine virtuelle

Publications (1)

Publication Number Publication Date
WO2013082749A1 true WO2013082749A1 (fr) 2013-06-13

Family

ID=48573481

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/083499 WO2013082749A1 (fr) 2011-12-06 2011-12-06 Procédé et système de protection de ressources matérielles, et gestionnaire de machine virtuelle

Country Status (2)

Country Link
CN (1) CN103270491B (fr)
WO (1) WO2013082749A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111737656B (zh) * 2019-05-30 2023-10-27 中国科学院计算技术研究所 面向应用程序的特权硬件资源访问方法及电子设备

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101162443A (zh) * 2006-10-10 2008-04-16 株式会社瑞萨科技 数据处理器
US20080244571A1 (en) * 2007-03-30 2008-10-02 Bennett Steven M Virtual interrupt processing in a layered virtualization architecture
CN101398769A (zh) * 2008-10-28 2009-04-01 北京航空航天大学 一种对操作系统透明的处理器资源整合利用方法
CN101419558A (zh) * 2008-11-13 2009-04-29 湖南大学 Cuda图形子系统虚拟化方法

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4795812B2 (ja) * 2006-02-22 2011-10-19 富士通セミコンダクター株式会社 セキュアプロセッサ
CN101751284B (zh) * 2009-12-25 2013-04-24 华为技术有限公司 一种分布式虚拟机监控器的i/o资源调度方法
US8555059B2 (en) * 2010-04-16 2013-10-08 Microsoft Corporation Secure local update of content management software

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101162443A (zh) * 2006-10-10 2008-04-16 株式会社瑞萨科技 数据处理器
US20080244571A1 (en) * 2007-03-30 2008-10-02 Bennett Steven M Virtual interrupt processing in a layered virtualization architecture
CN101398769A (zh) * 2008-10-28 2009-04-01 北京航空航天大学 一种对操作系统透明的处理器资源整合利用方法
CN101419558A (zh) * 2008-11-13 2009-04-29 湖南大学 Cuda图形子系统虚拟化方法

Also Published As

Publication number Publication date
CN103270491B (zh) 2016-12-21
CN103270491A (zh) 2013-08-28

Similar Documents

Publication Publication Date Title
TWI697805B (zh) 載入和虛擬化密碼金鑰
JP6137499B2 (ja) 方法および装置
Zuo et al. Supermem: Enabling application-transparent secure persistent memory with low overheads
TWI514187B (zh) 提供儲存裝置上防有毒軟體保護之系統與方法
US20080201540A1 (en) Preservation of integrity of data across a storage hierarchy
US11972116B2 (en) Process monitoring method and apparatus
EP2867822B1 (fr) Procédés et appareil permettant un état de veille sécurisé
JP2010517164A5 (fr)
EP3113406B1 (fr) Procédé et appareil de protection de clé
Strackx et al. ICE: A passive, high-speed, state-continuity scheme
WO2006058472A1 (fr) Procede d'etablissement d'un environnement d'execution securisee dans un ordinateur
US20080059711A1 (en) Method and apparatus for preventing software side channel attacks
US9529805B2 (en) Systems and methods for providing dynamic file system awareness on storage devices
EP3627368B1 (fr) Unité de mémoire auxiliaire ayant une zone de restauration indépendante, et dispositif appliqué à celle-ci
TW201137660A (en) Method and system for protecting an operating system against unauthorized modification
EP3961446B1 (fr) Procédé et appareil permettant d'entrer en sécurité dans un environnement d'exécution de confiance dans un scénario d'hyper-threading
US10552345B2 (en) Virtual machine memory lock-down
Cheng et al. CATTmew: Defeating software-only physical kernel isolation
US20100332744A1 (en) Data recovery and overwrite independent of operating system
Wang et al. Hypervisor-based protection of sensitive files in a compromised system
Liao et al. TrustZone enhanced plausibly deniable encryption system for mobile devices
KR20170060815A (ko) 메모리의 커널영역을 보호하기 위한 전자장치 및 방법
WO2013082749A1 (fr) Procédé et système de protection de ressources matérielles, et gestionnaire de machine virtuelle
JP2018526720A (ja) 仮想マシンの状態情報の保護
TWI312253B (en) Data processing apparatus and method for controlling access to a memory in the same

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11877079

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11877079

Country of ref document: EP

Kind code of ref document: A1