Xen-based active defense method

An active defense, front-end driven technology, applied in the field of computer security, can solve problems such as impracticality

Inactive Publication Date: 2011-07-20
BEIJING UNIV OF TECH
View PDF3 Cites 43 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Intel proposed a memory and data protection method for a basic lightweight virtual machine, which can ensure that the memory and data of

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Xen-based active defense method
  • Xen-based active defense method
  • Xen-based active defense method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0015] This method is implemented based on Xen, and the overall structure is a typical architecture of a type I virtual machine. In addition to Xen's own components, it contains four modules, such as figure 1 : First, the front-end driver in the protected virtual domain is implemented as a virtual PCI driver, which is responsible for intercepting system calls and communicating with the privileged virtual domain. The second component is the back-end driver in the privileged virtual domain, implemented as a kernel module, which communicates with the front-end driver, obtains system intercepted information, and passes it to the decision-making module in the user mode in the privileged virtual domain. The decision-making module is used for policy Formulation and decision-making, in our prototype system, it is a small database containing application blacklists and signatures. The fourth module is a memory protection module at the virtual machine monitor layer, which provides memory...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a virtual machine Xen-based active defense method, which comprises the following steps of: generating a virtual machine for a user by using Xen, and making the user perform operation in the virtual machine; simultaneously removing conventional security programs required to be installed in the virtual machine and arranging the removed security programs outside the virtual machine of a system, so that kernel modules of the security programs are invisible for rogue programs; in addition, setting a front-end drive in the virtual machine of the user to make the security modules outside the virtual machine can scan and intervene in the operation in the virtual machine, and simultaneously protecting the front-end drive by using a memory protection module in a monitor layer of the virtual machine to prevent the front-end drive from being attacked by the rogue programs. In the method, the kernel modules are arranged outside the virtual machine, and are invisible for therogue programs, thereby achieving security higher than that of a conventional security program deployment method; in addition, a para-virtualization front/rear-end drive communication way is introduced to greatly reduce system overhead caused by virtualization and make the method highly practicable.

Description

technical field [0001] The invention belongs to the field of computer security. Background technique [0002] At present, as malicious programs such as viruses become more and more complex, it is becoming more and more difficult to protect computer systems. Sometimes it is very difficult to just detect these malicious programs. There is a system that cannot do it. [0003] At present, mainstream commercial security software generally uses a combination of signature scanning and active defense to protect the user operating system. The signature scanning is mainly aimed at known malicious programs, scanning the system memory and files, and the information stored in the database. Malicious program signatures are compared to discover known malicious programs; and for unknown viruses, various heuristic algorithms are mainly used to judge whether a program has the characteristics of malicious programs. Due to the complexity of malicious programs and the lack of algorithms, this ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00G06F21/53
Inventor 赖英旭胡少龙杨震段立娟李健
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap