Unlock instant, AI-driven research and patent intelligence for your innovation.
Method and system for acquiring process information of KVM (Kernel-based Virtual Machine)
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A technology for process information and system acquisition, applied in the field of virtual machine security protection
Inactive Publication Date: 2013-05-01
BEIJING VENUS INFORMATION TECH +1
View PDF2 Cites 16 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
At present, KVM does not provide official VMM introspection API support like VMWare. Although there are IOCTL calling interfaces in both Qemu-kvm and KVM modules, if you want to use these interfaces, you must modify and recompile the source code of the modules.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0032] At present, the IOCTL interface of KVM is provided to the Qemu-kvm module for calling. The specific calling process is as follows: figure 1 shown. When using Qemu-kvm, you need to open / dev / kvm to obtain the file descriptor of KVM first, then obtain the file descriptor (vm_fd) of the virtual machine through the IOCTL interface corresponding to the descriptor, and obtain the virtual CPU (vcpu) through vm_fd ) instance file descriptor (vcpu_fd), so that the process running on the virtual CPU and the register information used by it can be monitored. Without modifying the Qemu-kvm code, it is usually impossible to obtain the vcpu_fd at runtime, and it is impossible to use the IOCTL interface provided by KVM itself to monitor the process and register information in the virtual machine running on it.
[0033]The applicant also takes into account the fact that generally cloud service and virtualization service providers will not accept security vendors to modify the virtualiz...
Embodiment 2
[0047] This embodiment provides a scanning system for virtual machineprocess information and register information, including:
[0048] Scan execution module, scan strategy module, result analysis and report module, rule base maintenance module.
[0049] The scanning execution module is used to obtain the scanning result of virtual machine process and register information provided by the introspection API driver module through the IOCTL interface.
[0050] The scanning policy module is used to customize the scanning plan. Considering that the scanning will cause certain resource consumption on the virtualization platform, this module provides a customizable scanning plan to ensure that the scanning will not cause resource consumption with the operation of the business virtual machine. compete.
[0051] The result analysis and reporting module is used to analyze the scanned results, evaluate the running status of the corresponding virtual machine process according to the match...
Embodiment 3
[0054] The present embodiment provides a method for obtaining transparent KVM virtual machine process information, the method comprising:
[0055] A, the system call interception module intercepts the IOCTL call initiated by Qemu-kvm;
[0056] B, when finding that this IOCTL system call is CREATE_VCPU, reinitiate this system call by the introspection API driver module, and record the file descriptor (vcpu_fd) value of the returned virtual CPU;
[0057] In this step, the system call interception module monitors the system call of the host, if the IOCTL system call for creating vcpu initiated by Qemu-kvm is intercepted, the introspection API driver module constructs a new one according to the parameters of the intercepted IOCTL system call Create the IOCTL system call of vcpu and make a call to KVM, and return the return value of the IOCTL system call executed by KVM to Qemu-kvm.
[0058] Specifically, the process of the system call interception module transparently obtaining v...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The invention discloses a method and a system for acquiring the process information of a KVM (Kernel-based Virtual Machine), relating to the technical field of information security. The system disclosed by the invention comprises a system call intercepting and capturing module and an introspection API (Application Program Interface) drive module, wherein the system call intercepting and capturing module is used for intercepting and capturing an IOCTL (Input Output Control) system call initiated by Qemu-kvm and sending called parameters to the introspection API drive module; and the introspection API drive module is used to substitute the Qemu-kvm to initiate the IOCTLsystem call to the KVM, record a vcpu (virtual central processing unit) which is called by the KVM after response, return the record to the Qemu-kvm, acquire process running in the virtual machine and relevant information of a register, carry out structured processing on the acquired relevant information, expose the relevant information subjected to structured processing to an external program through a process scanning interface, receive a scanning command initiated by the external program and initiate the request to KVM through the vcpu. The invention further discloses the method for acquiring the process information of the KVM. According to the technical scheme disclosed by the invention, the introspection of the information of a process running in the virtual machine can be realized transparently on the premise of not modifying Qemu-kvm and KVM codes.
Description
technical field [0001] The invention relates to the technical field of information security, in particular to a solution for protecting virtual machine security in cloud computing. Background technique [0002] Cloud computing is another new revolution in computers and the Internet. It transfers computing and storage to the cloud, and users can use lightweight portable terminals to perform complex calculations and large-capacity storage. From a technical point of view, cloud computing is not just a new concept, parallel computing and virtualization are the main technical means to realize cloud computing applications. Due to the rapid development of hardware technology, the performance of an ordinary physical server far exceeds the hardware performance requirements of an ordinary single user. Therefore, virtualizing a physical server into multiple virtual machines and providing virtualization services through virtualization has become the technical basis for building public ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More