Virtual machine security isolation system and method oriented to multi-security-level virtual desktop system

Abstract

The invention discloses a virtual machine security isolation system and method oriented to a multi-security-level virtual desktop system and belongs to the field of information security. According to the virtual machine security isolation system and method, three implementation stages including detection of abnormal user behaviors, migration of virtual machines and security isolation are conducted. The virtual machine security isolation method comprises the steps that firstly, users of networks of the same security classification and virtual machines are bound together, and a user behavior feature library is established through the similarity between the operation behaviors of the users of the networks of the same security classification; secondly, matching between real-time actual user behavior features and a historical user behavior feature liberty is conducted, the threat level of the current operation of each user is worked out, a target host is selected and migrated, and the virtual machines with potential threats are migrated to a virtual machine security isolation model for execution; finally, the virtual machine security isolation model replaces the virtual machines to execute system call required by the virtual machine process. By the adoption of the virtual machine security isolation method oriented to the multi-security-level virtual desktop system, the situation that the virtual machine process directly has access to resources of a host machine system is avoided, the dependence of the virtual machine process on a kernel is reduced, the safety of the host machine system is improved, and the purpose of security isolation of the virtual machines is achieved.

Description

technical field [0001] The invention belongs to the field of information security, and relates to virtualization technology in cloud computing, in particular to a virtual machine safety isolation system and method in a multi-safety level virtual desktop system. Background technique [0002] With the deployment of mobile Internet applications, system resources continue to expand in scale, and the current computer field is facing major issues of how to protect data center information security and make full use of hardware resources. As the most common and important office equipment in IT resources, the traditional desktop PC has increasingly exposed its disadvantages and inconveniences, such as: low system security, easy information leakage, and low resource utilization. However, the emergence of cloud desktop solutions ushered in a new spring for virtualization technology. Virtualization technology virtualizes more virtual machines on a physical platform, and each virtual ma...

AI Technical Summary

Problems solved by technology

However, the research on this kind of virtual machine-based security isolation mechanism mainly focuses on the way to realize the isolation system, and cannot realize the direct reuse of host system resources.

In addition, some researchers have proposed a platform-safe virtualization method, which shields the application memory from the operating system kernel by controlling the memory management unit. Even if the operating system kernel is maliciously controlled, it cannot access the shadowed application memory. The isolation between virtual machines implemented by the virt

Images