Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Virtual machine security isolation system and method oriented to multi-security-level virtual desktop system

A security isolation and virtual desktop technology, which is applied in the field of virtual machine security isolation system, can solve the problems that cannot realize the direct reuse of host system resources, cannot effectively resist attacks, attacks, etc.

Active Publication Date: 2014-07-02
CHONGQING UNIV OF POSTS & TELECOMM +1
View PDF3 Cites 35 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the research on this kind of virtual machine-based security isolation mechanism mainly focuses on the way to realize the isolation system, and cannot realize the direct reuse of host system resources.
In addition, some researchers have proposed a platform-safe virtualization method, which shields the application memory from the operating system kernel by controlling the memory management unit. Even if the operating system kernel is maliciously controlled, it cannot access the shadowed application memory. The isolation between virtual machines implemented by the virtual machine monitor (Virtual Machine Monitor, VMM) and the management virtual machine (Management VM, MVM) cannot effectively defend against attacks launched by attackers inside the system administrator's data center
[0006] In short, all current security isolation solutions for virtual machines in data centers have not addressed the situation of multi-level security virtual desktop systems, and the existing security isolation mechanism for virtual machines cannot solve the problem of reusing host system resources and internal attacks by unauthorized persons. And other issues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virtual machine security isolation system and method oriented to multi-security-level virtual desktop system
  • Virtual machine security isolation system and method oriented to multi-security-level virtual desktop system
  • Virtual machine security isolation system and method oriented to multi-security-level virtual desktop system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] A non-limiting embodiment is given below in conjunction with the accompanying drawings to further illustrate the present invention.

[0033] Such as figure 1 Shown is the system structure diagram of the embodiment of the present invention, including three modules: client, security authentication gateway, and server. Among them, the user-oriented client can be an ordinary computer, a thin client or a dedicated minicomputer terminal; the function of the security authentication gateway is to provide a complete multi-level network unified identity authentication, and realize the unified authentication and authentication of multi-level network users. Management; the server-side hardware can adopt mid-end or high-end configuration servers, and virtual machines can be created on-demand on the host system through server virtualization technology, and each virtual machine corresponds to a terminal desktop user.

[0034] Such as figure 2 Shown is the implementation structure s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a virtual machine security isolation system and method oriented to a multi-security-level virtual desktop system and belongs to the field of information security. According to the virtual machine security isolation system and method, three implementation stages including detection of abnormal user behaviors, migration of virtual machines and security isolation are conducted. The virtual machine security isolation method comprises the steps that firstly, users of networks of the same security classification and virtual machines are bound together, and a user behavior feature library is established through the similarity between the operation behaviors of the users of the networks of the same security classification; secondly, matching between real-time actual user behavior features and a historical user behavior feature liberty is conducted, the threat level of the current operation of each user is worked out, a target host is selected and migrated, and the virtual machines with potential threats are migrated to a virtual machine security isolation model for execution; finally, the virtual machine security isolation model replaces the virtual machines to execute system call required by the virtual machine process. By the adoption of the virtual machine security isolation method oriented to the multi-security-level virtual desktop system, the situation that the virtual machine process directly has access to resources of a host machine system is avoided, the dependence of the virtual machine process on a kernel is reduced, the safety of the host machine system is improved, and the purpose of security isolation of the virtual machines is achieved.

Description

technical field [0001] The invention belongs to the field of information security, and relates to virtualization technology in cloud computing, in particular to a virtual machine safety isolation system and method in a multi-safety level virtual desktop system. Background technique [0002] With the deployment of mobile Internet applications, system resources continue to expand in scale, and the current computer field is facing major issues of how to protect data center information security and make full use of hardware resources. As the most common and important office equipment in IT resources, the traditional desktop PC has increasingly exposed its disadvantages and inconveniences, such as: low system security, easy information leakage, and low resource utilization. However, the emergence of cloud desktop solutions ushered in a new spring for virtualization technology. Virtualization technology virtualizes more virtual machines on a physical platform, and each virtual ma...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/53G06F17/30
CPCG06F11/3476G06F21/53
Inventor 肖云鹏龚波刘宴兵蹇怡徐光侠许书彬袁仲张海军董涛
Owner CHONGQING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com