Method for running programs in isolation manner on basis of local virtualization mechanism

A technology of local virtualization and operation method, applied in the field of program isolation operation based on the local virtualization mechanism, can solve the problem that the program isolation operation method cannot satisfy the execution of untrusted software at the same time, achieve safe isolation operation and avoid access conflicts Effect

Inactive Publication Date: 2014-07-09
NAT UNIV OF DEFENSE TECH
View PDF1 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] The technical problem to be solved by the present invention is: for the problem that the existing program isolation operation method cannot satisfy the three application constraints required for executing untrusted software at the same time, that is, the security isolation, functional integrity and Find a suitable balance between performance adaptability, and propose a method of using virtual machine monitor VMM (Virtual Machine Monitor) to create an isolated operating environment for untrusted software (that is, a localized virtual machine)

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for running programs in isolation manner on basis of local virtualization mechanism
  • Method for running programs in isolation manner on basis of local virtualization mechanism
  • Method for running programs in isolation manner on basis of local virtualization mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] figure 1 Is the general flowchart of the present invention.

[0060] figure 2 Schematic diagram of the local virtualization system established for the first step.

[0061] image 3 For steps 8.1-8.6 process.

[0062] Figure 4 For steps 9.1-9.9 process.

[0063] Figure 5 For steps 10.1-10.8 process.

[0064] The first step is to install a local virtualization system on the host operating system. The local virtualization system is composed of three software modules: a type-2 virtual machine monitor, a launcher, and a read-write monitor.

[0065] The launcher presents a list of volume numbers of all local volumes to the user, and obtains from the user the original volume numbers used to generate the local virtual machine. The initiator creates a volume snapshot (that is, a consistent copy of the original volume corresponding to a given moment) based on the original volume volume number, and sends the volume snapshot to the Type 2 hypervisor.

[0066] The type-...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for running programs in an isolation manner on the basis of a local virtualization mechanism. The method aims to solve the problem that an existing method for running programs in an isolation manner cannot simultaneously meet three application constraints required when non-trusted software is executed. The technical scheme includes that a local virtualization system which comprises a type-two virtual machine monitor, a starter and a read-write monitor is installed in a host operating system, the type-two virtual machine monitor starts a local virtual machine according to volume snapshots provided by the starter, and the read-write monitor performs read-write operation on an original volume device object in a unified manner according to a principle that 'basic blocks in a snapshot space only can be written by the virtual machine and original basic blocks only can be written by a host machine'. The method has the advantages that a host computation environment can be reconstructed on a personal computing platform, file system access conflict of the local virtual machine and the host operating system can be prevented, and non-trusted software can effectively and safely run in an isolation manner.

Description

technical field [0001] The invention relates to a program isolation running method in the field of computer security, in particular to a program isolation running method based on a local virtualization mechanism. Background technique [0002] With the widespread application of network security protection methods such as firewalls and network intrusion detection systems, it is becoming more and more difficult for attackers to directly invade computer systems through network intrusion means. [0003] However, various existing network protection products are difficult to effectively defend against attacks from malicious codes hidden in actively executed untrusted software. Therefore, various host-based security protection methods such as access control, virus detection, and sandbox are introduced to supplement the deficiency of network-based protection technology. However, the access control method cannot effectively protect the system against the malicious behavior of authori...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/53
CPCG06F21/53G06F2221/033G06F2221/2149
Inventor 王怀民温研赵金晶王天佐
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap