Data wiping system in virtualization environment and method thereof

Abstract

The invention relates to a data wiping system in a virtualization environment and a method thereof, and belongs to the field of data safety and user privacy in cloud computing. Based on a Xen virtualization framework, the data wiping system comprises a process monitoring module, a control module, a virtual machine introspection module and a data wiping module. The control module, the virtual machine introspection module and the data wiping module are deployed in a management field, and the process monitoring module is deployed in a virtual machine manager, namely a VMM kernel. The data wiping system in the virtualization environment and the method thereof are used for reducing the threats to sensitive data stored in an internal storage when a user client operates, a time window which is attacked by the sensitive data is shortened at a possibly small cost, and the security of the sensitive data in the user client is guaranteed.

Description

technical field [0001] The invention relates to the fields of data security and user privacy in cloud computing, in particular to a system and method for erasing sensitive data in memory in a virtualized environment. Background technique [0002] Through the abstraction of computing, network, and storage resources, virtualization technology allows clients of different users to share hardware resources, which improves resource utilization and reduces IT management costs. However, the process address space of the user running in the client computer may contain sensitive data such as passwords and privacy. Existing research mainly uses encryption or access control methods to protect the page content in the memory of the client computer during operation. These two protections are sensitive The data method has the following problems: (1) Encryption and decryption will inevitably affect the operating efficiency of the virtualization platform, which requires a lot of computing cost...

AI Technical Summary

Problems solved by technology

However, the process address space of the user running in the client computer may contain sensitive data such as passwords and privacy. Existing research mainly uses encryption or access control methods to protect the page content in the memory of the client computer during operation. These two protections are sensitive The data method has the following problems: (1) Encryption and decryption will inevitably affect the operating efficiency of the virtualization platform, which requires a lot of computing costs; (2) The access control method does not take into account the shared attributes in the virtualization environment, The virtualization platform may dynamically increase or decrease the memory during the running of the virtual machine, and the released memory is allocated to other users. At this time, there is a risk of sensitive data leakage; (3) If the program does not add data wipe when releasing data during the development process The function of deleting, the memory part containing sensitive data will still have the risk of leakage after the process is released, which undoubtedly increases the time window for sensitive data leakage

Images