Highly-available system design method based on virtualization

A system design and virtualization technology, applied in the direction of platform integrity maintenance, etc., can solve the problems of system impact, reduce system performance, and restore available means relying on detection, etc., to improve availability, reduce performance loss, and prevent attacks.

Active Publication Date: 2014-08-20
LANGCHAO ELECTRONIC INFORMATION IND CO LTD
View PDF5 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The traditional detection and recovery mechanism has the following two shortcomings: First, the available means of recovery depend on detection, that is, it cannot prevent the occurrence of

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Highly-available system design method based on virtualization
  • Highly-available system design method based on virtualization
  • Highly-available system design method based on virtualization

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0047] The following describes the process of realizing the architecture of the present invention with a specific embodiment:

[0048] Using the override process to hide, according to its realization principle, the purpose of hiding the process is realized by using the current terminal as a backdoor program;

[0049] First, echo $$ indicates the current process id. In the demonstration case, the current process id is 2573, and then in the / root / Desktop / ha / rk directory, it is rootkit override. After loading, switch to the / proc file system , through the ls command, you can see that the current process information 2573 can exist in the directory, and then create a new directory grid-hide-pid-2573 in the / dev directory. This process will trigger the chdir system call, and this system call will also be reset Orientation, the chdir system call will add the 2573 process information to the hidden queue, and hide the created directory at the same time, and then go to the / proc file sy...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a highly-available system design method based on virtualization. The strategy of protecting a kernel key data structure is achieved on the basis of the virtualization technology by mainly relying on a shadow page table management mechanism, a hypercall mechanism and correct and effect execution of exception handling logic; a highly-available system based on client abnormity processing is put forward, wherein an overall system frame of the system is mainly composed of a user operation module and a kernel module. By means of the highly-available system design method, the kernel key data structure is protected based on the virtualization technology and through client authority downgrading and resource management measures, the process of tampering kernel key data to obtain the control authority through a malicious program is avoided, availability of a kernel of the operation system is effectively improved, attack from rootkit is effectively avoided, performance loss is small, no hardware framework is relied on, and the highly-available system design method is transparent for applications and users.

Description

technical field [0001] The invention relates to the field of high-availability system design, in particular to a virtualization-based high-availability system design method. Background technique [0002] The security of the operating system is an aspect that affects the usability of the kernel. The attack method of obtaining control authority by modifying the key data structure of the kernel has become one of the main means of rootkit tools at present. The availability of the operating system kernel determines the overall availability of the system, and security is one of the aspects that affect availability. After the Linux kernel provides the loadable module mechanism (LKM), while providing scalability to the kernel, it brings certain security risks. Rookit is usually based on the following system features in the Linux kernel: [0003] 1) SUID / SGID: Use suid to obtain root user authority to execute suid shell;; [0004] 2) A large number of daemons running in the system...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/55
CPCG06F21/53G06F21/55
Inventor 刘璧怡宋立伟何志平周雄吴楠
Owner LANGCHAO ELECTRONIC INFORMATION IND CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap