Highly-available system design method based on virtualization

A system design and virtualization technology, applied in the direction of platform integrity maintenance, etc., can solve the problems of system impact, reduce system performance, and restore available means relying on detection, etc., to improve availability, reduce performance loss, and prevent attacks.
CN103996004AActive Publication Date: 2014-08-20LANGCHAO ELECTRONIC INFORMATION IND CO LTD
5 Cites 14 Cited by

Patent Information

Authority / Receiving Office
CN · China
Current Assignee / Owner
LANGCHAO ELECTRONIC INFORMATION IND CO LTD
Publication Date
2014-08-20

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses a highly-available system design method based on virtualization. The strategy of protecting a kernel key data structure is achieved on the basis of the virtualization technology by mainly relying on a shadow page table management mechanism, a hypercall mechanism and correct and effect execution of exception handling logic; a highly-available system based on client abnormity processing is put forward, wherein an overall system frame of the system is mainly composed of a user operation module and a kernel module. By means of the highly-available system design method, the kernel key data structure is protected based on the virtualization technology and through client authority downgrading and resource management measures, the process of tampering kernel key data to obtain the control authority through a malicious program is avoided, availability of a kernel of the operation system is effectively improved, attack from rootkit is effectively avoided, performance loss is small, no hardware framework is relied on, and the highly-available system design method is transparent for applications and users.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the field of high-availability system design, in particular to a virtualization-based high-availability system design method. Background technique

[0002] The security of the operating system is an aspect that affects the usability of the kernel. The attack method of obtaining control authority by modifying the key data structure of the kernel has become one of the main means of rootkit tools at present. The availability of the operating system kernel determines the overall availability of the system, and security is one of the aspects that affect availability. After the Linux kernel provides the loadable module mechanism (LKM), while providing scalability to the kernel, it brings certain security risks. Rookit is usually based on the following system features in the Linux kernel:

[0003] 1) SUID / SGID: Use suid to obtain root user authority to execute suid shell;;

[0004] 2) A large number of daemons running in the system...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More