Segmentation method for trust domain of virtual machine monitor

A virtual machine monitor and trust domain technology, applied in the field of cloud computing security, can solve the problems of consuming system memory resources, unable to resist overflow attacks, easy to enter a busy state, etc., to reduce startup time, easy configuration and auditing, and simple sharing the effect of the strategy

Active Publication Date: 2015-05-06
NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
View PDF8 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the system described in this invention must be equipped with a driver isolation loading module and a memory information monitoring module for each virtual machine that needs to be isolated, and the virtual machine manager must also establish a corresponding shadow page table and memory information monitoring module for each client. Authorization table, which will consume a lot of system memory resources; every action of driver loading into the kernel will cause the client to submit a messag

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Segmentation method for trust domain of virtual machine monitor
  • Segmentation method for trust domain of virtual machine monitor
  • Segmentation method for trust domain of virtual machine monitor

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0021] Attached figure 1 It is a schematic diagram of a traditional single-chip trust domain. The control virtual machine shown in the figure has a complete operating system, has high-level system permissions similar to Hypervisor, and is connected to guest virtual machines through numerous interfaces to provide services for each guest virtual machine. This structure will control the virtual machine and the hypervisor together to form a monolithic trust domain, which makes the control virtual machine vulnerable to hacker attacks, and once it is compromised, the entire system will suffer huge losses.

[0022] According to the function of the control virtual machine, the present invention decomposes it into nine types of service virtual machines. Each service virtual machine contains a single-purpose control logic and performs a single function. The essence of this is to trust the virtual machine monitor. Split up. These nine types of service virtual machines include: PCIBack (No. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a segmentation method for a trust domain of a virtual machine monitor. The original control virtual machine is divided into nine service virtual machines according to different previous functions; each service virtual machine comprises a single-use control logic, and the control logic is deleted from the original control virtual machine. Each service virtual machine only has the authority of finishing the function per se, and each component is limited to access to Hypervisor with the required minimum authority, so the risk is clear. The method has the positive effects that vulnerability location can be effectively performed after attack accidents occur so as to perform remediation, the problem that the control power of the whole system can be obtained by breaking one component originally is solved, and the safety of the virtual machine is improved.

Description

technical field [0001] The present invention relates to the technical field of cloud computing security, in particular to a trust domain segmentation method for a virtual machine monitor, and how to reduce the trusted computing base of a virtual machine controller, thereby improving the security of the virtual machine. Background technique [0002] The traditional virtual machine trust domain is a large-scale trusted computing base, and it is concentrated on the control virtual machine. Among the existing technologies, there are technologies related to improving the security of virtual machine monitors, such as: [0003] Invention patent "A security control method for a virtual machine" (PRC patent application number 201210435354.X, publication date: February 13, 2013), which discloses a security control method for a virtual machine, by using the public key The data encrypts the source file of the virtual machine to obtain the encrypted file of the virtual machine, and retu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/74G06F9/455
CPCG06F21/53
Inventor 龙恺冷冰王强陈剑锋
Owner NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap