Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Access control method for preventing virtual machine from escaping and attacking

A virtual machine escape and access control technology, which is applied in the field of access control to prevent virtual machine escape attacks, and can solve problems such as stack overflow, running state attacks or tampering

Inactive Publication Date: 2016-04-20
SHANGHAI JUNESH INFORMATION TECH CO LTD
View PDF2 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Since the virtual machine simulator and the Hypervisor interact through I / O control simulation commands, the attacker at this time can simulate fake I / O operations to obtain Ring3 permissions in root mode, and then the attacker can use the hypervisor itself to exist Vulnerabilities or attack codes are injected into the Hypervisor, resulting in Hypervisor stack overflow, default command modification and other issues, and the Hypervisor has been compromised at this time
Since the attacker has obtained the Ring0 authority in root mode, the Hypervisor and the host operating system are in an unsafe state, the data of the host and the running status of all virtual machines running on the host may be attacked or tampered with

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Access control method for preventing virtual machine from escaping and attacking
  • Access control method for preventing virtual machine from escaping and attacking
  • Access control method for preventing virtual machine from escaping and attacking

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0061] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the embodiments of the present invention. Apparently, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0062] see image 3, the relevant elements in the PVME module and the corresponding access processes are based on the full virtualization platform. From bottom to top in the figure, HostOS indicates the host operating system: Hypervisor indicates the corresponding full virtualization virtual machine manager: due to the current Most of the mainstream virtual machine simulators are based on QEMU, so we use QEMU to represent the virtual machine simulator in the full virtualizati...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an access control method for preventing a virtual machine from escaping and attacking. The method comprises following four steps of: step 1, setting a corresponding model element; step 2, setting and introducing a monitor; step 3, operating a Learning model for preventing the virtual machine from escaping and attacking and recording system data; and step 4, operating an Enforce model for preventing the virtual machine from escaping and attacking and pre-judging the escaping and attacking of the virtual machine.The access control method for preventing the virtual machine from escaping and attacking has following beneficial effects: system call and resources utilization of between the virtual machine and Hypervision can be managed on a virtualized platform in order to effectively prevent the virtual machine from switching in the illegal access state; and the purpose of preventing the virtual machine from escaping and attacking is fulfilled.

Description

technical field [0001] The invention relates to a computer operating system and a virtualization technology, in particular to an access control method for preventing virtual machine escape attacks. Background technique [0002] Cloud computing regards IT resources, data, and applications as a service and provides them to users through the network. This is a change in service methods and a change in the shared data model. At present, IT companies around the world have formulated and released their own cloud strategies, such as Google, Amazon, IBM, etc., have formed cloud computing platforms that provide large-scale global computing services. The maintenance of the flexibility, reliability, and scalability of the cloud computing platform must rely on some new technologies, but the use of these new technologies not only brings security to cloud computing, but also brings some new security risks. [0003] Different types of cloud computing services have different technical supp...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/55G06F9/455
CPCG06F21/554G06F9/45533G06F2009/45587G06F2221/2141
Inventor 沈国军
Owner SHANGHAI JUNESH INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com