System and method for monitoring virtual machine process, and method for filtering page fault anomaly

Abstract

The invention discloses a system and method for monitoring a virtual machine process, and a method for filtering page fault anomalies. The monitoring system comprises an interception setting module which modifies a virtual machine system call table dynamically in real time and intercepting virtual machine system call; a capturing module which captures anomalies generated when the virtual machine process is called by a monitoring system; an analysis processing module which analyzes a virtual machine process system call behavior is abnormal or not; a strategy library which stores virtual machine system call monitoring strategies, wherein abnormal system call behavior data in the virtual machine is stored in logs; and a terminal which updates the strategy library dynamically in real time. According to the system and methods, according to functions needing to be monitored, the monitoring strategies are configured dynamically in real time; the monitoring strategies can take effect instantly without rebooting the virtual machine or a cloud platform; extra performance consumption resulting from the fact that the virtual machine process is unnecessarily called by the monitoring system can be avoided; and the system and methods are compatible with system call processes initiated by all x86 instructions.

Description

technical field [0001] The invention relates to the field of virtual machine safety monitoring, in particular to a system and method for monitoring a virtual machine process and a method for filtering page fault exceptions. Background technique [0002] Virtualization technology has developed into one of the core technologies of the cloud computing platform. It can abstract physical physical resources and distribute them to multiple virtual machines. Virtual machines run real operating systems to provide services for tenants. Today's widely used operating systems There are different degrees of security flaws in system security, and these security flaws also exist in virtual machine operating systems. Malware that gains privileges through the vulnerabilities of the virtual machine operating system can easily damage the operating system, such as computer viruses, worms, Trojan horses, etc. After successfully invading the operating system, these malicious software can steal sen...

AI Technical Summary

Problems solved by technology

[0004] The first method can easily obtain the semantic information of the virtual machine, but there are defects: 1) The monitoring agent depends on the target virtual machine and is not universal; 2) VMM provides security protection measures for the monitoring agent, and the additional protection execution introduced Process adds complexity to monitoring system execution

The second method utilizes the high privilege level and isolation that VMM has to transfer the monitoring process to VMM, which improves the versatility, but also has shortcomings: 1) when any system call is executed, an exception will be generated and trapped in the VMM, which cannot The actual requirement is to selectively monitor system calls, which is poor in flexibility; 2) Executing system calls that do not need to be monitored will still generate exceptions and fall into VMM, which will bring additional performance loss; 3) System call instructions used by different versions of the operating system Different, it is necessary to carry out targeted development for various system call instructions, and the process is complicated

Images