Agent-free client process protection method based on virtualization technology

A virtualization technology and client technology, applied in the field of client process protection, can solve the problem that the security of the agent is difficult to be guaranteed, and achieve the effect of saving resources, high performance advantages, and concealment guarantee.

Active Publication Date: 2017-06-27
SICHUAN UNIV
View PDF5 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Furthermore, the security of the agent itself is difficult to guarantee. Once the agent is uninstalled, the security measures to be implemented will no longer exist.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Agent-free client process protection method based on virtualization technology
  • Agent-free client process protection method based on virtualization technology
  • Agent-free client process protection method based on virtualization technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0048] According to the characteristics of the VM system and based on intel VT technology, the present invention constructs an agentless client process runtime protection system. The user only needs to use a user-level tool inside the client to tell the VMM which processes need to be protected, and there is no need for functional realization. Any agent drivers need to be installed.

[0049] The realization of system functions is mainly divided into three parts, windows memory acquisition module, virtual machine information injection module, client pagefault exception interception and processing module, the entire protection execution flow is as follows: Figure 4 shown. The specific implementation steps of the system are as follows:

[0050] 1. Allocate windows non-paged memory

[0051] The most important reason why this method ado...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an agent-free client process protection method based on a virtualization technology. The method comprises the steps of transparently obtaining a windows non-paging memory page in a KVM, and recording an initial address of the memory page to a KVM structure body corresponding to a virtual machine; injecting virtual machine information; setting an IA32-SYSENTER-EIP register as a newly injected KiFastCallEntry function address, and conducting hook on a KiSystemService function; conducting clearing on original SSDT contents; setting VMCS structure relevant fields, and setting read-write sinking of the IA32-SYSENTER-EIP register and pagefault abnormal sinking of an instruction fetching type; intercepting instruction fetching pagefault abnormality of a client by a virtual machine monitor, analyzing a current operation, feeding a result back to the client, and finishing one-time accessing processing. According to the agent-free client process protection method based on the virtualization technology, the safe execution of system functions is ensured, there is no need to install an agent drive inside the client, there is no need to consider the security of the agent drive, and the influence on the performance of the virtual machine is reduced to the minimum.

Description

technical field [0001] The invention relates to the field of client process protection, in particular to an agentless client process protection method based on virtualization technology. Background technique [0002] In recent years, cloud computing technology has developed rapidly. On the one hand, by using cloud services, customers can save a lot of hardware costs and maintenance costs; on the other hand, as cloud vendors, while providing services to users, they can focus more on the research of cloud services themselves and promote cloud computing technology. development of. In order to reduce costs, customers are migrating more and more services to virtual machines on the cloud platform. However, the "Complete Virtualization Security Guide" released by the US National Standards Institute NIST pointed out that the security threats faced in traditional hosts also exist in virtual machines. Based on the characteristics of the operating system, the process, as the entity ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/455G06F21/56
CPCG06F9/45558G06F21/566G06F2009/45587
Inventor 陈兴蜀陈蒙蒙金逸灵蔡梦娟金鑫
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap