Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for protecting virtual machine kernel

A virtual machine and kernel technology, applied in the direction of program control device, platform integrity maintenance, software simulation/interpretation/simulation, etc., can solve the problem of poor blocking effect of malicious code

Active Publication Date: 2021-01-29
HUAWEI TECH CO LTD
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The present invention provides a method and device for protecting the kernel of a virtual machine, which are used to solve the problem that the prior art has poor interception effect on malicious codes and requires real-time interception

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for protecting virtual machine kernel
  • Method and device for protecting virtual machine kernel
  • Method and device for protecting virtual machine kernel

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0092] The embodiment of the present invention is applied to a virtual machine platform, and the deployment architecture of the virtual machine platform can have two modes:

[0093] figure 1 A schematic diagram of the architecture of Embodiment 1 of the virtual machine platform provided by the present invention, figure 1 For the bare-metal mode of the virtual machine platform, such as figure 1 As shown, the virtual machine platform can include multiple virtual machines ( figure 1 Take virtual machine 1 and virtual machine 2 as examples), the lower layer of the virtual machine includes the VMM, and the lower layer of the VMM includes the underlying hardware. Wherein, the virtual machine includes: a virtual machine application layer and a virtual machine kernel layer, and in the present invention, the virtual machine kernel layer further includes: a monitoring agent.

[0094] figure 2 A schematic diagram of the second embodiment of the virtual machine platform provided by t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Embodiments of the present invention provide a method and device for protecting a virtual machine kernel. The method includes: intercepting a system call function initiated by an application program; Point to the shadow kernel, and determine the corresponding entry address of the system call function in the shadow kernel according to the shadow SSDT in the shadow kernel; wherein, the shadow kernel is built in the non-paged pool of the original kernel of the virtual machine, and the shadow kernel is based on the virtual machine The executable kernel code built from the image file of the original kernel. It realizes that the system call path is completely executed in the pure code of the shadow kernel, which ensures the integrity of the system call path, thereby also ensuring the integrity of the entire kernel code operation. Moreover, the shadow kernel is built in the non-paged pool of the original kernel of the virtual machine, which is simple and easy to implement, and will not leave traces in other places such as the registry, which is more secure.

Description

technical field [0001] The invention relates to virtual machine technology, in particular to a method and device for protecting the kernel of a virtual machine. Background technique [0002] In recent years, cloud computing technology has developed rapidly. It cannot be ignored that many malicious programs and kernel malicious codes currently exist will also pose security threats to the internal processes of cloud platform virtual machines. Among them, the virtual machine kernel plays a central role in the virtual machine. During the running of the virtual machine, all application system call requests, as well as internal and external interrupt processing, etc. will directly enter the virtual machine kernel and be processed by the virtual machine kernel. Necessary treatment. In the specific implementation process, among all the interfaces entering the virtual machine kernel, the system call interface is an important interface for the application program to interact with the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F9/455
CPCG06F9/45533G06F2009/45587G06F21/53G06F9/45558G06F2009/45591
Inventor 万荣飞陈兴蜀
Owner HUAWEI TECH CO LTD