Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for enhancing the introspection security of a virtual machine on an arm platform

A virtual machine and security technology, applied in the field of enhancing ARM platform virtual machine introspection security, can solve problems such as information leakage, unsafe underlying input data, and incorrectness, and achieve the effect of ensuring integrity, ensuring security, and enhancing introspection security.

Inactive Publication Date: 2019-07-05
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] VMI in a vulnerable host environment faces multiple security threats. One is information leakage: VMI technology breaks the isolation between multi-tenants in the cloud environment. The malicious use of VM internal information obtained by VMI will cause serious leakage of VM information.
The second is that VMI is not safe when running: VMI runs in user mode. Once the vulnerability of the host environment is exploited, the code and data of VMI will be exposed to attackers.
The third is that the underlying input data of VMI is incorrect: VMI relies on Hypervisor to obtain VM-related core data, which gives Hypervisor and Host the opportunity to tamper with these core data
The industry has not been involved in the research on VMI runtime insecurity and incorrect underlying input data.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for enhancing the introspection security of a virtual machine on an arm platform
  • A method and device for enhancing the introspection security of a virtual machine on an arm platform
  • A method and device for enhancing the introspection security of a virtual machine on an arm platform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] In order to make the above-mentioned features and advantages of the present invention more comprehensible, the following specific embodiments are described in detail in conjunction with the accompanying drawings.

[0037] The present invention provides a method and device for enhancing the introspection security of an ARM platform virtual machine. The method and device realize the integrity protection of code and data and the trusted reading of underlying data according to the isolation mechanism and high-privilege-level trapping. In order to avoid information leakage, malicious tampering of runtime execution flow and data flow, and malicious forgery of underlying input data.

[0038] Please refer to figure 1 , which is a flowchart of a method for enhancing introspection security of an ARM platform virtual machine provided by the present invention. The method steps include:

[0039] 1) Deploy the core code in the hardware isolation environment TrustZone (trusted envir...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and a device for enhancing ARM platform virtual machine introspection security. The device comprises a security enhancing interface front end located in an untrusted environment virtualization software stack, a security enhancing interface at a high privilege level and a core library located in a hardware isolation environment Trust Zone. The method and the device resist information leak and guarantee the accuracy of VMI codes and data in a whole life period, namely guaranteeing the operation security of VMI and accuracy of VMI bottom layer input data, via the security enhancing interfaces independent of Hypervisor or QEMU and the proper hardware isolation environment Trust Zone. The method and the device solve two layers of semantic isolation under an ARMv8 platform, namely Hypervisor semantic isolation and VM semantic isolation.

Description

technical field [0001] The invention relates to the technical field of self-introspection security of a virtual machine in a security vulnerability host machine, in particular to a method and a device for enhancing the self-inspection security of an ARM platform virtual machine. Background technique [0002] As we all know, the general virtual machine introspection (VMI) code is deployed in the user space of the host (Host), accesses the binary data inside the virtual machine (VM) through the virtual machine manager (Hypervisor), and bridges the semantic isolation problem inside the VM These binary data are converted into effective VM internal state information at the operating system level, so that the state information can be used for further security monitoring. Therefore, the normal operation of the existing VMI depends on the premise that both the Host and the Hypervisor are safe and credible. This means that once this premise is broken, normal operation of the VMI can...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/53G06F9/455
CPCG06F9/45558G06F21/53
Inventor 涂碧波贾丽娜
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com