Virtual machine security monitoring method and system

A security monitoring and virtual machine technology, applied in the field of security protection of cloud platforms, can solve problems such as high performance overhead, and achieve the effect of ensuring security isolation, unification of security and efficiency, and expanding available memory

Inactive Publication Date: 2018-03-13
NAT UNIV OF DEFENSE TECH
View PDF5 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Since VMEXIT / VMENTRY involves the switching of CPU privilege levels and the saving and restoration of various states, its performance overhead is relatively large

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virtual machine security monitoring method and system
  • Virtual machine security monitoring method and system
  • Virtual machine security monitoring method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] Such as figure 1 As shown, the virtual machine security monitoring method of the present invention includes the following steps:

[0030] 1. To initialize the hypervisor, configure the EPT, #VE and VMFUNC functional environments provided by the hardware during the hypervisor initialization;

[0031] 2. Use multiple EPT page tables to achieve security isolation between the monitoring program and the monitoring target. By setting the permissions of the EPT page table items of the target to be monitored, and loading the jump code when the virtual machine kernel is initialized, the security monitoring inside the virtual machine is realized;

[0032] 3. When the protected EPT page table is written or executed, the #VE exception is triggered. At this time, the execution is transferred to the monitoring program through the jump code, and the monitoring program uses the abnormal information to analyze the abnormal event and make a further response , complete #VE exception hand...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a virtual machine security monitoring method and system. A virtualization abnormal function (#VE) is utilized to realize monitoring of application program execution. Meanwhile,through isolation of EPT page tables, isolation of application programs from an operating system and memory isolation of different application programs can be realized. During execution of a CPU, through a VMFUNC function provided by CPU hardware, switching of different EPT page tables is realized, and therefore switching of execution streams is realized. According to the virtual machine securitymonitoring method and system, an in-band mode is adopted to realize virtual machine security monitoring, meanwhile secure isolation of a monitoring program from a monitoring target is supported and guaranteed based on new hardware characteristics, and finally unity of security and efficiency is achieved.

Description

technical field [0001] The invention relates to the security protection of the cloud platform, in particular to a method and system for security monitoring of virtual machines in the cloud platform. Background technique [0002] Security issues in the cloud computing environment have always been the main concern preventing enterprises from adopting cloud services, especially the mainstream cloud platforms use virtual machines to provide services, and there are new problems such as jump attacks and virtual machine escapes between virtual machines. Security threats. Malicious users can attack other virtual machines or even physical hosts by renting virtual machines. Therefore, the monitoring of malicious behavior of virtual machines is of great significance for enterprises to purchase cloud services and ensure cloud security. [0003] Existing virtual machine monitoring mostly uses virtual machine introspection technology. Virtual machine introspection technology realizes the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/30G06F9/455G06F11/34
CPCG06F9/45558G06F11/301G06F11/3409
Inventor 杨岳湘施江勇曾迎之唐川王晓磊
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap