Method and system for monitoring service calls in a virtualized environment

A service calling and monitoring technology, applied in the field of computer security, can solve the problem that auxiliary modules are no longer trusted

Active Publication Date: 2020-12-04
DATA ASSURANCE & COMM SECURITY CENT CHINESE ACADEMY OF SCI +1
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, once the guest virtual machine is compromised by an adversary, the auxiliary modules installed in the guest virtual machine are no longer trustworthy

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for monitoring service calls in a virtualized environment
  • Method and system for monitoring service calls in a virtualized environment
  • Method and system for monitoring service calls in a virtualized environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] In order to make the above objects, features and advantages of the present invention more comprehensible, the present invention will be further described below through specific embodiments and accompanying drawings.

[0044] This embodiment is an example of a cryptographic operation service call monitoring system in a cloud environment.

[0045] figure 2 It is a schematic diagram of using the method of the present invention to provide a cryptographic operation service invoking a monitoring service in a virtualized environment. The user subscribes to the key management service (KMS) provided by the cloud service provider, and the KMS service provides services through https. The KMS service is responsible for managing the user's key and providing cryptographic computing services.

[0046] The service call monitoring system in this embodiment is implemented on the QEMU-KVM virtualization platform, and the host computer uses an Intel CPU chip. The detection part of the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a service calling monitoring method and system in a virtual environment. The method comprises the following steps: 1) a cloud generates a hash library of a key code segment ina monitored client virtual machine according to an authorized access service program set by a tenant and a related source file; 2) after the monitored client virtual machine is started, the service calling monitor sets a memory page permission bit loaded by the monitored client virtual machine, so that the integrity of a key code segment in the memory is verified before the code on the memory pageis executed; 3) when the service calling monitor detects that the service calling occurs, obtaining a page directory address of a calling process according to the characteristics of the service calling, and when the page directory address of the calling process is in a white list process linked list, allowing to execute the service calling; When it is detected that a return result event of service calling occurs, information of a calling process is obtained according to the characteristics of the return result event, and when the calling process is in the white list process linked list, the return result is allowed to pass.

Description

technical field [0001] The invention belongs to the technical field of computer security, and in particular relates to a method and system for providing service call monitoring in a virtualized environment. Background technique [0002] Cloud computing applications based on virtualization technology are developing rapidly. With the promotion of cloud computing applications, all services are migrating from local to cloud. According to the RightScale report, 95% of the interviewed IT practitioners said their companies are using cloud computing services. At the same time, in order to attract more tenants, cloud service providers provide many additional services so that tenants can focus on their core business. However, at present, the invocation security of additional services provided by cloud service providers depends on the user's ID and password. Once the user's ID and password are leaked, the additional services subscribed by the tenant may be maliciously invoked by the a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/53
CPCG06F21/53
Inventor 蔡权伟林璟锵江芳杰王琼霄
Owner DATA ASSURANCE & COMM SECURITY CENT CHINESE ACADEMY OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap