Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Client virtual machine memory dynamic isolation and monitoring method and system

A technology of client virtual machine and virtual machine monitor, applied in the computer field, can solve the problems of sensitive data leakage, large performance impact, etc., to achieve the effect of preventing theft, small performance impact, and solving the semantic gap

Active Publication Date: 2019-07-26
SHANGHAI JIAO TONG UNIV
View PDF9 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The above scheme can realize read-only protection for key data in the same privilege level. However, in terms of security, attackers still have specific read permissions for key data, and there is still the possibility of leakage of sensitive data.
In terms of performance, because every time you modify key data or key registers, you need to enter the Nested Kernel to simulate execution, so some micro benchmarks have a greater impact on performance

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Client virtual machine memory dynamic isolation and monitoring method and system
  • Client virtual machine memory dynamic isolation and monitoring method and system
  • Client virtual machine memory dynamic isolation and monitoring method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0062] The present invention will be described in detail below in conjunction with specific embodiments. The following examples will help those skilled in the art to further understand the present invention, but do not limit the present invention in any form. It should be noted that those skilled in the art can make several changes and improvements without departing from the concept of the present invention. These all belong to protection domain of the present invention.

[0063] The method proposed by the invention can solve the problem in the existing solution, how to realize stronger memory isolation in the guest virtual machine kernel under the virtualization environment. Since some data is very sensitive, an attacker not only cannot modify it, but also cannot read the data. The present invention needs to implement stronger memory isolation inside the guest virtual machine, so that these sensitive data are completely invisible to unauthorized users. How to reduce the se...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a client virtual machine memory dynamic isolation and monitoring method and system. A user request processing module, an extended page table exception interception and processing module, a virtual machine monitor interaction module and an extended page table communication module are respectively deployed in a client virtual machine; and an extended page table management module and an application behavior learning module are respectively deployed in a virtual machine monitor. The kernel address space isolation technology of the virtual machine is utilized to effectively defend stealing of kernel key data and random overwriting attacks of a memory. Even if a vulnerability of a certain module in the kernel is grasped, protected key data cannot be randomly tampered. Different isolation execution environments are provided for different modules, so that the kernel is protected from being stolen by unauthorized data and memory overwriting attacks. A virtualization mechanism provided by hardware is used to accelerate the switching function of the extended page table, so that the performance overhead is reduced.

Description

technical field [0001] The present invention relates to the field of computer technology, in particular to a method and system for dynamically isolating and monitoring the memory of a guest virtual machine. Background technique [0002] Kernel security of operating systems has always been a research hotspot in academia and industry. Because the kernel has higher authority than user-mode programs, once the kernel is compromised by an attacker, the entire system will lose its protection. With the prevalence of cloud platforms, many manufacturers place their services on cloud platforms, but kernel security issues are still important. Most of the virtual machines have run large-scale operating systems such as linux and windows, and a large number of user programs have run on these operating systems. Both the operating system and the user program are complex software. This complexity makes it difficult to find many hidden errors or loopholes in the entire system, and these erro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F9/455G06F11/30
CPCG06F9/45558G06F11/301G06F2009/45583G06F2009/45587
Inventor 杨子涵糜泽羽陈海波臧斌宇管海兵
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com