Client virtual machine memory dynamic isolation and monitoring method and system

A technology of client virtual machine and virtual machine monitor, applied in the computer field, can solve the problems of sensitive data leakage, large performance impact, etc., to achieve the effect of preventing theft, small performance impact, and solving the semantic gap

Active Publication Date: 2021-06-22
SHANGHAI JIAO TONG UNIV
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The above scheme can realize read-only protection for key data in the same privilege level. However, in terms of security, attackers still have specific read permissions for key data, and there is still the possibility of leakage of sensitive data.
In terms of performance, because every time you modify key data or key registers, you need to enter the Nested Kernel to simulate execution, so some micro benchmarks have a greater impact on performance

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Client virtual machine memory dynamic isolation and monitoring method and system
  • Client virtual machine memory dynamic isolation and monitoring method and system
  • Client virtual machine memory dynamic isolation and monitoring method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0062] The present invention will be described in detail below in conjunction with specific embodiments. The following examples will help those skilled in the art to further understand the present invention, but do not limit the present invention in any form. It should be noted that those skilled in the art can make several changes and improvements without departing from the concept of the present invention. These all belong to protection domain of the present invention.

[0063] The method proposed by the invention can solve the problem in the existing solution, how to realize stronger memory isolation in the guest virtual machine kernel under the virtualization environment. Since some data is very sensitive, an attacker not only cannot modify it, but also cannot read the data. The present invention needs to implement stronger memory isolation inside the guest virtual machine, so that these sensitive data are completely invisible to unauthorized users. How to reduce the se...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a method and system for dynamically isolating and monitoring the memory of a client virtual machine. In the client virtual machine, a user request processing module, an extended page table exception interception and processing module, a virtual machine monitor interaction module, and an extended page table communication module are respectively deployed. module, respectively deploying the extended page table management module and the application behavior learning module in the virtual machine monitor. Utilizes virtual machine kernel address space isolation technology to effectively defend against the theft of key kernel data and random overwrite attacks on memory. Even if the vulnerability of a module in the kernel is mastered, the protected key data cannot be tampered with at will. Provide different isolated execution environments for different modules to protect the kernel from unauthorized data theft and memory overwrite attacks. Use the virtualization mechanism provided by the hardware to accelerate the switching function of the extended page table and reduce performance overhead.

Description

technical field [0001] The present invention relates to the field of computer technology, in particular to a method and system for dynamically isolating and monitoring the memory of a guest virtual machine. Background technique [0002] Kernel security of operating systems has always been a research hotspot in academia and industry. Because the kernel has higher authority than user-mode programs, once the kernel is compromised by an attacker, the entire system will lose its protection. With the prevalence of cloud platforms, many manufacturers place their services on cloud platforms, but kernel security issues are still important. Most of the virtual machines have run large-scale operating systems such as linux and windows, and a large number of user programs have run on these operating systems. Both the operating system and the user program are complex software. This complexity makes it difficult to find many hidden errors or loopholes in the entire system, and these erro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F9/455G06F11/30
CPCG06F9/45558G06F11/301G06F2009/45583G06F2009/45587
Inventor 杨子涵糜泽羽陈海波臧斌宇管海兵
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap