Virtualization escape defense method based on kernel debugger

A virtualization and debugger technology, applied in the field of virtualization security, can solve problems such as threats to host security, and achieve the effect of quick analysis

Active Publication Date: 2021-02-05
NANJING UNIV OF POSTS & TELECOMM
View PDF3 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In 2008, VMware's Workstation product had the first virtual machine escape attack. Attackers can use the vulnerability to make the virtual machine escape to the virtual machine manager, thereby threatening the security of the host.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virtualization escape defense method based on kernel debugger
  • Virtualization escape defense method based on kernel debugger
  • Virtualization escape defense method based on kernel debugger

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] Embodiments of the present invention will be disclosed in the following diagrams. For the sake of clarity, many practical details will be described together in the following description. It should be understood, however, that these practical details should not be used to limit the invention. That is, in some embodiments of the invention, these practical details are not necessary.

[0035] The present invention is a virtualization escape defense method based on the Windbg debugger. First, the virtual machine process is attached to the Windbg in the host, and the captured RPCI commands are integrated, and the data packet analysis module performs analysis to screen out suspicious commands. Then judge the parameters, calling functions, data block length, etc., analyze the overflow point and the location of the overflowed object, and judge its allocation method at the same time, and finally combine the key data structure and specific allocation method to carry out precise he...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a virtualization escape defense method based on a kernel debugger, which mainly comprises the following steps: command reading: adding a virtual machine process into a Windbgkernel debugger, and reading an RPCI command received by the process; analyzing the data packet: analyzing a suspicious instruction in the RPCI command, and judging whether the length of the data packet has overflow possibility or not; memory allocation protection: when overflow possibility exists, carrying out automatic judgment on an allocation mode of the target block, and realizing predictability of an address; and overflow defense: automatically judging an address relationship between an overflow point and an overflowed object, and carrying out early warning on an overflow attack behavior. By using the kernel debugger Windbg under the Windows operating system, suspicious overflow behaviors under the virtualization environment are automatically judged, and the heap layout is accuratelypredicted, virtual machine escape attacks can be effectively defended, more efficient and complete heap overflow prevention is achieved, and the safety of the virtualization environment is guaranteed.

Description

technical field [0001] The invention belongs to the technical field of virtualization security, in particular relates to a computer operating system and virtualization technology, in particular to a virtualization escape defense method based on a kernel debugger. Background technique [0002] With the rapid application of cloud computing technology, the traditional independent host model can no longer meet the needs of users, and more and more virtualization environments have emerged. Virtualization technology was first developed by Chris Toffer, a computer professor at Oxford University in 1959. In 2010, it was proposed in an academic report titled "Time Sharing in Large-Scale High-Speed ​​Computers". This article is considered to be the earliest discussion of virtualization technology, and since then it has opened the curtain of virtualization development. In computer science, virtualization technology is a resource management or resource optimization technology that abstr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/54
CPCG06F21/54
Inventor 陈霄肖甫沙乐天
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap