Management system of virtual machine

The virtual machine management system addresses security vulnerabilities by using a hypervisor to manage hardware requests and isolate sensitive data, enhancing security and reducing the attack surface through intelligent access control and monitoring.

KR102991523B1Active Publication Date: 2026-07-15HAITI INFORMATION TECHNOLOGY CO LTD

Patent Information

Authority / Receiving Office
KR · KR
Patent Type
Patents
Current Assignee / Owner
HAITI INFORMATION TECHNOLOGY CO LTD
Filing Date
2024-07-19
Publication Date
2026-07-15

Smart Images

  • Figure 112024078617098-PAT00004_ABST
    Figure 112024078617098-PAT00004_ABST
Patent Text Reader

Abstract

A virtual machine management system according to the present invention comprises at least one virtual machine; and A hypervisor provided between the virtual machine and the hardware to manage requests for the hardware of the virtual machine; including The hypervisor comprises: a security information storage unit that stores security-related data for the virtual machine; and an access management unit that processes and manages requests for the hardware of the virtual machine. The access management unit classifies requests for the hardware of the virtual machine into a first request that preserves data among requests exceeding a preset security level and a second request other than the first request, and stores them in the security information storage unit. When the first request occurs, the access management unit stores data corresponding to the first request in an independent memory matched to the CPU of the hardware, along with the memory of the hardware.
Need to check novelty before this filing date? Find Prior Art

Description

Technology Field

[0001] The present invention relates to a virtual machine management system, and more specifically, to a virtual machine management system with improved security and stability. Background Technology

[0002] A virtual machine (VM) is a technology that enables the execution of multiple independent virtual machines on a single physical computer. Each virtual machine runs an independent operating system, providing an isolated environment while sharing physical resources (e.g., CPU, memory, disk space). This offers significant advantages in terms of security and resource management. For instance, using virtual machines allows various applications to run in environments isolated from one another, ensuring that a problem with one application does not affect others.

[0003] Virtualization technology is primarily implemented through hypervisors. Hypervisors act as intermediaries between physical hardware and virtual machines and can be divided into two types. The first is a hosted hypervisor, which runs on top of an existing operating system, while the second is a native hypervisor, which runs directly on the hardware. Native hypervisors generally provide higher performance and efficiency.

[0004] One of the key advantages of virtual machines is the efficient use of resources. For example, hardware costs can be reduced by consolidating multiple physical servers into a single virtualized server through server aggregation. Additionally, virtual machines provide high availability and flexibility through features such as snapshots, cloning, and migration. For instance, the snapshot feature allows you to save the system state at a specific point in time and restore it if necessary. The migration feature allows you to move a virtual machine to another physical server without interrupting it, minimizing downtime during maintenance and upgrades.

[0005] However, virtual machines also have several issues in terms of security and performance. Attacks exist that can compromise the isolation between virtual machines by exploiting hypervisor vulnerabilities, requiring continuous security updates and monitoring to prevent such attacks. Furthermore, in virtualization environments, performance degradation can occur due to excessive sharing of physical resources, making resource allocation and management crucial to address this.

[0006] Use cases for virtual machines include cloud computing, development and testing environments, and server consolidation. Cloud service providers offer users flexible and scalable computing resources through virtual machines, while developers can use them to test applications across various operating systems and software environments. Server consolidation allows for reduced management costs and increased resource utilization by merging multiple servers into a single one.

[0007] As such, virtualization technology enables multiple tenants to share physical resources and enhances security and isolation. It also allows for the transparent monitoring and control of virtual machine activities and content.

[0008] However, regarding security issues with virtualization technology, hardware virtualization protection and isolation are not perfect, and recently discovered vulnerabilities exist. Security and privacy issues still persist on cloud platforms.

[0009] Virtualization environments consist of hypervisors, management tools, and virtual machines; however, because virtualized physical resources or functions are provided as software, there is a problem of an expanded attack surface. As the need arises for methods to implement more efficient security monitoring and isolation through virtualization technology, there is a need for technological development to enhance resource integrity and security in cloud, server farm, and mobile scenarios. (Patent Document 1) US 8578217 B2 The problem to be solved

[0010] The present invention provides a means to reliably manage requests for virtual machine hardware and improve security. means of solving the problem

[0011] A virtual machine management system according to the present invention comprises at least one virtual machine; and

[0012] A hypervisor provided between the virtual machine and the hardware to manage requests for the hardware of the virtual machine; including

[0013] The hypervisor comprises: a security information storage unit that stores security-related data for the virtual machine; and an access management unit that processes and manages requests for the hardware of the virtual machine. The access management unit classifies requests for the hardware of the virtual machine into a first request that preserves data among requests exceeding a preset security level and a second request other than the first request, and stores them in the security information storage unit. When the first request occurs, the access management unit stores data corresponding to the first request in an independent memory matched to the CPU of the hardware, along with the memory of the hardware.

[0014] In addition, the above independent memory may be restricted from control signals by other components excluding the access management unit.

[0015] In addition, the access management unit may individually grant authority for the second request when the second request occurs, despite the authority for the virtual machine that sent the second request, and may revoke the authority for the second request when the second request is interrupted or when another request from the virtual machine is received.

[0016] In addition, the access management unit can check whether a security event has occurred by comparing the data in the independent memory with the corresponding data in the memory at regular intervals when the second request occurs.

[0017] In addition, the access management unit can determine the risk of a security event by comparing the data stored in the independent memory associated with the virtual machine where the security event occurred with the corresponding data in the memory when a specific security event occurs. Effects of the invention

[0018] According to the present invention, requests for virtual machine hardware can be reliably managed and security can be improved. Brief explanation of the drawing

[0019] FIG. 1 is a diagram showing a schematic system of a device supporting multiple operating systems according to one embodiment. FIG. 2 is a block diagram showing the appearance of a virtual machine for providing security information in a virtualization environment according to one embodiment. FIGS. 3 and FIGS. 4 are block diagrams showing the configuration and connection relationships of a hypervisor according to one embodiment, respectively. Specific details for implementing the invention

[0020] Embodiments of the present invention will be described below with reference to the attached drawings. Unless otherwise specifically defined or mentioned, terms indicating direction used in this description are based on the state shown in the drawings. Additionally, throughout each embodiment, the same reference numeral indicates the same component. Meanwhile, the thickness or dimensions of each component shown in the drawings may be exaggerated for convenience of explanation and do not imply that it must actually be constructed according to the corresponding dimensions or ratios between components.

[0022] FIG. 1 is a diagram showing the schematic system architecture of a device for providing security information in a virtualization environment according to one embodiment.

[0023] The system architecture of a device supporting multiple virtual machines (300) according to one embodiment of the present invention is such that the hardware (100) supports multiple operating execution environments, and may be a device based on a hypervisor (200) as shown in FIG. 1. The hypervisor (200) may include a Virtual Machine Monitor (VMM) function. The VMM may provide an Inter-Domain Communication (IDC) channel as a safer communication channel than using a network between multiple domains operating on the VMM.

[0024] A device supporting multiple virtual machines (300) according to one embodiment can be implemented as various terminal devices such as mobile phones, MID (Mobile Internet Device), DTV (Digital Television), PDA (Personal Digital Assistants), UMPC (Ultra Mobile PC), etc., and is not limited to any type or form.

[0025] According to one embodiment, a plurality of virtual machines (300) utilize a single piece of hardware (100), but operate as if they exist on separate hardware for each operating system. The number of operating systems (or domains) that can operate on a single system is limited only by hardware resources. A virtual machine (300) may include at least one server operating system (Virtual Window Service Server, 300) or a client operating system (Virtual Window Service Client, 400).

[0026] In this specification, a domain refers to the environment in which the operating system of each virtual machine operates. Additionally, a domain application refers to an application that exists and runs in a specific operating system or in a domain, which is the environment in which the specific operating system operates. For example, a domain #1 application represents virtual machine #1 or an application that exists and runs on virtual machine #1. Typically, the environment in which a server operating system among the virtual machines operates is referred to as domain #0.

[0027] Among these many operating systems, there is only one operating system that operates as a system related to server operation among the virtual machines (300), and this operating system directly controls the HID (Human Interface Device) hardware. HID hardware refers to a user interface device for direct interaction with a person by receiving input from the person and providing output to the person. Common HID hardware includes keyboards, mice, trackballs, touchpads, graphic tablets, joysticks, etc. Other client operating systems, including the system related to client operation among the virtual machines (300), are connected to the system related to server operation among the virtual machines (300) via a network or IDC (Inter-

[0028] It connects via Domain Communication and makes a request for HID usage.

[0029] The system related to server operation among the virtual machines (300) provides an integrated user interface for applications running on multiple operating systems. The system related to client operation among the virtual machines (300) provides a user interface for applications on its own operating system through the system related to server operation among the virtual machines (300), in accordance with the control of the system related to server operation among the virtual machines (300).

[0030] A virtual machine (300) may include a kernel layer (330) responsible for communication with different operating systems, an integrated interface providing unit (320) for providing a user interface for applications installed on multiple operating systems according to an embodiment of the present invention, and an application layer (310). The integrated interface providing unit (320) includes a Virtual Window Service (VWS).

[0032] Multiple operating systems may include a secure operating system in which at least one application with verified stability runs, and a general operating system in which at least one application with unverified stability can be freely installed.

[0033] Among the virtual machines (300), the system related to server operation is a secure operating system, and among the virtual machines (300), the system related to client operation can be operated as a secure operating system or a general operating system. For example, the secure operating system may be an operating system in which only applications installed when the device is manufactured and shipped operate, or an operating system in which only applications with verified stability are installed and executed.

[0034] According to one embodiment, a system related to server operation among virtual machines (300) may store security information indicating a security level for each of a plurality of operating systems and control an output to provide security information for an operating system where an application being executed is installed. The security information may be information indicating at least one security grade. For example, the security information may have the form of "Domain 0: Secure, Domain 1: Non-secure, ..., Domain N: Non-secure".

[0035] The system related to server operation among the virtual machines (300) can control the output for providing security information of the operating system where the application running in the foreground among the applications running is installed. The security information assigned to each of the multiple operating systems can be changed, for example, as the security status of the operating system changes.

[0037] A virtual machine according to one embodiment is described with reference to FIG. 2. FIG. 2 is a block diagram showing the appearance of a virtual machine for providing security information in a virtualization environment according to one embodiment.

[0038] The integrated interface providing unit (320) of the system related to server operation among the virtual machine (300) may include an interface management module (321), an application management module (325), a security information management module (323), and an HID management module (Human Interface Device Manager, 327).

[0039] The interface management module (321) manages application windows from multiple domains. The interface management module (321) manages the arrangement order of the application execution environments when multiple applications are executed.

[0040] The security information management module (323) stores security information indicating the security level for each of the multiple operating systems and controls the output to provide security information indicating the security level of the operating system on which the application being executed is installed.

[0041] The security information management module (323) may display security information on the application execution screen, for example, by displaying security information in a specific area of ​​the screen, or by using the device's hardware, in order to display security information of the operating system on which the application is executed. Additionally, the security information management module (323) may output security information regarding the operating system of the application being executed in the form of a specific sound or a specific pattern of vibration using the device's hardware. Furthermore, security information of the application being executed may be output by using at least one of the aforementioned output methods together.

[0042] The application management module (325) manages the configuration, installation, and execution of the application. The application management module (325) stores various information related to the configuration of the application, namely, the meta information of the application, and manages the stored information. For example, the location (path) of the executable file for each application, the location (path) of the icon, and information about the domain to which the application belongs may be stored and managed.

[0043] Additionally, the application management module (325) performs the role of installing a new application (or software), and at this time performs functions such as uncompressing the application package to be installed, verifying the application, and copying files. When a user input signal requesting the installation of an application is received, the application management module (325) selects the operating system to be installed, installs the application on the selected operating system, and registers application-related information including the installation path of the application. If the application needs to be installed in a different domain, a request is made to the application management module (325) of the system related to client operation among the virtual machines (300) running in the other domain to install the application. After installing the application, information related to the application installation (location of executable files, icons, etc.) is saved.

[0044] Additionally, the application management module (325) controls and manages operations such as the execution and termination of the application. For example, when a user clicks icon #1, the application management module (325) receives a request from the main application to execute the application associated with icon #1. Subsequently, the application management module (325) executes the application based on information necessary to execute the application, such as domain information to which the application belongs and the location of the executable file. Meanwhile, if the application to be executed is located in a different domain, it requests the application management module of that domain to execute the application.

[0045] The HID management module (327) controls the user interface device. The HID management module (327) displays a GUI screen and plays sound using a frame buffer driver, etc., and transmits input for a specific application from the user to the corresponding application.

[0046] The function of displaying security information on the application execution screen to indicate security information of the operating system on which the application of the security information management module (323) is executed can be implemented to be performed by the interface management module (321). Meanwhile, the function of displaying security information on a part of the device's hardware or outputting it in the form of a specific sound or a specific pattern of vibration using the hardware of the security information management module (323) can be implemented to be performed by the HID management module (326).

[0047] In addition to this, the integrated interface providing unit (320) may further include a GUI library that can be used to display a screen by applications such as GTK+, QT, and Motif, which is a software system that facilitates GUI program configuration.

[0048] The application layer (330) may include an application installer (or software installer), a main application, and various applications. The application installer is an application responsible for installing various applications (or software), and this component primarily handles the interface with the user. The actual internal installation operation is handled by the application management module (325). The main application is an application capable of displaying icons of applications operating in multiple domains, for example, domain #1 and #2, integrated into a single screen, such as PE (Palmtop

[0049] It performs a similar role to Environment), GPE (GPE Palmtop Environment), QPE (QT Palmtop Environment), etc.

[0050] Meanwhile, the system related to client operation among the virtual machines (300) includes a kernel layer (330), an integrated interface providing unit (320), and an application layer (310), just like the system related to server operation among the virtual machines (300). However, in the case of the system related to client operation, the application management module (325) installs the application in the correct location upon the request of the application management module (325), or controls and manages operations such as execution and termination of the application upon the request for execution of the application. When a user input signal requesting the execution of an application is received, and the requested application is an application that runs on the client operating system, the application management module (325) requests the execution of the requested application from the application management module (325), and can receive the application execution result from the application management module (325) and provide it to the user. Then, the application management module (325) can update the list of currently running applications. Meanwhile, when a user input signal requesting the termination of execution of an application is received, if the requested application is an application running on a client operating system, the application management module (325) may terminate the application by requesting the application management module (325) to terminate the application.

[0051] The HID management module (327) of the system related to client operation among the virtual machines (300) communicates with the HID management module (327) of the system related to server operation among the virtual machines (300) and relays communication with applications in the same domain. If the application being executed is in a different domain, the HID management module (327) receives necessary information from the HID management module (327) of the domain where the application is operating and displays a screen or plays a sound. In addition, if input from a user needs to be transmitted to an application in a different domain, user input is performed in a manner where the HID management module (327) transmits the user input to the HID management module (327) and the HID management module (327) transmits the user input to the corresponding application.

[0052] As described above, the execution result of an application running on a client operating virtual machine is transmitted to a user interface device through the server operating system. However, a device driver installed on an insecure client operating virtual machine can directly access the hardware (100) and delete or change security information output regarding an execution application output according to one embodiment.

[0053] When there is a hardware access request from a device driver, the hypervisor (200) determines whether the hardware access request was received from a secure operating system where applications with verified stability are running. Then, if the hypervisor (200) is not received from a secure operating system, it rejects the access request and blocks access.

[0054] A hardware access request by a device driver may occur during the process in which the virtual machine (300) allocates necessary resources, such as interrupts, to hardware devices when the device driver is installed, initialized, or updated. Accordingly, it is possible to prevent a device driver installed alone in an insecure client operating system from accessing the output channel of security information of the operating system output according to one embodiment.

[0056] A hypervisor according to one embodiment will be described with reference to FIGS. 3 and FIGS. 4. FIGS. 3 and FIGS. 4 are block diagrams showing the configuration and connection relationships of a hypervisor according to one embodiment, respectively.

[0057] The security information storage unit (210) stores security information for each of the multiple operating systems.

[0058] The access management unit (220) reads security information of multiple operating systems stored in the security information storage unit (210) and determines whether to allow access requests for the output of security information received from multiple operating systems based on the read security information. According to one embodiment, the access management unit (220) blocks the display of incorrect security information or the modification of existing content in domains other than secure domains, such as server systems, at specific locations on Windows. Additionally, the access management unit (220) performs the function of the aforementioned hardware access control unit (210) to prevent the output of incorrect security information by directly accessing a hardware device that displays a security level in domains other than secure domains within the virtualization software.

[0059] Additionally, the access management unit (220) distinguishes requests for using hardware from the virtual machine (300) into a first request to preserve sensitive data and a second request to change sensitive data or preserve / change non-sensitive data. The sensitive data that is the subject of the first request may be determined according to a preset level or type of data based on the importance of the data change.

[0060] Here, data preservation means the creation of data and requests for authorized data modification as needed, excluding requests that may result in the alteration or damage of data.

[0061] Additionally, the access management unit (220) grants only the minimum necessary permissions to use the system, such as restricting access requests to multiple layers or hardware or requesting access to data in other domains, thereby minimizing the attack surface. That is, the access management unit (220) does not grant permissions to the virtual machine (300) itself when a pre-set permission level is required, but grants permissions only when there is a specific request, and immediately revokes them regardless of the termination of the request or if another request follows.

[0062] The security information output unit (230) controls the output of security information for the operating system on which the running application is installed. The output for providing security information for the operating system on which the running application is installed may include at least one of displaying security information in a specific area of ​​the application execution screen, displaying security information on specific hardware of the device, a specific sound, or a specific pattern of vibration.

[0063] According to one embodiment, information can be provided regarding whether a running application is a safe application provided on a safe operating system. Accordingly, phishing attacks and the like that may occur due to downloaded malware can be blocked at the source. Since the user can easily check the security status even when malware is executed that may run on an unsafe operating system, the possibility of information requiring security maintenance, such as personal information needed for internet banking and e-commerce, being leaked can be blocked at the source.

[0064] Outputs for providing security information of the operating system on which the application is running may be displayed in the form of text such as Secure (10) or a graph (20) indicating a security level, as shown in part of the application execution screen. In addition, various forms of color patterns, image patterns, etc., may be used to indicate security information or security levels of the operating system on which the application is running.

[0065] The hypervisor (200) manages requests for hardware use from a virtual machine by classifying them into a first request for preserving sensitive data and a second request for changing sensitive data or preserving / changing non-sensitive data. In the case of the first request, the hypervisor (200) stores the sensitive data corresponding to the first request in an independent memory (111) that matches the CPU (110), as shown in FIG. 4, along with the data stored in the memory (120). At this time, the independent memory (111) that matches the CPU (110) refers to a separate memory provided independently of the memory or memory (120) provided within the CPU (110) and provided solely for this purpose. Additionally, the independent memory (111) is restricted so that the virtual machine (300) cannot access it, and is provided so that only the hypervisor (200) itself can access it. Furthermore, the hypervisor (200) stores the location of the data stored in the independent memory (111) in the guarantee information storage unit (210). At this time, the location of each data is encrypted and stored, and the location of each sector constituting the data is stored randomly to reduce the possibility of external attacks.

[0066] The hypervisor (200) does not refer to or modify the independent memory (111) in the second request, and when a certain period or a special security event occurs, it can compare the data in the independent memory (111) with the data stored in the memory (120) to determine whether a security event has occurred or the risk of a security event occurring.

[0067] Meanwhile, the hypervisor (200) may be equipped with a fake virtual machine (300) that mimics a virtual machine (300) for server operation and a fake hardware module (not shown). The access management unit (220) verifies stability using the fake virtual machine (300) and the fake hardware module during the application installation phase of the virtual machine. Specifically, when the access management unit (220) decides to simulate when a request for application installation of the virtual machine is made, the application is installed in the fake virtual machine (300), and responses to requests arising therefrom are generated through the fake hardware module and responded, after which the access management unit (220) analyzes the sequence of requests and responses of the application. The fake hardware module may not be actual hardware, but a database in which a predetermined response to the request of the virtual machine is stored.

[0069] Although preferred embodiments of the present invention have been described above, the technical concept of the present invention is not limited to the preferred embodiments described above and can be implemented in various ways within the scope that does not depart from the technical concept of the present invention as embodied in the claims. Explanation of the symbols

[0070] 111: Independent memory 200: Hypervisor 210: Security Information Storage Unit 220: Access Management Department 230: Security Information Output Section 320: Integrated Interface Provider

Claims

Claim 1 A virtual machine management system comprising: at least one virtual machine; and a hypervisor provided between the virtual machine and the hardware to manage requests for the hardware of the virtual machine; wherein the hypervisor comprises: a security information storage unit that stores security-related data for the virtual machine; and an access management unit that processes and manages requests for the hardware of the virtual machine; wherein the access management unit stores a first request for preserving data among requests for the hardware of the virtual machine that are above a preset security level, and a second request defined as a request other than the first request, in the security information storage unit, and when the first request occurs, stores data corresponding to the first request in an independent memory matched to the CPU of the hardware along with the memory of the hardware. Claim 2 In claim 1, the independent memory is a virtual machine management system in which control signals by other components, excluding the access management unit, are restricted. Claim 3 A virtual machine management system according to claim 1, wherein the access management unit individually grants authority for the second request despite the authority for the virtual machine that sent the second request when the second request occurs, and revokes the authority for the second request when the second request is interrupted or when another request from the virtual machine is received. Claim 4 In claim 1, the access management unit is a virtual machine management system that checks whether a security event has occurred by comparing the data of the independent memory with the corresponding data of the memory at regular intervals when the second request occurs. Claim 5 In claim 1, the access management unit is a virtual machine management system that determines the risk of a security event by comparing the data stored in the independent memory associated with the virtual machine where the security event occurred with the corresponding data in the memory when a specific security event occurs.