84 results about "Virtual machine introspection" patented technology

A system and method operable to programmatically perform runtime de-obfuscation of obfuscated software via virtual machine introspection and manipulation of virtual machine guest memory permissions.

Systems and methods of executing an application in an application specific runtime environment are disclosed. The application specific runtime environment is defined by an application environment specification to include a minimal or reduced set of software resources required for execution of the application. The application environment is generated by determining software resource dependencies and is optionally used to provision the application specific runtime environment in real-time in response to a request to execute the application. Use of the application specific runtime environment allows the application to be executed using fewer computing resources, e.g., memory. The application specific runtime environment is optionally disposed within a virtual machine. The virtual machine may be created in response to the request to run the executable application and the virtual machine may be automatically provisioned using an associated application environment specification.

A computer implemented method, apparatus, and computer usable program code for executing a process within a virtual machine. A module is injected into an operating system for the virtual machine to form an injected module. The injected module is executed to load an agent process within an application space within the virtual machine. Execution of the agent process is initiated by the injected module.

A processor includes guest mode control registers supporting guest mode operating behavior defined by guest context specified in the guest mode control registers. Root mode control registers support root mode operating behavior defined by root context specified in the root mode control registers. The guest context and the root context are simultaneously active to support virtualization of hardware resources such that multiple operating systems supporting multiple applications are executed by the hardware resources.

The invention provides a virtual machine template IVF storage method. Different application types of virtual machines, such as WEB service, database service and load balance, are mounted on an established virtual platform according to a requirement, and a virtual machine operating system, an application program, a configuration environment and the like are mounted. After an environment is established, a function demand of a user in a certain aspect, such as website construction, is basically met. A system comprises a virtual machine template configuration file (1), a completeness checking file (2) and a virtual machine magnetic disk mirror image file (3). If the user still needs to deploy a similar environment, the user only needs to configure the current virtual machine into a use template so as to avoid repeated operation of the previous work, and then a virtual machine is established according to the template, so that the similar environment can be established quickly.

Policy enforcement in an environment that includes virtualized systems is disclosed. Virtual machine information associated with a first virtual machine instance executing on a host machine is received. The information can be received from a variety of sources, including an agent, a log server, and a management infrastructure associated with the host machine. A policy is applied based at least in part on the received virtual machine information.

The invention relates to the technical field of cloud computing, in particular to a virtual machine migration prediction method based on an SLA (Service Level Agreement). According to the method, firstly, the resource use condition of each virtual machine is monitored once every a period of time; then, after the curve fitting by a mathematical method on the basis of monitoring data, an equation of the curve is obtained; then, the resource quantity used by the virtual machines at the next time interval can be predicted; next, the resource use quantity at the next time interval is compared to the threshold value specified in the SLA; if the resource use quantity at the next time interval exceeds the threshold value, the virtual machine is likely to be about to overload; otherwise, the coming of the next monitoring time interval is waited; and finally, if the overload condition occurs, the virtual machine is migrated to an idle host. The virtual machine migration prediction method based on the SLA provided by the invention has the advantages that an active virtual machine migration strategy is realized through actively predicting the resource use trend of the virtual machine; the problem that the SLA cannot be met after the migration by a conventional migration strategy is solved; and the method can be used for virtual machine migration.

A virtualization implementing method for a Power server includes the steps of enabling virtualization management software to be directly installed in a virtual machine input/output (I/O) server; enabling at least one integrated virtualization manager (IVM) to be used as a platform and then to be registered to virtualization management software (Power Director); using commands supplied by the virtual machine I/O server and each IVM to create a virtual machine; enabling a preset installing module to automatically install in the created virtual machine through an image management function according to demands of a user and enabling a configuration file, an operating system, a network information configuration of the virtual machine to be completed. The virtualization implementing method for the Power server does not need to singly be supplied with another host machine or the virtualization management software so as to save host machine source and largely simplify deployment and configuration of the virtualization management software, and improve working efficiency of managers.

An apparatus and method defends against computer attacks by destroying virtual machines on a schedule of destruction in which virtual machines are destroyed in either a random sequence or a round-robin sequence with wait times between the destruction of the virtual machines. Also, each virtual machine is assigned a lifetime and is destroyed at the end of its lifetime, if not earlier destroyed. Destroyed virtual machines are reincarnated by providing a substitute virtual machine and, if needed, transferring the state to the substitute virtual machine. User applications are migrated from the destroyed machine to the replacement machine. All virtual machines are monitored for an attack at a hypervisor level of cloud software using Virtual Machine Introspection, and if an attack is detected, the attacked virtual machine is destroyed and reincarnated ahead of schedule to create a new replacement machine on a different hardware platform using a different operating system.

The invention relates to a software testing and evaluation method based on a cloud computation technology. The method comprises the steps that a testing cloud platform and an evaluation cloud platformare established; a lightweight cloud probe is deployed on the testing cloud platform; state data is collected by using the cloud probe and transmitted to the evaluation cloud platform through a network; analysis is conducted in the evaluation cloud platform, tested software is comprehensively established according to testing and evaluation standards, and a testing and evaluation report is generated. The software testing and evaluation method has the advantages that through the cloud computation technology, the utilization rate of equipment can be effectively increased, the required resourcesare dynamically adjusted according to service demands, the tested software is continuously tested, and the method helps to run and maintain a whole testing system. Through an introspection technologyof a virtual machine, the tested software is separated from a detection module. The tested software is deployed in the virtual machine, the detection module is deployed in a safer virtual machine monitor layer with a higher power level, and by integrating multiple advantages of the introspection technology of the virtual machine, the tested software is continuously, accurately and comprehensivelydetected.

The invention provides a virtual machine introspection-based virus detection system and method, and aims at detecting external parts of virtual machines so as to improve the integral safety of virtualization systems. The virus detection system comprises a virus behavior feature library and a process behavior tracing data module on the basis of a virtual machine introspection tool, wherein the virus behavior feature library and the process behavior tracing data module are respectively connected with a process behavior analysis module so that comparison and detection can be carried out by the process behavior analysis module; and the virus behavior feature library is connected with the virus behavior analysis module which is used for automatically analyzing virus samples. According to the system and method, operation states in virtual machines can be monitored without modifying virtual machine systems or installing any software and tool, process behaviors in the virtual machines are utilized to judge whether virus programs are operated or not, and operations such as shutdown and the like can be carried out on the virtual machines with safety threats.

The invention discloses a method for discovering whether or not a vulnerability exists in a virtual machine introspection system. A specific jmp instruction is inserted at a calling function entry address of a changed Linux virtual machine system, if the virtual machine introspection system can be modified, it means that the vulnerability exists in the virtual machine introspection system, and it indicates that a dynamic monitoring result of the virtual machine introspection system can be manually controlled to further disclose the vulnerability of the virtual machine introspection system, and important references are provided for follow-up relevant researchers to further improve the system.

The invention relates to the technical field of physical machine power control and cloud computing virtual machine migration, in particular to an Openstack based physical machine remote maintenance method. The method comprises: firstly, establishing an Openstack cloud platform and setting an IPMI address, an IPMI login user name and a password of a physical machine; secondly, searching for an available physical node in a normal state according to a greedy algorithm at a control node of the Openstack cloud platform, sending an instruction of migrating a virtual machine to the available physical node to a target physical machine through a component, and after all virtual machines are migrated, sending a shutdown command to a baseboard management controller (BMC) of the target physical machine; and finally, executing a request by the BMC of the target physical machine, and returning an executive result. According to the method, the problems that the virtual machines need to be migrated before physical machine maintenance, a Juno version of the Openstack open source cloud platform cannot perform remote physical machine maintenance, an application cannot be ensured to be normally and continuously used, inconvenience is provided for the operation and maintenance personnel to maintain the physical machine, and the like are solved; and the method can be applied to physical machine maintenance and virtual machine migration of the cloud platform.

The present invention discloses a method, an apparatus, and a system for triggering virtual machine introspection, so as to provide a timely and effective security check triggering mechanism. In the present invention, data that needs to be protected is determined; the data that needs to be protected is monitored; and when it is determineed that the data that needs to be protected is modified, virtual machine introspection is triggered. The present invention avoids a performance loss and a security problem that are brought about by regularly starting a virtual machine introspection system to perform a security check, and therefore, the present invention is more applicable.

The embodiment of the invention provides a virtual machine malicious software behavior detection method and system, and the method comprises the steps: carrying out the interaction with a target virtual machine based on a virtual machine monitor of a host machine where the target virtual machine is located, and obtaining the internal state information of the target virtual machine through a virtual machine self-provincial method; Reconstructing the internal state information according to a software basic structure knowledge base in a memory evidence obtaining framework, and obtaining a high-level data structure of the internal state information; And according to the advanced data structure, detecting malicious software behaviors in the target virtual machine. According to the embodiment ofthe invention, the detection of the malicious software behavior is more accurate and comprehensive, the abnormal behavior can be processed in a targeted manner, the security of the target virtual machine is ensured, the influence on the performance of the virtual machine is greatly reduced, and the detection of the malicious software behavior is realized on the premise of no perception.

The invention discloses an online migration redundancy removal method for a virtual machine disk. The method comprises the following steps: firstly, reading a super block in a disk according to a filesystem organization mode, then reading a bitmap in each block group according to block group description information in the super block, determining whether each block in the bitmap record block group is used or available, and constructing a complete bitmap for the whole disk by utilizing the obtained bitmaps of all the block groups; secondly, in the virtual machine migration process, carrying out disk migration according to the obtained disk use information, and at the moment, only transmitting used disk blocks; and thirdly, extracting unused block bitmaps which are possibly updated from theoriginal memory data by using a virtual machine introspection technology, updating bitmap information by using the unused block bitmaps after obtaining caches of metadata of all block equipment in the memory, and migrating used disk blocks which are not migrated before to a destination end by using an existing method. According to the method, semantic information of the data is mainly used for data compression, so that very small overhead for upper-layer applications is introduced.

The invention discloses a public infrastructure resource scheduling method based on an application priority. The method comprises the following steps that: (1) uniformly deploying an application system in different virtual machine, uniformly deploying the application system in the virtual machine, and configuring an operating environment on which the application system depends in the virtual machine, wherein only an independent application system is deployed in each virtual machine, and the virtual machine where the application system is positioned is taken as granularity for scheduling during scheduling; and (2) in a resource scheduling process, monitoring the resource use situation of the application system in real time, and according to the load situation of the application system, taking virtual machine migration as the resource scheduling method to dynamically deploy application system resources according to the priority of the application system. By use of the method, through a virtualization technology, full-ship information resources are integrated to realize the sharing and the uniform scheduling of the full-ship information resources, and the resource requirements of a combat and platform application system are subjected to overall consideration so as to perform a supporting function of the public information infrastructure to a maximum degree and improve the integral combat effectiveness.

The invention discloses an Android application security protection method based on dynamic virtual instruction transformation. According to the invention, a user-defined virtual instruction set and avirtual machine interpreter are defined; converting the Dalvik instruction set into a self-defined virtual instruction set through an instruction obfuscation operation; during execution, the mapping relation between the instruction sets is dynamically transformed, and the transformed instruction is interpreted and executed by the user-defined virtual machine interpreter, so that the protection ofthe key method and execution logic in the Android application is realized. Meanwhile, the Android application code based on the user-defined virtual instruction set and the virtual machine interpretercorresponding to the Android application code are embedded in the Android application, and therefore Root authority does not need to be owned or an Android underlying system does not need to be modified. According to the method, effective protection can be provided for key methods and execution logic in the Android application, the confusion degree and the non-readability of the application program are improved, the time and space complexity of an attacker for implementing reverse analysis and code dump attack can be effectively improved, and safety reinforcement of the Android application isachieved.