Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for acquiring process information of KVM (Kernel-based Virtual Machine)

A technology for process information and system acquisition, applied in the field of virtual machine security protection

Inactive Publication Date: 2013-05-01
BEIJING VENUS INFORMATION TECH +1
View PDF2 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, KVM does not provide official VMM introspection API support like VMWare. Although there are IOCTL calling interfaces in both Qemu-kvm and KVM modules, if you want to use these interfaces, you must modify and recompile the source code of the modules.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for acquiring process information of KVM (Kernel-based Virtual Machine)
  • Method and system for acquiring process information of KVM (Kernel-based Virtual Machine)
  • Method and system for acquiring process information of KVM (Kernel-based Virtual Machine)

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0032] At present, the IOCTL interface of KVM is provided to the Qemu-kvm module for calling. The specific calling process is as follows: figure 1 shown. When using Qemu-kvm, you need to open / dev / kvm to obtain the file descriptor of KVM first, then obtain the file descriptor (vm_fd) of the virtual machine through the IOCTL interface corresponding to the descriptor, and obtain the virtual CPU (vcpu) through vm_fd ) instance file descriptor (vcpu_fd), so that the process running on the virtual CPU and the register information used by it can be monitored. Without modifying the Qemu-kvm code, it is usually impossible to obtain the vcpu_fd at runtime, and it is impossible to use the IOCTL interface provided by KVM itself to monitor the process and register information in the virtual machine running on it.

[0033]The applicant also takes into account the fact that generally cloud service and virtualization service providers will not accept security vendors to modify the virtualiz...

Embodiment 2

[0047] This embodiment provides a scanning system for virtual machine process information and register information, including:

[0048] Scan execution module, scan strategy module, result analysis and report module, rule base maintenance module.

[0049] The scanning execution module is used to obtain the scanning result of virtual machine process and register information provided by the introspection API driver module through the IOCTL interface.

[0050] The scanning policy module is used to customize the scanning plan. Considering that the scanning will cause certain resource consumption on the virtualization platform, this module provides a customizable scanning plan to ensure that the scanning will not cause resource consumption with the operation of the business virtual machine. compete.

[0051] The result analysis and reporting module is used to analyze the scanned results, evaluate the running status of the corresponding virtual machine process according to the match...

Embodiment 3

[0054] The present embodiment provides a method for obtaining transparent KVM virtual machine process information, the method comprising:

[0055] A, the system call interception module intercepts the IOCTL call initiated by Qemu-kvm;

[0056] B, when finding that this IOCTL system call is CREATE_VCPU, reinitiate this system call by the introspection API driver module, and record the file descriptor (vcpu_fd) value of the returned virtual CPU;

[0057] In this step, the system call interception module monitors the system call of the host, if the IOCTL system call for creating vcpu initiated by Qemu-kvm is intercepted, the introspection API driver module constructs a new one according to the parameters of the intercepted IOCTL system call Create the IOCTL system call of vcpu and make a call to KVM, and return the return value of the IOCTL system call executed by KVM to Qemu-kvm.

[0058] Specifically, the process of the system call interception module transparently obtaining v...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a system for acquiring the process information of a KVM (Kernel-based Virtual Machine), relating to the technical field of information security. The system disclosed by the invention comprises a system call intercepting and capturing module and an introspection API (Application Program Interface) drive module, wherein the system call intercepting and capturing module is used for intercepting and capturing an IOCTL (Input Output Control) system call initiated by Qemu-kvm and sending called parameters to the introspection API drive module; and the introspection API drive module is used to substitute the Qemu-kvm to initiate the IOCTL system call to the KVM, record a vcpu (virtual central processing unit) which is called by the KVM after response, return the record to the Qemu-kvm, acquire process running in the virtual machine and relevant information of a register, carry out structured processing on the acquired relevant information, expose the relevant information subjected to structured processing to an external program through a process scanning interface, receive a scanning command initiated by the external program and initiate the request to KVM through the vcpu. The invention further discloses the method for acquiring the process information of the KVM. According to the technical scheme disclosed by the invention, the introspection of the information of a process running in the virtual machine can be realized transparently on the premise of not modifying Qemu-kvm and KVM codes.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a solution for protecting virtual machine security in cloud computing. Background technique [0002] Cloud computing is another new revolution in computers and the Internet. It transfers computing and storage to the cloud, and users can use lightweight portable terminals to perform complex calculations and large-capacity storage. From a technical point of view, cloud computing is not just a new concept, parallel computing and virtualization are the main technical means to realize cloud computing applications. Due to the rapid development of hardware technology, the performance of an ordinary physical server far exceeds the hardware performance requirements of an ordinary single user. Therefore, virtualizing a physical server into multiple virtual machines and providing virtualization services through virtualization has become the technical basis for building public ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/455G06F9/445
Inventor 李陟叶润国胡振宇
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com