Virtual machine safety monitoring method and system based on introspection technology

A virtual machine and technology technology, applied in computer security devices, hardware monitoring, program control design, etc., can solve problems such as not safe and effective security mode, vulnerable to malicious attacks, etc., to achieve the effect of ensuring high efficiency

Pending Publication Date: 2021-07-16
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] There are two main modes of virtual machine introspection (VMI), in-band and out-of-band. In the in-band mode, a monitoring module needs to be deployed in the virtual machine to learn more about the state information in the virtual machine. Since the monitoring module is deployed inside the virtual machine, Vulnerable to malicious attacks, not a safe and effective security model

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virtual machine safety monitoring method and system based on introspection technology
  • Virtual machine safety monitoring method and system based on introspection technology
  • Virtual machine safety monitoring method and system based on introspection technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] In order to make the above objects, features and advantages of the present invention more comprehensible, the present invention will be further described in detail below through specific embodiments and accompanying drawings.

[0045] The present invention mainly comprises the following contents:

[0046] (1) Fine-grained efficient introspection mechanism. The invention can set the interrupt trap for the physical address of the virtual machine API, so that the virtual machine will fall into the VMM layer when calling the API, and the VMM layer traps at the instruction level, thereby minimizing the impact of the self-examination mechanism on the original operating efficiency of the virtual machine.

[0047] (2) Dynamic interception analysis of host behavior. The invention can dynamically adjust the API of the monitored virtual machine according to the needs, dynamically add the API functions that need to be monitored according to the different stages of virtual machine ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a virtual machine safety monitoring method and system based on an introspection technology. The method comprises the following steps: establishing a plug-in library of virtual machine behaviors, selecting a plug-in to be monitored from the plug-in library according to a monitoring instruction, reading an API function name and a relative offset address of an API function in the plug-in library, and calculating a virtual address of the API function; reading a virtual address of an API function in the plug-in library, storing a machine code stored in the virtual address, and then modifying the machine code stored in the virtual address into a machine code of an interrupt instruction; after the virtual machine accesses the modified virtual address and triggers interruption, semantic analysis is carried out on the virtual machine; and after semantic analysis is completed, writing the original machine code stored in the virtual address back into the virtual address, setting the virtual machine as single-step execution, and then recovering the execution of the virtual machine. According to the method, the detection requirement of the user on the host behavior is dynamically received, the corresponding behavior plug-in library is called, and high-performance, high-precision and high-coverage behavior monitoring can be carried out on the virtual machine.

Description

technical field [0001] The invention relates to the field of virtualization safety monitoring, in particular to a virtual machine safety monitoring method and system based on introspection technology. Background technique [0002] Virtualization technology can integrate the underlying physical computing resources into an operating environment, and logically abstract and unify the underlying computing resources. Virtualization technology is the basic key technology for cloud computing, and its security directly determines the security of user data in the entire cloud platform. Safety. At present, there are various forms of network attacks, the duration of attacks and the number of attacks are increasing, and equipment and applications are facing huge security threats. Compared with traditional environments, cloud computing brings huge economic benefits, so that hackers from all over the world have seen the benefits. Turning to the attack on the virtualized environment, the s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/455G06F11/30G06F21/56
CPCG06F9/45558G06F11/301G06F21/566G06F2009/45575
Inventor 屈天恒郝志宇丁振全程丰陈宇李大辉
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap