[go: up one dir, main page]

CN107357629A - A kind of virtual machine based on internal memory online analyzing is without agent monitors method and device - Google Patents

A kind of virtual machine based on internal memory online analyzing is without agent monitors method and device Download PDF

Info

Publication number
CN107357629A
CN107357629A CN201710558127.9A CN201710558127A CN107357629A CN 107357629 A CN107357629 A CN 107357629A CN 201710558127 A CN201710558127 A CN 201710558127A CN 107357629 A CN107357629 A CN 107357629A
Authority
CN
China
Prior art keywords
virtual machine
monitoring
module
memory
monitored
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710558127.9A
Other languages
Chinese (zh)
Inventor
陶术松
尹学渊
陈林
鲁虹伟
李辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Wormhole Miracle Technology Co Ltd
Original Assignee
Chengdu Wormhole Miracle Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Wormhole Miracle Technology Co Ltd filed Critical Chengdu Wormhole Miracle Technology Co Ltd
Priority to CN201710558127.9A priority Critical patent/CN107357629A/en
Publication of CN107357629A publication Critical patent/CN107357629A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/301Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is a virtual computing platform, e.g. logically partitioned systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3037Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a memory, e.g. virtual memory, cache
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/32Monitoring with visual or acoustical indication of the functioning of the machine
    • G06F11/324Display of status information
    • G06F11/328Computer systems status display
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Mathematical Physics (AREA)
  • Computer Hardware Design (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention belongs to cloud computing server administrative skill field, specifically a kind of virtual machine based on internal memory online analyzing is without agent monitors method and device.Including setting monitoring virtual machine to receive monitoring strategies in the server;Monitored virtual machine because normal exit event be trapped in virtualization layer when, memory analysis is performed to monitored virtual machine according to monitoring strategies;Analysis result is read out in monitoring virtual machine timing, and multidimensional displaying is carried out to user.The monitoring method of the present invention, security monitoring module are all deployed in the virtualization layer outside virtual machine, efficiently avoid the various of virtual machine internal Malware and may interfere with, and have highly reliable and high security.Condition is absorbed in due to being not provided with other hardware, this method will not cause the unnecessary hardware in addition to normal virtualization to be absorbed in, avoid frequently root mode and the switch cost of non-root mode.By means of the dynamic of virtual machine creating, this method can be good at being extended, and monitoring service ability adaptability is strong.

Description

A kind of virtual machine based on internal memory online analyzing is without agent monitors method and device
Technical field
The invention belongs to cloud computing server administrative skill field, specifically a kind of virtual machine based on internal memory online analyzing Without agent monitors method and device.
Background technology
With the deep development and application of cloud computing, the monitoring for virtual machine is always technological difficulties and focus.Virtually The Implementation Technology of machine security monitoring can be divided into two major classes:Outside monitoring and internal control, both differences are internal prison Control needs to affix one's name to monitoring agent in virtual machine internal.Ceilometer meterings and the monitoring service increased income in OpenStack, are employed The pattern of outside monitoring realizes the monitoring to resources such as virtual machine, physical servers.Well-known cloud manufacturer such as Amazon AWS, the country Ali's cloud etc. all provides virtual machine monitoring service, and the index of collection mainly has the conventional indexs such as CPU usage, network load, with And use internal control Agent collection virutal machine memory utilization rate, swapace, disk space usage, TCP connection numbers Deng.
Above-mentioned virtual machine monitoring service, on the one hand lack in virtualization layer to virtual machine internal process, driving, kernel grade It is other to go deep into monitoring capacity;On the other hand, because monitored virtual machine internal must install corresponding monitoring agent component, also need It is further ensured that the safety and reliability of monitor component itself.
Chinese patent application 201410252843.0, virtual machine monitoring method and device, disclose a kind of virtual machine monitoring Method, this method call blocking module by means of the system positioned at virtual machine internal, intercept all processes inside operating system The system call request of initiation, while record the progress information for initiating to call.According to monitoring configuration, if what the system of initiation was called Process is to need the process that monitors, and the information record such as the beginning that just system is called and end time is got off, so as to realize pair The in-depth monitoring of virtual machine internal specific process information.
The system that such scheme depends critically upon virtual machine internal calls blocking module, malice generation be present in virtual machine internal In the case of code, reliability and security to the monitoring of virtual machine internal specific process can not be ensured.
Chinese patent application, 201210587189.X, virtual machine monitoring method and system, this method is mainly in virtual machine Layer, to the special instruction for needing virtualization layer to perform, insertion monitors breakpoint, so as to realize the interception that flow is performed to virtual machine, So as to obtain virtual machine current execution information.
Such scheme framework inserted special monitoring instruction, realizes redirecting for controlling stream in the translating phase of instruction by force, The expense of virtual machine operation is added, moreover, on the platform based on hardware virtualization, privileged instruction provides branch by processor Hold, it is not necessary to translation process.
Chinese patent application, 200910077241.5, for the detection method of a kind of computer and abnormal process, this method carries Go out a kind of using inner core bodies such as the CPU registers that currently run and segment register and KTHREAD, obtained in VMM layer The currently operation progress information, while according to the progress information such as process identification (PID), the process chained list of virtual machine internal is further obtained, Process is currently run so as to obtain virtual machine, judges the abnormal process being hidden.
In such scheme, under the virtualization system based on the auxiliary virtualization of EPT/NPT hardware, due to there is hardware supported, The process switching of virtual machine internal can't be trapped in virtual platform, avoid causing loss.So this each process switching The mode being absorbed in can influence to arrange performance;On the other hand, kernel process doubly linked list can be destroyed by kernel state malicious code, enter And influence the accuracy of the current real time execution process list of virtual machine.
The content of the invention
The present invention be directed to above-mentioned deficiency, a kind of virtual machine based on internal memory online analyzing of proposition without agent monitors method, Virtualization layer, by pellucidly online analyzing virutal machine memory, view when virtual machine is currently truly run is obtained in real time.
The present invention the virtual machine based on internal memory online analyzing without agent monitors method, including:
S1, monitoring virtual machine is set in the server, monitoring virtual machine receives the monitoring strategies of user's input, and will monitoring Strategy is stored;
S2, monitored virtual machine because normal exit event be trapped in virtualization layer when, virtual machine monitor is according to monitoring plan Memory analysis slightly is performed to monitored virtual machine, monitored virtual machine real-time analysis result is stored;
S3, monitoring virtual machine timing read out analysis result, multidimensional displaying are carried out to user.
Further, also include in S1 steps:
S11, distribution monitoring virtual machine shared drive;
S12, remapped by system address, application layer is read the storage letter in monitoring virtual machine shared drive Breath;
S13, virtualization layer is set to read the storage information in monitoring virtual machine shared drive by VMCALL instructions.
Further, the virutal machine memory analysis result in S2 steps is stored in monitoring virtual machine shared drive, in S3 steps Monitoring virtual machine timing is read out analysis result and read from monitoring virtual machine shared drive.
Further, in S3 steps, monitored virtual machine real-time analysis result is first deposited into analysis by monitoring virtual machine As a result in memory module, then taken out from analysis result memory module, multidimensional displaying is carried out to user.
The invention also provides a kind of virtual machine based on internal memory online analyzing without agent monitors device, including:
It is arranged at and is used for the monitoring virtual machine for monitoring monitored virtual machine in server;Be arranged at the virtual of virtualization layer Machine monitor;
The monitoring virtual machine sets user monitoring policy management module, for receiving and issuing user input input Monitoring strategies;
The monitoring virtual machine sets monitoring strategies memory module, for storing the monitoring strategies of user input input;
The monitoring virtual machine sets security monitoring mould module, for obtaining and issuing monitoring strategies and obtain monitored void The analysis result of plan machine correlation running situation;
Set in the virtual machine and show temporary storage module, for storing the analysis for needing to show in analysis result memory module As a result;
Displaying alert module is set in the virtual machine, for the analysis result for needing to show to be shown to user;
User monitoring policy management module is set in the virtual machine monitor, for entering to each monitored virutal machine memory Row is read;
Virutal machine memory on-line analysis module is set in the virtual machine monitor, for each monitored virtual machine Internal memory is analyzed;
Set in the virtual machine monitor and be absorbed in Processing Interface module, it is virtual for connecting security monitoring module and monitoring Machine shared drive module, and monitored virtual machine because normal exit event be trapped in virtualization layer when, control virutal machine memory On-line analysis module is analyzed monitored virutal machine memory.
Further,
Provisioning Policy distribution module in security monitoring module, the monitoring issued for receiving user monitoring policy management module Strategy, and issue;Auxiliary kernel module is set in security monitoring module, makes application layer direct for being remapped by system address Access monitoring virtual machine shared drive module, and, instructed using VMCALL by monitored virtual machine shared drive information transmission To virtualization layer, make virtualization layer can be with access monitoring virtual machine shared drive module;Analysis knot is set in security monitoring module Fruit memory module, for storing analysis result.
Further,
Monitor and analysis result memory cell is set in virtual machine shared drive module, for storing monitored virutal machine memory Analysis result;
Monitor and monitoring strategies memory cell is set in virtual machine shared drive module, for storing the monitoring strategies issued;
Monitor and monitored virtual machine essential information memory cell is set in virtual machine shared drive module, supervised for storing Control the essential information of virtual machine.
The virtual machine based on internal memory online analyzing of the present invention is without agent monitors method, based on the parsing of internal memory real-time online Without proxy mode virtual machine monitoring service framework, security monitoring module is all deployed in the virtualization layer outside virtual machine, effectively Ground avoids the various of virtual machine internal Malware and may interfere with, and has highly reliable and high security.Due to being not provided with other Hardware be absorbed in condition, this method will not cause the unnecessary hardware in addition to normal virtualization to be absorbed in, and avoid frequently root mould The switch cost of formula and non-root mode.By means of the dynamic of virtual machine creating, this method can be good at being extended, and ensure Monitoring service ability is constantly lifted with pressure.
Brief description of the drawings
Fig. 1 is present system schematic diagram
In figure, 1- monitoring virtual machines, 2- virtual machine monitors, the virtual machines of 3- the 1st, the virtual machines of 4- the 2nd, the virtual machines of 5- n-th, 6- user inputs, and 101- shows temporary storage module, 102- displaying alert modules, 103- security monitoring modules, 104- user monitoring plans Slightly management module, 105- monitoring strategies memory modules, 201- are absorbed in Processing Interface module, 202- monitoring virtual machine shared drive moulds Block, 203- virutal machine memory on-line analysis modules, 204- virutal machine memory read-write interface modules, in the virtual machines of 205- the 1st Deposit, the virutal machine memories of 206- the 2nd, the virutal machine memories of 207- n-th, 1031- analysis result memory modules, 1032- strategy distribution moulds Block, 1033- auxiliary kernel modules, the monitored virtual machine essential information memory cell of 2021-, 2022- monitoring strategies memory cell, 2023- analysis result memory cell.
Embodiment
With reference to Fig. 1, the virtual machine of the invention based on internal memory online analyzing without agent monitors method, including:
S1, monitoring virtual machine 1 is set in the server, in same physical server, a monitoring can be set empty Plan machine 1, more monitoring virtual machines 1 can also be set..Monitored virtual machine 1 includes the 1st virtual machine 3, the 2nd virtual machine 4, always To the n-th virtual machine 5, wherein n quantity is arranged as required to.It is corresponding with virtual machine, the 1st virutal machine memory 205 is set, and the 2nd is empty Plan machine internal memory 206, until the n-th virutal machine memory 207.
Under cloud environment, the virtual machine of same user is likely located at different physical servers, and same physical server The virtual machine of different user may also be run, therefore, it is necessary to according to configuration after user sets the monitoring strategies of some virtual machine Database, the physical server where monitored virtual machine is found, then monitoring strategies information is handed down to positioned at same User monitoring policy management module 104 in the monitoring virtual machine 1 of physical server.
It is virtual by the distribution monitoring of auxiliary kernel module 1033 in security monitoring module 103 after monitoring virtual machine 1 is set The shared drive of machine 1.Auxiliary kernel module 1033 is set in security monitoring module 103, makes to answer for remapping by system address With the direct access monitoring virtual machine shared drive module 202 of layer, replicated without internal memory occurs.And instructed using VMCALL By monitored virtual machine shared drive information transmission to virtualization layer, afterwards in the virtualization layer direct read/write virtual machine kernel layer Deposit, make virtualization layer can be with access monitoring virtual machine shared drive module 202;
Virtual machine 1 is monitored by user's monitoring strategies management module 104, receives the virtual machine prison that user input 6 inputs Control strategy, the user monitoring strategy received, is stored by monitoring strategies memory module 105.For the defeated of user input 6 Enter, can there is diversified forms, can be directly inputted with user, can also user input indirectly, when user inputs indirectly, can use Program transmits data.Monitoring strategies include monitoring period granularity, specific monitor control index.It is true that specific monitor control index includes virtual machine Process list, driving list, read-only kernel data.Specific monitor control index can also include the monitor control index of other needs.
S2, monitored virtual machine 1 because normal exit event be trapped in virtualization layer when, virtual machine monitor 2 is according to monitoring Strategy performs memory analysis to monitored virtual machine, and monitored virtual machine real-time analysis result is stored;When being supervised Control virtual machine because normal exit event be trapped in virtualization layer when, be absorbed in Processing Interface module 201 control virutal machine memory it is real-time On-line analysis module 203, virutal machine memory on-line analysis module 203 is by user's monitoring strategies management module 204 to quilt Analyzed in monitoring virtual machine, according to virtual machine kernel data structure and feature, can truly reconstructed current monitored Virtual machine real-time traffic information, including operation process list, driving list, kernel code and important kernel data etc..Virtual machine Analysis result is written to the analysis result in monitoring virtual machine shared drive module 202 by internal memory on-line analysis module 203 In memory cell 2023;
Analysis result is read out in S3, the monitoring timing of virtual machine 1, and multidimensional displaying is carried out to user.Monitor in virtual machine 1, peace The analysis result memory module 1031 of the full the inside of monitoring module 103 is periodically read in monitoring virtual machine shared drive module 202 The information of analysis result memory cell 2023, by showing that alert module 102 is shown to user.Multidimensional displaying is carried out to user When, auxiliary kernel module 1033 is read from the analysis result memory cell 2023 in monitoring virtual machine shared drive module 202 to be divided Result is analysed, and is stored into the analysis result memory module 1031 in security monitoring module 103, it is necessary to which the content of multidimensional displaying is deposited Store up in display temporary storage module 101, displaying alert module 102 reads the content shown in temporary storage module 101, user is carried out more Dimension displaying.
The present invention the virtual machine based on internal memory online analyzing without agent monitors device, including:
It is arranged at and is used for the monitoring virtual machine 1 for monitoring monitored virtual machine in server;With the void for being arranged at virtualization layer Plan machine monitor 2;
The monitoring virtual machine 1 sets user monitoring policy management module 104, for receiving and issuing the prison of user's input Control strategy;
The monitoring virtual machine 1 sets monitoring strategies memory module 105, for storing the monitoring strategies of user's input;
The monitoring virtual machine 1 sets security monitoring mould module, for obtaining and issuing monitoring strategies and obtain monitored The analysis result of 1 related running situation of virtual machine;
Set in the virtual machine and show temporary storage module 101, need to show for storing in analysis result memory module 1031 The analysis result shown;
Displaying alert module 102 is set in the virtual machine, for the analysis result for needing to show to be opened up to user Show;
User monitoring policy management module 204 is set in the virtual machine monitor 2, in each monitored virtual machine Deposit and be read out;
Virutal machine memory on-line analysis module 203 is set in the virtual machine monitor 2, for each monitored void Plan machine internal memory is analyzed;
Set in the virtual machine monitor 2 and be absorbed in Processing Interface module 201, for connecting the He of security monitoring module 103 Monitor virtual machine shared drive module 202, and monitored virtual machine because normal exit event be trapped in virtualization layer when, control Virutal machine memory on-line analysis module 203 is analyzed monitored virutal machine memory.
Further,
Provisioning Policy distribution module 1032 in security monitoring module 103, for receiving user monitoring policy management module 104 The monitoring strategies issued, and issue;Auxiliary kernel module 1033 is set in security monitoring module 103, for passing through system address Remapping makes the direct access monitoring virtual machine shared drive module 202 of application layer, and, instructed using VMCALL by monitored void Plan machine shared drive information transmission makes virtualization layer can be with access monitoring virtual machine shared drive module 202 to virtualization layer;Peace Analysis result memory module 1031 is set in full monitoring module 103, for storing analysis result.
Further,
Monitor and analysis result memory cell 2023 is set in virtual machine shared drive module 202, for storing monitored void Plan machine memory analysis result;
Monitor and monitoring strategies memory cell 2022 is set in virtual machine shared drive module 202, for storing the prison issued Control strategy;
Monitor and monitored virtual machine essential information memory cell 2021 is set in virtual machine shared drive module 202, be used for The essential information of the monitored virtual machine of storage.
The virtual machine based on internal memory online analyzing of the present invention is without agent monitors method, there is provided a kind of void of no proxy mode Intend machine monitoring method, can in real time monitor but be not limited to virtual machine process operation list, load driver list and kernel code And the virtual machine such as data information view when truly running, provide true foundation for operational decision making.

Claims (7)

1. a kind of virtual machine based on internal memory online analyzing is without agent monitors method, it is characterised in that including:
S1, monitoring virtual machine is set in the server, monitoring virtual machine receives the monitoring strategies of user's input, and by monitoring strategies Stored;
S2, monitored virtual machine because normal exit event be trapped in virtualization layer when, virtual machine monitor is according to monitoring strategies pair Monitored virtual machine performs memory analysis, and monitored virtual machine real-time analysis result is stored;
S3, monitoring virtual machine timing read out analysis result, multidimensional displaying are carried out to user.
2. the virtual machine according to claim 1 based on internal memory online analyzing is without agent monitors method, it is characterised in that
Also include in S1 steps:
S11, distribution monitoring virtual machine shared drive;
S12, remapped by system address, application layer is read the storage information in monitoring virtual machine shared drive;
S13, virtualization layer is set to read the storage information in monitoring virtual machine shared drive by VMCALL instructions.
3. the virtual machine according to claim 2 based on internal memory online analyzing is without agent monitors method, it is characterised in that
Virutal machine memory analysis result in S2 steps is stored in monitoring virtual machine shared drive,
The timing of monitoring virtual machine is read out analysis result and read from monitoring virtual machine shared drive in S3 steps.
4. the virtual machine based on internal memory online analyzing according to Claims 2 or 3 exists without agent monitors method, its feature In,
In S3 steps, monitored virtual machine real-time analysis result is first deposited into analysis result memory module by monitoring virtual machine In, then taken out from analysis result memory module, multidimensional displaying is carried out to user.
5. a kind of virtual machine based on internal memory online analyzing is without agent monitors device, it is characterized in that including:
It is arranged at and is used for the monitoring virtual machine for monitoring monitored virtual machine in server;Supervised with the virtual machine for being arranged at virtualization layer Visual organ;
The monitoring virtual machine sets user monitoring policy management module, for receiving and issuing the monitoring of user input input Strategy;
The monitoring virtual machine sets monitoring strategies memory module, for storing the monitoring strategies of user input input;
The monitoring virtual machine sets security monitoring mould module, for obtaining and issuing monitoring strategies and obtain monitored virtual machine The analysis result of related running situation;
Set in the virtual machine and show temporary storage module, for storing the analysis knot for needing to show in analysis result memory module Fruit;
Displaying alert module is set in the virtual machine, for the analysis result for needing to show to be shown to user;
Virutal machine memory read-write interface module is set in the virtual machine monitor, for being carried out to each monitored virutal machine memory Read;
Virutal machine memory on-line analysis module is set in the virtual machine monitor, for each monitored virutal machine memory Analyzed;
Set in the virtual machine monitor and be absorbed in Processing Interface module, be total to for connecting security monitoring module and monitoring virtual machine Enjoy memory modules, and monitored virtual machine because normal exit event be trapped in virtualization layer when, control virutal machine memory is real-time On-line analysis module is analyzed monitored virutal machine memory.
6. the virtual machine according to claim 5 based on internal memory online analyzing is without agent monitors device, it is characterized in that,
Provisioning Policy distribution module in security monitoring module, the monitoring plan issued for receiving user monitoring policy management module Slightly, and issue;Auxiliary kernel module is set in security monitoring module, application layer is directly visited for being remapped by system address Monitoring virtual machine shared drive module is asked, and, instructed using VMCALL and arrive monitored virtual machine shared drive information transmission Virtualization layer, make virtualization layer can be with access monitoring virtual machine shared drive module;Analysis result is set in security monitoring module Memory module, for storing analysis result.
7. the virtual machine based on internal memory online analyzing according to claim 5 or 6 is without agent monitors device, it is characterized in that,
Monitor and analysis result memory cell is set in virtual machine shared drive module, for storing monitored virutal machine memory analysis As a result;
Monitor and monitoring strategies memory cell is set in virtual machine shared drive module, for storing the monitoring strategies issued;
Monitor and monitored virtual machine essential information memory cell is set in virtual machine shared drive module, for storing monitored void The essential information of plan machine.
CN201710558127.9A 2017-07-10 2017-07-10 A kind of virtual machine based on internal memory online analyzing is without agent monitors method and device Pending CN107357629A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710558127.9A CN107357629A (en) 2017-07-10 2017-07-10 A kind of virtual machine based on internal memory online analyzing is without agent monitors method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710558127.9A CN107357629A (en) 2017-07-10 2017-07-10 A kind of virtual machine based on internal memory online analyzing is without agent monitors method and device

Publications (1)

Publication Number Publication Date
CN107357629A true CN107357629A (en) 2017-11-17

Family

ID=60291859

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710558127.9A Pending CN107357629A (en) 2017-07-10 2017-07-10 A kind of virtual machine based on internal memory online analyzing is without agent monitors method and device

Country Status (1)

Country Link
CN (1) CN107357629A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108829520A (en) * 2017-06-20 2018-11-16 成都虫洞奇迹科技有限公司 Server resource distribution method and device under a kind of cloud environment
CN108920253A (en) * 2018-06-20 2018-11-30 成都虫洞奇迹科技有限公司 A kind of the virtual machine monitoring system and monitoring method of no agency
CN109684035A (en) * 2018-12-17 2019-04-26 武汉烽火信息集成技术有限公司 A kind of adaptive virtual machine and host communication means and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7373451B2 (en) * 2003-12-08 2008-05-13 The Board Of Trustees Of The Leland Stanford Junior University Cache-based system management architecture with virtual appliances, network repositories, and virtual appliance transceivers
CN101976200A (en) * 2010-10-15 2011-02-16 浙江大学 Virtual machine system for input/output equipment virtualization outside virtual machine monitor
CN102930213A (en) * 2012-10-25 2013-02-13 中国航天科工集团第二研究院七〇六所 Security monitoring system and security monitoring method based on virtual machine
CN106250209A (en) * 2016-08-02 2016-12-21 浪潮(北京)电子信息产业有限公司 A kind of virutal machine memory monitoring method under Xen virtual environment and system thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7373451B2 (en) * 2003-12-08 2008-05-13 The Board Of Trustees Of The Leland Stanford Junior University Cache-based system management architecture with virtual appliances, network repositories, and virtual appliance transceivers
CN101976200A (en) * 2010-10-15 2011-02-16 浙江大学 Virtual machine system for input/output equipment virtualization outside virtual machine monitor
CN102930213A (en) * 2012-10-25 2013-02-13 中国航天科工集团第二研究院七〇六所 Security monitoring system and security monitoring method based on virtual machine
CN106250209A (en) * 2016-08-02 2016-12-21 浪潮(北京)电子信息产业有限公司 A kind of virutal machine memory monitoring method under Xen virtual environment and system thereof

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
候建宁 董贵山: ""基于虚拟技术的涉密笔记本电脑操作系统安全隔离"", 《保密科学技术》 *
潘世成: ""服务器虚拟化安全机制研究"", 《计算机安全》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108829520A (en) * 2017-06-20 2018-11-16 成都虫洞奇迹科技有限公司 Server resource distribution method and device under a kind of cloud environment
CN108829520B (en) * 2017-06-20 2022-03-29 成都灵跃云创科技有限公司 Server resource allocation method and device in cloud environment
CN108920253A (en) * 2018-06-20 2018-11-30 成都虫洞奇迹科技有限公司 A kind of the virtual machine monitoring system and monitoring method of no agency
CN109684035A (en) * 2018-12-17 2019-04-26 武汉烽火信息集成技术有限公司 A kind of adaptive virtual machine and host communication means and system
CN109684035B (en) * 2018-12-17 2020-11-17 武汉烽火信息集成技术有限公司 Self-adaptive virtual machine and host machine communication method and system

Similar Documents

Publication Publication Date Title
CN102541634B (en) Inserted by the detection of background virtual machine
CN104205064B (en) By program event recording (PER) event to the system and method running the conversion of time detecting event
CN103488563B (en) Data race detection method and device for parallel programs and multi-core processing system
CN108475217A (en) System and method for virtual machine of auditing
CN108205486A (en) A kind of intelligent distributed call chain tracking based on machine learning
US20080250400A1 (en) Method for System Call Interception in User Space
CN110348216A (en) A kind of fuzz testing method and system for cloud computing system virtual unit
CN103996003B (en) Data erasing system in a kind of virtualized environment and method
CN107357629A (en) A kind of virtual machine based on internal memory online analyzing is without agent monitors method and device
CN104380264A (en) Run-time instrumentation reporting
CN104364770A (en) Controlling operation of a run-time instrumentation facility from a lesser-privileged state
CN104021344B (en) A Honeypot Method for Collecting and Intercepting Computer Memory Behavior
US8793688B1 (en) Systems and methods for double hulled virtualization operations
CN101872323A (en) Method for fault-injection test based on virtual machine
CN106156353A (en) A kind of method and system increasing multilingual on-the-flier compiler enforcement engine for data base
CN104704474A (en) Hardware based run-time instrumentation facility for managed run-times
CN104169887B (en) The method and system of sampling indirectly is detected by the run time of instruction operation code
CN104364769A (en) Run-time instrumentation monitoring of processor characteristics
CN106055385A (en) System and method for monitoring virtual machine process, and method for filtering page fault anomaly
EP3226135A2 (en) Real-time cloud-infrastructure policy implementation and management
CN108737373A (en) A kind of security forensics method for catenet equipment concealment techniques
CN113127331A (en) Fault injection-based test method and device and computer equipment
CN116303078A (en) Application program code level performance analysis method, device, equipment and medium
EP3274896A1 (en) Configuration of a memory controller for copy-on-write with a resource controller
CN107506293A (en) A kind of software performance data acquisition method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171117