CN102708330B - Method for preventing system from being invaded, invasion defense system and computer - Google Patents
Method for preventing system from being invaded, invasion defense system and computer Download PDFInfo
- Publication number
- CN102708330B CN102708330B CN201210143307.8A CN201210143307A CN102708330B CN 102708330 B CN102708330 B CN 102708330B CN 201210143307 A CN201210143307 A CN 201210143307A CN 102708330 B CN102708330 B CN 102708330B
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- operating system
- intrusion prevention
- security strategy
- operation system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 20
- 230000007123 defense Effects 0.000 title claims abstract description 9
- 230000009545 invasion Effects 0.000 title abstract description 7
- 230000008859 change Effects 0.000 claims abstract description 30
- 230000002265 prevention Effects 0.000 claims description 66
- 238000001514 detection method Methods 0.000 claims description 11
- 238000011084 recovery Methods 0.000 claims description 7
- 238000005516 engineering process Methods 0.000 description 5
- 229920005669 high impact polystyrene Polymers 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000009434 installation Methods 0.000 description 4
- 239000004797 high-impact polystyrene Substances 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000004615 ingredient Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Landscapes
- Alarm Systems (AREA)
Abstract
The invention discloses a method for preventing a system from being invaded, an invasion defense system and a computer. The method comprises the following steps of: starting the invasion defense system which is installed in a manager layer of a virtual machine and isolated from an operating system of the virtual machine; detecting whether change of security states of the operating system and a service system which run in the virtual machine meets a preset security strategy through the invasion defense system, wherein the service system is installed in the operating system; and if the change of the security state does not meet the security strategy, executing preset operation according to the security strategy. According to the method, the invasion defense system installed in the manager layer of the virtual machine does not rely on the operating system of the virtual machine and cannot be influenced by bugs of the operating system, so that the operating system in the virtual machine can be well monitored; illegal programs can be prevented from invading the system; and the security of the operating system of the virtual machine is improved.
Description
Technical field
The present invention relates to computer security, particularly relate to method, intrusion prevention system and computing machine that a kind of anti-locking system is invaded.
Background technology
Along with the universal of internet and development, enterprise more and more payes attention to the safety of service server.Many enterprises and unit start to take HIPS(Host-based Intrusion Prevention System, Host Based intrusion prevention system) solve the safety issue of server.
The main operational principle of this system and object are: at the OS(OperatingSystem of service server, operating system) the corresponding fail-safe software of middle installation, in the process that operating system and operation system are run, monitor operating system and operation system itself are not tampered and invade.
This method can play defense reaction to a certain extent, but there is following shortcoming: one is that operating system is invaded, cannot accomplish well protection or cannot install at all as before installation HIPS software; Two is security mechanisms that the realization of existing HIPS software all relies on operating system, HIPS victim then may be caused to break through as operating system itself exists leak, as: certain HIPS software relies on the file system filter driver loaded in an operating system to the monitoring of file operation, as operating system is leaky, attacker can be easy to this driver to uninstall or directly walk around.
Summary of the invention
The technical problem to be solved in the present invention is the defect that can not ensure operating system security for intrusion prevention system in prior art when operating system itself exists leak, provides method, intrusion prevention system and computing machine that a kind of anti-locking system not relying on operating system is invaded.
The technical solution adopted for the present invention to solve the technical problems is:
A kind of method that anti-locking system is invaded is provided, comprises the following steps:
Start intrusion prevention system, described intrusion prevention system is arranged in virtual machine manager layer, isolates with the operating system of virtual machine;
Whether the change being detected the safe condition of operating system and the operation system run in virtual machine by described intrusion prevention system meets the security strategy pre-set, and described operation system is arranged in described operating system;
If the change of described safe condition does not meet described security strategy, then perform the operation preset according to described security strategy.
In the method that anti-locking system of the present invention is invaded, described in the operation that presets comprise and recover described operating system and operation system, and close described operating system and operation system.
In the method that anti-locking system of the present invention is invaded, the change of the safe condition simultaneously detecting operating system and the operation system run in multiple virtual machine can be set when arranging described security strategy.
In the method that anti-locking system of the present invention is invaded, the changing value of pre-value, file system pre-value or registration table pre-value between the crucial memory field that the change of described safe condition at least comprises described operating system and operation system.
In the method that anti-locking system of the present invention is invaded, after perform the operation preset according to described security strategy, also comprise step: according to the performed operation preset, produce corresponding warning information.
The present invention solves another technical scheme that its technical matters adopts:
There is provided a kind of intrusion prevention system, this intrusion prevention system is arranged in virtual machine manager layer, and isolate with the operating system of virtual machine, this intrusion prevention system comprises:
Security strategy arranges module, for pre-setting security strategy;
Detection module, for after this system of defense starts, whether the change detecting the safe condition of operating system and the operation system run in virtual machine meets the security strategy pre-set, and described operation system is arranged in described operating system;
Security strategy execution module, for when the change of described safe condition does not meet described security strategy, performs the operation preset according to described security strategy.
In intrusion prevention system of the present invention, described in the operation that presets comprise and recover described operating system and operation system, and close described operating system and operation system.
In intrusion prevention system of the present invention, described security strategy arranges the change that module can be further used for arranging the safe condition simultaneously detecting operating system and the operation system run in multiple virtual machine.
In intrusion prevention system of the present invention, the changing value of pre-value, file system pre-value or registration table pre-value between the crucial memory field that the change of described safe condition at least comprises described operating system and operation system.
In intrusion prevention system of the present invention, this intrusion prevention system also comprises alarm module, for according to the performed operation preset, produces corresponding warning information.
The present invention solves the 3rd technical scheme that its technical matters adopts:
A kind of computing machine being provided with intrusion prevention system is provided, this computing machine is provided with virtual machine layer and virtual machine manager layer, wherein virtual machine layer is provided with at least one virtual machine, described intrusion prevention system is arranged in described virtual machine manager layer, and described intrusion prevention system is intrusion prevention system mentioned above.
The beneficial effect that the present invention produces is: the present invention is by being arranged in virtual machine manager layer by intrusion prevention system, isolated with the operating system in virtual machine, whether the change being detected the safe condition of operating system and the operation system run in virtual machine by intrusion prevention system meets the security strategy pre-set, if the change of safe condition does not meet security strategy, then perform the operation preset according to security strategy.In technical scheme of the present invention, be installed on and invade the operating system that system of defense does not rely on virtual machine in virtual machine manager layer, not by the impact of Loopholes of OS, the operating system in virtual machine can be monitored well, prevent illegal program from invading, improve the security of VME operating system.
Accompanying drawing explanation
Below in conjunction with drawings and Examples, the invention will be further described, in accompanying drawing:
Fig. 1 is the installation site schematic diagram of the embodiment of the present invention based on the intrusion prevention system VMMIPS of virtual machine manager;
Fig. 2 is the invaded method flow diagram of the anti-locking system of the embodiment of the present invention;
Fig. 3 is the structural representation of embodiment of the present invention intrusion prevention system;
Fig. 4 is the computer organization schematic diagram that the embodiment of the present invention is provided with intrusion prevention system.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
The CPU support hardware Intel Virtualization Technology that the realization of the present invention program needs service server and operation system to run, include but not limited to the VT(Intel Virtualization Technology of Intel, Intel Intel Virtualization Technology) the Pacifica virtual technology of technology or AMD.In a computing machine, one or more virtual machine can be set.In the embodiment of the present invention, the operating system of the service server of enterprise can installation and operation wherein in a virtual machine, and in the operating system of service server, installs application system, i.e. operation system, as SQL Server(relational database management system) etc.
The method that the embodiment of the present invention prevents computer system invaded, mainly comprises the following steps:
Start intrusion prevention system, this intrusion prevention system is the intrusion prevention system (VMMIPS:Virtual Machine Monitor-based Intrusion PreventionSystem) of the manager based on virtual machine, be arranged in virtual machine manager (VMM:Virtual Machine Monitor) layer, isolate with the operating system of virtual machine; As shown in Figure 1, intrusion prevention system is arranged on the virtual machine manager layer in computer CPU, isolated by the hardware virtualization technical characteristic of computer CPU with virtual machine layer (virtual machine layer comprises multiple virtual machine), make intrusion prevention system independent of the operating system of virtual machine.
Whether the change being detected the safe condition of operating system and the operation system run in virtual machine by this intrusion prevention system meets the security strategy pre-set, and operation system is installed in an operating system;
If the change of safe condition does not meet security strategy, then perform the operation preset according to security strategy.
The embodiment of the present invention is monitored by the intrusion prevention system be arranged in Virtual Machine Manager layer and is operated in operating system in virtual machine and operation system; wherein Virtual Machine Manager layer and virtual machine are isolated; intrusion prevention system is independent of operating system; not by the impact of Loopholes of OS; can the not victim invasion of protected host operating system and operation system, safe and reliable.
Further, in the embodiment of the present invention, the operation preset comprises recovery operation system and operation system, and shutoff operation system and operation system.When system is subject to illegal invasion, the security of operating system and operation system can be protected by aforesaid operations.
Further, in the embodiment of the present invention, when arranging described security strategy, the change that intrusion prevention system detects the safe condition of operating system and the operation system run in multiple virtual machine simultaneously can be set.
Further, in the embodiment of the present invention, between the crucial memory field that the change of safe condition at least comprises operating system and operation system, the changing value of pre-value, file system pre-value or registration table pre-value, when changing value exceedes corresponding preset value, just performs corresponding operation.
Further, in the embodiment of the present invention, after perform the operation preset according to security strategy, also comprise step: according to the performed operation preset, produce corresponding warning information.
In the embodiment of the present invention, the intrusion prevention system based on virtual machine manager can be made software and be arranged in virtual machine manager layer, isolate with virtual machine layer, as shown in Figure 2, the invaded method of the anti-locking system of the embodiment of the present invention comprises the following steps:
S201, operation VMMIPS software;
S202, in intrusion prevention system, set the virtual machine that will protect and corresponding security strategy; This security strategy can specify the safe condition how detecting virtual machine and the operating system operated in virtual machine and operation system, and the safe condition that this security strategy detects includes but not limited to: virtual machine and operate in operating system and operation system in virtual machine crucial memory field between one or more in pre-value, file system pre-value, registration table pre-value etc.When the changing value of each value above-mentioned exceedes preset value, then perform the corresponding operating set in security strategy.
S203, to start the operating system in virtual machine and operation system.
Whether the operating system in S204, intrusion prevention system detection virtual machine and operation system meet the security strategy pre-set.
S205, judge whether to require to resume operation according to the security strategy that pre-sets operating system in virtual machine and operation system.
If S206 requires the operating system of resuming operation in virtual machine and operation system according to the security strategy pre-set, then use the modes such as replacement to resume operation operating system in virtual machine and operation system, and alarm is to the keeper of intrusion prevention system.
If S207 without the need to operating system in virtual machine and the operation system of resuming operation, then close the operating system operated in virtual machine and operation system, and alarm is to the keeper of intrusion prevention system according to the security strategy pre-set.
As shown in Figure 3, the intrusion prevention system of the embodiment of the present invention is for realizing the invaded method of above-mentioned anti-locking system, and intrusion prevention system is arranged in Virtual Machine Manager layer, comprising:
Security strategy arranges module 221, for pre-setting security strategy; In embodiments of the present invention, this security strategy can specify the safe condition how detecting virtual machine and the operating system operated in virtual machine and operation system, and the safe condition that this security strategy detects includes but not limited to: virtual machine and operate in operating system and operation system in virtual machine crucial memory field between one or more in pre-value, file system pre-value, registration table pre-value etc.
Detection module 222, whether the change for the safe condition detecting operating system and the operation system run in virtual machine meets the security strategy pre-set, and operation system is installed in an operating system; When the changing value of each pre-value above-mentioned exceedes preset value, then perform the corresponding operating set in security strategy.
Security strategy execution module 223, for when the change of safe condition does not meet security strategy, performs the operation preset according to security strategy.In an embodiment of the present invention, the operation preset comprises recovery operation system and operation system, and shutoff operation system and operation system.
Further, in the embodiment of the present invention, security strategy arranges module 221 and can be further used for arranging the change that intrusion prevention system detects the safe condition of operating system and the operation system run in multiple virtual machine simultaneously.
Further, in order to inform the situation of monitoring virtual machine in time, this intrusion prevention system also comprises alarm module 224, for according to the performed operation preset, produces corresponding warning information.
As shown in Figure 4, the computing machine that the embodiment of the present invention is provided with above-mentioned intrusion prevention system is provided with virtual machine layer 10, virtual machine manager layer 20, basal layer 30 and input/output module 40.
Virtual machine layer 10 comprises one or more virtual machine (VM) of setting, operating system (OS) and operation system are installed in virtual machine, virtual machine layer 10 and virtual machine manager layer 20 all operate in the CPU of computing machine, but isolated by the hardware virtualization technical characteristic of CPU, virtual machine manager layer 20 comprises virtual machine manager 21 and intrusion prevention system 22, the concrete ingredient of intrusion prevention system 22 has a detailed description above, is not repeated herein.
Basal layer 30 is the basis supporting that intrusion prevention system 22 runs, and comprises shoring of foundation module, this shoring of foundation module in order to resolve the file system of corresponding VME operating system, registration table (if any), crucial memory field etc.Intrusion prevention system 22 is mutual with the operating system operated in virtual machine by shoring of foundation module.
Input/output module 40 is for comprising the input and output I/O modules such as network, keyboard, display, disk, serial ports.
This computing machine performs intrusion prevention and mainly comprises the steps (step number is indicated in the diagram):
Step 1: in input/output module 40(and I/O module) in, by network or directly by the security strategy of keyboard display input to intrusion prevention system 22, namely arrange in module 221 in security strategy and pre-set security strategy, and be saved to storage medium (as disk, Flash etc.).
Step 2: the setting that module read step 1 is set by security strategy.
The setting that detection module 222 analyzing step 2 of step 3:VMMIPS reads, and according to arranging content choice, safety detection is done to which VME operating system (VM OS).
The detection module 222 of step 4:VMMIPS obtains the VM OS that will detect or the information operating in operation system in VM OS according to the result of step 3 by virtual machine manager 21.
The detection module 222 of step 5:VMMIPS according to the information that step 4 reads select corresponding supporting module with resolve the file system of corresponding VM OS, registration table (if any), crucial memory field etc.Wherein " expansion is resolved " module is used for supporting the parsing to key service system, and if the key service system operated in VM OS is SQL Server, then expansion parsing module provides the analysis service to SQL Server data layout.
The detection module 222 of step 6:VMMIPS uses the parsing module of step 5 to read and the operation system detecting VM OS or operate in VM OS, to obtain the information such as pre-value between crucial memory field, file system pre-value, registration table pre-value and state change thereof.
The detection module 222 of step 7:VMMIPS, according to the detection of step 6, calls security strategy execution module 223.
Step 8,9: the assigned operation of security strategy execution module 223 set by security strategy makes management by virtual machine manager 21 couples of VM OS, between crucial memory field, pre-value, file system pre-value, registration table pre-value etc. change, and this change does not meet the preset value of VMMIPS security strategy, then perform the action set by this security strategy, as: shut down, restPose or restart.
Step 9: step 9 be also used between virtual machine manager 21 with VM OS other communicate and management.Step 10: the content instruction alarm module 224 outputting alarm information that security strategy execution module 223 is specified according to security strategy.
Step 11: alarm module 224 is exported warning information by input/output module 40.
Step 12: input/output module 40 is by network or directly by outputting alarms such as keyboard display, serial ports, loudspeakers.
At virtual machine manager layer, the intrusion prevention system VMMIPS based on virtual machine manager is installed, with the operating system in virtual machine and operation system isolated, even if itself there is leak in operating system, also can avoid unloaded or directly walk around, thus play the effect of intrusion prevention, improve the security of operating system.
Should be understood that, for those of ordinary skills, can be improved according to the above description or convert, and all these improve and convert the protection domain that all should belong to claims of the present invention.
Claims (5)
1. the method that anti-locking system is invaded, is characterized in that, comprises the following steps:
Start intrusion prevention system, described intrusion prevention system is arranged in virtual machine manager layer, isolate with the operating system of virtual machine, described intrusion prevention system is with to operate in operating system in virtual machine mutual by shoring of foundation module, and described shoring of foundation module is for resolving the file system of the operating system of corresponding virtual machine, registration table or crucial memory field;
Whether the change being detected the safe condition of operating system and the operation system run in virtual machine by described intrusion prevention system meets the security strategy pre-set, and described operation system is arranged in described operating system; The changing value of pre-value, file system pre-value or registration table pre-value between the crucial memory field that the change of described safe condition at least comprises described operating system and operation system; When arranging described security strategy, the change of the safe condition simultaneously detecting operating system and the operation system run in multiple virtual machine can be set;
If the change of described safe condition does not meet described security strategy, then judge that described security strategy is the need of the described operating system of recovery and operation system; If so, described operating system and operation system is then recovered; If not, then described operating system and operation system is closed.
2. the method that anti-locking system according to claim 1 is invaded, it is characterized in that, after performing recovery according to described security strategy or closing described operating system and operation system, also comprise step: according to performed recovery or the operation of closing described operating system and operation system, produce corresponding warning information.
3. an intrusion prevention system, it is characterized in that, this intrusion prevention system is arranged in virtual machine manager layer, isolate with the operating system of virtual machine, described intrusion prevention system is mutual by shoring of foundation module with the operating system operated in virtual machine, described shoring of foundation module is for resolving the file system of the operating system of corresponding virtual machine, registration table or crucial memory field, and this intrusion prevention system comprises:
Security strategy arranges module, for pre-setting security strategy;
Detection module, for after this system of defense starts, whether the change detecting the safe condition of operating system and the operation system run in virtual machine meets the security strategy pre-set, and for arranging the change of the safe condition detecting operating system and the operation system run in multiple virtual machine simultaneously; Wherein, the change of described safe condition at least comprise described operating system and operation system crucial memory field between the changing value of pre-value, file system pre-value or registration table pre-value; Described operation system is arranged in described operating system;
Security strategy execution module, for when the change of described safe condition does not meet described security strategy, then judges that described security strategy is the need of the described operating system of recovery and operation system; If so, described operating system and operation system is then recovered; If not, then described operating system and operation system is closed.
4. intrusion prevention system according to claim 3, is characterized in that, this intrusion prevention system also comprises alarm module, for according to performed recovery or the operation of closing described operating system and operation system, produces corresponding warning information.
5. one kind is provided with the computing machine of intrusion prevention system, it is characterized in that, this computing machine is provided with virtual machine layer and virtual machine manager layer, wherein virtual machine layer is provided with at least one virtual machine, described intrusion prevention system is arranged in described virtual machine manager layer, the intrusion prevention system according to any one of claim 3-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210143307.8A CN102708330B (en) | 2012-05-10 | 2012-05-10 | Method for preventing system from being invaded, invasion defense system and computer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210143307.8A CN102708330B (en) | 2012-05-10 | 2012-05-10 | Method for preventing system from being invaded, invasion defense system and computer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102708330A CN102708330A (en) | 2012-10-03 |
| CN102708330B true CN102708330B (en) | 2015-07-08 |
Family
ID=46901080
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210143307.8A Active CN102708330B (en) | 2012-05-10 | 2012-05-10 | Method for preventing system from being invaded, invasion defense system and computer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102708330B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103885863B (en) * | 2012-12-24 | 2018-12-11 | 腾讯科技(深圳)有限公司 | The processing method and virtual machine of the system failure |
| WO2014121510A1 (en) * | 2013-02-08 | 2014-08-14 | 华为技术有限公司 | Method and device for realizing attack protection in cloud computing network, and network |
| CN106559406B (en) * | 2015-09-30 | 2019-09-17 | 东软集团股份有限公司 | Physical network safety equipment and its control method and device |
| CN105912936B (en) * | 2016-04-11 | 2018-09-21 | 浪潮集团有限公司 | A method of improving SDN switch performance and safety |
| CN107770174A (en) * | 2017-10-23 | 2018-03-06 | 上海微波技术研究所(中国电子科技集团公司第五十研究所) | A kind of intrusion prevention system and method towards SDN |
| CN115499144A (en) * | 2021-06-18 | 2022-12-20 | 中兴通讯股份有限公司 | Intrusion detection method, device and system, electronic device, computer readable medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101373441A (en) * | 2008-09-19 | 2009-02-25 | 苏州壹世通科技有限公司 | A Firmware-Based Virtualization Platform System |
| CN101499016A (en) * | 2008-01-31 | 2009-08-05 | 联想(北京)有限公司 | Virtual machine monitor, virtual machine system and process handling method of client operating system |
| CN101520833A (en) * | 2009-04-10 | 2009-09-02 | 武汉大学 | Anti-data-leakage system and method based on virtual machine |
| CN101645873A (en) * | 2008-08-07 | 2010-02-10 | 联想(北京)有限公司 | Method for realizing network isolation in environments of computer and virtual machine |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7953980B2 (en) * | 2005-06-30 | 2011-05-31 | Intel Corporation | Signed manifest for run-time verification of software program identity and integrity |
| CN101425021A (en) * | 2007-10-31 | 2009-05-06 | 卢玉英 | Mobile application mode of personal computer based on virtual machine technique |
| CN101387989A (en) * | 2008-10-29 | 2009-03-18 | 北京世纪红山科技有限公司 | Computer system and method for constructing virtual storage device based on sectorization management |
| CN101430674B (en) * | 2008-12-23 | 2010-10-20 | 北京航空航天大学 | Intraconnection communication method of distributed virtual machine monitoring apparatus |
-
2012
- 2012-05-10 CN CN201210143307.8A patent/CN102708330B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101499016A (en) * | 2008-01-31 | 2009-08-05 | 联想(北京)有限公司 | Virtual machine monitor, virtual machine system and process handling method of client operating system |
| CN101645873A (en) * | 2008-08-07 | 2010-02-10 | 联想(北京)有限公司 | Method for realizing network isolation in environments of computer and virtual machine |
| CN101373441A (en) * | 2008-09-19 | 2009-02-25 | 苏州壹世通科技有限公司 | A Firmware-Based Virtualization Platform System |
| CN101520833A (en) * | 2009-04-10 | 2009-09-02 | 武汉大学 | Anti-data-leakage system and method based on virtual machine |
Non-Patent Citations (1)
| Title |
|---|
| 虚拟机健壮入侵检测技术的研究;邵青;《CNKI优秀硕士学位论文全文库》;20071231;第3章第3.1节3.1.1小节、第4章第4.2-4.5节,图4-1 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102708330A (en) | 2012-10-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102708330B (en) | Method for preventing system from being invaded, invasion defense system and computer | |
| TWI387923B (en) | Computer security management, such as in a virtual machine or hardened operating system | |
| Payne et al. | Lares: An architecture for secure active monitoring using virtualization | |
| CN103886259B (en) | Kernel level rootkit based on Xen virtualized environment detection and processing method | |
| CN105740710A (en) | Method for realizing BIOS dynamic measurement based on BMC | |
| CN105975328A (en) | Log file security auditing system and method based on security virtual machine | |
| EP3079057B1 (en) | Method and device for realizing virtual machine introspection | |
| Song | Analysis of risks for virtualization technology | |
| Hua et al. | Detecting malware and rootkit via memory forensics | |
| Shi et al. | Vanguard: A cache-level sensitive file integrity monitoring system in virtual machine environment | |
| Zhan et al. | Cfwatcher: A novel target-based real-time approach to monitor critical files using vmi | |
| CN102122331B (en) | Method for constructing ''In-VM'' malicious code detection framework | |
| CN104573500A (en) | UEFI (Unified Extensible Firmware Interface)-based software real-time protection system and UEFI-based software real-time protection method | |
| CN109902490B (en) | Linux kernel level file system tamper-proof application method | |
| Jia et al. | Defending return‐oriented programming based on virtualization techniques | |
| Jin et al. | Trusted attestation architecture on an infrastructure-as-a-service | |
| Suzaki et al. | Kernel memory protection by an insertable hypervisor which has VM introspection and stealth breakpoints | |
| Lombardi et al. | A security management architecture for the protection of kernel virtual machines | |
| Stelte et al. | Towards integrity measurement in virtualized environments—A hypervisor based sensory integrity measurement architecture (SIMA) | |
| Tsifountidis | Virtualization security: Virtual machine monitoring and introspection | |
| Xu et al. | Research on semantic gap problem of virtual machine | |
| Wu et al. | Industrial control trusted computing platform for power monitoring system | |
| AU2019255300A1 (en) | Anti-virus device for industrial control systems | |
| Liao et al. | A stack-based lightweight approach to detect kernel-level rookits | |
| CN108197464A (en) | A kind of environment sensitive type malware analysis detection method and system towards cloud environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200616 Address after: Nanshan District Xueyuan Road in Shenzhen city of Guangdong province 518000 No. 1001 Nanshan Chi Park building A1 layer Patentee after: SANGFOR TECHNOLOGIES Inc. Address before: 518000 Nanshan Science and Technology Pioneering service center, No. 1 Qilin Road, Guangdong, Shenzhen 418, 419, Patentee before: Shenxin network technology (Shenzhen) Co.,Ltd. |