CN107454961A - A kind of virtualization system monitoring method and device - Google Patents
A kind of virtualization system monitoring method and device Download PDFInfo
- Publication number
- CN107454961A CN107454961A CN201680002935.0A CN201680002935A CN107454961A CN 107454961 A CN107454961 A CN 107454961A CN 201680002935 A CN201680002935 A CN 201680002935A CN 107454961 A CN107454961 A CN 107454961A
- Authority
- CN
- China
- Prior art keywords
- domain
- host
- state information
- running
- client computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Debugging And Monitoring (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a kind of virtualization system monitoring method and device, methods described to include:Confidence region TrustZone obtains the running state information of domain Domain in virtualization system;The running status of the Domain is determined according to the legal state information of the running state information of the Domain and the Domain.The application realizes the monitoring to domain in virtualization system based on security architecture TrustZone, compensate for the security breaches in virtualization system monitoring process.
Description
Technical field
The present invention relates to technical field of virtualization, more particularly to a kind of virtualization system monitoring method and device.
Background technology
To lift mobile terminal safety, exist in the prior art and multiple operating systems or virtual are realized by virtualization technology
Machine operates in the scheme of mobile terminal simultaneously, and the isolation that virtualization technology is brought can realize multiple operating systems on single terminal end
Isolation, avoid the process in each operating system from having a negative impact other operating systems, typical application scenarios is pass through
Virtualization technology realizes the separation of business system and ps on the mobile devices such as mobile phone, takes precautions against the process on ps
The potential hazard brought to enterprise, meet that some have demand of the enterprise of safety requirements to " from carrying device " (BYOD).
Fig. 1 is virtualization system configuration diagram in the prior art, and be in bottom in virtualization system framework is hardware
System, mainly including processor, internal memory and input-output equipment etc..It is the independent running software ring of safety on hardware system
Border virtualization layer, monitor of virtual machine (be abbreviated as VMM or be Hypervisor) is run in virtualization layer.Hypervisor's
Major Function is:Manage real physical hardware platform, and for each virtual client provide corresponding to virtual hardware platform.
Hypervisor realizes foregoing function by virtualization layer host (Host), and host can run host operating system
(Host OS), and run various virtual machine management programs.One or more client computer (Guest) have also been run on virtualization layer,
Each client computer is the virtual machine in virtualization system, can have respective operating system (Guest OS) and be separately operable various journeys
Sequence application.
With the development of terminal virtualization technology, virtualization system is also faced with the safety problem of sternness.At present increasingly
Virtual machine is pointed in more malicious attack, causes the program in virtual machine or virtual machine maliciously to be altered and causes security breaches.Enhancing
The security and the believable virtualized environment of structure of virtual machine have become the active demand of industry.Existing virtualization system prison
Survey method in the monitoring program run in virtualization layer host or a certain client computer on virtualization layer mainly by transporting
Capable monitoring program is monitored to virtualization system, to prevent virtualization system to be tampered.
The deficiencies in the prior art essentially consist in:
Because in existing virtualization system monitoring method, monitoring is generally realized by host or a certain client computer, and place
Main frame and virtual machine have the possibility being tampered in itself, so the existing monitoring to virtualization system has security breaches.
The content of the invention
The embodiment of the present application proposes the technical scheme to solve the above problems, is realized by confidence region TrustZone to virtual
The monitoring of change system.
In one aspect, the embodiment of the present application provides a kind of virtualization system monitoring method, it is characterised in that the side
Method includes:
Confidence region TrustZone obtains the running state information of domain Domain in virtualization system;
The Domain is determined according to the running state information of the Domain and the Domain legal state information
Running status.
Preferably, the Domain is host and/or client computer.
Preferably, it is described to be determined according to the running state information of the Domain and the legal state information of the Domain
The running status of the Domain, including:
According to the running state information of the client computer and the legal state information of the client computer, judge that the two is mismatched
When, the running status for determining the client computer is Hacking Run state;
It is determined that the client computer running status be Hacking Run state after, in addition to:
TrustZone sends the first control instruction to host, and the host is according to first control instruction to place
It is controlled in the client computer of Hacking Run state.
Preferably, it is described to be determined according to the running state information of the Domain and the legal state information of the Domain
The running status of the Domain, including:
According to the running state information of the client computer and the legal state information of the client computer, judge that the two is matched
When, the running status for determining the client computer is legal running status.
Preferably, it is described to be determined according to the running state information of the Domain and the legal state information of the Domain
The running status of the Domain, including:
According to the running state information of the host and the legal state information of the host, judge that the two is mismatched
When, the running status for determining the host is Hacking Run state;
It is determined that the host running status be Hacking Run state after, in addition to:
TrustZone sends the second control instruction to the host, and the host is according to second control instruction
Host in Hacking Run state is controlled.
Preferably, it is described to be determined according to the running state information of the Domain and the legal state information of the Domain
The running status of the Domain, including:
According to the running state information of the host and the legal state information of the host, judge that the two is matched
When, the running status for determining the host is legal running status.
Preferably, the running state information of the Domain is to be calculated according to the Domain cores kernel layer identification codes section
The information of the obtained sign Domain running statuses.
In another aspect, the embodiment of the present application provides a kind of virtualization system monitoring device, it is characterised in that described
Device includes:
Data obtaining module, described information acquisition module is located at confidence region TrustZone, for obtaining in virtualization system
Domain Domain running state information;
State determining module, the state determining module are located at TrustZone, for the operation shape according to the Domain
State information and the legal state information of the Domain determine the running status of the Domain.
Preferably, the Domain is host and/or client computer.
Preferably, the state determining module, specifically for the running state information according to the client computer and the visitor
The legal state information of family machine, when judging that the two is mismatched, the running status for determining the client computer is Hacking Run state;
Described device also includes:
Instruction sending module, the instruction sending module are located at TrustZone, for being determined in the state determining module
The running status of the client computer be Hacking Run state after, to host send the first control instruction;
Control module, the control module are located at the host, for sent according to the instruction sending module
One control instruction is controlled to the client computer in Hacking Run state.
Preferably, the state determining module, for the running state information according to the client computer and the client computer
Legal state information, judge the two match when, the running status for determining the client computer is legal running status.
Preferably, the state determining module, specifically for the running state information according to the host and the place
The legal state information of main frame, when judging that the two is mismatched, the running status for determining the host is Hacking Run state;
Described device also includes:
Instruction sending module, the instruction sending module are located at TrustZone, for being determined in the state determining module
The running status of the host be Hacking Run state after, to the host send the second control instruction;
Control module, the control module are located at the host, for sent according to the instruction sending module
Two control instructions are controlled to the host in Hacking Run state.
Preferably, the state determining module, for the running state information according to the host and the host
Legal state information, judge the two match when, the running status for determining the host is legal running status.
Preferably, the running state information of the Domain is to be calculated according to the Domain cores kernel layer identification codes section
The information of the obtained sign Domain running statuses.
The application's has the beneficial effect that:
Confidence region TrustZone obtains the running state information of domain Domain in virtualization system in the application;According to institute
State Domain running state information and the legal state information of the Domain determines the running status of the Domain.This Shen
The monitoring to domain in virtualization system is please realized based on security architecture TrustZone, compensate in virtualization system monitoring process
Security breaches.
Brief description of the drawings
The specific embodiment of the present invention is described below with reference to accompanying drawings, wherein:
Fig. 1 shows virtualization system configuration diagram in the prior art;
Fig. 2 shows system architecture schematic diagram in some embodiments of the application;
Fig. 3 shows the schematic flow sheet of virtualization system monitoring method in the embodiment of the present application one;
Fig. 4 shows the schematic flow sheet of virtualization system monitoring method in the embodiment of the present application two;
Fig. 5 shows the schematic flow sheet of virtualization system monitoring method in the embodiment of the present application three;
Fig. 6 shows the schematic flow sheet of virtualization system monitoring method in the embodiment of the present application four;
Fig. 7 shows the schematic flow sheet of another virtualization system monitoring method in the embodiment of the present application four;
Fig. 8 shows the structural representation of the virtualization system monitoring device of the embodiment of the present application five.
Embodiment
In order that technical scheme and advantage are more clearly understood, below in conjunction with accompanying drawing to the exemplary of the present invention
Embodiment is described in more detail, it is clear that and described embodiment is only the part of the embodiment of the present invention, rather than
The exhaustion of all embodiments.And in the case where not conflicting, the feature in embodiment and embodiment in this explanation can be mutual
It is combined.
Inventor notices during invention:In existing virtualization system monitoring method, monitor generally by host
Or a certain client computer is realized, and host and virtual machine have the possibility being tampered in itself, so existing to virtualization system
Monitoring security breaches be present.
For above-mentioned deficiency, present applicant proposes the fortune that confidence region TrustZone obtains domain Domain in virtualization system
Row status information;According to determining the running state information of the Domain and the legal state information of the Domain
Domain running status.The application realizes the monitoring to domain in virtualization system based on security architecture TrustZone, compensate for
Security breaches in virtualization system monitoring process, are illustrated below.
Can be by being used in mixed way the method for hardware and software in SoC (System on Chip, system-level core in mobile terminal
Piece) on isolate two parallel performing environments:Common unclassified performing environment and the secure environment of safety.Wherein, claim non-
Secrecy performing environment is rich performing environment REE (Rich Execution Environment), and it performs mobile terminal operation system
System;The secure environment of safety is referred to as credible performing environment TEE (Trusted Execution Environment), and it is provided
The performing environment of isolation, safe class are higher.
TrustZone is a kind of roll-over protective structure that TEE is realized on SoC that ARM is proposed safely for consumer-elcetronics devices
Structure, TrustZone operating systems (TrustZone OS) can be run, and various safety applications are run in the operating system.
By virtualization technology and trusted context technological incorporation in this motion, framework as shown in Figure 2 is produced, wherein in virtualization system
Virtualization layer Host and each virtual machine are respectively positioned in REE, and TrustZone frameworks are transported in itself and based on TrustZone frameworks
Capable TrustZone OS and monitoring program are located in TEE.
This motion is realized in TEE to the virtual machine in virtualization system and/or virtual based on security architecture TrustZone
Change the monitoring of layer main frame.
For the ease of the implementation of the present invention, illustrated below with example.
Embodiment one:
Fig. 3 shows the schematic flow sheet of virtualization system monitoring method in the embodiment of the present invention one, as shown in figure 3, institute
Stating virtualization system monitoring method includes:
Step 301, confidence region TrustZone obtain the running state information of domain Domain in virtualization system;
Step 302, institute determined according to the running state information of the Domain and the legal state information of the Domain
State Domain running status.
In step 301, Domain be virtualization system in domain, i.e., in virtualization system can independent operating domain, lead to
Often operate on virtualization layer, available for realizing host or client computer etc..It should be noted that by Xen, KVM,
The concept in domain is similar, the present embodiment in the virtualization system that the virtualization softwares such as VMware or hyper-v or component are realized
The implementation of virtualization system is not restricted.
After starting up of terminal or in running, each Domain can obtain the running state information of itself, and TrustZone can
Periodicity actively or passively obtains these Domain running state information, and the status information should be relative bottom,
Do not change because of the valid operation that each Domain is subject to, the letter also not changed with the various application programs of each Domain operations
Breath, should generally be read-only.If status information is tampered the Domain will be caused to be in Hacking Run state.
In step 302, operation has monitoring program on TrustZone frameworks, and the monitoring program is according to acquisition
Domain running state information and Domain legal state information determine that the running status of the Domain is legal state
Or illegal state.
When wherein Domain legal state information is that equipment is dispatched from the factory, or got during virtualization system initialization,
And be stored in the initial state information in Trustzone secure storage areas, initial state information be typically considered it is legal simultaneously
It is and not tampered.It would know that currently according to the Domain of acquisition running state information and initial legal state information
Whether Domain running state information has been tampered, i.e., whether current Domain running status is illegal state.
The present embodiment realizes the monitoring to domain in virtualization system based on security architecture TrustZone, avoids monitoring master
Body is tampered, and compensate for the security breaches in virtualization system monitoring process.
Preferably, the Domain described in above-mentioned steps is host and/or client computer.
In virtualization system, host and client computer are Domain important ways of realization, and in virtualization system
Security monitoring emphasis.Client computer and host can be monitored respectively based on security architecture TrustZone in the present embodiment,
Client computer and host can be monitored simultaneously, monitoring can be carried out with some cycles.
Client computer is monitored based on security architecture TrustZone, the operation shape of determination client computer that can be more reliable
State is legal state or illegal state, to be controlled to the client computer in Hacking Run state;Based on security architecture
TrustZone is monitored to host, and the running status of determination host that can be more reliable is legal state or illegal shape
The running status of state, only host is legal state, just can ensure that and is not distorted by host by the client computer of its management, and
When the client computer of its management is rear because some reasons are tampered, it is necessary to by host that running status is legal state to being tampered
Client computer reliably controlled;Client computer and host are monitored simultaneously based on security architecture TrustZone, Neng Goujin
One step determines that the running status of virtualization system is legal state or illegal state.
Preferably, the running state information of the Domain is to be calculated according to the Domain cores kernel layer identification codes section
The information of the obtained sign Domain running statuses.
For in virtualization system have kernel layers Domain (such as based on KVM realize virtualization system in
Virtualization layer main frame or each client computer etc.), its running state information can be calculated by the code segment in its kernel layer, example
The cryptographic Hash of code segment as described in calculating, the Domain to be prestored in such cases in TrustZone accordingly legal shape
State information is by initial code section is calculated in the domain kernel layers under initial situation cryptographic Hash.Code segment is often referred to use
To deposit the one of program execution code piece of region of memory, this subregion is before program operation just it has been determined that and generally belonging to
In read-only, it is generally recognized that the code segment in the kernel layers in domain does not change, then the domain is not tampered with.
Embodiment two:
Fig. 4 shows that virtualization system monitors schematic flow sheet in the embodiment of the present invention two, shows to virtualization system
The flow that middle client computer is monitored.The present embodiment two is similar to above-described embodiment one or repetition part can refer to above-described embodiment
One description.
As shown in figure 4, the flow includes:
Step 401, confidence region TrustZone obtain the running state information of client computer in virtualization system;
The legal state information of step 402, the running state information for judging the client computer and the client computer whether
Match somebody with somebody, to step 403 if mismatching, to step 405 if matching;
Step 403, the running status for determining the client computer are Hacking Run state;
Step 404, TrustZone send the first control instruction to host, and the host is according to the described first control
Instruction is controlled to the client computer in Hacking Run state;
Step 405, the running status for determining the client computer are legal running status.
In step 401, implementation refers to the explanation to step 301 and its preferred scheme in above-described embodiment one.
After starting up of terminal, each operating client computer can obtain the operation of itself by state (status) module of itself
Status information, the block of state can be by the transmission of the running state information actively or passively to TrustZone, specifically
Transmission process can be sent directly to TrustZone realizations by client computer, can also be sent out self-operating status information by each client computer
Virtualization layer is delivered to, is retransmited after collecting the running state information of each client computer by host to TrustZone.
In step 402, implementation refers to the explanation to step 302 and its preferred scheme in above-described embodiment one.
When the running state information according to the client computer and the legal state information of the client computer, the two mismatch of judgement, extremely
Step 403;When judging that the two is matched, to step 405.
In step 403, the running status for determining the client computer is Hacking Run state, based on security architecture
The client computer that TrustZone is obtained will be relatively reliable for the monitoring result of Hacking Run state, it is determined that a certain client computer
After Hacking Run state, TrustZone can also be directed to the Hacking Run state and carry out alarm or corresponding control
Deng operation.
In step 404, the first control instruction sent from TrustZone to host is in illegal fortune for described
The client computer of row state, it is intended to the client computer is controlled, the client computer for avoiding being tampered runs unauthorized applications
Or host is influenceed, or even influence the safe operation of whole virtualization system.The control instruction can be to close the visitor
The operation or prompting of family machine, the limitation client computer to the calling, the limitation some application programs of client computer of some hardware
User indicates subsequent operation etc. by user.The control instruction is performed by host.
In step 405, the running status for determining the client computer is legal running status, based on security architecture
The client computer that TrustZone is obtained will be relatively reliable for the monitoring result of legal running status, it is determined that a certain client computer
After legal running status, TrustZone can also be repeated the above steps with some cycles, and the moment monitors the operation of client computer
Situation.
Embodiment three:
Fig. 5 shows that virtualization system monitors schematic flow sheet in the embodiment of the present invention three, shows to virtualization system
The flow that middle host is monitored.The present embodiment three is similar to above-described embodiment one or two or repetition part can refer to above-mentioned reality
Apply the description of example one or two.
As shown in figure 5, the flow includes:
Step 501, confidence region TrustZone obtain the running state information of host in virtualization system;
The legal state information of step 502, the running state information for judging the host and the host whether
Match somebody with somebody, to step 503 if mismatching, to step 505 if matching;
Step 503, the running status for determining the host are Hacking Run state;
Step 504, TrustZone send the second control instruction to host, and the host is according to the described second control
Instruction is controlled to the host in Hacking Run state;
Step 505, the running status for determining the host are legal running status.
In step 501, implementation refers to the explanation to step 301 and its preferred scheme in above-described embodiment one.
After starting up of terminal, the host in virtualization system can obtain the fortune of host by state (status) module of itself
Row status information, the block of state can be by the transmission of the running state information actively or passively to TrustZone.
In step 502, implementation refers to the explanation to step 302 and its preferred scheme in above-described embodiment one.
When the running state information according to the host and the legal state information of the host, the two mismatch of judgement, extremely
Step 503;When judging that the two is matched, to step 505.
In step 503, the running status for determining the host is Hacking Run state, based on security architecture
The host that TrustZone is obtained will be relatively reliable for the monitoring result of Hacking Run state, it is determined that virtualization system
In host be in after Hacking Run state, TrustZone can also be directed to the Hacking Run state carry out alarm or
The operations such as corresponding control.
In step 504, the second control instruction sent from TrustZone to host is in illegal fortune for described
The host of row state, it is intended to the host is controlled, the host for avoiding being tampered runs unauthorized applications
Or each client computer of its management is influenceed, or even influence the safe operation of whole virtualization system.The control instruction can be
The host, the limitation host are closed to the calling of some hardware, the fortune of the limitation some application programs of host
Row or prompting user indicate subsequent operation etc. by user.The control instruction is performed by host.
In step 505, the running status for determining the host is legal running status, based on security architecture
The host that TrustZone is obtained will be relatively reliable for the monitoring result of legal running status, it is determined that a certain host
After legal running status, TrustZone can be repeated the above steps with some cycles, and the moment monitors the operation feelings of host
Condition.
Above-described embodiment two and embodiment three can in Same Scene parallel practice, i.e., to same virtualization system,
TrustZone can be monitored to client computer respectively, such as perform above-mentioned steps 401-405 parallel with the identical or different cycle
With step 501-505.
From above-mentioned steps 401, the running state information of each client computer may need host sent after collecting to
TrustZone;And understood by above-mentioned steps 404 when finding the client computer in Hacking Run state, it is necessary to by host
Perform the first control instruction that TrustZone is sent to be controlled the client computer, it is seen that be monitored client computer
, it is necessary to which host is in normal operating condition in flow, collect the first control instruction of client state information or execution to realize.
It can be seen that above-described embodiment two and three is incorporated in the reliability for implementing to be able to ensure that client computer monitoring flow in Same Scene.This
Outside, because the monitoring to client computer and to host is parallel, user can customize the cycle of monitoring, realize to virtualization system
Unite more flexible monitoring.Such as when requiring higher to the overall security performance of virtualization system, the monitoring flow to host
The cycle of (above-mentioned steps 501-505) can be shorter than the cycle of the monitoring flow (above-mentioned steps 401-405) of client computer;When to each visitor
When the security performance of family machine requires different, the monitoring flow of each client computer can have the different execution cycles.
Example IV:
Fig. 6 shows that virtualization system monitors schematic flow sheet in the embodiment of the present invention four, shows to virtualization system
The flow that middle client computer and host are monitored simultaneously.The present embodiment four is similar to above-described embodiment one to three or repeats part
It can refer to the description of above-described embodiment one to three.
As shown in fig. 6, the flow includes:
Step 601, confidence region TrustZone obtain client computer and the running state information of host in virtualization system;
Step 602a, judge the client computer running state information and the client computer legal state information whether
Match somebody with somebody, to step 603a if mismatching, to step 605a if matching;
Step 603a, the running status for determining the client computer is Hacking Run state;
Step 604a, TrustZone sends the first control instruction to host, and the host is according to the described first control
Instruction is controlled to the client computer in Hacking Run state;
Step 605a, the running status for determining the client computer is legal running status.
Step 602b, judge the host running state information and the host legal state information whether
Match somebody with somebody, to step 603b if mismatching, to step 605b if matching;
Step 603b, the running status for determining the host is Hacking Run state;
Step 604b, TrustZone sends the second control instruction to host, and the host is according to the described second control
Instruction is controlled to the host in Hacking Run state;
Step 605b, the running status for determining the host is legal running status.
In step 601, implementation refer in above-described embodiment one to step 301 and the explanation of its preferred scheme with
And in embodiment two in the explanation and embodiment three of step 401 to the explanation of step 501.After starting up of terminal, virtualization system
Client computer and host in system can obtain respective running state information by state (status) module of itself,
Host can be by each client computer and the transmission of the running state information of itself in the lump actively or passively to TrustZone.
Subsequent step 602a-605a is identical with above-mentioned steps 402-405, step 602b-605b and above-mentioned steps 502-505
It is identical.Two groups of steps of a and b are required to perform, but do not limit its sequencing.
Preferably, b group steps are first carried out, after it is determined that the running status of the host is legal running status, then are held
Row a group steps, it is reliable (as shown in Figure 7) to determine the monitoring to client computer or monitor.
Client computer is obtained in the present embodiment simultaneously and the running state information of host carries out running status judgement, Neng Gougeng
Add and reliably determine the running status of the two.Such as the method in embodiment two judges that a certain client computer is in Hacking Run
During state, because the running state information of client computer is collected and forwarded by host, it is understood that there may be client computer is in legal operation
State, but host is in Hacking Run state, the situation of the illegal client computer running state information for having distorted its forwarding.This
Client computer and the running state information of host are obtained simultaneously in embodiment, client computer is in Hacking Run state and place if judging
Main frame is in legal running status, then the potential safety hazard of confirmation virtualization system that can be relatively reliable be in Hacking Run to be somebody's turn to do
The client computer of state.
And client computer is obtained in the present embodiment simultaneously and the running state information of host carries out running status judgement, energy
It is enough relatively reliable that illegal client computer is controlled.Such as the method in embodiment two judges that a certain client computer is in non-
Method running status and when being controlled it by host, current host whether in legal running status be uncertain
's.Client computer and the running state information of host are obtained simultaneously in the present embodiment, client computer is in Hacking Run shape if judging
State and host is in legal running status, then the client computer of Hacking Run state can be reliably in this by host
Maintenance control.
Embodiment five:
Based on same inventive concept, a kind of virtualization system monitoring device is additionally provided in the embodiment of the present invention, due to this
The principle that a little equipment solve problem is similar to a kind of virtualization system monitoring method, therefore the implementation side of may refer to of these equipment
The implementation of method, repeat part and repeat no more.Fig. 8 shows that the structure of virtualization system monitoring device in the embodiment of the present invention five is shown
It is intended to, as illustrated, the virtualization system monitoring device 800 can include:
Data obtaining module 821, described information acquisition module 821 is located at confidence region TrustZone 820, for obtaining void
Domain Domain running state information in planization system;
State determining module 822, the state determining module 822 are located at TrustZone 820, for according to
Domain running state information and the legal state information of the Domain determine the running status of the Domain.
Preferably, the Domain is host and/or client computer.
Preferably, the state determining module 822, specifically for the running state information according to the client computer and described
The legal state information of client computer, when judging that the two is mismatched, the running status for determining the client computer is Hacking Run state;
Described device 800 also includes:
Instruction sending module 823, the instruction sending module are located at TrustZone 820, for being determined in the state
Module 822 determines that the running status of the client computer refers to after Hacking Run state, to send first to host 810 and controlling
Order;
Control module 811, the control module is located at the host 810, for according to the instruction sending module 823
The first control instruction sent is controlled to the client computer in Hacking Run state.
Preferably, the state determining module 822, for the running state information according to the client computer and the client
The legal state information of machine, when judging that the two is matched, the running status for determining the client computer is legal running status.
Preferably, the state determining module 822, specifically for the running state information according to the host and described
The legal state information of host, when judging that the two is mismatched, the running status for determining the host is Hacking Run state;
Described device 800 also includes:
Instruction sending module 823, the instruction sending module are located at TrustZone 820, for being determined in the state
Module 822 determine the host running status be Hacking Run state after, to the host 810 send second control
Instruction;
Control module 811, the control module is located at the host 810, for according to the instruction sending module 823
The second control instruction sent is controlled to the host in Hacking Run state.
Preferably, the state determining module 822, for the running state information according to the host and the host
The legal state information of machine, when judging that the two is matched, the running status for determining the host is legal running status.
Preferably, the running state information of the Domain is to be calculated according to the Domain cores kernel layer identification codes section
The information of the obtained sign Domain running statuses.
For convenience of description, each several part of apparatus described above is divided into various modules with function and described respectively.Certainly, exist
Each module or the function of unit can be realized in same or multiple softwares or hardware when implementing of the invention.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more
The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
Although preferred embodiments of the present invention have been described, but those skilled in the art once know basic creation
Property concept, then can make other change and modification to these embodiments.So appended claims be intended to be construed to include it is excellent
Select embodiment and fall into having altered and changing for the scope of the invention.
Claims (14)
1. a kind of virtualization system monitoring method, it is characterised in that methods described includes:
Confidence region TrustZone obtains the running state information of domain Domain in virtualization system;
The fortune of the Domain is determined according to the legal state information of the running state information of the Domain and the Domain
Row state.
2. the method as described in claim 1, it is characterised in that the Domain is host and/or client computer.
3. method as claimed in claim 2, it is characterised in that the running state information according to the Domain and described
Domain legal state information determines the running status of the Domain, including:
According to the running state information of the client computer and the legal state information of the client computer, when judging that the two is mismatched,
The running status for determining the client computer is Hacking Run state;
It is determined that the client computer running status be Hacking Run state after, in addition to:
TrustZone sends the first control instruction to host, and the host is according to first control instruction in non-
The client computer of method running status is controlled.
4. method as claimed in claim 3, it is characterised in that the running state information according to the Domain and described
Domain legal state information determines the running status of the Domain, including:
According to the running state information of the client computer and the legal state information of the client computer, when judging that the two is matched, really
The running status of the fixed client computer is legal running status.
5. method as claimed in claim 2, it is characterised in that the running state information according to the Domain and described
Domain legal state information determines the running status of the Domain, including:
According to the running state information of the host and the legal state information of the host, when judging that the two is mismatched,
The running status for determining the host is Hacking Run state;
It is determined that the host running status be Hacking Run state after, in addition to:
TrustZone sends the second control instruction to the host, and the host is according to second control instruction to place
It is controlled in the host of Hacking Run state.
6. method as claimed in claim 5, it is characterised in that the running state information according to the Domain and described
Domain legal state information determines the running status of the Domain, including:
According to the running state information of the host and the legal state information of the host, when judging that the two is matched, really
The running status of the fixed host is legal running status.
7. the method as any one of claim 1 to 6, it is characterised in that the running state information of the Domain is
The information for the sign Domain running statuses being calculated according to the Domain cores kernel layer identification code sections.
8. a kind of virtualization system monitoring device, it is characterised in that described device includes:
Data obtaining module, described information acquisition module is located at confidence region TrustZone, for obtaining domain in virtualization system
Domain running state information;
State determining module, the state determining module are located at TrustZone, for being believed according to the running status of the Domain
Breath and the Domain legal state information determine the running status of the Domain.
9. device as claimed in claim 8, it is characterised in that the Domain is host and/or client computer.
10. device as claimed in claim 9, it is characterised in that
The state determining module, specifically for the legal shape of the running state information according to the client computer and the client computer
State information, when judging that the two is mismatched, the running status for determining the client computer is Hacking Run state;
Described device also includes:
Instruction sending module, the instruction sending module are located at TrustZone, described in being determined in the state determining module
The running status of client computer be Hacking Run state after, to host send the first control instruction;
Control module, the control module are located at the host, for the first control sent according to the instruction sending module
System instruction is controlled to the client computer in Hacking Run state.
11. device as claimed in claim 10, it is characterised in that the state determining module, for according to the client computer
Running state information and the client computer legal state information, judge the two match when, determine the operation of the client computer
State is legal running status.
12. device as claimed in claim 9, it is characterised in that
The state determining module, specifically for the running state information according to the host and the legal shape of the host
State information, when judging that the two is mismatched, the running status for determining the host is Hacking Run state;
Described device also includes:
Instruction sending module, the instruction sending module are located at TrustZone, described in being determined in the state determining module
The running status of host be Hacking Run state after, to the host send the second control instruction;
Control module, the control module are located at the host, for the second control sent according to the instruction sending module
System instruction is controlled to the host in Hacking Run state.
13. device as claimed in claim 12, it is characterised in that the state determining module, for according to the host
Running state information and the host legal state information, judge the two match when, determine the operation of the host
State is legal running status.
14. the device as any one of claim 8 to 13, it is characterised in that the running state information of the Domain
For the information for the sign Domain running statuses being calculated according to the Domain cores kernel layer identification code sections.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2016/080124 WO2017185202A1 (en) | 2016-04-25 | 2016-04-25 | Virtualisation system monitoring method and apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107454961A true CN107454961A (en) | 2017-12-08 |
Family
ID=60160607
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201680002935.0A Pending CN107454961A (en) | 2016-04-25 | 2016-04-25 | A kind of virtualization system monitoring method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN107454961A (en) |
| WO (1) | WO2017185202A1 (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350044A (en) * | 2008-09-02 | 2009-01-21 | 中国科学院软件研究所 | Method for constructing virtual environment trust |
| CN103793651A (en) * | 2014-02-22 | 2014-05-14 | 西安电子科技大学 | Kernel integrity detection method based on Xen virtualization |
| CN103902884A (en) * | 2012-12-28 | 2014-07-02 | 中国电信股份有限公司 | System and method for protecting data of virtual machine |
| CN105468980A (en) * | 2015-11-16 | 2016-04-06 | 华为技术有限公司 | Security control method, device and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104063788B (en) * | 2014-07-16 | 2017-02-22 | 武汉大学 | Mobile platform credibility payment system and method |
-
2016
- 2016-04-25 CN CN201680002935.0A patent/CN107454961A/en active Pending
- 2016-04-25 WO PCT/CN2016/080124 patent/WO2017185202A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350044A (en) * | 2008-09-02 | 2009-01-21 | 中国科学院软件研究所 | Method for constructing virtual environment trust |
| CN103902884A (en) * | 2012-12-28 | 2014-07-02 | 中国电信股份有限公司 | System and method for protecting data of virtual machine |
| CN103793651A (en) * | 2014-02-22 | 2014-05-14 | 西安电子科技大学 | Kernel integrity detection method based on Xen virtualization |
| CN105468980A (en) * | 2015-11-16 | 2016-04-06 | 华为技术有限公司 | Security control method, device and system |
Non-Patent Citations (1)
| Title |
|---|
| 孟江涛 等: "一个基于引用监控机的内核完整性保护方法", 《计算机应用》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017185202A1 (en) | 2017-11-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109960582B (en) | Method, device and system for realizing multi-core parallel on TEE side | |
| CN105830082B (en) | Virtual machine guarantees | |
| US8694781B1 (en) | Techniques for providing hardware security module operability | |
| CN105814576B (en) | Automatic salubrity part for clustered node generates | |
| CN103069391B (en) | For enabling the control method in cloud computing environment and system | |
| CN104115125B (en) | The error handle of safety | |
| US20090112972A1 (en) | Managing Device Models in a Virtual Machine Cluster Environment | |
| CN105324778A (en) | A framework for coordination between endpoint security and network security services | |
| DE112020000792T5 (en) | TRUSTED EXECUTION ENVIRONMENT ACCELERATED BY GRAPHICS PROCESSING UNIT | |
| GB2513826A (en) | Trusted boot of a virtual machine | |
| CN103886259B (en) | Kernel level rootkit based on Xen virtualized environment detection and processing method | |
| CN103177212B (en) | A kind of computer security input system based on light weight monitor of virtual machine and method | |
| CN102999716A (en) | virtual machine monitoring system and method | |
| CN103843005B (en) | Secure display for secure transactions | |
| CN104091102B (en) | A kind of multi-user management method and its device based on Android system | |
| CN103902884B (en) | Virtual-machine data protection system and method | |
| CN107003891A (en) | Virtual machine switching method, device, electronic equipment and computer program product | |
| CN107111511A (en) | Access control method, device and system | |
| WO2020197962A1 (en) | Persona-based contextual security | |
| EP3079057B1 (en) | Method and device for realizing virtual machine introspection | |
| CN112740180A (en) | Secure access to virtual machine memory for artificial intelligence assisted automotive applications | |
| CN107450962A (en) | Abnormality eliminating method, apparatus and system under a kind of virtualization running environment | |
| CN106796642A (en) | Device detection method and system, electronic device, cloud robot system and computer program product | |
| CN106797470A (en) | Multiple operating system multi-medium data decoding method, device, electronic equipment and computer program product | |
| CN106502927A (en) | Trusted end-user is calculated and data inactivity security system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171208 |