What technology area does this patent fall under?

Primary CPC classification G06F21/565. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jun 26 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Method and apparatus for implementing virtual machine introspection

US10007785B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10007785-B2
Application number	US-201615199200-A
Country	US
Kind code	B2
Filing date	Jun 30, 2016
Priority date	Dec 30, 2013
Publication date	Jun 26, 2018
Grant date	Jun 26, 2018

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

The present disclosure relates to the field of information technologies and discloses a method and an apparatus for implementing virtual machine introspection. The method provided in the present disclosure may further include: determining to-be-checked data in a virtual machine; starting to read the to-be-checked data, saving a copy of the read to-be-checked data, and storing a storage address of the read to-be-checked data in a hardware transactional memory, so that the hardware transactional memory is capable of monitoring the read to-be-checked data according to the storage address; when the read to-be-checked data is modified, stop reading the to-be-checked data, and delete the copy; and when reading the to-be-checked data is completed and it is not detected that the read to-be-checked data is modified, performing security check on the copy. The method can be applied to virtual machine introspection.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for implementing virtual machine introspection, comprising: determining to-be-checked data in a virtual machine; starting to read the to-be-checked data; saving a copy of the read to-be-checked data; storing a storage address of the read to-be-checked data in a hardware transactional memory, wherein the hardware transactional memory is capable of monitoring the read to-be-checked data according to the storage address; stop reading the to-be-checked data and deleting the copy when the read to-be-checked data is modified; and performing security check on the copy when reading the to-be-checked data is completed and it is not detected that the read to-be-checked data is modified, wherein the to-be-checked data comprises lock-related data, wherein the lock-related data is used to represent whether the to-be-checked data is being accessed currently, wherein after determining the to-be-checked data in the virtual machine, the method further comprises determining whether a lock corresponding to the lock-related data is in a release state, wherein the release state is used to represent that the to-be-checked data is not accessed currently, and wherein starting to read the to-be-checked data, saving the copy of the read to-be-checked data, and storing the storage address of the read to-be-checked data in the hardware transactional memory comprises: starting to read the to-be-checked data; saving the copy of the read to-be-checked data; and storing the storage address of the read to-be-checked data in the hardware transactional memory when the lock corresponding to the lock-related data is in the release state, wherein the hardware transactional memory is capable of monitoring the read to-be-checked data according to the storage address. 2. The method for implementing virtual machine introspection according to claim 1 , wherein performing the security check on the copy comprises: checking integrity of the copy; and determining, according to the copy, whether malware exists in a system in which the virtual machine runs. 3. The method for implementing virtual machine introspection according to claim 1 , wherein performing the security check on the copy comprises checking integrity of the copy. 4. The method for implementing virtual machine introspection according to claim 1 , wherein performing the security check on the copy comprises determining, according to the copy, whether malware exists in a system in which the virtual machine runs. 5. The method for implementing virtual machine introspection according to claim 1 , wherein after performing security check on the copy, the method further comprises sending a security check failure message to the virtual machine when the security check on the copy fails, and wherein the virtual machine performs corresponding processing according to the security check failure message. 6. The method for implementing virtual machine introspection according to claim 1 , wherein the method further comprises: acquiring a storage address of modified to-be-checked data when the read to-be-checked data is modified; and sending an access violation message to the virtual machine, wherein the access violation message comprises the storage address of the modified to-be-checked data, and wherein the virtual machine determines whether a process for modifying the modified to-be-stored data is a secure process. 7. An apparatus for implementing virtual machine introspection, comprising: a memory comprising instructions; and a processor coupled to the memory, wherein the instructions cause the process to be configured to: determine to-be-checked data in a virtual machine; read the to-be-checked data; save a copy of the read to-be-checked data and store a storage address of the read to-be-checked data in a hardware transactional memory; monitor, by using the hardware transactional memory, whether the read to-be-checked data corresponding to the storage address is modified; stop reading the to-be-checked data, and delete the copy when the read to-be-checked data is modified; and perform security check on the copy when reading the to-be-checked data and when the read to-be-checked data is not modified, wherein the copy comprises lock-related data, wherein the lock-related data is used to represent whether the to-be-checked data is being accessed, and wherein the instructions further cause the processor to be configured to: determine whether a lock corresponding to the lock-related data is in a release state after determining the to-be-checked data in the virtual machine, wherein the release state is used to represent that the to-be-checked data is not accessed currently; start to read the to-be-checked data; save the copy of the read to-be-checked data; and store the storage address of the read to-be-checked data in the hardware transactional memory when the lock corresponding to the lock-related data is in the release state, wherein the hardware transactional memory is capable of monitoring the read to-be-checked data according to the storage address. 8. The apparatus for implementing virtual machine introspection according to claim 7 , wherein the instructions further cause the processor to be configured to: check an integrity of the copy; and determine, according to the copy, whether malware exists in a system in which the virtual machine runs. 9. The apparatus for implementing virtual machine introspection according to claim 7 , wherein the instructions further cause the processor to be configured to check an integrity of the copy. 10. The apparatus for implementing virtual machine introspection according to claim 7 , wherein the instructions further cause the processor to be configured to determine, according to the copy, whether malware exists in a system in which the virtual machine runs. 11. The apparatus for implementing virtual machine introspection according to claim 7 , wherein the instructions further cause the processor to be configured to send a security check failure message to the virtual machine when the security check that is performed on the copy is completed, wherein the security check on the copy fails, and wherein the virtual machine performs corresponding processing according to the security check failure message. 12. The apparatus for implementing virtual machine introspection according to claim 7 , wherein the instructions further cause the processor to be configured to: acquire a storage address of modified to-be-checked data when the read to-be-checked data is modified; and send an access violation message to the virtual machine when the storage address of the modified data in the read to-be-checked data is acquired, wherein the access violation message comprises the storage address of the modified to-be-checked data, and wherein the virtual machine determines whether a process for modifying the modified to-be-stored data is a secure process.

Assignees

Huawei Tech Co Ltd

Inventors

Classifications

G06F21/565Primary
by checking file integrity · CPC title
G06F9/45558Primary
Hypervisor-specific management and integration aspects · CPC title
G06F2009/45591
Monitoring or debugging support · CPC title
G06F2221/034
Test or assess a computer or a system · CPC title
G06F21/53
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title

Patent family

Related publications grouped by family.

View patent family 53493171

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10007785B2 cover?: The present disclosure relates to the field of information technologies and discloses a method and an apparatus for implementing virtual machine introspection. The method provided in the present disclosure may further include: determining to-be-checked data in a virtual machine; starting to read the to-be-checked data, saving a copy of the read to-be-checked data, and storing a storage address …
Who is the assignee on this patent?: Huawei Tech Co Ltd
What technology area does this patent fall under?: Primary CPC classification G06F21/565. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jun 26 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).