Method and system for injecting function calls into a virtual machine
US-9003402-B1 · Apr 7, 2015 · US
Method, apparatus, and system for triggering virtual machine introspection
US9785770B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9785770-B2 |
| Application number | US-201414572515-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 16, 2014 |
| Priority date | Dec 26, 2013 |
| Publication date | Oct 10, 2017 |
| Grant date | Oct 10, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present invention discloses a method, an apparatus, and a system for triggering virtual machine introspection, so as to provide a timely and effective security check triggering mechanism. In the present invention, data that needs to be protected is determined; the data that needs to be protected is monitored; and when it is determined that the data that needs to be protected is modified, virtual machine introspection is triggered. The present invention avoids a performance loss and a security problem that are brought about by regularly starting a virtual machine introspection system to perform a security check, and therefore, the present invention is more applicable.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for triggering virtual machine introspection, comprising: determining data that needs to be protected; storing, in a read set of a hardware transactional memory, a memory address corresponding to the determined data that needs to be protected; monitoring whether a write operation is executed on the data that needs to be protected and corresponds to the memory address stored in the read set; and controlling a transaction processing program of the hardware transactional memory to trigger virtual machine introspection, when it is determined that a write operation is executed on data that needs to be protected. 2. The method according to claim 1 , wherein before monitoring the data that needs to be protected, the method further comprises saving a copy of the data that needs to be protected, wherein triggering virtual machine introspection comprises locating a memory address of modified data, and wherein after triggering virtual machine introspection, the method further comprises restoring the modified data according to the copy and the memory address of modified data. 3. The method according to claim 1 , wherein after triggering virtual machine introspection, the method further comprises canceling monitoring of the data that needs to be protected. 4. The method according to claim 1 , wherein after triggering virtual machine introspection, the method further comprises sending an alarm prompt to a virtual machine user. 5. A non-transitory computer readable medium including computer-executable instructions for execution on an apparatus for triggering virtual machine introspection, such that when the computer-executable instructions are executed by the apparatus a method is carried out comprising: determining data that needs to be protected; storing in a read set of a hardware transactional memory, a memory address corresponding to the data that needs to be protected; monitoring whether a write operation is executed on the data that needs to be protected and corresponds to the memory address stored in the read set; and controlling a transaction processing program of the hardware transactional memory to trigger virtual machine introspection, when it is determined that the write operation is executed on the data that needs to be protected. 6. The non-transitory computer readable medium according to claim 5 , further including computer-executable instructions comprising: saving a copy of the data that needs to be protected; restoring a modified data according to the saved copy of the data that needs to be protected and the memory address of the modified data, wherein the modified data is the data that needs to be protected on which a write operation has been executed; and wherein the triggering locates the memory address of the modified data. 7. The non-transitory computer readable medium according to claim 5 , further including computer-executable instructions comprising, when the virtual machine introspection is trigged, cancelling monitoring of the data that needs to be protected. 8. The non-transitory computer readable medium according to claim 5 , further including computer-executable instructions comprising, after the virtual machine introspection is triggered, sending an alarm prompt to a virtual machine user. 9. A system for triggering virtual machine introspection, comprising: a hardware transactional memory configured to monitor data that needs to be protected; and a non-transitory computer readable medium including computer-executable instructions for execution on an apparatus for triggering virtual machine introspection such that when the computer-executable instructions are executed by the apparatus a method is carried out comprising: determining data that needs to be protected; storing, in a read set of a hardware transactional memory, a memory address corresponding to the determined data that needs to be protected; monitoring whether a write operation is executed on the data that needs to be protected and corresponds to the memory address stored in the read set; and controlling a transaction processing program of the hardware transactional memory to trigger virtual machine introspection, when it is determined that a write operation is executed on data that needs to be protected. 10. The system according to claim 9 , further including computer-executable instructions comprising: saving a copy of the data that needs to be protected; locating a memory address of modified data; and restoring the modified data according to the copy saved by the saving instruction and the memory address of the modified data. 11. The system according to claim 9 , further including computer-executable instructions comprising cancelling, when the virtual machine introspection is triggered, monitoring of the data that needs to be protected. 12. The system according to claim 9 , further including computer-executable instructions comprising, when the virtual machine introspection is triggered, sending an alarm prompt to a virtual machine user.
Assignees
Inventors
Classifications
by adding security routines or objects to programs · CPC title
- G06F21/554Primary
involving event detection and direct action · CPC title
- G06F21/53Primary
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
Isolation or security of virtual machine instances · CPC title
eliminating virus, restoring damaged files · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9785770B2 cover?
- The present invention discloses a method, an apparatus, and a system for triggering virtual machine introspection, so as to provide a timely and effective security check triggering mechanism. In the present invention, data that needs to be protected is determined; the data that needs to be protected is monitored; and when it is determined that the data that needs to be protected is modified, vi…
- Who is the assignee on this patent?
- Huawei Tech Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification G06F21/554. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Oct 10 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).