Virtual machine process information detection method and apparatus

The present invention provides a virtual machine process information detection method and apparatus. The method comprises: intercepting and capturing an IOCTL system call initiated by a kernel drive program in a virtualization platform; acquiring a parameter of the IOCTL system call, and detecting t...

Full description

Saved in:
Bibliographic Details
Main Authors TANG DIBIN, LUAN JIANHAI, QU MENGMENG
Format Patent
LanguageChinese
English
Published 01.06.2016
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:The present invention provides a virtual machine process information detection method and apparatus. The method comprises: intercepting and capturing an IOCTL system call initiated by a kernel drive program in a virtualization platform; acquiring a parameter of the IOCTL system call, and detecting the parameter by means of a preset policy; and according to a detection result, determining whether to perform the IOCTL system call. According to the method, by intercepting and capturing the IOCTL system call initiated by the kernel drive program, and detecting the parameter of the IOCTL system call, a virtual machine is prevented from attacking and controlling a virtual machine host operating system by means of the IOCTL system call, and the phenomenon of virtual machine escape is avoided.
Bibliography:Application Number: CN201510984793