[go: up one dir, main page]

CN106685999A - A virtual machine security protection method, system and security device - Google Patents

A virtual machine security protection method, system and security device Download PDF

Info

Publication number
CN106685999A
CN106685999A CN201710108303.9A CN201710108303A CN106685999A CN 106685999 A CN106685999 A CN 106685999A CN 201710108303 A CN201710108303 A CN 201710108303A CN 106685999 A CN106685999 A CN 106685999A
Authority
CN
China
Prior art keywords
data
virtual machine
security
interception
secure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710108303.9A
Other languages
Chinese (zh)
Inventor
钱兵
王幸福
张冲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201710108303.9A priority Critical patent/CN106685999A/en
Publication of CN106685999A publication Critical patent/CN106685999A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a safety protection method for a virtual machine, a system and a safety device. The method comprises the following steps: intercepting a data flow of a target virtual machine, thereby acquiring a corresponding intercepted data; sending the intercepted data to the safety device; selecting a safety proxy corresponding to the target virtual machine from a plurality of safety proxies contained in the safety device, thereby acquiring a target safety proxy; utilizing the target safety proxy to detect virus for the intercepted data, thereby confirming if the intercepted data is a safety data; and if yes, performing the subsequent data routing treatment on the intercepted data by the safety device. According to the method disclosed by the invention, the purpose of saving computer resources is achieved, the centralized management for the plurality of safety proxies corresponding to multiple virtual machines becomes convenient and the management cost of the safety proxies is reduced.

Description

一种虚拟机安全防护方法、系统及安全设备A virtual machine security protection method, system and security device

技术领域technical field

本发明涉及安全技术领域,特别涉及一种虚拟机安全防护方法、系统及安全设备。The present invention relates to the field of security technology, in particular to a virtual machine security protection method, system and security equipment.

背景技术Background technique

当前,虚拟化环境下的安全防护问题成为IT界的一个热门关注焦点。在虚拟化技术的早期阶段,安全解决方案尚无适应虚拟化环境的防护模式,人们只能沿用传统的安全防护策略,即在每台虚拟机上均部署安全防护产品套件,即所谓的“安全代理”,这种安全防护模式称为“有代理模式(Agent-based)”。然而,随着云计算和虚拟化技术大规模的应用,此种模式已显现出多种弊端,主要体现在:在每一台虚拟机上都需要分别安装相应的安全代理,这样对物理宿主机的存储资源、内存资源占用较大,并且使得安全代理的管理过程相当复杂,安全代理的管理成本较高。Currently, security protection in virtualized environments has become a hot focus in the IT industry. In the early stages of virtualization technology, security solutions did not have a protection model adapted to the virtualization environment, and people could only follow the traditional security protection strategy, that is, deploy a security protection product suite on each virtual machine, the so-called "security Agent", this security protection mode is called "Agent-based". However, with the large-scale application of cloud computing and virtualization technology, this mode has shown a variety of disadvantages, mainly reflected in: each virtual machine needs to install the corresponding security agent, so that the physical host The storage resource and the memory resource occupy a large amount, and make the management process of the security agent quite complicated, and the management cost of the security agent is relatively high.

综上所述可以看出,如何在虚拟化平台的安全防护过程中实现节约计算机资源并降低安全代理的管理成本是目前有待进一步解决的问题。From the above, it can be seen that how to save computer resources and reduce the management cost of the security agent in the process of security protection of the virtualization platform is a problem to be further solved.

发明内容Contents of the invention

有鉴于此,本发明的目的在于提供一种虚拟机安全防护方法、系统及安全设备,能够在虚拟化平台的安全防护过程中实现节约计算机资源并降低安全代理的管理成本的目的。其具体方案如下:In view of this, the object of the present invention is to provide a virtual machine security protection method, system and security equipment, which can realize the purpose of saving computer resources and reducing the management cost of security agents in the process of security protection of virtualization platforms. The specific plan is as follows:

一种虚拟机安全防护方法,包括:A virtual machine security protection method, comprising:

对目标虚拟机的数据流进行拦截,得到相应的拦截数据;Intercept the data flow of the target virtual machine to obtain the corresponding intercepted data;

将所述拦截数据发送至安全设备;sending said intercepted data to a security device;

从所述安全设备包含的多个安全代理中筛选出与所述目标虚拟机对应的安全代理,得到目标安全代理;Selecting a security agent corresponding to the target virtual machine from multiple security agents included in the security device to obtain a target security agent;

利用所述目标安全代理,对所述拦截数据进行病毒检测,以确定所述拦截数据是否为安全数据;using the target security agent to perform virus detection on the intercepted data to determine whether the intercepted data is safe data;

若所述拦截数据为安全数据,则通过所述安全设备对所述拦截数据展开后续相应的数据路由处理。If the intercepted data is security data, subsequent corresponding data routing processing is carried out on the intercepted data by the security device.

可选的,所述对目标虚拟机的数据流进行拦截的过程,包括:Optionally, the process of intercepting the data flow of the target virtual machine includes:

利用虚拟化平台上的网络驱动程序,对所述目标虚拟机的数据流进行拦截,得到所述拦截数据。The data flow of the target virtual machine is intercepted by using the network driver on the virtualization platform to obtain the intercepted data.

可选的,所述网络驱动程序为包含防火墙的网络驱动程序。Optionally, the network driver is a network driver including a firewall.

可选的,所述安全设备的设备类型为虚拟机。Optionally, the device type of the security device is a virtual machine.

可选的,所述虚拟机安全防护方法,还包括:Optionally, the virtual machine security protection method also includes:

当获取到针对安全代理的升级补丁,则利用所述升级补丁,对所述安全设备中的所有安全代理进行升级处理。When the upgrade patch for the security agent is acquired, the upgrade patch is used to upgrade all the security agents in the security device.

本发明还公开了一种虚拟机安全防护系统,包括:The invention also discloses a virtual machine security protection system, including:

数据拦截模块,用于对目标虚拟机的数据流进行拦截,得到相应的拦截数据;The data interception module is used to intercept the data flow of the target virtual machine to obtain corresponding interception data;

数据发送模块,用于将所述拦截数据发送至安全设备;A data sending module, configured to send the intercepted data to a security device;

代理筛选模块,用于从所述安全设备包含的多个安全代理中筛选出与所述目标虚拟机对应的安全代理,得到目标安全代理;An agent screening module, configured to filter out a security agent corresponding to the target virtual machine from a plurality of security agents included in the security device to obtain a target security agent;

数据检测模块,用于利用所述目标安全代理,对所述拦截数据进行病毒检测,以确定所述拦截数据是否为安全数据;A data detection module, configured to use the target security agent to perform virus detection on the intercepted data, so as to determine whether the intercepted data is safe data;

数据路由模块,用于当所述拦截数据为安全数据,则通过所述安全设备对所述拦截数据展开后续相应的数据路由处理。The data routing module is configured to perform subsequent corresponding data routing processing on the intercepted data through the security device when the intercepted data is secure data.

可选的,所述数据拦截模块,具体用于利用虚拟化平台上的网络驱动程序,对所述目标虚拟机的数据流进行拦截,得到所述拦截数据。Optionally, the data interception module is specifically configured to use a network driver on a virtualization platform to intercept the data flow of the target virtual machine to obtain the intercepted data.

可选的,所述虚拟机安全防护系统,还包括:Optionally, the virtual machine security protection system also includes:

代理升级模块,用于当获取到针对安全代理的升级补丁,则利用所述升级补丁,对所述安全设备中的所有安全代理进行升级处理。The agent upgrade module is configured to use the upgrade patch to upgrade all the security agents in the security device when the upgrade patch for the security agent is obtained.

本发明进一步公开了一种安全设备,包括多个安全代理,还包括:The present invention further discloses a security device, which includes a plurality of security agents, and also includes:

数据获取模块,用于获取在对目标虚拟机的数据流进行拦截后得到的拦截数据;A data acquisition module, configured to acquire interception data obtained after intercepting the data flow of the target virtual machine;

代理筛选模块,用于从所述多个安全代理中筛选出与所述目标虚拟机对应的安全代理,得到目标安全代理;An agent screening module, configured to screen out a security agent corresponding to the target virtual machine from the plurality of security agents to obtain a target security agent;

数据检测模块,用于利用所述目标安全代理,对所述拦截数据进行病毒检测,以确定所述拦截数据是否为安全数据;A data detection module, configured to use the target security agent to perform virus detection on the intercepted data, so as to determine whether the intercepted data is safe data;

数据路由模块,用于当所述拦截数据为安全数据,则对所述拦截数据展开后续相应的数据路由处理。The data routing module is configured to perform subsequent corresponding data routing processing on the intercepted data when the intercepted data is safe data.

可选的,所述安全设备的设备类型为虚拟机。Optionally, the device type of the security device is a virtual machine.

本发明中,虚拟机安全防护方法,包括:对目标虚拟机的数据流进行拦截,得到相应的拦截数据;将拦截数据发送至安全设备;从安全设备包含的多个安全代理中筛选出与目标虚拟机对应的安全代理,得到目标安全代理;利用目标安全代理,对拦截数据进行病毒检测,以确定拦截数据是否为安全数据;若拦截数据为安全数据,则通过安全设备对拦截数据展开后续相应的数据路由处理。In the present invention, the virtual machine security protection method includes: intercepting the data flow of the target virtual machine to obtain corresponding intercepted data; sending the intercepted data to the security device; The security agent corresponding to the virtual machine obtains the target security agent; uses the target security agent to perform virus detection on the intercepted data to determine whether the intercepted data is safe data; data routing processing.

可见,本发明将与虚拟机对应的安全代理放置在安全设备中,当需要对目标虚拟机展开安全防护时,本发明先对目标虚拟机进行数据拦截,然后将拦截数据发送至上述安全设备,接着从安全设备中的多个安全代理中筛选出与目标虚拟机对应的安全代理,从而利用这个筛选出来的安全代理对拦截数据进行安全分析,在确定拦截数据是安全数据的情况下,将通过安全设备对拦截数据展开后续相应的路由处理,由此可见,本发明通过将多台虚拟机对应的安全代理均放置在安全设备中,当需要对某台虚拟机进行安全防护时,便可以利用安全设备中保存的相应的安全代理来进行安全防护操作,这样便无需每台虚拟机中均安装相应的安全代理,从而避免对主机的计算机资源占用较大的情况出现,也即,实现了节约计算机资源的目的,并且,由于本发明将多台虚拟机对应的安全代理集中放置在安全设备中,这样能够方便对多台虚拟机对应的多个安全代理进行集中管理,也即,本发明还降低了安全代理的管理成本。It can be seen that the present invention places the security agent corresponding to the virtual machine in the security device. When it is necessary to carry out security protection on the target virtual machine, the present invention first intercepts the data of the target virtual machine, and then sends the intercepted data to the above-mentioned security device. Then select the security agent corresponding to the target virtual machine from multiple security agents in the security device, and use the selected security agent to perform security analysis on the intercepted data. When it is determined that the intercepted data is safe data, the The security device performs subsequent corresponding routing processing on the intercepted data. It can be seen that the present invention places the security agents corresponding to multiple virtual machines in the security device. When it is necessary to protect a certain virtual machine, it can use The corresponding security agent stored in the security device is used for security protection operations, so that there is no need to install the corresponding security agent in each virtual machine, thereby avoiding the situation that the computer resources of the host computer are occupied, that is, saving The purpose of computer resources, and because the present invention centrally places the security agents corresponding to multiple virtual machines in the security device, it can facilitate the centralized management of multiple security agents corresponding to multiple virtual machines, that is, the present invention also Reduced management costs for security agents.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention, and those skilled in the art can also obtain other drawings according to the provided drawings without creative work.

图1为本发明实施例公开的一种虚拟机安全防护方法流程图;FIG. 1 is a flowchart of a virtual machine security protection method disclosed in an embodiment of the present invention;

图2为本发明实施例公开的一种具体的虚拟机安全防护方法流程图;FIG. 2 is a flowchart of a specific virtual machine security protection method disclosed in an embodiment of the present invention;

图3为本发明实施例公开的一种虚拟机安全防护系统结构示意图。FIG. 3 is a schematic structural diagram of a virtual machine security protection system disclosed in an embodiment of the present invention.

具体实施方式detailed description

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

本发明实施例公开了一种虚拟机安全防护方法,参见图1所示,该方法包括:The embodiment of the present invention discloses a virtual machine security protection method, as shown in Fig. 1, the method includes:

步骤S11:对目标虚拟机的数据流进行拦截,得到相应的拦截数据.Step S11: Intercept the data flow of the target virtual machine to obtain corresponding intercepted data.

其中,上述目标虚拟机是虚拟化平台上的任一虚拟机。Wherein, the aforementioned target virtual machine is any virtual machine on the virtualization platform.

步骤S12:将拦截数据发送至安全设备。Step S12: Send the intercepted data to the security device.

步骤S13:从安全设备包含的多个安全代理中筛选出与目标虚拟机对应的安全代理,得到目标安全代理。Step S13: Screen out the security agent corresponding to the target virtual machine from the multiple security agents included in the security device to obtain the target security agent.

本实施例中,上述安全设备中包含多个安全代理,其中,不同的安全代理对应于不同的虚拟机。在将与目标虚拟机对应的拦截数据发送至安全设备之后,将会从安全设备中筛选出与目标虚拟机对应的安全代理,后续便可利用该安全代理对上述拦截数据进行安全性分析。In this embodiment, the security device includes multiple security agents, where different security agents correspond to different virtual machines. After the interception data corresponding to the target virtual machine is sent to the security device, a security agent corresponding to the target virtual machine will be screened out from the security device, and then the security agent can be used to perform security analysis on the interception data.

步骤S14:利用目标安全代理,对拦截数据进行病毒检测,以确定拦截数据是否为安全数据。Step S14: Utilize the target security agent to perform virus detection on the intercepted data to determine whether the intercepted data is safe data.

步骤S15:若拦截数据为安全数据,则通过安全设备对拦截数据展开后续相应的数据路由处理。Step S15: If the intercepted data is secure data, carry out subsequent corresponding data routing processing on the intercepted data through the security device.

也即,在确定出与目标虚拟机对应的拦截数据为安全数据的情况下,将利用安全设备将拦截数据路由至相应的数据接收方。可以理解的是,在拦截数据不是安全数据的情况下,将禁止对上述拦截数据进行数据路由处理。That is, when it is determined that the intercepted data corresponding to the target virtual machine is security data, the security device will be used to route the intercepted data to a corresponding data receiver. It can be understood that, in the case that the intercepted data is not secure data, data routing processing on the above-mentioned intercepted data will be prohibited.

可见,本发明实施例将与虚拟机对应的安全代理放置在安全设备中,当需要对目标虚拟机展开安全防护时,本发明实施例先对目标虚拟机进行数据拦截,然后将拦截数据发送至上述安全设备,接着从安全设备中的多个安全代理中筛选出与目标虚拟机对应的安全代理,从而利用这个筛选出来的安全代理对拦截数据进行安全分析,在确定拦截数据是安全数据的情况下,将通过安全设备对拦截数据展开后续相应的路由处理,由此可见,本发明实施例通过将多台虚拟机对应的安全代理均放置在安全设备中,当需要对某台虚拟机进行安全防护时,便可以利用安全设备中保存的相应的安全代理来进行安全防护操作,这样便无需每台虚拟机中均安装相应的安全代理,从而避免对主机的计算机资源占用较大的情况出现,也即,实现了节约计算机资源的目的,并且,由于本发明实施例将多台虚拟机对应的安全代理集中放置在安全设备中,这样能够方便对多台虚拟机对应的多个安全代理进行集中管理,也即,本发明实施例还降低了安全代理的管理成本。It can be seen that in the embodiment of the present invention, the security agent corresponding to the virtual machine is placed in the security device. When the target virtual machine needs to be protected, the embodiment of the present invention first intercepts the data of the target virtual machine, and then sends the intercepted data to The above-mentioned security device then screens out the security agent corresponding to the target virtual machine from multiple security agents in the security device, thereby using the screened security agent to perform security analysis on the intercepted data, and when it is determined that the intercepted data is secure data Next, the subsequent corresponding routing processing will be carried out on the intercepted data through the security device. It can be seen that the embodiment of the present invention places the security agents corresponding to multiple virtual machines in the security device. When protecting, you can use the corresponding security agent stored in the security device to perform security protection operations, so that you don’t need to install the corresponding security agent in each virtual machine, so as to avoid the situation that the computer resources of the host computer are occupied. That is to say, the purpose of saving computer resources is achieved, and since the embodiment of the present invention centrally places the security agents corresponding to multiple virtual machines in the security device, it is convenient to centralize the multiple security agents corresponding to multiple virtual machines Management, that is, the embodiments of the present invention also reduce the management cost of the security agent.

参见图2所示,本发明实施例还公开了一种具体的虚拟机安全防护方法,包括如下步骤:Referring to Fig. 2, the embodiment of the present invention also discloses a specific virtual machine security protection method, including the following steps:

步骤S21:利用虚拟化平台上的网络驱动程序,对目标虚拟机的数据流进行拦截,得到拦截数据。Step S21: using the network driver on the virtualization platform to intercept the data flow of the target virtual machine to obtain intercepted data.

优选的,本实施例中,上述网络驱动程序具体可以为包含防火墙的网络驱动程序。进一步的,本实施例中的网络驱动程序具体可以包括用于进行快速路径处理的快速路径驱动单元和用于进行慢速路径处理的慢速路径驱动单元。Preferably, in this embodiment, the above-mentioned network driver program may specifically be a network driver program including a firewall. Further, the network driver program in this embodiment may specifically include a fast-path driver unit for performing fast-path processing and a slow-path driver unit for performing slow-path processing.

步骤S22:将拦截数据发送至安全虚拟机。Step S22: Send the intercepted data to the security virtual machine.

也即,上一实施例中的安全设备的设备类型具体可以是虚拟机。需要指出的是,本实施例中,可以通过在普通的虚拟机上安装与多台虚拟机对应的多个安全代理后得到上述安全虚拟机。另外,本实施例中,安全虚拟机对应的物理宿主机与其他普通的虚拟机所对应的物理宿主机可以相同,也可以不相同。That is, the device type of the security device in the previous embodiment may specifically be a virtual machine. It should be pointed out that, in this embodiment, the above-mentioned secure virtual machine can be obtained by installing multiple security agents corresponding to multiple virtual machines on an ordinary virtual machine. In addition, in this embodiment, the physical hosts corresponding to the security virtual machine may be the same as or different from the physical hosts corresponding to other common virtual machines.

步骤S23:从安全虚拟机包含的多个安全代理中筛选出与目标虚拟机对应的安全代理,得到目标安全代理。Step S23: Screen out the security agent corresponding to the target virtual machine from the multiple security agents included in the security virtual machine to obtain the target security agent.

步骤S24:利用目标安全代理,对拦截数据进行病毒检测,以确定拦截数据是否为安全数据。Step S24: Utilize the target security agent to perform virus detection on the intercepted data to determine whether the intercepted data is safe data.

步骤S25:若拦截数据为安全数据,则通过安全虚拟机对拦截数据展开后续相应的数据路由处理。Step S25: If the intercepted data is secure data, carry out subsequent corresponding data routing processing on the intercepted data through the secure virtual machine.

可以理解的是,当拦截数据不是安全数据,将禁止对上述拦截数据进行数据路由处理。It can be understood that, when the intercepted data is not safe data, data routing processing on the above intercepted data will be prohibited.

进一步的,本发明实施例中的虚拟机安全防护方法,还可以包括:当获取到针对安全代理的升级补丁,则利用升级补丁,对安全设备中的所有安全代理进行升级处理。Further, the virtual machine security protection method in the embodiment of the present invention may further include: when an upgrade patch for the security agent is obtained, using the upgrade patch to upgrade all security agents in the security device.

相应的,本发明实施例还公开了一种虚拟机安全防护系统,参见图3所示,该系统包括:Correspondingly, the embodiment of the present invention also discloses a virtual machine security protection system, as shown in Figure 3, the system includes:

数据拦截模块11,用于对目标虚拟机的数据流进行拦截,得到相应的拦截数据;The data interception module 11 is used for intercepting the data flow of the target virtual machine to obtain corresponding interception data;

数据发送模块12,用于将拦截数据发送至安全设备;A data sending module 12, configured to send intercepted data to a security device;

代理筛选模块13,用于从安全设备包含的多个安全代理中筛选出与目标虚拟机对应的安全代理,得到目标安全代理;An agent screening module 13, configured to screen out a security agent corresponding to the target virtual machine from a plurality of security agents included in the security device to obtain the target security agent;

数据检测模块14,用于利用目标安全代理,对拦截数据进行病毒检测,以确定拦截数据是否为安全数据;The data detection module 14 is used to utilize the target security agent to carry out virus detection to the intercepted data, to determine whether the intercepted data is safe data;

数据路由模块15,用于当拦截数据为安全数据,则通过安全设备对拦截数据展开后续相应的数据路由处理。The data routing module 15 is configured to perform subsequent corresponding data routing processing on the intercepted data through the security device when the intercepted data is secure data.

其中,上述数据拦截模块,具体可以用于利用虚拟化平台上的网络驱动程序,对目标虚拟机的数据流进行拦截,得到拦截数据。Wherein, the above-mentioned data interception module can specifically be used to intercept the data flow of the target virtual machine by using the network driver program on the virtualization platform to obtain the intercepted data.

本实施例中,上述网络驱动程序具体可以为包含防火墙的网络驱动程序。In this embodiment, the foregoing network driver program may specifically be a network driver program including a firewall.

另外,上述安全设备的设备类型具体可以是虚拟机。In addition, the device type of the foregoing security device may specifically be a virtual machine.

进一步的,本实施例中的虚拟机安全防护系统,还可以包括:Further, the virtual machine security protection system in this embodiment may also include:

代理升级模块,用于当获取到针对安全代理的升级补丁,则利用升级补丁,对安全设备中的所有安全代理进行升级处理。The agent upgrade module is configured to use the upgrade patch to upgrade all the security agents in the security device when the upgrade patch for the security agent is obtained.

可见,本发明实施例通过将多台虚拟机对应的安全代理均放置在安全设备中,当需要对某台虚拟机进行安全防护时,便可以利用安全设备中保存的相应的安全代理来进行安全防护操作,这样便无需每台虚拟机中均安装相应的安全代理,从而避免对主机的计算机资源占用较大的情况出现,也即,实现了节约计算机资源的目的,并且,由于本发明实施例将多台虚拟机对应的安全代理集中放置在安全设备中,这样能够方便对多台虚拟机对应的多个安全代理进行集中管理,也即,本发明实施例还降低了安全代理的管理成本。It can be seen that in the embodiment of the present invention, by placing the security agents corresponding to multiple virtual machines in the security device, when it is necessary to perform security protection on a certain virtual machine, the corresponding security agents stored in the security device can be used for security protection. In this way, there is no need to install a corresponding security agent in each virtual machine, thereby avoiding the occurrence of a large computer resource occupation of the host computer, that is, the purpose of saving computer resources is realized, and, because the embodiment of the present invention Centrally placing security agents corresponding to multiple virtual machines in a security device facilitates centralized management of multiple security agents corresponding to multiple virtual machines, that is, the embodiments of the present invention also reduce management costs of security agents.

进一步的,本发明实施例还公开了一种安全设备,包括多个安全代理,还包括:Further, the embodiment of the present invention also discloses a security device, including multiple security agents, and also includes:

数据获取模块,用于获取在对目标虚拟机的数据流进行拦截后得到的拦截数据;A data acquisition module, configured to acquire interception data obtained after intercepting the data flow of the target virtual machine;

代理筛选模块,用于从多个安全代理中筛选出与目标虚拟机对应的安全代理,得到目标安全代理;An agent screening module, configured to screen out a security agent corresponding to the target virtual machine from multiple security agents to obtain the target security agent;

数据检测模块,用于利用目标安全代理,对拦截数据进行病毒检测,以确定拦截数据是否为安全数据;The data detection module is used to utilize the target security agent to perform virus detection on the intercepted data, so as to determine whether the intercepted data is safe data;

数据路由模块,用于当拦截数据为安全数据,则对拦截数据展开后续相应的数据路由处理。The data routing module is used to carry out subsequent corresponding data routing processing on the intercepted data when the intercepted data is safe data.

其中,上述安全设备的设备类型具体可以为虚拟机。Wherein, the device type of the foregoing security device may specifically be a virtual machine.

本发明实施例通过将多台虚拟机对应的安全代理均放置在安全设备中,当需要对某台虚拟机进行安全防护时,便可以利用安全设备中保存的相应的安全代理来进行安全防护操作,这样便无需每台虚拟机中均安装相应的安全代理,从而避免对主机的计算机资源占用较大的情况出现,也即,实现了节约计算机资源的目的,并且,由于本发明实施例将多台虚拟机对应的安全代理集中放置在安全设备中,这样能够方便对多台虚拟机对应的多个安全代理进行集中管理,也即,本发明实施例还降低了安全代理的管理成本。In the embodiment of the present invention, by placing the security agents corresponding to multiple virtual machines in the security device, when it is necessary to perform security protection on a certain virtual machine, the corresponding security agents stored in the security device can be used to perform security protection operations , so that there is no need to install a corresponding security agent in each virtual machine, thereby avoiding the occurrence of a large computer resource occupation of the host computer, that is, the purpose of saving computer resources is achieved, and, because the embodiment of the present invention will be more The security agent corresponding to each virtual machine is centrally placed in the security device, which facilitates centralized management of multiple security agents corresponding to multiple virtual machines, that is, the embodiment of the present invention also reduces the management cost of the security agent.

最后,还需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。Finally, it should also be noted that in this text, relational terms such as first and second etc. are only used to distinguish one entity or operation from another, and do not necessarily require or imply that these entities or operations, any such actual relationship or order exists. Furthermore, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes elements not expressly listed. other elements of or also include elements inherent in such a process, method, article, or device. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article or apparatus comprising said element.

以上对本发明所提供的一种虚拟机安全防护方法、系统及安全设备进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。A virtual machine security protection method, system, and security device provided by the present invention have been introduced in detail above. In this paper, specific examples are used to illustrate the principle and implementation of the present invention. The descriptions of the above embodiments are only used to help Understand the method of the present invention and its core idea; at the same time, for those of ordinary skill in the art, according to the idea of the present invention, there will be changes in the specific implementation and scope of application. In summary, the content of this specification is not It should be understood as a limitation of the present invention.

Claims (10)

1. a kind of secure virtual machine means of defence, it is characterised in that include:
The data flow of target virtual machine is intercepted, corresponding data interception is obtained;
The data interception is sent to safety equipment;
TSM Security Agent corresponding with the target virtual machine is filtered out in the multiple TSM Security Agent included from the safety equipment, is obtained To targeted security agency;
Acted on behalf of using the targeted security, Viral diagnosis are carried out to the data interception, to determine that whether the data interception be Secure data;
If the data interception is secure data, by the safety equipment follow-up corresponding number is launched to the data interception According to route processing.
2. secure virtual machine means of defence according to claim 1, it is characterised in that the data to target virtual machine The process that stream is intercepted, including:
Using the network driver on virtual platform, the data flow of the target virtual machine is intercepted, obtain described Data interception.
3. secure virtual machine means of defence according to claim 2, it is characterised in that
The network driver is the network driver comprising fire wall.
4. secure virtual machine means of defence according to claim 1, it is characterised in that the device type of the safety equipment For virtual machine.
5. the secure virtual machine means of defence according to any one of Claims 1-4, it is characterised in that also include:
When the upgrade patch for TSM Security Agent is got, then using the upgrade patch, to the safety equipment in it is all TSM Security Agent carries out upgrading processing.
6. a kind of secure virtual machine guard system, it is characterised in that include:
Data interception module, for intercepting to the data flow of target virtual machine, obtains corresponding data interception;
Data transmission blocks, for the data interception to be sent to safety equipment;
Screening module is acted on behalf of, for filtering out and the target virtual machine in multiple TSM Security Agent for including from the safety equipment Corresponding TSM Security Agent, obtains targeted security agency;
Data detection module, for acting on behalf of using the targeted security, carries out Viral diagnosis, to determine to the data interception State whether data interception is secure data;
Data routing module, for being secure data when the data interception, then by the safety equipment to the interception number According to the follow-up corresponding data route processing of expansion.
7. secure virtual machine guard system according to claim 6, it is characterised in that
The data interception module, specifically for using the network driver on virtual platform, to the target virtual machine Data flow intercepted, obtain the data interception.
8. the secure virtual machine guard system according to claim 6 or 7, it is characterised in that also include:
Upgraded module is acted on behalf of, for when the upgrade patch for TSM Security Agent is got, then using the upgrade patch, to described All TSM Security Agent in safety equipment carry out upgrading processing.
9. a kind of safety equipment, it is characterised in that including multiple TSM Security Agent, also include:
Data acquisition module, for obtaining the data interception obtained after the data flow to target virtual machine is intercepted;
Screening module is acted on behalf of, for filtering out safe generation corresponding with the target virtual machine from the plurality of TSM Security Agent Reason, obtains targeted security agency;
Data detection module, for acting on behalf of using the targeted security, carries out Viral diagnosis, to determine to the data interception State whether data interception is secure data;
Data routing module, for being secure data when the data interception, then launches follow-up corresponding to the data interception Data route processing.
10. safety equipment according to claim 9, it is characterised in that the device type of the safety equipment is virtual machine.
CN201710108303.9A 2017-02-27 2017-02-27 A virtual machine security protection method, system and security device Pending CN106685999A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710108303.9A CN106685999A (en) 2017-02-27 2017-02-27 A virtual machine security protection method, system and security device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710108303.9A CN106685999A (en) 2017-02-27 2017-02-27 A virtual machine security protection method, system and security device

Publications (1)

Publication Number Publication Date
CN106685999A true CN106685999A (en) 2017-05-17

Family

ID=58861354

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710108303.9A Pending CN106685999A (en) 2017-02-27 2017-02-27 A virtual machine security protection method, system and security device

Country Status (1)

Country Link
CN (1) CN106685999A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109189558A (en) * 2018-09-04 2019-01-11 郑州云海信息技术有限公司 A kind of method and device for secure virtual machine protection
CN111459609A (en) * 2020-03-10 2020-07-28 奇安信科技集团股份有限公司 Virtual machine safety protection method and device and electronic equipment
CN112565203A (en) * 2020-11-19 2021-03-26 深信服科技股份有限公司 Centralized management platform

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090254990A1 (en) * 2008-04-05 2009-10-08 Mcgee William Gerald System and method for intelligent coordination of host and guest intrusion prevention in virtualized environment
CN104753852A (en) * 2013-12-25 2015-07-01 中国移动通信集团公司 Virtualization platform and security protection method and device
CN106375281A (en) * 2016-08-25 2017-02-01 杭州数梦工场科技有限公司 Message control method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090254990A1 (en) * 2008-04-05 2009-10-08 Mcgee William Gerald System and method for intelligent coordination of host and guest intrusion prevention in virtualized environment
US8856914B2 (en) * 2008-04-05 2014-10-07 Trend Micro Incorporated System and method for intelligent coordination of host and guest intrusion prevention in virtualized environment
CN104753852A (en) * 2013-12-25 2015-07-01 中国移动通信集团公司 Virtualization platform and security protection method and device
CN106375281A (en) * 2016-08-25 2017-02-01 杭州数梦工场科技有限公司 Message control method and device

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109189558A (en) * 2018-09-04 2019-01-11 郑州云海信息技术有限公司 A kind of method and device for secure virtual machine protection
CN111459609A (en) * 2020-03-10 2020-07-28 奇安信科技集团股份有限公司 Virtual machine safety protection method and device and electronic equipment
CN111459609B (en) * 2020-03-10 2024-04-19 奇安信科技集团股份有限公司 Virtual machine security protection method, device and electronic device
CN112565203A (en) * 2020-11-19 2021-03-26 深信服科技股份有限公司 Centralized management platform

Similar Documents

Publication Publication Date Title
CA2943271C (en) Method and system for providing security aware applications
JP6772270B2 (en) Dual memory introspection to secure multiple network endpoints
US9166988B1 (en) System and method for controlling virtual network including security function
US11122129B2 (en) Virtual network function migration
US9537897B2 (en) Method and apparatus for providing analysis service based on behavior in mobile network environment
CA2943250C (en) Method and system for ensuring an application conforms with security and regulatory controls prior to deployment
US8707417B1 (en) Driver domain as security monitor in virtualization environment
JP2019512791A (en) Protecting Dynamic and Temporary Virtual Machine Instances in Cloud Environments
US7856573B2 (en) WPAR halted attack introspection stack execution detection
US20200401698A1 (en) Analysis system, analysis method, analysis device, and storage medium
CN104392175A (en) System and method and device for processing cloud application attack behaviors in cloud computing system
CN109379347B (en) Safety protection method and equipment
CN111459609B (en) Virtual machine security protection method, device and electronic device
CN106685999A (en) A virtual machine security protection method, system and security device
CN102523209B (en) Dynamic adjustment method and device of safety inspection virtual machines
CN105868632B (en) Method and device for intercepting and releasing DHCP (dynamic host configuration protocol)
CN109450848B (en) Method and device for defending Docker east-west flow invasion
CN102984229B (en) For configuring the method and system of trust machine
CN105631321A (en) Virtual machine process information detection method and apparatus
JP5814138B2 (en) Security setting system, security setting method and program
JP2009271686A (en) Network system, malware detection apparatus, malware detection method, program, and recording medium
JP6010672B2 (en) Security setting system, security setting method and program
EP2743858B1 (en) Using a honeypot workflow for software review
CN102999357B (en) A kind of collocation method and system of trusting machine
Keeriyattil NSX Service Composer and Third-Party Integration

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170517

RJ01 Rejection of invention patent application after publication