WO2014112981A8 - Function-targeted virtual machine switching - Google Patents
Function-targeted virtual machine switching Download PDFInfo
- Publication number
- WO2014112981A8 WO2014112981A8 PCT/US2013/021603 US2013021603W WO2014112981A8 WO 2014112981 A8 WO2014112981 A8 WO 2014112981A8 US 2013021603 W US2013021603 W US 2013021603W WO 2014112981 A8 WO2014112981 A8 WO 2014112981A8
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- virtual machine
- switching
- function
- targeted
- attackers
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45591—Monitoring or debugging support
Abstract
Technologies are provided for function-targeted virtual machine switching. In some examples, function usage times on a virtual machine (VM) may be profiled by a virtual machine manager (VMM) and used to manage VM switching in order to preferentially switch VMs during specific targeted functions. The targeted functions and/or VM switching preferences may be adjusted over time in order to provide switching unpredictability, for example to frustrate side-channel attackers by forcing the attackers to gather data for much longer periods of time (e.g., weeks or months) if they want to detect or attack.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201380070466.2A CN104937550B (en) | 2013-01-15 | 2013-01-15 | Switch by the virtual machine of target of function |
PCT/US2013/021603 WO2014112981A1 (en) | 2013-01-15 | 2013-01-15 | Function-targeted virtual machine switching |
US13/977,670 US9304795B2 (en) | 2013-01-15 | 2013-01-15 | Function-targeted virtual machine switching |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2013/021603 WO2014112981A1 (en) | 2013-01-15 | 2013-01-15 | Function-targeted virtual machine switching |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2014112981A1 WO2014112981A1 (en) | 2014-07-24 |
WO2014112981A8 true WO2014112981A8 (en) | 2017-01-05 |
Family
ID=51209940
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2013/021603 WO2014112981A1 (en) | 2013-01-15 | 2013-01-15 | Function-targeted virtual machine switching |
Country Status (3)
Country | Link |
---|---|
US (1) | US9304795B2 (en) |
CN (1) | CN104937550B (en) |
WO (1) | WO2014112981A1 (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2921092A1 (en) * | 2013-08-12 | 2015-02-19 | Graphite Software Corporation | Secure authentication and switching to encrypted domains |
US9824225B1 (en) * | 2013-09-20 | 2017-11-21 | EMC IP Holding Company LLC | Protecting virtual machines processing sensitive information |
KR102147991B1 (en) | 2013-11-21 | 2020-08-25 | 씨아이에스 맥스웰, 엘엘씨 | Managed domains for remote content and configuration control on mobile information devices |
KR101807441B1 (en) * | 2013-12-04 | 2017-12-08 | 엠파이어 테크놀로지 디벨롭먼트 엘엘씨 | Detection of side channel attacks between virtual machines |
US9934047B2 (en) * | 2014-03-20 | 2018-04-03 | Intel Corporation | Techniques for switching between operating systems |
US10311229B1 (en) | 2015-05-18 | 2019-06-04 | Amazon Technologies, Inc. | Mitigating timing side-channel attacks by obscuring alternatives in code |
US10868665B1 (en) * | 2015-05-18 | 2020-12-15 | Amazon Technologies, Inc. | Mitigating timing side-channel attacks by obscuring accesses to sensitive data |
US10678574B1 (en) | 2017-11-01 | 2020-06-09 | Amazon Technologies, Inc. | Reconfiguration rate-control |
US11755496B1 (en) | 2021-12-10 | 2023-09-12 | Amazon Technologies, Inc. | Memory de-duplication using physical memory aliases |
Family Cites Families (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7142670B2 (en) * | 2001-08-14 | 2006-11-28 | International Business Machines Corporation | Space-efficient, side-channel attack resistant table lookups |
EP1331565B1 (en) | 2002-01-29 | 2018-09-12 | Texas Instruments France | Application execution profiling in conjunction with a virtual machine |
JP2006059052A (en) | 2004-08-19 | 2006-03-02 | Hitachi Ltd | Virtual computer system |
US7904903B2 (en) * | 2005-06-30 | 2011-03-08 | Intel Corporation | Selective register save and restore upon context switch using trap |
US20070174429A1 (en) | 2006-01-24 | 2007-07-26 | Citrix Systems, Inc. | Methods and servers for establishing a connection between a client system and a virtual machine hosting a requested computing environment |
US7554865B2 (en) * | 2006-09-21 | 2009-06-30 | Atmel Corporation | Randomizing current consumption in memory devices |
US7802050B2 (en) | 2006-09-29 | 2010-09-21 | Intel Corporation | Monitoring a target agent execution pattern on a VT-enabled system |
US20080235769A1 (en) | 2007-03-21 | 2008-09-25 | Stacy Purcell | System and method for adaptive tarpits using distributed virtual machines |
US8341626B1 (en) * | 2007-11-30 | 2012-12-25 | Hewlett-Packard Development Company, L. P. | Migration of a virtual machine in response to regional environment effects |
US20100246808A1 (en) * | 2007-12-05 | 2010-09-30 | Nec Corporation | Side channel attack tolerance evaluation apparatus, method and program |
US20110078797A1 (en) | 2008-07-29 | 2011-03-31 | Novell, Inc. | Endpoint security threat mitigation with virtual machine imaging |
JP5223596B2 (en) * | 2008-10-30 | 2013-06-26 | 富士通株式会社 | Virtual computer system and management method thereof, management program, recording medium, and control method |
US8321862B2 (en) | 2009-03-20 | 2012-11-27 | Oracle America, Inc. | System for migrating a virtual machine and resource usage data to a chosen target host based on a migration policy |
US9672189B2 (en) | 2009-04-20 | 2017-06-06 | Check Point Software Technologies, Ltd. | Methods for effective network-security inspection in virtualized environments |
EP2425341B1 (en) * | 2009-05-01 | 2018-07-11 | Citrix Systems, Inc. | Systems and methods for establishing a cloud bridge between virtual storage resources |
US8613085B2 (en) * | 2009-07-22 | 2013-12-17 | Broadcom Corporation | Method and system for traffic management via virtual machine migration |
US8924534B2 (en) | 2009-10-27 | 2014-12-30 | Vmware, Inc. | Resource optimization and monitoring in virtualized infrastructure |
JP5434616B2 (en) | 2010-01-15 | 2014-03-05 | 富士通株式会社 | Virtual machine, virtual machine monitor, and computer control method |
WO2012058613A2 (en) * | 2010-10-31 | 2012-05-03 | Mark Lowell Tucker | System and method for securing virtual computing environments |
US8756599B2 (en) * | 2011-01-17 | 2014-06-17 | International Business Machines Corporation | Task prioritization management in a virtualized environment |
US8505097B1 (en) * | 2011-06-30 | 2013-08-06 | Emc Corporation | Refresh-and-rotation process for minimizing resource vulnerability to persistent security threats |
US8145929B2 (en) * | 2011-07-01 | 2012-03-27 | Intel Corporation | Stochastic management of power consumption by computer systems |
US8839004B1 (en) * | 2012-04-16 | 2014-09-16 | Ionu Security, Inc. | Secure cloud computing infrastructure |
US8813240B1 (en) * | 2012-05-30 | 2014-08-19 | Google Inc. | Defensive techniques to increase computer security |
-
2013
- 2013-01-15 CN CN201380070466.2A patent/CN104937550B/en not_active Expired - Fee Related
- 2013-01-15 US US13/977,670 patent/US9304795B2/en not_active Expired - Fee Related
- 2013-01-15 WO PCT/US2013/021603 patent/WO2014112981A1/en active Application Filing
Also Published As
Publication number | Publication date |
---|---|
US9304795B2 (en) | 2016-04-05 |
WO2014112981A1 (en) | 2014-07-24 |
CN104937550B (en) | 2019-03-26 |
CN104937550A (en) | 2015-09-23 |
US20140359778A1 (en) | 2014-12-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2014112981A8 (en) | Function-targeted virtual machine switching | |
USD720364S1 (en) | Display screen or a portion thereof with graphical user interface | |
WO2016010665A8 (en) | Apparatus for and method of preventing unsecured data access | |
EP3380933A4 (en) | Extracting malicious instructions on a virtual machine in a network environment | |
EP3356935A4 (en) | Direct network traffic monitoring within vm platforms in virtual processing environments | |
GB2521946A (en) | Detection of return oriented programming attacks | |
WO2016118032A8 (en) | Systems and methods for exposing a current processor instruction upon exiting a virtual machine | |
SG150490A1 (en) | Virtual machine (vm) migration between processor architectures | |
GB201100039D0 (en) | Server, user device and malware detection method thereof | |
BR112017008614A2 (en) | hardware accelerated virtual context switching | |
GB201320497D0 (en) | Method for providing location independent dynamic port mirroring on distributed virtual switches | |
TW200641607A (en) | Intrusion detection system | |
MX2016003190A (en) | Virtual machine manager facilitated selective code integrity enforcement. | |
WO2009022336A3 (en) | System and method for managing a virtual machine environment | |
GB2508553A (en) | Protecting memory of a virtual guest | |
WO2012097073A3 (en) | Processor mode locking | |
WO2011149983A3 (en) | Method and apparatus for trusted execution in infrastructure as a service cloud environments | |
WO2012173831A3 (en) | Virtual machine snapshotting and analysis | |
MY172572A (en) | Exception handling in a data processing apparatus having a secure domain and a less secure domain | |
PH12017550126A1 (en) | Bulk allocation of instruction blocks to a processor instruction window | |
EP2579817A4 (en) | Implant components and methods | |
GB201302443D0 (en) | Detecting malicious computer code in an executing program module | |
EP2333663A3 (en) | Method and device for providing access to physical resources in a virtual machine environment | |
MY176723A (en) | Data processing apparatus and method using secure domain and less secure domain | |
GB2520893A (en) | Applying enhancements to visual content |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 13977670 Country of ref document: US |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13872213 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 13872213 Country of ref document: EP Kind code of ref document: A1 |