WO2014112981A8 - Function-targeted virtual machine switching - Google Patents
Function-targeted virtual machine switching Download PDFInfo
- Publication number
- WO2014112981A8 WO2014112981A8 PCT/US2013/021603 US2013021603W WO2014112981A8 WO 2014112981 A8 WO2014112981 A8 WO 2014112981A8 US 2013021603 W US2013021603 W US 2013021603W WO 2014112981 A8 WO2014112981 A8 WO 2014112981A8
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- virtual machine
- switching
- function
- targeted
- attackers
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45591—Monitoring or debugging support
Abstract
Technologies are provided for function-targeted virtual machine switching. In some examples, function usage times on a virtual machine (VM) may be profiled by a virtual machine manager (VMM) and used to manage VM switching in order to preferentially switch VMs during specific targeted functions. The targeted functions and/or VM switching preferences may be adjusted over time in order to provide switching unpredictability, for example to frustrate side-channel attackers by forcing the attackers to gather data for much longer periods of time (e.g., weeks or months) if they want to detect or attack.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201380070466.2A CN104937550B (en) | 2013-01-15 | 2013-01-15 | Switch by the virtual machine of target of function |
| PCT/US2013/021603 WO2014112981A1 (en) | 2013-01-15 | 2013-01-15 | Function-targeted virtual machine switching |
| US13/977,670 US9304795B2 (en) | 2013-01-15 | 2013-01-15 | Function-targeted virtual machine switching |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/US2013/021603 WO2014112981A1 (en) | 2013-01-15 | 2013-01-15 | Function-targeted virtual machine switching |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| WO2014112981A1 WO2014112981A1 (en) | 2014-07-24 |
| WO2014112981A8 true WO2014112981A8 (en) | 2017-01-05 |
Family
ID=51209940
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/US2013/021603 WO2014112981A1 (en) | 2013-01-15 | 2013-01-15 | Function-targeted virtual machine switching |
Country Status (3)
| Country | Link |
|---|---|
| US (1) | US9304795B2 (en) |
| CN (1) | CN104937550B (en) |
| WO (1) | WO2014112981A1 (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2921092A1 (en) * | 2013-08-12 | 2015-02-19 | Graphite Software Corporation | Secure authentication and switching to encrypted domains |
| US9824225B1 (en) * | 2013-09-20 | 2017-11-21 | EMC IP Holding Company LLC | Protecting virtual machines processing sensitive information |
| KR102147991B1 (en) | 2013-11-21 | 2020-08-25 | 씨아이에스 맥스웰, 엘엘씨 | Managed domains for remote content and configuration control on mobile information devices |
| KR101807441B1 (en) * | 2013-12-04 | 2017-12-08 | 엠파이어 테크놀로지 디벨롭먼트 엘엘씨 | Detection of side channel attacks between virtual machines |
| US9934047B2 (en) * | 2014-03-20 | 2018-04-03 | Intel Corporation | Techniques for switching between operating systems |
| US10311229B1 (en) | 2015-05-18 | 2019-06-04 | Amazon Technologies, Inc. | Mitigating timing side-channel attacks by obscuring alternatives in code |
| US10868665B1 (en) * | 2015-05-18 | 2020-12-15 | Amazon Technologies, Inc. | Mitigating timing side-channel attacks by obscuring accesses to sensitive data |
| US10678574B1 (en) | 2017-11-01 | 2020-06-09 | Amazon Technologies, Inc. | Reconfiguration rate-control |
| US11755496B1 (en) | 2021-12-10 | 2023-09-12 | Amazon Technologies, Inc. | Memory de-duplication using physical memory aliases |
Family Cites Families (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7142670B2 (en) * | 2001-08-14 | 2006-11-28 | International Business Machines Corporation | Space-efficient, side-channel attack resistant table lookups |
| EP1331565B1 (en) | 2002-01-29 | 2018-09-12 | Texas Instruments France | Application execution profiling in conjunction with a virtual machine |
| JP2006059052A (en) | 2004-08-19 | 2006-03-02 | Hitachi Ltd | Virtual computer system |
| US7904903B2 (en) * | 2005-06-30 | 2011-03-08 | Intel Corporation | Selective register save and restore upon context switch using trap |
| US20070174429A1 (en) | 2006-01-24 | 2007-07-26 | Citrix Systems, Inc. | Methods and servers for establishing a connection between a client system and a virtual machine hosting a requested computing environment |
| US7554865B2 (en) * | 2006-09-21 | 2009-06-30 | Atmel Corporation | Randomizing current consumption in memory devices |
| US7802050B2 (en) | 2006-09-29 | 2010-09-21 | Intel Corporation | Monitoring a target agent execution pattern on a VT-enabled system |
| US20080235769A1 (en) | 2007-03-21 | 2008-09-25 | Stacy Purcell | System and method for adaptive tarpits using distributed virtual machines |
| US8341626B1 (en) * | 2007-11-30 | 2012-12-25 | Hewlett-Packard Development Company, L. P. | Migration of a virtual machine in response to regional environment effects |
| US20100246808A1 (en) * | 2007-12-05 | 2010-09-30 | Nec Corporation | Side channel attack tolerance evaluation apparatus, method and program |
| US20110078797A1 (en) | 2008-07-29 | 2011-03-31 | Novell, Inc. | Endpoint security threat mitigation with virtual machine imaging |
| JP5223596B2 (en) * | 2008-10-30 | 2013-06-26 | 富士通株式会社 | Virtual computer system and management method thereof, management program, recording medium, and control method |
| US8321862B2 (en) | 2009-03-20 | 2012-11-27 | Oracle America, Inc. | System for migrating a virtual machine and resource usage data to a chosen target host based on a migration policy |
| US9672189B2 (en) | 2009-04-20 | 2017-06-06 | Check Point Software Technologies, Ltd. | Methods for effective network-security inspection in virtualized environments |
| EP2425341B1 (en) * | 2009-05-01 | 2018-07-11 | Citrix Systems, Inc. | Systems and methods for establishing a cloud bridge between virtual storage resources |
| US8613085B2 (en) * | 2009-07-22 | 2013-12-17 | Broadcom Corporation | Method and system for traffic management via virtual machine migration |
| US8924534B2 (en) | 2009-10-27 | 2014-12-30 | Vmware, Inc. | Resource optimization and monitoring in virtualized infrastructure |
| JP5434616B2 (en) | 2010-01-15 | 2014-03-05 | 富士通株式会社 | Virtual machine, virtual machine monitor, and computer control method |
| WO2012058613A2 (en) * | 2010-10-31 | 2012-05-03 | Mark Lowell Tucker | System and method for securing virtual computing environments |
| US8756599B2 (en) * | 2011-01-17 | 2014-06-17 | International Business Machines Corporation | Task prioritization management in a virtualized environment |
| US8505097B1 (en) * | 2011-06-30 | 2013-08-06 | Emc Corporation | Refresh-and-rotation process for minimizing resource vulnerability to persistent security threats |
| US8145929B2 (en) * | 2011-07-01 | 2012-03-27 | Intel Corporation | Stochastic management of power consumption by computer systems |
| US8839004B1 (en) * | 2012-04-16 | 2014-09-16 | Ionu Security, Inc. | Secure cloud computing infrastructure |
| US8813240B1 (en) * | 2012-05-30 | 2014-08-19 | Google Inc. | Defensive techniques to increase computer security |
-
2013
- 2013-01-15 CN CN201380070466.2A patent/CN104937550B/en not_active Expired - Fee Related
- 2013-01-15 US US13/977,670 patent/US9304795B2/en not_active Expired - Fee Related
- 2013-01-15 WO PCT/US2013/021603 patent/WO2014112981A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| US9304795B2 (en) | 2016-04-05 |
| WO2014112981A1 (en) | 2014-07-24 |
| CN104937550B (en) | 2019-03-26 |
| CN104937550A (en) | 2015-09-23 |
| US20140359778A1 (en) | 2014-12-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2014112981A8 (en) | Function-targeted virtual machine switching | |
| USD720364S1 (en) | Display screen or a portion thereof with graphical user interface | |
| WO2016010665A8 (en) | Apparatus for and method of preventing unsecured data access | |
| EP3380933A4 (en) | Extracting malicious instructions on a virtual machine in a network environment | |
| EP3356935A4 (en) | Direct network traffic monitoring within vm platforms in virtual processing environments | |
| GB2521946A (en) | Detection of return oriented programming attacks | |
| WO2016118032A8 (en) | Systems and methods for exposing a current processor instruction upon exiting a virtual machine | |
| SG150490A1 (en) | Virtual machine (vm) migration between processor architectures | |
| GB201100039D0 (en) | Server, user device and malware detection method thereof | |
| BR112017008614A2 (en) | hardware accelerated virtual context switching | |
| GB201320497D0 (en) | Method for providing location independent dynamic port mirroring on distributed virtual switches | |
| TW200641607A (en) | Intrusion detection system | |
| MX2016003190A (en) | Virtual machine manager facilitated selective code integrity enforcement. | |
| WO2009022336A3 (en) | System and method for managing a virtual machine environment | |
| GB2508553A (en) | Protecting memory of a virtual guest | |
| WO2012097073A3 (en) | Processor mode locking | |
| WO2011149983A3 (en) | Method and apparatus for trusted execution in infrastructure as a service cloud environments | |
| WO2012173831A3 (en) | Virtual machine snapshotting and analysis | |
| MY172572A (en) | Exception handling in a data processing apparatus having a secure domain and a less secure domain | |
| PH12017550126A1 (en) | Bulk allocation of instruction blocks to a processor instruction window | |
| EP2579817A4 (en) | Implant components and methods | |
| GB201302443D0 (en) | Detecting malicious computer code in an executing program module | |
| EP2333663A3 (en) | Method and device for providing access to physical resources in a virtual machine environment | |
| MY176723A (en) | Data processing apparatus and method using secure domain and less secure domain | |
| GB2520893A (en) | Applying enhancements to visual content |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| WWE | Wipo information: entry into national phase |
Ref document number: 13977670 Country of ref document: US |
|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13872213 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 13872213 Country of ref document: EP Kind code of ref document: A1 |