METHOD AND DEVICE FOR REALIZING VIRTUAL MACHINE INTROSPECTION

摘要

The present invention relates to the field of information technologies and discloses a method and an apparatus for implementing virtual machine introspection, so as to resolve a problem that a VMI system cannot accurately perform security check on in-memory data in a VM. The method provided in the present invention may specifically include: determining to-be-checked data in a virtual machine; starting to read the to-be-checked data, saving a copy of the read to-be-checked data, and storing a storage address of the read to-be-checked data in a hardware transactional memory, so that the hardware transactional memory is capable of monitoring the read to-be-checked data according to the storage address; when it is detected that the read to-be-checked data is modified, stopping reading the to-be-checked data, and deleting the copy; and when reading the to-be-checked data is completed and it is not detected that the read to-be-checked data is modified, performing security check on the copy. The method can be applied to virtual machine introspection.