HYPERVISOR SECURITY API MODULE AND HYPERVISOR-BASED VIRTUAL NETWORK INTRUSION PREVENTION SYSTEM

摘要

Provided are a hypervisor security API module and a hypervisor-based virtual network intrusion prevention system. The hypervisor security API module acquires internal information of a virtual system from a hypervisor, and provides the hypervisor with an API for performing a security control in response to intrusion detection results using the internal information of the virtual system. The hypervisor security API module includes: a virtual memory access processor which provides an API for reading and writing contents of a virtual memory included in a virtual machine; a virtual CPU access processor which provides an API for reading a register value of a virtual CPU included in the virtual machine; a virtual storage access processor which provides an API for accessing a file system included in the virtual machine, moving to a directory, and reading and writing files; a virtual network access processor which provides an API for capturing and filtering virtual network packets; a hypercall monitoring processor which provides an API for monitoring hypercalls; a guest OS information access processor which provides an API for reading information on a guest OS; a hypervisor information access processor which provides an API for reading internal information of the hypervisor; and a security control processor which provides an API for transmitting security control signals to the hypervisor.