The existing methods for monitoring clipboard operations cannot defend kernel-level attacks and satisfy the practical needs due to the simple protection strategy. In order to mitigate these disadvantages, a clipboard operations monitoring technique for document contents based on Virtual Machine Monitor (VMM) was proposed, as well as a classification protection strategy for electronic documents based on clipboard operations monitoring. Firstly, system calls were intercepted and identified in VMM by modifying the shadow registers. Secondly, a mapping table between process identifier and document path was created by monitoring the document open operations, then the document path could be obtained by process identifier when the clipboard operations were intercepted. Finally, clipboard operations were filtered according to classification protection strategy. The experimental results show that the performance loss to Guest OS file system caused by the monitoring system decreases with the increase of the record size; when the record size reaches more than 64 KB, the performance loss is within 10%, which has little effect on the user.