[go: up one dir, main page]

CN107392030A - A kind of method and device for detecting virtual machine and starting safety - Google Patents

A kind of method and device for detecting virtual machine and starting safety Download PDF

Info

Publication number
CN107392030A
CN107392030A CN201710632814.0A CN201710632814A CN107392030A CN 107392030 A CN107392030 A CN 107392030A CN 201710632814 A CN201710632814 A CN 201710632814A CN 107392030 A CN107392030 A CN 107392030A
Authority
CN
China
Prior art keywords
virtual
module
virtual machine
tpm
add
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710632814.0A
Other languages
Chinese (zh)
Inventor
刘海伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Beijing Electronic Information Industry Co Ltd
Original Assignee
Inspur Beijing Electronic Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Beijing Electronic Information Industry Co Ltd filed Critical Inspur Beijing Electronic Information Industry Co Ltd
Priority to CN201710632814.0A priority Critical patent/CN107392030A/en
Publication of CN107392030A publication Critical patent/CN107392030A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of method for detecting virtual machine and starting safety, the metric of virtual machine add-in is measured by virtual TPM module corresponding to virtual machine, and metric and benchmark metric value are contrasted by security centre, whether the add-in of final confirmation virtual machine is correct, if correct, virtual machine can be with clean boot.Each virtual machine has a corresponding virtual TPM module in the present invention, can be when several virtual machines need to start simultaneously, the add-in of each virtual machine is detected respectively, it is non-interference to the metrics process of each virtual machine, improve detection efficiency, after detection virtual machine add-in is correct, the security of virtual machine and whole system is ensure that, is advantageous to improve the performance of system operation.

Description

一种检测虚拟机启动安全的方法及装置A method and device for detecting virtual machine startup security

技术领域technical field

本发明涉及虚拟机领域,特别是涉及一种检测虚拟机启动安全的方法及装置。The invention relates to the field of virtual machines, in particular to a method and device for detecting the safety of starting a virtual machine.

背景技术Background technique

随着云计算技术的发展,实现了IT资源的统一表示和逻辑抽象,其具备按需分配、动态拓展的特点,减少了IT运营的成本。With the development of cloud computing technology, the unified representation and logical abstraction of IT resources have been realized. It has the characteristics of on-demand allocation and dynamic expansion, which reduces the cost of IT operations.

虚拟机是云计算技术的应用一个方面,是指一种特殊的软件,他可以在计算机平台和终端用户之间创建一种环境,而终端用户则是基于这个软件所创建的环境来操作软件,相互独立操作、互不干扰。A virtual machine is an aspect of the application of cloud computing technology. It refers to a special software that can create an environment between the computer platform and the end user, and the end user operates the software based on the environment created by the software. Operate independently of each other without interfering with each other.

但是现有的虚拟机软件在实际应用过程中,由于支持虚拟机运行的硬件资源在本地不可见,在数据传输或加载时易遭受篡改和攻击,导致虚拟机不能安全启动。However, in the actual application process of the existing virtual machine software, since the hardware resources supporting the running of the virtual machine are not visible locally, they are vulnerable to tampering and attacks during data transmission or loading, resulting in that the virtual machine cannot be safely started.

发明内容Contents of the invention

本发明的目的是提供一种检测虚拟机启动安全的方法,解决了虚拟机不能够安全启动的问题,保障了虚拟机启动时的安全性,本发明的另一目的是提供一种检测虚拟机启动安全的装置。The purpose of the present invention is to provide a method for detecting the safety of virtual machine startup, which solves the problem that the virtual machine cannot be safely started, and ensures the safety of the virtual machine when it is started. Another purpose of the present invention is to provide a method for detecting virtual machine Activate the safe device.

为解决上述技术问题,本发明提供一种检测虚拟机启动安全的方法,包括:In order to solve the above-mentioned technical problems, the present invention provides a method for detecting the safety of starting a virtual machine, including:

在辅助模块监测到虚拟机启动加载项时,虚拟TPM管理模块查找并启动所述虚拟机对应的虚拟TPM模块,其中,所述虚拟TPM模块是所述虚拟TPM管理模块预先创建的模块,且每个所述虚拟机均有一个对应的所述TPM模块;所述虚拟TPM模块度量所述虚拟机加载项的度量值;在所述虚拟机的加载项启动完毕时,所述虚拟TPM模块将所述度量值发送至安全中心;所述安全中心判断所述度量值是否符合预设的基准度量值,如果是,则生成所述虚拟机的启动安全的判断结果。When the auxiliary module detects that the virtual machine starts an add-on, the virtual TPM management module searches for and starts the virtual TPM module corresponding to the virtual machine, wherein the virtual TPM module is a module pre-created by the virtual TPM management module, and every Each of the virtual machines has a corresponding TPM module; the virtual TPM module measures the measurement value of the virtual machine add-on; when the add-on of the virtual machine is started, the virtual TPM module will The metric value is sent to the security center; the security center judges whether the metric value conforms to a preset benchmark metric value, and if so, generates a judging result of the startup security of the virtual machine.

其中,在辅助模块监测到虚拟机启动加载项之前还包括:Among them, before the auxiliary module detects the virtual machine startup add-on, it also includes:

在创建所述虚拟机时,所述虚拟TPM管理模块以TPM模拟模块为模板创建与所述虚拟机对应的所述虚拟TPM模块,并以加密的方式保存所述虚拟TPM模块的数据到本地磁盘。When creating the virtual machine, the virtual TPM management module uses the TPM simulation module as a template to create the virtual TPM module corresponding to the virtual machine, and saves the data of the virtual TPM module to the local disk in an encrypted manner .

其中,在辅助模块监测到虚拟机启动加载项之前,还包括:Among them, before the auxiliary module monitors the virtual machine startup add-on, it also includes:

所述虚拟TPM模块度量所述虚拟机的加载项,获得并发送度量值至所述安全中心,作为基准度量值。The virtual TPM module measures the add-on of the virtual machine, obtains and sends the measured value to the security center as a reference measured value.

其中,在启动虚拟TPM模块之后还包括:Among them, after starting the virtual TPM module, it also includes:

所述虚拟TPM管理器按预设周期,以加密的方式保存所述虚拟TPM模块的数据到本地磁盘。The virtual TPM manager saves the data of the virtual TPM module to the local disk in an encrypted manner according to a preset period.

其中,所述虚拟TPM管理模块查找所述虚拟机是否存在对应的虚拟TPM模块包括:Wherein, the virtual TPM management module searching whether there is a corresponding virtual TPM module in the virtual machine includes:

所述虚拟TPM管理模块根据所述虚拟机的标识信息查找对应的所述虚拟TPM模块。The virtual TPM management module searches for the corresponding virtual TPM module according to the identification information of the virtual machine.

其中,所述虚拟TPM模块度量虚拟机加载项的度量值包括:Wherein, the measurement value of the virtual TPM module measuring the virtual machine add-on includes:

所述虚拟TPM模块将所述虚拟机加载项的数据经过Hash算法运算后,获得所述的度量值。The virtual TPM module obtains the measurement value after performing Hash algorithm operation on the data of the virtual machine add-on.

本发明还提供了一种检测虚拟机启动安全的系统,包括:The present invention also provides a system for detecting virtual machine startup safety, including:

虚拟TPM管理模块,用于在辅助模块监测到虚拟机启动加载项时,虚拟TPM管理模块查找并启动所述虚拟机对应的虚拟TPM模块,其中,所述虚拟TPM模块是所述虚拟TPM管理模块预先创建的模块,且每个所述虚拟机均有一个对应的所述TPM模块;A virtual TPM management module, configured to search and start a virtual TPM module corresponding to the virtual machine when the auxiliary module detects that the virtual machine starts an add-on, wherein the virtual TPM module is the virtual TPM management module A pre-created module, and each virtual machine has a corresponding TPM module;

虚拟TPM模块,用于所述虚拟TPM度量所述虚拟机加载项的度量值;在所述虚拟机的加载项启动完毕时,所述虚拟TPM模块将所述度量值发送至安全中心;The virtual TPM module is used for the virtual TPM to measure the measurement value of the virtual machine add-on; when the virtual machine add-on is started, the virtual TPM module sends the measurement value to the security center;

所述安全中心判断所述度量值是否符合预设的基准度量值,如果是,则生成所述虚拟机的启动安全的判断结果。The security center judges whether the metric value conforms to a preset benchmark metric value, and if so, generates a judging result of the startup security of the virtual machine.

其中,所述虚拟TPM管理模块还用于:Wherein, the virtual TPM management module is also used for:

在辅助模块监测到虚拟机启动加载项之前,在创建所述虚拟机时,所述虚拟TPM管理模块以TPM模拟模块为模板创建与所述虚拟机对应的所述虚拟TPM模块,并以加密的方式保存所述虚拟TPM模块的数据到本地磁盘。Before the auxiliary module detects that the virtual machine starts the add-on, when creating the virtual machine, the virtual TPM management module uses the TPM simulation module as a template to create the virtual TPM module corresponding to the virtual machine, and uses the encrypted save the data of the virtual TPM module to the local disk.

其中,所述虚拟TPM管理模块还用于:Wherein, the virtual TPM management module is also used for:

在启动虚拟TPM之后,所述虚拟TPM管理模块按预设周期,以加密的方式保存所述虚拟TPM模块的数据到本地磁盘。After starting the virtual TPM, the virtual TPM management module saves the data of the virtual TPM module to the local disk in an encrypted manner according to a preset period.

其中,所述虚拟TPM模块用于:Wherein, the virtual TPM module is used for:

所述虚拟TPM模块将所述虚拟机加载项的数据经过Hash算法运算后,获得所述的度量值。The virtual TPM module obtains the measurement value after performing Hash algorithm operation on the data of the virtual machine add-on.

本发明所提供的一种检测虚拟机启动安全的方法,在虚拟机启动时,通过虚拟TPM管理模块查找虚拟机对应的虚拟TPM模块,运用虚拟TPM模块度量虚拟机的加载项,将获得的度量值与预先设定的基准度量值对比,从而实现该虚拟机的加载项是否遭受攻击和篡改的判断,且本发明中每个虚拟机均有一个对应的虚拟TPM模块,如果多个虚拟机在同一时间内都需要启动时,各个虚拟TPM模块都可以在同一时间内对各个虚拟机的加载项进行度量,从而判断虚拟机是否可以安全启动,提高了在虚拟机启动之前检测虚拟机的效率,且本发明的检测程序简单有效,能够相对较准确的保障在虚拟机启动时的安全性,提高了虚拟机的使用性能。A method for detecting the startup safety of a virtual machine provided by the present invention, when the virtual machine is started, the virtual TPM module corresponding to the virtual machine is searched through the virtual TPM management module, and the virtual TPM module is used to measure the add-on of the virtual machine, and the obtained measurement Value is compared with the preset benchmark measurement value, so as to realize the judgment of whether the add-on of the virtual machine is attacked and tampered with, and each virtual machine in the present invention has a corresponding virtual TPM module, if multiple virtual machines are in When it is necessary to start at the same time, each virtual TPM module can measure the add-ons of each virtual machine at the same time, so as to judge whether the virtual machine can be started safely, and improve the efficiency of detecting the virtual machine before the virtual machine is started. Moreover, the detection program of the present invention is simple and effective, can relatively accurately guarantee the safety when the virtual machine is started, and improves the use performance of the virtual machine.

附图说明Description of drawings

为了更清楚的说明本发明实施例或现有技术的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单的介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the following will briefly introduce the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only For some embodiments of the present invention, those skilled in the art can also obtain other drawings based on these drawings without any creative work.

图1为本发明提供的检测虚拟机启动安全的一种具体实施方式的流程图;Fig. 1 is a flow chart of a specific embodiment of detecting virtual machine startup security provided by the present invention;

图2为本发明提供的创建虚拟机对应虚拟TPM模块的一种具体实施方式流程图;FIG. 2 is a flow chart of a specific embodiment of creating a virtual TPM module corresponding to a virtual machine provided by the present invention;

图3为本发明实施例提供的检测虚拟机启动安全的系统的结构框图。FIG. 3 is a structural block diagram of a system for detecting virtual machine startup security provided by an embodiment of the present invention.

具体实施方式detailed description

为了使本技术领域的人员更好地理解本发明方案,下面结合附图和具体实施方式对本发明作进一步的详细说明。显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to enable those skilled in the art to better understand the solution of the present invention, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments. Apparently, the described embodiments are only some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

本发明提供的检测虚拟机启动安全的一种具体实施方式的流程图,如图1所示,该方法可以包括:A flow chart of a specific implementation of detecting virtual machine startup security provided by the present invention, as shown in Figure 1, the method may include:

步骤S101:在辅助模块监测到虚拟机启动加载项时,虚拟TPM管理模块查找并启动所述虚拟机对应的虚拟TPM模块。Step S101: When the auxiliary module detects that the virtual machine starts an add-on, the virtual TPM management module searches for and starts the virtual TPM module corresponding to the virtual machine.

具体的,TPM又称为可信根平台,是一种实体的物理芯片,可用于检测某些设备或程序的安全性。而虚拟TPM模块是所述虚拟TPM管理模块根据实体的TPM创建的预先模块,可以在虚拟环境下检测某些虚拟设备的安全性,且每个虚拟机都对应有一个虚拟TPM模块,用以度量虚拟机的加载项度量值,如果有多个虚拟机在某一时间段内,都需要启动,可以使用各自的虚拟TPM模块,互不影响,有利于提高检测效率。Specifically, the TPM, also known as the root of trust platform, is a physical chip that can be used to detect the security of certain devices or programs. The virtual TPM module is a pre-module created by the virtual TPM management module according to the TPM of the entity, which can detect the security of some virtual devices in a virtual environment, and each virtual machine corresponds to a virtual TPM module for measurement The add-on measurement value of the virtual machine, if there are multiple virtual machines that need to be started within a certain period of time, you can use their own virtual TPM modules without affecting each other, which is conducive to improving detection efficiency.

需要说明的是,对于虚拟TPM管理模块所具有的功能,可以是一个独立的功能模块所实现的功能,也可以是在某个功能模块内置的一项功能,但是当虚拟TPM管理模块的所具有的功能属于某个功能模块的一项内置功能时,该功能模块可能还需要完成其他的一些功能操作,会影响到本发明中相关功能的操作,从而影响虚拟机启动之前的检测的效率,从而影响整个系统中虚拟机的启动效率。所以比较优选的方案是是虚拟TPM管理模块作为一个独立的功能模块实现本发明中的相关操作,但这并不是本发明的必要技术特征。It should be noted that the functions of the virtual TPM management module can be implemented by an independent function module, or a built-in function of a certain function module, but when the virtual TPM management module has When the function belongs to a built-in function of a certain functional module, the functional module may also need to complete some other functional operations, which will affect the operation of related functions in the present invention, thereby affecting the detection efficiency before the virtual machine is started, thus Affects the startup efficiency of virtual machines in the entire system. Therefore, a more preferred solution is to use the virtual TPM management module as an independent functional module to implement related operations in the present invention, but this is not a necessary technical feature of the present invention.

步骤S102:所述虚拟TPM模块度量所述虚拟机加载项的度量值。Step S102: The virtual TPM module measures the measurement value of the virtual machine add-on.

步骤S103:在所述虚拟机的加载项启动完毕时,所述虚拟TPM模块将所述度量值发送至安全中心。Step S103: when the add-on of the virtual machine is started, the virtual TPM module sends the measurement value to the security center.

具体的,虚拟机的加载项相关数据,例如,文件系统,操作系统以及其他类似的数据一般是集中存放在硬件资源中,但是硬件资源对于本地的虚拟机时不可见的,如果直接从硬件资源中读取相关的数据,而该数据存在被攻击或篡改的情况,虚拟机如果照常启动就会存在无法启动或者启动后无法正常工作甚至对设备带来病毒入侵等危害,所以需要启动虚拟机时,需要对加载项中的数据逐项度量,最终根据度量值确定虚拟机是否能够安全启动。Specifically, data related to add-ons of virtual machines, such as file systems, operating systems, and other similar data are generally stored in hardware resources, but hardware resources are not visible to local virtual machines. If the data is attacked or tampered with, if the virtual machine starts as usual, it will fail to start or fail to work normally after starting, and even cause virus invasion to the device. Therefore, when you need to start the virtual machine , it is necessary to measure the data in the add-on item by item, and finally determine whether the virtual machine can be safely started according to the measured value.

另外,本发明中的一种具体实施例中,虚拟TPM模块的具体可以包括三部分:虚拟可行度量根、虚拟可信存储根和虚拟可信报告根。因为虚拟机的加载项具有多项数据,虚拟可信度量根需要对虚拟机加载项的多项数据逐项度量,每获得一项数据的度量值就存储在虚拟可信存储根中,直到所有加载项的数据度量完成,再由虚拟可信报告根从虚拟可信存储根中提取各项数据的度量值发送至安全中心。但这并不是本发明的必要技术方案,与此类似的技术方案在此不一一列举。In addition, in a specific embodiment of the present invention, the virtual TPM module may specifically include three parts: a virtual feasible measurement root, a virtual trusted storage root, and a virtual trusted reporting root. Because the add-on of the virtual machine has multiple data items, the virtual trusted measurement root needs to measure the multiple data of the virtual machine add-on item by item, and the measurement value of each item of data obtained is stored in the virtual trusted storage root until all After the data measurement of the add-on is completed, the virtual trusted reporting root extracts the measurement values of various data from the virtual trusted storage root and sends them to the security center. But this is not a necessary technical solution of the present invention, and similar technical solutions are not listed here one by one.

步骤S104:所述安全中心判断所述度量值是否符合预设的基准度量值,如果是,则确定所述虚拟机能够安全启动,如果否,则所述虚拟机不能安全启动。Step S104: The security center judges whether the metric value conforms to a preset benchmark metric value, if yes, then determines that the virtual machine can be safely started, and if not, then the virtual machine cannot be safely started.

具体的,如果度量值不符合预设的基准度量值,则说明虚拟机的加载项数据与原来相比可能发生变动,如果启动虚拟机,将会存在发生故障的风险,所以不能安全启动虚拟机,反之,则可以安全启动虚拟机。Specifically, if the measurement value does not meet the preset baseline measurement value, it means that the add-on data of the virtual machine may change compared with the original one. If the virtual machine is started, there will be a risk of failure, so the virtual machine cannot be started safely , otherwise, the virtual machine can be started safely.

安全中心可以是设置于和虚拟机同一设备上,也可以设置于远程设备,一般是几个安装有虚拟机的设备共同配备有一个安全中心,该安全中心所在的设备上存储有基准度量值,且该设备上也可以安装有虚拟机。The security center can be set on the same device as the virtual machine, or it can be set on a remote device. Generally, several devices installed with virtual machines are equipped with a security center, and the benchmark measurement value is stored on the device where the security center is located. In addition, a virtual machine may also be installed on the device.

基于上述实施例,本发明的另一种具体实施例中,在虚拟机启动之前,对于每个虚拟机对应的虚拟TPM模块的创建过程,可参考图2,图2为本发明提供的创建虚拟机对应虚拟TPM模块的一种具体实施方式流程图,该方法可以包括:Based on the above-mentioned embodiment, in another specific embodiment of the present invention, before the virtual machine is started, for the creation process of the virtual TPM module corresponding to each virtual machine, refer to FIG. A flow chart of a specific implementation of a machine corresponding to a virtual TPM module, the method may include:

步骤S201:辅助模块监测到创建虚拟机的操作。Step S201: The auxiliary module detects the operation of creating a virtual machine.

需要说明的是,辅助模块具体可以包括监控模块和数据通路模块,监控模块主要是用来监控虚拟机的动作,例如,虚拟机的创建、启动、关闭、挂起和迁移,在虚拟机的动作发生新的变化时,可以及时通知相关设备采取相关的应对操作,而数据通路模块则是在虚拟机需要启动时,将对应的虚拟TPM模块挂载至虚拟环境下,以供虚拟机使用。It should be noted that the auxiliary module can specifically include a monitoring module and a data path module. The monitoring module is mainly used to monitor the actions of the virtual machine, for example, creating, starting, shutting down, suspending and migrating the virtual machine. When a new change occurs, relevant devices can be notified in time to take relevant countermeasures, and the data path module mounts the corresponding virtual TPM module to the virtual environment when the virtual machine needs to be started for use by the virtual machine.

步骤S202:辅助模块向虚拟TPM管理模块发送存在创建虚拟机的操作的消息。Step S202: the auxiliary module sends a message indicating that there is an operation of creating a virtual machine to the virtual TPM management module.

步骤S203:虚拟TPM管理模块以TPM模拟器为模板,创建与新建的虚拟机对应的虚拟TPM模块。Step S203: The virtual TPM management module uses the TPM simulator as a template to create a virtual TPM module corresponding to the newly created virtual machine.

需要说明的是,在某些特殊情况下,辅助模块检测到虚拟机需要启动时,向虚拟TPM管理模块发送消息,而由于某些原因,例如对应的虚拟TPM模块被删除或窜改,而导致虚拟TPM模块无法找到对应的虚拟TPM模块,或查找到的虚拟TPM模块不可用,这是系统也会默认为该虚拟机属于新建的虚拟机,虚拟TPM管理模块也会重新创建对应的虚拟管理模块,但是这种特殊情况发生的概率非常小。It should be noted that in some special cases, when the auxiliary module detects that the virtual machine needs to be started, it sends a message to the virtual TPM management module, but due to some reasons, such as the corresponding virtual TPM The TPM module cannot find the corresponding virtual TPM module, or the found virtual TPM module is unavailable. This is because the system will default to the virtual machine as a newly created virtual machine, and the virtual TPM management module will also recreate the corresponding virtual management module. But the probability of this special case happening is very small.

步骤S204:虚拟TPM管理模块将新创建的虚拟TPM模块的数据存储至本地磁盘。Step S204: The virtual TPM management module stores the data of the newly created virtual TPM module to the local disk.

考虑到虚拟TPM模块度量出虚拟机的度量值后,需要有安全中心将度量值与基准度量值进行对比,对于基准度量值的设定可以是在创建虚拟机之前,已经根据需要创建的虚拟机预先计算出来的,而另一种比较简单的方式是在创建完成虚拟机和对应的虚拟TPM之后,一般认为新创建的虚拟机的安全性是良好的,所以可以用虚拟TPM模块发送至安全中心作为基准度量值,所以本发明的上述实施例可以进一步改进,具体可以包括:Considering that after the virtual TPM module measures the measurement value of the virtual machine, a security center needs to compare the measurement value with the baseline measurement value. The baseline measurement value can be set before creating the virtual machine, and the virtual machine has been created according to the needs. It is calculated in advance, and another relatively simple way is that after the virtual machine and the corresponding virtual TPM are created, it is generally considered that the security of the newly created virtual machine is good, so it can be sent to the security center with the virtual TPM module As a benchmark metric value, the above embodiments of the present invention can be further improved, specifically including:

步骤S205:所述虚拟TPM模块度量所述虚拟机的加载项,获得虚拟机的度量值。Step S205: the virtual TPM module measures the add-on of the virtual machine, and obtains a metric value of the virtual machine.

步骤S206:所述虚拟TPM模块将虚拟机的度量值发送至安全中心,作为基准度量值。Step S206: the virtual TPM module sends the metric value of the virtual machine to the security center as a reference metric value.

需要说明的是,本发明中并不一定是虚拟TPM模块度量新建的虚拟机的度量值作为基准度量值,也可以是别的方式获得基准度量值,所以上述方案并不是本发明的必要技术特征。It should be noted that in the present invention, it is not necessary that the virtual TPM module measures the metric value of the newly-built virtual machine as the benchmark metric value, and the benchmark metric value can also be obtained in other ways, so the above-mentioned solution is not a necessary technical feature of the present invention .

基于上述实施例,考虑到虚拟TPM模块数据安全性问题,本发明的一种具体实施例中可以包括:Based on the foregoing embodiments, considering the data security issues of the virtual TPM module, a specific embodiment of the present invention may include:

在启动虚拟TPM模块之后,所述虚拟TPM管理器按预设周期,以加密的方式保存所述虚拟TPM模块的数据到本地磁盘。After starting the virtual TPM module, the virtual TPM manager saves the data of the virtual TPM module to the local disk in an encrypted manner according to a preset period.

一般情况下,虚拟机启动之前,虚拟TPM模块就需要启动,直到虚拟机关闭,对应的虚拟TPM模块才会关闭,以便随时对虚拟机进行度量。考虑的虚拟TPM模块数据可能存在被篡改的情况,所以,可以按周期刷新本地磁盘中的数据,以保证数据的准确性。至于周期时间的设定,可以根据实际应用需要而设定。Generally, before the virtual machine is started, the virtual TPM module needs to be started, and the corresponding virtual TPM module will not be turned off until the virtual machine is shut down, so as to measure the virtual machine at any time. The considered data of the virtual TPM module may be tampered with, so the data in the local disk may be refreshed periodically to ensure the accuracy of the data. As for the setting of the cycle time, it can be set according to actual application needs.

基于上述实施例,本发明的另一具体实施例中,可以包括:Based on the above embodiments, another specific embodiment of the present invention may include:

所述虚拟TPM管理模块查找所述虚拟机是否存在对应的虚拟TPM模块时,所述虚拟TPM管理模块根据所述虚拟机的标识信息查找对应的所述虚拟TPM模块。When the virtual TPM management module searches whether the virtual machine has a corresponding virtual TPM module, the virtual TPM management module searches for the corresponding virtual TPM module according to the identification information of the virtual machine.

具体的,每一个虚拟机带有自身特有的编号,由此可以根据改变好对各个虚拟TPM模块设施对应的编号,或者按照编号设置各个虚拟TPM模块的存储位置。Specifically, each virtual machine has its own unique number, so that the number corresponding to each virtual TPM module facility can be changed according to the number, or the storage location of each virtual TPM module can be set according to the number.

基于上述任意实施例,本发明中的一种具体实施例中,可以包括:Based on any of the above embodiments, in a specific embodiment of the present invention, it may include:

所述虚拟TPM模块度量虚拟机加载项的度量值时,所述虚拟TPM模块将所述虚拟机加载项的数据经过Hash算法运算后,获得所述的度量值。When the virtual TPM module measures the measurement value of the virtual machine add-on, the virtual TPM module obtains the measurement value after performing Hash algorithm operation on the data of the virtual machine add-on.

因为Hash算法运算对不同的数据运算具有唯一性,所以本发明中采用Hash算法对虚拟机加载项的数据进行运算,能够得到一个较为准确的数据,但这也并不是本发明的唯一实施方式,采用其他算法也能实现本发明,只要运算结果达到准确度的要求即可。Because the Hash algorithm operation is unique to different data operations, the Hash algorithm is used in the present invention to perform operations on the data of the virtual machine add-in, and a relatively accurate data can be obtained, but this is not the only implementation of the present invention. The present invention can also be realized by adopting other algorithms, as long as the operation result meets the requirement of accuracy.

下面对本发明实施例提供的检测虚拟机启动安全的系统进行介绍,下文描述的检测虚拟机启动安全的系统与上文描述的检测虚拟机启动安全的方法可相互对应参照。The system for detecting startup security of a virtual machine provided by an embodiment of the present invention is introduced below. The system for detecting startup security of a virtual machine described below and the method for detecting startup security of a virtual machine described above can be referred to in correspondence.

图3为本发明实施例提供的检测虚拟机启动安全的系统的结构框图,参照图3检测虚拟机启动安全的系统可以包括:FIG. 3 is a structural block diagram of a system for detecting virtual machine startup security provided by an embodiment of the present invention. With reference to FIG. 3 , the system for detecting virtual machine startup security may include:

虚拟TPM管理模块100、虚拟TPM模块200以及安全中心300;Virtual TPM management module 100, virtual TPM module 200 and security center 300;

虚拟TPM管理模块100,用于在辅助模块监测到虚拟机启动加载项时,虚拟TPM管理模块查找并启动所述虚拟机对应的虚拟TPM模块,其中所述虚拟TPM模块是所述虚拟TPM管理模块预先创建的模块;The virtual TPM management module 100 is configured to search and start the virtual TPM module corresponding to the virtual machine when the auxiliary module detects that the virtual machine starts an add-on, wherein the virtual TPM module is the virtual TPM management module pre-built modules;

虚拟TPM模块200,用于所述虚拟TPM度量所述虚拟机加载项的度量值;在所述虚拟机的加载项启动完毕时,所述虚拟TPM模块将所述度量值发送至安全中心;The virtual TPM module 200 is used for the virtual TPM to measure the metric value of the virtual machine add-on; when the virtual machine add-on is started, the virtual TPM module sends the metric value to the security center;

安全中心300,用于判断所述度量值是否符合预设的基准度量值,如果是,则向所述虚拟机发送启动命令。The security center 300 is configured to judge whether the metric value conforms to a preset benchmark metric value, and if yes, send a startup command to the virtual machine.

作为一种具体实施方式,本发明所提供的检测虚拟机启动安全的系统还可以进一步包括:As a specific implementation manner, the system for detecting virtual machine startup safety provided by the present invention may further include:

所述虚拟TPM管理模块100还用于在辅助模块监测到虚拟机启动加载项之前,在创建所述虚拟机时,所述虚拟TPM管理模块以TPM模拟模块为模板创建与所述虚拟机对应的所述虚拟TPM模块,并以加密的方式保存所述虚拟TPM模块的数据到本地磁盘。The virtual TPM management module 100 is also configured to create a virtual machine corresponding to the virtual machine by using the TPM simulation module as a template when creating the virtual machine before the auxiliary module detects that the virtual machine starts an add-on. The virtual TPM module saves the data of the virtual TPM module to a local disk in an encrypted manner.

作为一种具体实施方式,本发明所提供的检测虚拟机启动安全的系统还可以进一步包括:As a specific implementation manner, the system for detecting virtual machine startup safety provided by the present invention may further include:

所述虚拟TPM管理模块100还用于在启动虚拟TPM之后,所述虚拟TPM管理模块按预设周期,以加密的方式保存所述虚拟TPM模块的数据到本地磁盘。The virtual TPM management module 100 is further configured to save the data of the virtual TPM module to a local disk in an encrypted manner according to a preset period after starting the virtual TPM.

可选地,所述虚拟TPM模块200用于:Optionally, the virtual TPM module 200 is used for:

所述虚拟TPM模块将所述虚拟机加载项的数据经过Hash算法运算后,获得所述的度量值。The virtual TPM module obtains the measurement value after performing Hash algorithm operation on the data of the virtual machine add-on.

本实施例的检测虚拟机启动安全的系统用于实现前述的检测虚拟机启动安全的方法,因此检测虚拟机启动安全的系统中的具体实施方式可见前文中的检测虚拟机启动安全的方法的实施例部分,例如,虚拟TPM管理模块100,用于实现上述检测虚拟机启动安全的方法中步骤S101,虚拟TPM模块200,用于实现上述步骤S102和S103,虚拟TPM模块300,用于实现上述步骤S104,所以,其具体实施方式可以参照相应的各个部分实施例的描述,在此不再赘述。The system for detecting virtual machine startup security in this embodiment is used to implement the aforementioned method for detecting virtual machine startup security. Therefore, the specific implementation of the system for detecting virtual machine startup security can be seen in the implementation of the method for detecting virtual machine startup security mentioned above. In the example part, for example, the virtual TPM management module 100 is used to implement step S101 in the method for detecting virtual machine startup security, the virtual TPM module 200 is used to implement the above steps S102 and S103, and the virtual TPM module 300 is used to implement the above steps S104. Therefore, for the specific implementation manners, reference may be made to the descriptions of the corresponding partial embodiments, and details are not repeated here.

本说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其它实施例的不同之处,各个实施例之间相同或相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。Each embodiment in this specification is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same or similar parts of each embodiment can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and for the related information, please refer to the description of the method part.

专业人员还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Professionals can further realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software or a combination of the two. In order to clearly illustrate the possible For interchangeability, in the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present invention.

结合本文中所公开的实施例描述的方法或算法的步骤可以直接用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps of the methods or algorithms described in connection with the embodiments disclosed herein may be directly implemented by hardware, software modules executed by a processor, or a combination of both. Software modules can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other Any other known storage medium.

以上对本发明所提供的检测虚拟机启动安全的方法以及装置进行了详细介绍。本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想。应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以对本发明进行若干改进和修饰,这些改进和修饰也落入本发明权利要求的保护范围内。The method and device for detecting the startup security of a virtual machine provided by the present invention have been introduced in detail above. In this paper, specific examples are used to illustrate the principle and implementation of the present invention, and the descriptions of the above embodiments are only used to help understand the method and core idea of the present invention. It should be pointed out that for those skilled in the art, without departing from the principles of the present invention, some improvements and modifications can be made to the present invention, and these improvements and modifications also fall within the protection scope of the claims of the present invention.

Claims (10)

1.一种检测虚拟机启动安全的方法,其特征在于,包括:1. A method for detecting virtual machine startup safety, characterized in that, comprising: 在辅助模块监测到虚拟机启动加载项时,虚拟TPM管理模块查找并启动所述虚拟机对应的虚拟TPM模块,其中,所述虚拟TPM模块是所述虚拟TPM管理模块预先创建的模块,且每个所述虚拟机均对应一个所述虚拟TPM模块;When the auxiliary module detects that the virtual machine starts an add-on, the virtual TPM management module searches for and starts the virtual TPM module corresponding to the virtual machine, wherein the virtual TPM module is a module pre-created by the virtual TPM management module, and every Each of the virtual machines corresponds to one of the virtual TPM modules; 所述虚拟TPM模块度量所述虚拟机加载项的度量值;the virtual TPM module measures a metric value of the virtual machine add-on; 在所述虚拟机的加载项启动完毕时,所述虚拟TPM模块将所述度量值发送至安全中心;When the add-on of the virtual machine is started, the virtual TPM module sends the measurement value to the security center; 所述安全中心判断所述度量值是否符合预设的基准度量值,如果是,则生成所述虚拟机启动安全的判断结果。The security center judges whether the metric value conforms to a preset benchmark metric value, and if so, generates a judging result of the startup security of the virtual machine. 2.根据权利要求1所述的方法,其特征在于,在辅助模块监测到虚拟机启动加载项之前还包括:2. The method according to claim 1, further comprising: before the auxiliary module detects that the virtual machine starts the add-on: 在创建所述虚拟机时,所述虚拟TPM管理模块以TPM模拟模块为模板创建与所述虚拟机对应的所述虚拟TPM模块,并以加密的方式保存所述虚拟TPM模块的数据到本地磁盘。When creating the virtual machine, the virtual TPM management module uses the TPM simulation module as a template to create the virtual TPM module corresponding to the virtual machine, and saves the data of the virtual TPM module to the local disk in an encrypted manner . 3.根据权利要求2所述的方法,其特征在于,在辅助模块监测到虚拟机启动加载项之前还包括:3. The method according to claim 2, further comprising: before the auxiliary module detects that the virtual machine starts the add-on: 所述虚拟TPM模块度量所述虚拟机的加载项,获得并发送度量值至所述安全中心,作为所述基准度量值。The virtual TPM module measures the add-on of the virtual machine, obtains and sends the measured value to the security center as the reference measured value. 4.根据权利要求1所述的方法,其特征在于,在启动虚拟TPM模块之后还包括:4. The method according to claim 1, further comprising: after starting the virtual TPM module: 所述虚拟TPM管理器按预设周期以加密的方式保存所述虚拟TPM模块的数据到本地磁盘。The virtual TPM manager saves the data of the virtual TPM module to a local disk in an encrypted manner at a preset period. 5.根据权利要求1所述的方法,其特征在于,所述虚拟TPM管理模块查找并启动所述虚拟机对应的虚拟TPM模块包括:5. The method according to claim 1, wherein the searching and starting the virtual TPM module corresponding to the virtual machine by the virtual TPM management module comprises: 所述虚拟TPM管理模块根据所述虚拟机的标识信息查找对应的所述虚拟TPM模块。The virtual TPM management module searches for the corresponding virtual TPM module according to the identification information of the virtual machine. 6.根据权利要求1至5任一项所述的方法,其特征在于,所述虚拟TPM模块度量虚拟机加载项的度量值包括:6. The method according to any one of claims 1 to 5, wherein the measurement of the virtual machine add-on by the virtual TPM module comprises: 所述虚拟TPM模块将所述虚拟机加载项的数据经过Hash算法运算后,获得所述的度量值。The virtual TPM module obtains the measurement value after performing Hash algorithm operation on the data of the virtual machine add-on. 7.一种检测虚拟机启动安全的系统,其特征在于,包括:虚拟TPM管理模块、虚拟TPM模块以及安全中心;7. A system for detecting virtual machine startup safety, characterized in that, comprising: a virtual TPM management module, a virtual TPM module and a safety center; 其中,所述虚拟TPM管理模块,用于在辅助模块监测到虚拟机启动加载项时,虚拟TPM管理模块查找并启动所述虚拟机对应的虚拟TPM模块,其中所述虚拟TPM模块是所述虚拟TPM管理模块预先创建的模块,且每个所述虚拟机均对应一个所述虚拟TPM模块;Wherein, the virtual TPM management module is configured to search and start the virtual TPM module corresponding to the virtual machine when the auxiliary module monitors the startup add-on of the virtual machine, wherein the virtual TPM module is the virtual TPM module of the virtual machine. A module pre-created by the TPM management module, and each virtual machine corresponds to one virtual TPM module; 所述虚拟TPM模块,用于所述虚拟TPM度量所述虚拟机加载项的度量值;在所述虚拟机的加载项启动完毕时,所述虚拟TPM模块将所述度量值发送至安全中心;The virtual TPM module is used for the virtual TPM to measure the measurement value of the virtual machine add-on; when the virtual machine add-on is started, the virtual TPM module sends the measurement value to the security center; 所述安全中心,用于判断所述度量值是否符合预设的基准度量值,如果是,则生成所述虚拟机启动安全的判断结果。The security center is configured to judge whether the metric value conforms to a preset benchmark metric value, and if so, generate a judging result of the startup security of the virtual machine. 8.根据权利要求7所述的系统,其特征在于,所述虚拟TPM管理模块还用于:8. The system according to claim 7, wherein the virtual TPM management module is also used for: 在辅助模块监测到虚拟机启动加载项之前,在创建所述虚拟机时,以TPM模拟模块为模板创建与所述虚拟机对应的所述虚拟TPM模块,并以加密的方式保存所述虚拟TPM模块的数据到本地磁盘。Before the auxiliary module detects that the virtual machine starts the add-on, when creating the virtual machine, the virtual TPM module corresponding to the virtual machine is created using the TPM simulation module as a template, and the virtual TPM is stored in an encrypted manner Module data to local disk. 9.根据权利要求7所述的系统,其特征在于,所述虚拟TPM管理模块还用于:9. The system according to claim 7, wherein the virtual TPM management module is also used for: 在启动虚拟TPM之后,按预设周期以加密的方式保存所述虚拟TPM模块的数据到本地磁盘。After starting the virtual TPM, save the data of the virtual TPM module to the local disk in an encrypted manner according to a preset period. 10.根据权利要求7至9任一项所述的系统,其特征在于,所述虚拟TPM模块具体用于:10. The system according to any one of claims 7 to 9, wherein the virtual TPM module is specifically used for: 所述虚拟TPM模块将所述虚拟机加载项的数据经过Hash算法运算后,获得所述的度量值。The virtual TPM module obtains the measurement value after performing Hash algorithm operation on the data of the virtual machine add-on.
CN201710632814.0A 2017-07-28 2017-07-28 A kind of method and device for detecting virtual machine and starting safety Pending CN107392030A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710632814.0A CN107392030A (en) 2017-07-28 2017-07-28 A kind of method and device for detecting virtual machine and starting safety

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710632814.0A CN107392030A (en) 2017-07-28 2017-07-28 A kind of method and device for detecting virtual machine and starting safety

Publications (1)

Publication Number Publication Date
CN107392030A true CN107392030A (en) 2017-11-24

Family

ID=60341835

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710632814.0A Pending CN107392030A (en) 2017-07-28 2017-07-28 A kind of method and device for detecting virtual machine and starting safety

Country Status (1)

Country Link
CN (1) CN107392030A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108132828A (en) * 2017-12-25 2018-06-08 浪潮(北京)电子信息产业有限公司 Imaginary Mechanism construction method, device and the equipment realized based on libvirt
CN108255579A (en) * 2018-01-11 2018-07-06 浪潮(北京)电子信息产业有限公司 A kind of virtual machine management method and device based on KVM platforms
CN109101319A (en) * 2018-08-09 2018-12-28 郑州云海信息技术有限公司 It is a kind of to realize TPCM fully virtualized platform and its working method on QEMU
CN111831609A (en) * 2020-06-18 2020-10-27 中国科学院数据与通信保护研究教育中心 A method and system for unified management and distribution of binary file metrics in a virtualized environment

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11212807A (en) * 1998-01-30 1999-08-06 Hitachi Ltd Program execution method
CN1997955A (en) * 2004-06-24 2007-07-11 英特尔公司 Method and apparatus for providing secure virtualization of a trusted platform module
CN101405694A (en) * 2006-03-21 2009-04-08 国际商业机器公司 Method and apparatus for migrating a virtual TPM instance and preserving the uniqueness and integrity of the instance
CN101488173A (en) * 2009-01-15 2009-07-22 北京交通大学 Method for measuring completeness of credible virtual field start-up files supporting non-delaying machine
CN101599025A (en) * 2009-07-07 2009-12-09 武汉大学 Safety virtualization method of trusted crypto module
CN103501303A (en) * 2013-10-12 2014-01-08 武汉大学 Active remote attestation method for measurement of cloud platform virtual machine
CN103888251A (en) * 2014-04-11 2014-06-25 北京工业大学 Virtual machine credibility guaranteeing method in cloud environment
CN105830082A (en) * 2013-12-24 2016-08-03 微软技术许可有限责任公司 Virtual Machine Guarantee
CN105912953A (en) * 2016-05-11 2016-08-31 北京北信源软件股份有限公司 Trusted booting based data protecting method of virtual machine
CN106354550A (en) * 2016-11-01 2017-01-25 广东浪潮大数据研究有限公司 Method, device and system for protecting security of virtual machine

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11212807A (en) * 1998-01-30 1999-08-06 Hitachi Ltd Program execution method
CN1997955A (en) * 2004-06-24 2007-07-11 英特尔公司 Method and apparatus for providing secure virtualization of a trusted platform module
CN101405694A (en) * 2006-03-21 2009-04-08 国际商业机器公司 Method and apparatus for migrating a virtual TPM instance and preserving the uniqueness and integrity of the instance
CN101488173A (en) * 2009-01-15 2009-07-22 北京交通大学 Method for measuring completeness of credible virtual field start-up files supporting non-delaying machine
CN101599025A (en) * 2009-07-07 2009-12-09 武汉大学 Safety virtualization method of trusted crypto module
CN103501303A (en) * 2013-10-12 2014-01-08 武汉大学 Active remote attestation method for measurement of cloud platform virtual machine
CN105830082A (en) * 2013-12-24 2016-08-03 微软技术许可有限责任公司 Virtual Machine Guarantee
CN103888251A (en) * 2014-04-11 2014-06-25 北京工业大学 Virtual machine credibility guaranteeing method in cloud environment
CN105912953A (en) * 2016-05-11 2016-08-31 北京北信源软件股份有限公司 Trusted booting based data protecting method of virtual machine
CN106354550A (en) * 2016-11-01 2017-01-25 广东浪潮大数据研究有限公司 Method, device and system for protecting security of virtual machine

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108132828A (en) * 2017-12-25 2018-06-08 浪潮(北京)电子信息产业有限公司 Imaginary Mechanism construction method, device and the equipment realized based on libvirt
CN108255579A (en) * 2018-01-11 2018-07-06 浪潮(北京)电子信息产业有限公司 A kind of virtual machine management method and device based on KVM platforms
CN109101319A (en) * 2018-08-09 2018-12-28 郑州云海信息技术有限公司 It is a kind of to realize TPCM fully virtualized platform and its working method on QEMU
CN109101319B (en) * 2018-08-09 2021-07-27 郑州云海信息技术有限公司 A working method of realizing TPCM fully virtualized platform on QEMU
CN111831609A (en) * 2020-06-18 2020-10-27 中国科学院数据与通信保护研究教育中心 A method and system for unified management and distribution of binary file metrics in a virtualized environment
CN111831609B (en) * 2020-06-18 2024-01-02 中国科学院数据与通信保护研究教育中心 Method and system for unified management and distribution of binary metric values in virtualized environments

Similar Documents

Publication Publication Date Title
US11777705B2 (en) Techniques for preventing memory timing attacks
US11714910B2 (en) Measuring integrity of computing system
CN111737081B (en) Cloud server monitoring method, device, equipment and storage medium
CN101515316B (en) Trusted computing terminal and trusted computing method
US9003239B2 (en) Monitoring and resolving deadlocks, contention, runaway CPU and other virtual machine production issues
CN105159744A (en) Virtual machine measurement method and apparatus
CN107392030A (en) A kind of method and device for detecting virtual machine and starting safety
US20240419795A1 (en) Dynamic code segment measurement method and apparatus and electronic device
CN108255579A (en) A kind of virtual machine management method and device based on KVM platforms
CN109784061A (en) The method and device for starting that control server is credible
EP3185166B1 (en) Trusted metric method and device
CN113157543A (en) Credibility measuring method and device, server and computer readable storage medium
CN101122937A (en) A Secure Boot Mechanism for Embedded Platforms Supported by a Star Chain of Trust
CN108427617A (en) BMC obtains the method, apparatus and equipment of cpu temperature
CN109951527B (en) Virtualization system-oriented hypervisor integrity detection method
US11251976B2 (en) Data security processing method and terminal thereof, and server
CN110515438A (en) Fan data monitoring method, device, device and storage medium in TMC
CN108256333A (en) Execution method, system, equipment and the readable storage medium storing program for executing of BIOS/firmware
CN115130114B (en) Gateway secure starting method and device, electronic equipment and storage medium
CN116418593A (en) A dynamic credibility measurement method, electronic equipment and storage medium
CN103106100B (en) Method and system for processing application software data information based on virtualization technology
CN113157386A (en) Trust chain construction method and system from physical machine to virtual machine
CN115906046A (en) Trusted Computing System and Measurement Method Based on Trusted Computing System
TWI444824B (en) Method for identifying memory of virtual machine and computer system using the same
CN107247910B (en) File integrity measurement detection method, system and detection equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171124