CN109753803A - A kind of secure virtual machine management system - Google Patents
A kind of secure virtual machine management system Download PDFInfo
- Publication number
- CN109753803A CN109753803A CN201811547110.4A CN201811547110A CN109753803A CN 109753803 A CN109753803 A CN 109753803A CN 201811547110 A CN201811547110 A CN 201811547110A CN 109753803 A CN109753803 A CN 109753803A
- Authority
- CN
- China
- Prior art keywords
- management system
- tpcm
- request
- unit
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013508 migration Methods 0.000 claims abstract description 9
- 230000005012 migration Effects 0.000 claims abstract description 9
- 238000011156 evaluation Methods 0.000 claims abstract description 7
- 230000001360 synchronised effect Effects 0.000 claims abstract description 5
- 238000000034 method Methods 0.000 claims description 14
- 238000011084 recovery Methods 0.000 claims description 8
- 238000012986 modification Methods 0.000 claims description 5
- 230000004048 modification Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 5
- 230000006378 damage Effects 0.000 claims description 4
- 238000012217 deletion Methods 0.000 claims description 4
- 230000037430 deletion Effects 0.000 claims description 4
- 238000012544 monitoring process Methods 0.000 claims description 4
- 238000001914 filtration Methods 0.000 claims description 3
- 238000011017 operating method Methods 0.000 claims description 3
- 230000007704 transition Effects 0.000 claims description 3
- JBWKIWSBJXDJDT-UHFFFAOYSA-N triphenylmethyl chloride Chemical compound C=1C=CC=CC=1C(C=1C=CC=CC=1)(Cl)C1=CC=CC=C1 JBWKIWSBJXDJDT-UHFFFAOYSA-N 0.000 claims 2
- 238000005259 measurement Methods 0.000 abstract description 13
- 238000005516 engineering process Methods 0.000 description 8
- 230000036039 immunity Effects 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 239000011800 void material Substances 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of secure virtual machine management systems, it includes making overall plans and coordinate unit, request filter element, scheduling unit, sensitive information storage unit and policy decision elements, it can be achieved to distribute corresponding virtual TPCM for virtual machine VM, to realize the active safety measurement of VM, and it can guarantee that VM is synchronous with respective virtual TPCM's, to realize, security measure service continues automatically after VM migration, all operations under the system are converted into property set by policy decision elements, and security evaluation is carried out to the property set using the policy decision elements, to be greatly improved the safety of VM under virtual machine environment.
Description
Technical field
The present invention relates to secure virtual machine fields, and in particular to a kind of secure virtual machine management system.
Background technique
As the scale of cloud computing technology is increasing, development is also increasingly mature, brings reduction to enterprise and user
Cost such as improves efficiency at many advantages, and various safety problems brought by cloud computing are also by people's at the same time
Concern.Virtualization technology can provide the system environments of isolation to cloud user, use as the core technology in cloud computing environment
Family can virtualize existing safety problem for cloud computing environment band as in actual computer using the service that calculates
Great security challenge is carried out.As host using virtual machine manager control virtual machine, cloud tenant data secret protection, virtually
Unauthorized behavior etc. between machine.Reliable computing technology is as a kind of important information security technology, for virtual under cloud environment
Change safety and provides some resolving ideas.
Reliable computing technology development came into for 3.0 epoch, reliable computing technology from Passive Defence technical change at
Active immunity, compared to the reliable computing technology of Passive Defence, the credible 3.0 dual system architectures formed can utilize TPCM
(Trusted Platform Control Module) carries out actively measurement to system and actively monitors, and avoids Passive Defence
TPM (Trusted Platform Module) trusted mechanism by system bypass.Actively monitoring can be by each quasi-controller
The access control policy of middle deployment and carry out, and to access control policy carry out any modification then need through credible tolerance mechanism
After confirming its credibility, can just it be deployed in controller.In this way, even there are back door, attackers for CPU or operating system
Also these loopholes are difficult to be utilized to distort access control policy, is changed into active immunity from by Passive Defence, enhances system
Safety.Using the trust computing mechanism of the autonomous controllable active immunity in China, a virtual TPCM is provided for each virtual machine, from
And the virtual machine in cloud platform is allowed similarly to have the trusted mechanism of active immunity, further enhance virtual machine under cloud environment
It is secure and trusted, to effectively solve the virtualization safety problem under cloud environment.However it is directed to the peace of virtual machine VM in the prior art
Whole step amount and Managed Solution are simultaneously not perfect.
Summary of the invention
The invention proposes a kind of secure virtual machine management system, it can be achieved that being provided for each virtual machine VM safe and reliable
Active safety measurement service.
A kind of secure virtual machine management system proposed by the present invention characterized by comprising
Unit is made overall plans and coordinate, the unit of making overall plans and coordinate is for making overall plans and coordinate remaining module;
Filter element is requested, the request filter element is used to intercept user about the request of application VM, and will
The request of the application VM is transmitted to the scheduling unit;
Scheduling unit, the scheduling unit are used to distribute virtual TPCM for the VM of user application;
Sensitive information storage unit, the sensitive information storage unit are used to save creation with VM, starting, interruption, extensive
The multiple and relevant sensitive information of Destruction.
Preferably, the system also includes:
Policy decision elements, the policy decision elements are used to make overall plans and coordinate unit, request filter element, scheduling with described
Unit and sensitive information storage unit are respectively connected with, and are monitored to each operating procedure of said units, and monitoring is obtained
Operational status information is converted to attribute set, the credibility executed to evaluation operation step.
It is preferably, described to make overall plans and coordinate unit further include:
The work state information for being currently at each VM of working condition and each void corresponding with each VM are obtained in real time
Quasi- TPCM status information;
After obtaining above-mentioned status information, whether the status information for detecting each VM and corresponding virtual TPCM is same
Step, if asynchronous, alarmed and implements corresponding Security Countermeasures.
Preferably, the request filter element further include:
Guarantee the safety of signal path by Encryption Algorithm.
Preferably, the scheduling unit further include:
VM for user application distributes virtual TPCM;
Wherein, after the scheduling unit receives the request of the application VM of the request filtering unit forwards, inspection
Whether the TPCM looked into physical machine is loaded into normally, if being loaded into normally, the request according to the application VM is that VM distribution is empty
Quasi- TPCM.
Preferably, the safety management system further include:
The sensitive information storage unit is used to save the corresponding relationship of the VM Yu virtual TPCM.
Preferably, the safety management system further include:
When VM is migrated, the peace in information assurance transition process that is saved using the sensitive information storage unit
Quan Xing;
Virtual TPCM sensitive information corresponding to the VM in time is updated after the completion of migration.
Preferably, the safety management system further include:
The sensitive information storage unit is using encryption storage mode.
Preferably, the safety management system further include:
The sensitive information includes key, degree of safety magnitude and status information.
Preferably, the safety management system further include:
It include IRP monitor in the policy decision elements, the IRP monitor is responsible for collecting file operation, will be operated
The information, including creation, deletion, modification, duplication, read-write and running such as main body, object and the content of operation etc. be converted to attribute
Collection, the policy metrics point being sent in the policy decision elements;
Policy metrics point in the policy decision elements is responsible for receiving the attribute decision request from supervisory layers, utilizes category
Property database in the information that stores, obtain attribute value, the credibility that assessment file executes after the completion of judgement, returns result to
Trusted software base.
It is the present invention provides a kind of secure virtual machine management system, it can be achieved that corresponding virtual for virtual machine VM distribution
TPCM to realize the active safety measurement of VM, and can guarantee that VM is synchronous with respective virtual TPCM's, to realize when VM is moved
Security measure service is automatic after shifting continues, and all operations under the system are converted to property set by policy decision elements,
And security evaluation is carried out to the property set using the policy decision elements, to be greatly improved VM under virtual machine environment
Safety.
Detailed description of the invention
Present invention will be further explained below with reference to the attached drawings and examples, in attached drawing:
Fig. 1 is a kind of secure virtual machine management system architecture diagram in the embodiment of the present invention one;
Fig. 2 is a kind of flow chart of the method for managing security in the embodiment of the present invention three under virtual machine environment.
Specific embodiment
Now in conjunction with attached drawing, elaborate to presently preferred embodiments of the present invention.
Embodiment one
Present embodiment discloses a kind of secure virtual machine management systems, as shown in Figure 1, including making overall plans and coordinate unit, request
Filter element, scheduling unit and sensitive information storage unit.
Wherein, described to make overall plans and coordinate the core cell that unit is safety management system, be mainly responsible for remaining module into
Row makes overall plans and coordinate work;
Specifically, it is described make overall plans and coordinate unit obtain in real time be currently at each VM of working condition work state information,
And each virtual TPCM status information corresponding with each VM, it is described to make overall plans and coordinate list after obtaining above-mentioned status information
Member is also used to detect each VM and whether the status information of corresponding virtual TPCM is synchronous, if asynchronous, is alarmed simultaneously
Implement corresponding Security Countermeasures.
Wherein, the request filter element is used to intercept user about the request of application VM, and by the application
The request of VM is transmitted to the scheduling unit;
Specifically, the request filter element is also used to guarantee the safety of signal path, and then realize the complete of communication data
Whole property and confidentiality.
Wherein, the scheduling unit is used to distribute virtual TPCM for the VM of user application;
Specifically, after the scheduling unit receives the request of the application VM of the request filtering unit forwards,
Check whether the TPCM in physical machine is loaded into normally, if being loaded into normally, the request according to the application VM is VM distribution
Virtual TPCM.
Wherein, the sensitive information storage unit is for saving and the creation of VM, starting, interruption, recovery and destruction etc.
The relevant sensitive information of process;
Specifically, the sensitive information storage unit is used to save the corresponding relationship of the VM Yu virtual TPCM, in order to
Corresponding security measure service is provided for VM;
Specifically, being migrated when VM is migrated using the information assurance that the sensitive information storage unit is saved
Safety in journey, and virtual TPCM sensitive information corresponding to the VM in time is updated after the completion of migration;
Specifically, the sensitive information storage unit uses encryption storage mode, to guarantee the integrality and secrecy of information
Property;
Specifically, the sensitive information may include key, degree of safety magnitude and status information etc..
A kind of secure virtual machine management system provided in through this embodiment is, it can be achieved that distribute phase for virtual machine VM
The virtual TPCM answered to realize the active safety measurement of VM, and can guarantee that VM is synchronous with respective virtual TPCM's, thus real
Now security measure service is automatic after VM is migrated continues, and is greatly improved the safety of VM under virtual machine environment.
Embodiment two
Based on a kind of secure virtual machine management system proposed in embodiment one, the safety management system that is proposed in the present embodiment
System further includes policy decision elements.
The policy decision elements be used for and embodiment one in described make overall plans and coordinate unit, request filter element, scheduling
Unit and sensitive information storage unit are respectively connected with, and are monitored to each operating procedure of said units, and monitoring is obtained
Operational status information is converted to attribute set, the credibility executed to evaluation operation step.
Specifically, the policy decision elements, which are based on DSOD, strengthens model, DSOD strategy is trust computing top-level demands
Policy model, it is generally the case that all conditions of DSOD policy requirement must be completed by one group of user, be needed without limiting user
Which step is executed, therefore, DSOD strategy is closer to the general type policy language under certain trust computing system.
Specifically, including IRP monitor in the policy decision elements, the IRP monitor is responsible for collecting file operation,
The information, including creation, deletion, modification, duplication, read-write and running such as the main body of operation, object and the content of operation etc. are converted
For property set, the policy metrics point being sent in the policy decision elements.
It is asked specifically, the policy metrics point in the policy decision elements is responsible for receiving the judgement of the attribute from supervisory layers
It asks, using the information stored in attribute database, obtains attribute value, the credibility that assessment file executes after the completion of judgement, will be tied
Fruit returns to trusted software base.
The present embodiment increases policy decision elements, the policy decision elements and remaining list on the basis of example 1
Member is connected, and all operations under the system are converted to property set, and using the policy decision elements to the property set into
Row security evaluation, thus the security of system under further ensuring virtual machine environment.
Embodiment three
The method for managing security under a kind of virtual machine environment is present embodiments provided, as shown in Fig. 2, the method includes under
State step:
Step 1: the creation virtual machine VM and corresponding virtual TPCM of distribution.
Specifically, the request according to the application VM is the VM points after receiving request of the user about application VM
With corresponding virtual TPCM.
Specifically, the corresponding relationship of the VM and the virtual TPCM are saved after being assigned.
Specifically, the sensitive information for belonging to the VM is saved together, degree of safety magnitude including the VM and close
Key etc..
Step 2: starting virtual machine VM.
Specifically, starting corresponding with the VM after receiving user about the request for starting the virtual machine VM
Virtual TPCM will carry out active safety measurement to the VM corresponding thereto after the virtual TPCM starting, if measurement is logical
It crosses, the VM is allowed normally to start, otherwise terminate the starting of the VM, and notify the current VM to be launched of server-side locking.
Step 3: interrupting virtual machine VM.
Specifically, after receiving user about the request for interrupting the VM, virtual TPCM corresponding for the VM
Request is sent, active safety measurement is carried out to the VM to be interrupted by the virtual TPCM, is saved if if measuring
The status information of the VM to be interrupted, and execute interrupt operation to it, otherwise forbid the interrupt operation and server-side is notified to lock
The current VM to be interrupted.
Specifically, after completing above-mentioned VM interrupt operation, sensitive information relevant to virtual TPCM corresponding to the VM
It is saved.
Step 4: restoring virtual machine VM.
Specifically, being read and the VM to be restored when receiving recovery request of the user to the VM in interrupt status
The relevant sensitive information of corresponding virtual TPCM, realizes the recovery operation of the virtual TPCM.
Specifically, after completing the recovery operation of the virtual TPCM, by the virtual TPCM to VM to be restored into
Row active safety measurement, allows VM to carry out recovery operation if measuring and passing through, and otherwise server-side is notified to carry out VM to be restored
Lock operation.
Step 5: destroying VM.
Specifically, being sent when receiving user about the request for nullifying VM to TPCM corresponding with the VM to be destroyed
VM destroys instruction, active safety measurement is executed to the VM to be destroyed by the virtual TPCM, if measurement passes through, to the VM
It executes and destroys operation, and delete relative sensitive information, the destruction is otherwise interrupted by server-side and is operated and described in locking
VM to be destroyed.
Specifically, further including the operation for collecting file in above-mentioned steps, by the main body of operation, object and the content of operation
Etc. information, including creation, deletion, modification, duplication, read-write and running etc. be converted to property set, be sent to the strategy determine it is single
Policy metrics point in member, policy metrics point is responsible for receiving the attribute decision request from supervisory layers, using in attribute database
The information of storage, obtains attribute value, and the credibility that assessment file executes after the completion of judgement, returns result to trusted software base.
The method for managing security under a kind of virtual machine environment is present embodiments provided, sensitive data is stored and is utilized
Virtual TPCM realizes active safety measurement to virtual machine VM, to guarantee the creation of virtual machine VM, starting, interruption, recovery and pin
The safety of process is ruined, while by collecting operation information and being converted to property set, to complete the security evaluation of property set, thus
Further improve the safety of system.
Example IV
A kind of VM safety transfer method is present embodiments provided, usually there are numerous node resources in virtual machine environment, be
Guarantee resource and performance requirement are frequently necessary to migrate VM, and VM safety transfer method is proposed in the present embodiment includes
Following step:
Step 1: after finding the VM migration demand of a certain node, server-side to source node corresponding to the migration demand and
Destination node is authenticated, and 2 are entered step after certification passes through, and otherwise forbids the migration operation;
Step 2: source node seals the sensitive data of the VM to be migrated and the corresponding first virtual TPCM
Dress, and completeness check is carried out to the data after encapsulation, verification enters step 3 after passing through, otherwise forbids the migration operation;
Step 3: destination node is that VM to be migrated establishes the second virtual TPCM, and 4 are entered step after being successfully established, is otherwise forbidden
The migration operation:
Step 4: the VM to be migrated is moved into destination node from source node, after migrating successfully to the VM of destination node into
Measurement that row is credible enters step 5 if confirmation is credible, the VM is otherwise forbidden to enter working condition to confirm its credibility;
Step 5: the new VM of destination node enters normal operating conditions.
Credible and secure between source node and destination node of the achievable VM of the technical method provided through this embodiment moves
It moves, to reach the safety transmitting of trust chain in a virtual machine environment, and completes to deposit sensitive data in transition process
Storage, convenient for subsequent recovery and maintenance to VM.
In several embodiments provided by the present invention, it should be understood that disclosed method and terminal can pass through it
Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the module, only
Only a kind of logical function partition, there may be another division manner in actual implementation.
In addition, the technical solution in above-mentioned several embodiments can be combined with each other and replace in the case where not conflicting
It changes.
The module as illustrated by the separation member may or may not be physically separated, aobvious as module
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.Some or all of the modules therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
It, can also be in addition, each functional module in each embodiment of the present invention can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds software function module.
It is obvious to a person skilled in the art that invention is not limited to the details of the above exemplary embodiments, Er Qie
In the case where without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the present invention is by appended power
Benefit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent elements of the claims
Variation is included in the present invention.Any attached associated diagram label in claim should not be considered as right involved in limitation to want
It asks.Furthermore, it is to be understood that one word of " comprising " does not exclude other units or steps, odd number is not excluded for plural number.It is stated in system claims
Multiple modules or device can also be implemented through software or hardware by a module or device.The first, the second equal words
It is used to indicate names, and does not indicate any particular order.
Finally it should be noted that the above examples are only used to illustrate the technical scheme of the present invention and are not limiting, although reference
Preferred embodiment describes the invention in detail, those skilled in the art should understand that, it can be to of the invention
Technical solution is modified or equivalent replacement, without departing from the spirit and scope of the technical solution of the present invention.
Claims (10)
1. a kind of secure virtual machine management system characterized by comprising
Unit is made overall plans and coordinate, the unit of making overall plans and coordinate is for making overall plans and coordinate remaining module;
Filter element is requested, the request filter element is used to intercept user about the request of application VM, and will be described
The request of application VM is transmitted to the scheduling unit;
Scheduling unit, the scheduling unit are used to distribute virtual TPCM for the VM of user application;
Sensitive information storage unit, the sensitive information storage unit for saves and the creation of VM, starting, interruption, recovery with
And the relevant sensitive information of Destruction.
2. safety management system according to claim 1, which is characterized in that the system also includes:
Policy decision elements, the policy decision elements are used to make overall plans and coordinate unit, request filter element, scheduling unit with described
The operation for being respectively connected with sensitive information storage unit, each operating procedure of said units being monitored, and monitoring is obtained
Status information is converted to attribute set, the credibility executed to evaluation operation step.
3. safety management system according to claim 1, which is characterized in that described to make overall plans and coordinate unit further include:
The work state information for being currently at each VM of working condition and corresponding with each VM each virtual is obtained in real time
TPCM status information;
After obtaining above-mentioned status information, detects each VM and whether the status information of corresponding virtual TPCM is synchronous, if
It is asynchronous, then it is alarmed and implements corresponding Security Countermeasures.
4. safety management system according to claim 1, which is characterized in that the request filter element further include:
Guarantee the safety of signal path by Encryption Algorithm.
5. safety management system according to claim 1, which is characterized in that the scheduling unit further include:
VM for user application distributes virtual TPCM;
Wherein, after the scheduling unit receives the request of the application VM of the request filtering unit forwards, object is checked
Whether the TPCM on reason machine is loaded into normally, if being loaded into normally, the request according to the application VM is that VM distribution is virtual
TPCM。
6. safety management system according to claim 1, which is characterized in that further include:
The sensitive information storage unit is used to save the corresponding relationship of the VM Yu virtual TPCM.
7. safety management system according to claim 1, which is characterized in that further include:
When VM is migrated, the safety in information assurance transition process that is saved using the sensitive information storage unit
Property;
Virtual TPCM sensitive information corresponding to the VM in time is updated after the completion of migration.
8. safety management system according to claim 1, which is characterized in that further include:
The sensitive information storage unit is using encryption storage mode.
9. safety management system according to claim 1, which is characterized in that further include:
The sensitive information includes key, degree of safety magnitude and status information.
10. safety management system according to claim 2, which is characterized in that further include:
It include IRP monitor in the policy decision elements, the IRP monitor is responsible for collecting file operation, by the master of operation
The information, including creation, deletion, modification, duplication, read-write and running such as body, object and the content of operation etc. are converted to property set, hair
Give the policy metrics point in the policy decision elements;
Policy metrics point in the policy decision elements is responsible for receiving the attribute decision request from supervisory layers, utilizes attribute number
According to the information stored in library, attribute value is obtained, the credibility that assessment file executes after the completion of judgement, returns result to credible
Software base.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811547110.4A CN109753803A (en) | 2018-12-18 | 2018-12-18 | A kind of secure virtual machine management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811547110.4A CN109753803A (en) | 2018-12-18 | 2018-12-18 | A kind of secure virtual machine management system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109753803A true CN109753803A (en) | 2019-05-14 |
Family
ID=66402692
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811547110.4A Pending CN109753803A (en) | 2018-12-18 | 2018-12-18 | A kind of secure virtual machine management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109753803A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110298178A (en) * | 2019-07-05 | 2019-10-01 | 北京可信华泰信息技术有限公司 | Credible policy learning method and device, credible and secure management platform |
| CN114780949A (en) * | 2022-05-20 | 2022-07-22 | 北京数安行科技有限公司 | Method and system for lightweight data security protection based on virtual container |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1991662A (en) * | 2005-12-30 | 2007-07-04 | 联想(北京)有限公司 | Method and system for allocating and protecting subscriber software-hardware configuration information |
| US20090055641A1 (en) * | 2007-08-22 | 2009-02-26 | Smith Ned M | Method and apparatus for virtualization of a multi-context hardware trusted platform module (TPM) |
| CN102611723A (en) * | 2011-01-25 | 2012-07-25 | 赵天海 | Method for building high-performance computing application service based on virtualization technology |
| CN108255579A (en) * | 2018-01-11 | 2018-07-06 | 浪潮(北京)电子信息产业有限公司 | A kind of virtual machine management method and device based on KVM platforms |
| CN108733453A (en) * | 2018-05-11 | 2018-11-02 | 国网信息通信产业集团有限公司 | The operating method and system of credible cloud platform virtual credible root example |
-
2018
- 2018-12-18 CN CN201811547110.4A patent/CN109753803A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1991662A (en) * | 2005-12-30 | 2007-07-04 | 联想(北京)有限公司 | Method and system for allocating and protecting subscriber software-hardware configuration information |
| US20090055641A1 (en) * | 2007-08-22 | 2009-02-26 | Smith Ned M | Method and apparatus for virtualization of a multi-context hardware trusted platform module (TPM) |
| CN102611723A (en) * | 2011-01-25 | 2012-07-25 | 赵天海 | Method for building high-performance computing application service based on virtualization technology |
| CN108255579A (en) * | 2018-01-11 | 2018-07-06 | 浪潮(北京)电子信息产业有限公司 | A kind of virtual machine management method and device based on KVM platforms |
| CN108733453A (en) * | 2018-05-11 | 2018-11-02 | 国网信息通信产业集团有限公司 | The operating method and system of credible cloud platform virtual credible root example |
Non-Patent Citations (2)
| Title |
|---|
| 刘刚 等: ""云环境下可信服务器平台关键技术研究"", 《信息安全研究》 * |
| 张建标 等: ""面向云计算环境的vTPCM可信管理方案"", 《信息网络安全》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110298178A (en) * | 2019-07-05 | 2019-10-01 | 北京可信华泰信息技术有限公司 | Credible policy learning method and device, credible and secure management platform |
| CN114780949A (en) * | 2022-05-20 | 2022-07-22 | 北京数安行科技有限公司 | Method and system for lightweight data security protection based on virtual container |
| CN114780949B (en) * | 2022-05-20 | 2022-09-16 | 北京数安行科技有限公司 | Method and system for lightweight data security protection based on virtual container |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112840318B (en) | For automated operation management of computer systems | |
| US10965717B2 (en) | Intrusion detection and mitigation in data processing | |
| US8495708B2 (en) | Resource authorizations dependent on emulation environment isolation policies | |
| KR100951144B1 (en) | Network vulnerability check system and method based on work model | |
| US9804875B2 (en) | Software component and device for the automated processing of multi-purpose data, employing functions requiring different security levels or responsibility limits | |
| CN107943580A (en) | For managing the method and equipment of user's intelligence contract at block chain link point | |
| CN118484267B (en) | Cloud computing-based online service computing power optimization method and system | |
| EP3846059B1 (en) | Security threat detection in hosted guest operating systems | |
| CN107977573A (en) | The disk access control of safety | |
| US20080234999A1 (en) | Implementing performance-dependent transfer or execution decisions from service emulation indications | |
| CN103973481A (en) | System and method for auditing cloud computing data center based on SDN | |
| CN104732147A (en) | Application program processing method | |
| CN113132318B (en) | Active defense method and system for information security of main station of power distribution automation system | |
| CN113259447A (en) | Cloud platform deployment method and device, electronic equipment and storage medium | |
| CN115114305A (en) | Lock management method, device, equipment and storage medium for distributed database | |
| Tripathi et al. | An integrated approach of designing functionality with security for distributed cyber-physical systems: D. Tripathi et al. | |
| CN107908958A (en) | SE L inux security identifier tamper-proof detection method and system | |
| US20080235001A1 (en) | Implementing emulation decisions in response to software evaluations or the like | |
| CN109753803A (en) | A kind of secure virtual machine management system | |
| US9558019B2 (en) | Coordinating instances of a thread or other service in emulation | |
| US20080235000A1 (en) | Implementing security control practice omission decisions from service emulation indications | |
| CN109753345A (en) | A kind of method for managing security under cloud environment | |
| CN119577842A (en) | Privacy protection method based on computational migration and AI behavior trajectory analysis | |
| Beling et al. | The “Mission Aware” Concept for Design of Cyber‐Resilience | |
| Siqueira et al. | A fault tolerance mechanism for network intrusion detection system based on intelligent agents (NIDIA) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190514 |
|
| RJ01 | Rejection of invention patent application after publication |