[go: up one dir, main page]

CN118585285A - Method, device, equipment and product for verifying the operating environment of a virtual machine - Google Patents

Method, device, equipment and product for verifying the operating environment of a virtual machine Download PDF

Info

Publication number
CN118585285A
CN118585285A CN202410599359.9A CN202410599359A CN118585285A CN 118585285 A CN118585285 A CN 118585285A CN 202410599359 A CN202410599359 A CN 202410599359A CN 118585285 A CN118585285 A CN 118585285A
Authority
CN
China
Prior art keywords
virtual machine
container
metric
result
measurement result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410599359.9A
Other languages
Chinese (zh)
Inventor
杨子夜
朱嵩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Volcano Engine Technology Co Ltd
Original Assignee
Beijing Volcano Engine Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Volcano Engine Technology Co Ltd filed Critical Beijing Volcano Engine Technology Co Ltd
Priority to CN202410599359.9A priority Critical patent/CN118585285A/en
Publication of CN118585285A publication Critical patent/CN118585285A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45575Starting, stopping, suspending or resuming virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Debugging And Monitoring (AREA)

Abstract

Embodiments of the present disclosure relate to methods, apparatuses, devices, and products for verifying a running environment of a virtual machine. The method includes determining a first metric result for a kernel of the virtual machine in response to receiving a request to launch a container in the virtual machine. The method also includes determining a second metric result for a hardware device associated with the virtual machine and a third metric result for a software component associated with the virtual machine, wherein the hardware device includes at least an accelerator device and a network card, and the software component includes at least a management component that manages the container. In addition, the method includes verifying the operating environment of the virtual machine based on the first metric result, the second metric result, and the third metric result. By the method, the kernel of the virtual machine can be dynamically verified, and hardware equipment and software components related to the virtual machine can be verified, so that the virtual machine and related hardware and software can meet the safety requirements, the safety of an operation environment is ensured, and the user experience is improved.

Description

用于验证虚拟机的运行环境的方法、装置、设备和产品Method, device, equipment and product for verifying the operating environment of a virtual machine

技术领域Technical Field

本公开总体涉及计算机领域,并且更具体地,涉及验证虚拟机的运行环境的方法、装置、设备和产品。The present disclosure generally relates to the field of computers, and more specifically, to a method, apparatus, device, and product for verifying an operating environment of a virtual machine.

背景技术Background Art

随着云计算和大数据技术的蓬勃发展,越来越多的业务方选择将业务迁移至云端,以享受高效、灵活的资源利用和数据处理能力。业务方可以通过云端服务快速部署和扩展业务,无需担心物理设备的限制,专注于业务本身。With the booming development of cloud computing and big data technology, more and more businesses are choosing to migrate their businesses to the cloud to enjoy efficient and flexible resource utilization and data processing capabilities. Businesses can quickly deploy and expand their businesses through cloud services without worrying about the limitations of physical equipment and focus on the business itself.

同时,容器(Container)技术作为一种新兴的虚拟化技术,为业务方带来了全新的应用部署和管理方式。它通过将应用程序及其相关依赖项打包成一个独立的可执行单元,即容器,从而实现了应用程序与底层操作系统的解耦。在云容器服务中,服务的运行环境的安全是保障服务稳定、数据安全以及业务连续性的基石。At the same time, container technology, as an emerging virtualization technology, has brought a new way of application deployment and management to the business side. It decouples the application from the underlying operating system by packaging the application and its related dependencies into an independent executable unit, namely the container. In cloud container services, the security of the service's operating environment is the cornerstone of ensuring service stability, data security, and business continuity.

发明内容Summary of the invention

本公开的实施例提供了一种用于验证虚拟机的运行环境的方法、装置、电子设备和产品。Embodiments of the present disclosure provide a method, an apparatus, an electronic device, and a product for verifying an operating environment of a virtual machine.

根据本公开的第一方面,提供了一种用于验证虚拟机的运行环境的方法。该方法包括响应于接收到在虚拟机中启动容器的请求,确定虚拟机的内核的第一度量结果。该方法还包括确定与虚拟机相关联的硬件设备的第二度量结果以及与虚拟机相关联的软件组件的第三度量结果,其中硬件设备至少包括加速器设备和网卡,并且软件组件至少包括管理容器的管理组件。此外,该方法还包括基于第一度量结果、第二度量结果以及第三度量结果,验证虚拟机的运行环境。According to a first aspect of the present disclosure, a method for verifying the operating environment of a virtual machine is provided. The method includes determining a first measurement result of a kernel of the virtual machine in response to receiving a request to start a container in the virtual machine. The method also includes determining a second measurement result of a hardware device associated with the virtual machine and a third measurement result of a software component associated with the virtual machine, wherein the hardware device includes at least an accelerator device and a network card, and the software component includes at least a management component for managing the container. In addition, the method also includes verifying the operating environment of the virtual machine based on the first measurement result, the second measurement result, and the third measurement result.

在本公开的第二方面中,提供了一种的用于验证虚拟机的运行环境装置。该装置包括第一度量结果确定模块,被配置为响应于接收到在虚拟机中启动容器的请求,确定虚拟机的内核的第一度量结果。该装置还包括第二度量结果确定模块,被配置为确定与虚拟机相关联的硬件设备的第二度量结果以及与虚拟机相关联的软件组件的第三度量结果,其中硬件设备至少包括加速器设备和网卡,并且软件组件至少包括管理容器的管理组件。此外,该装置还包括虚拟机验证模块,被配置为基于第一度量结果、第二度量结果以及第三度量结果,验证虚拟机的运行环境。In a second aspect of the present disclosure, a device for verifying the operating environment of a virtual machine is provided. The device includes a first measurement result determination module, which is configured to determine a first measurement result of a kernel of the virtual machine in response to receiving a request to start a container in the virtual machine. The device also includes a second measurement result determination module, which is configured to determine a second measurement result of a hardware device associated with the virtual machine and a third measurement result of a software component associated with the virtual machine, wherein the hardware device includes at least an accelerator device and a network card, and the software component includes at least a management component for managing the container. In addition, the device also includes a virtual machine verification module, which is configured to verify the operating environment of the virtual machine based on the first measurement result, the second measurement result, and the third measurement result.

在本公开的第三方面中,提供了一种电子设备。该电子设备包括处理器以及与处理器耦合的存储器,存储器具有存储于其中的指令,指令在被处理器执行时,使得电子设备执行根据第一方面的方法。In a third aspect of the present disclosure, an electronic device is provided, comprising a processor and a memory coupled to the processor, wherein the memory has instructions stored therein, and when the instructions are executed by the processor, the electronic device executes the method according to the first aspect.

在本公开的第四个方面,提供了一种计算机程序产品,其上存储有包括计算机可执行指令,其中所述计算机可执行指令被处理器执行以实现第一方面的方法。In a fourth aspect of the present disclosure, a computer program product is provided, on which computer executable instructions are stored, wherein the computer executable instructions are executed by a processor to implement the method of the first aspect.

发明内容部分是为了以简化的形式来介绍对概念的选择,它们在下文的具体实施方式中将被进一步描述。发明内容部分无意标识要求保护的主题的关键特征或主要特征,也无意限制要求保护的主题的范围。The purpose of this Summary is to introduce a selection of concepts in a simplified form that are further described in the Detailed Description below. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to limit the scope of the claimed subject matter.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

结合附图并参考以下详细说明,本公开各实施例的上述和其它特征、优点及方面将变得更加明显。在附图中,相同或相似的附图标记表示相同或相似的元素,其中:The above and other features, advantages and aspects of the embodiments of the present disclosure will become more apparent with reference to the following detailed description in conjunction with the accompanying drawings. In the accompanying drawings, the same or similar reference numerals represent the same or similar elements, wherein:

图1示出了本公开的一些实施例可以在其中实现的示例环境的示意图;FIG1 shows a schematic diagram of an example environment in which some embodiments of the present disclosure may be implemented;

图2示出了本公开的一些实施例的用于验证虚拟机的运行环境的方法的流程图;FIG2 shows a flow chart of a method for verifying an operating environment of a virtual machine according to some embodiments of the present disclosure;

图3示出了本公开的一些实施例的用于构建安全可信的执行环境的示意图;FIG3 shows a schematic diagram of building a secure and trusted execution environment according to some embodiments of the present disclosure;

图4示出了本公开的一些实施例的在容器启动的过程中需要被验证的虚拟机的内核、虚拟机的硬件设备以及软件组件的架构的示意图;FIG4 is a schematic diagram showing the architecture of a kernel of a virtual machine, hardware devices of the virtual machine, and software components that need to be verified during the process of starting a container according to some embodiments of the present disclosure;

图5A-5D示出了本公开的一些实施例的用于在启动容器时验证虚拟机的运行环境的示例流程的示意图;5A-5D are schematic diagrams showing example processes for verifying the operating environment of a virtual machine when starting a container according to some embodiments of the present disclosure;

图6示出了本公开的一些实施例的用于验证虚拟机的运行环境的装置的框图;以及FIG6 shows a block diagram of an apparatus for verifying an operating environment of a virtual machine according to some embodiments of the present disclosure; and

图7示出了本公开的一些实施例的电子设备的框图。FIG. 7 shows a block diagram of an electronic device according to some embodiments of the present disclosure.

在所有附图中,相同或相似参考数字表示相同或相似元素。Throughout the drawings, the same or similar reference numbers denote the same or similar elements.

具体实施方式DETAILED DESCRIPTION

可以理解的是,本技术方案所涉及的数据(包括但不限于数据本身、数据的获取或使用)应当遵循相应法律法规及相关规定的要求。It is understandable that the data involved in this technical solution (including but not limited to the data itself, the acquisition or use of the data) shall comply with the requirements of relevant laws, regulations and relevant provisions.

下面将参照附图更详细地描述本公开的实施例。虽然附图中显示了本公开的一些实施例,然而应当理解的是,本公开可以通过各种形式来实现,而且不应该被解释为限于这里阐述的实施例,相反提供这些实施例是为了更加透彻和完整地理解本公开。应当理解的是,本公开的附图及实施例仅用于示例性作用,并非用于限制本公开的保护范围。Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although some embodiments of the present disclosure are shown in the accompanying drawings, it should be understood that the present disclosure can be implemented in various forms and should not be construed as being limited to the embodiments described herein, but rather these embodiments are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the present disclosure are only for exemplary purposes and are not intended to limit the scope of protection of the present disclosure.

在本公开的实施例的描述中,术语“包括”及其类似用语应当理解为开放性包括,即“包括但不限于”。术语“基于”应当理解为“至少部分地基于”。术语“一个实施例”或“该实施例”应当理解为“至少一个实施例”。术语“第一”、“第二”等等可以指代不同的或相同的对象,除非明确说明。下文还可能包括其它明确的和隐含的定义。In the description of the embodiments of the present disclosure, the term "including" and similar terms should be understood as open inclusion, that is, "including but not limited to". The term "based on" should be understood as "based at least in part on". The term "one embodiment" or "the embodiment" should be understood as "at least one embodiment". The terms "first", "second", etc. may refer to different or the same objects, unless explicitly stated. Other explicit and implicit definitions may also be included below.

在为多用户提供模型服务的模式下,用户可以使用模型提供方提供的机器学习模型在云平台提供方的平台上开展模型的训练、推理、评测以及精调等任务。通常,云平台提供方需要确保其基础设置是安全可信的。在相关技术中,为了确保运行环境的安全,采用了一种静态度量的方式,即将相关数据、配置文件均放置在虚拟机的镜像中,这样可以直接度量这些数据和文件。然而,这种方法无法确保每次任务启动时的可执行文件的加载过程也是可信的。并且,这种静态度量的方式也无法确保与运行环境相关的硬件也是可信的。此外,相关技术中也没有一种通用的方法来度量整个环境的可信度。In the mode of providing model services for multiple users, users can use the machine learning model provided by the model provider to carry out model training, reasoning, evaluation, and fine-tuning tasks on the cloud platform provider's platform. Generally, the cloud platform provider needs to ensure that its basic settings are secure and reliable. In the related art, in order to ensure the security of the operating environment, a static measurement method is adopted, that is, the relevant data and configuration files are placed in the image of the virtual machine, so that these data and files can be directly measured. However, this method cannot ensure that the loading process of the executable file each time the task is started is also reliable. Moreover, this static measurement method cannot ensure that the hardware related to the operating environment is also reliable. In addition, there is no universal method in the related art to measure the credibility of the entire environment.

根据本公开的实施例,当接收到启动容器的请求后,将度量虚拟机的内核例如度量内核的状态和性能,这样能够识别虚拟机基础架构的健康性信息,从而帮助识别潜在的问题或性能瓶颈。接着,还可以度量与虚拟机相关联的硬件设备,例如度量加速器设备和网卡的性能和状态,这样能够确保这些硬件设备处于正常工作的状态。还可以度量与虚拟机相关联的软件组件,例如度量管理和编排容器的软件组件,从而能够帮助识别潜在的配置问题以确保容器正常工作。接着,综合前面所有的度量结果来动态地对虚拟机的运行环境全面验证。According to an embodiment of the present disclosure, when a request to start a container is received, the kernel of the virtual machine will be measured, such as measuring the state and performance of the kernel, so that the health information of the virtual machine infrastructure can be identified, thereby helping to identify potential problems or performance bottlenecks. Next, the hardware devices associated with the virtual machine can also be measured, such as measuring the performance and state of accelerator devices and network cards, so that these hardware devices can be ensured to be in normal working condition. Software components associated with the virtual machine can also be measured, such as measuring software components for managing and orchestrating containers, so as to help identify potential configuration problems to ensure the normal operation of the container. Then, all the previous measurement results are combined to dynamically and comprehensively verify the operating environment of the virtual machine.

通过这种综合通用的验证方法,有助于动态地确保虚拟机及其相关组件都满足容器的运行要求,从而降低容器启动和运行失败的风险。并且,通过提前度量和验证的方法,能够在容器运行之前发现并解决潜在的问题,确保了运行环境的安全性,从而提升了用户的体验。此外,通过这种动态的方法还能够发现潜在的性能瓶颈,从而能够优化运行效率。This comprehensive and universal verification method helps to dynamically ensure that the virtual machine and its related components meet the container's operating requirements, thereby reducing the risk of container startup and operation failure. In addition, through the method of early measurement and verification, potential problems can be discovered and resolved before the container runs, ensuring the security of the operating environment and improving the user experience. In addition, this dynamic method can also discover potential performance bottlenecks, thereby optimizing operating efficiency.

图1示出了本公开的一些实施例可以在其中实现的示例环境100的示意图。如图1所示,示例环境100至少包括模型提供方110,云平台提供方120以及客户端130,用户可以通过客户端130来租用云云平台提供方120的设施以开展其任务,例如可以是模型推理任务或者模型训练任务以及精调等任务。模型提供方110可以向客户端130提供与其任务相关的模型(例如这些模型可以是机器学习模型),模型提供方110可以将这些机器学习模型封装并发布,使得其他用户可以通过云平台提供方120来访问和使用。云平台提供方120则用于向用户提供运行这些模型的基础设施,还可以为用户提供友好的用户界面和管理工具,使得用户能够使用和管理其租借的计算资源,这样用户就可以通过客户端130在无需费力搭建硬件设备以及构建机器学习模型的情况下,专注于专业的模型任务。FIG1 shows a schematic diagram of an example environment 100 in which some embodiments of the present disclosure can be implemented. As shown in FIG1 , the example environment 100 includes at least a model provider 110, a cloud platform provider 120, and a client 130. Users can rent the facilities of the cloud platform provider 120 through the client 130 to carry out their tasks, such as model reasoning tasks or model training tasks and fine-tuning tasks. The model provider 110 can provide models related to its tasks to the client 130 (for example, these models can be machine learning models), and the model provider 110 can package and publish these machine learning models so that other users can access and use them through the cloud platform provider 120. The cloud platform provider 120 is used to provide users with the infrastructure for running these models, and can also provide users with a friendly user interface and management tools so that users can use and manage their rented computing resources, so that users can focus on professional model tasks through the client 130 without the need to laboriously build hardware equipment and build machine learning models.

继续参考图1,为了使得模型提供方110以及客户端130信任云平台提供方120提供的基础设施,云平台提供方120可以采用一种验证机制来验证其提供的基础设施的运行环境及其组件122是可信的。云平台提供方120可以验证其提供的例如虚拟机的运行环境的可信度并发送给客户端130与模型提供方110,使得这两方能够放心地将相关数据上传至云平台提供方120的平台以进行模型任务。云平台提供方120为了进一步地确保运行环境的可信度,还可以验证可信环境内的软件组件以及硬件组件,通过这种全面的验证方法,能够为用户发起的机器学习模型任务的顺利进行提供有力保障。Continuing to refer to FIG1 , in order to make the model provider 110 and the client 130 trust the infrastructure provided by the cloud platform provider 120, the cloud platform provider 120 can use a verification mechanism to verify that the operating environment of the infrastructure it provides and its components 122 are trustworthy. The cloud platform provider 120 can verify the credibility of the operating environment it provides, such as a virtual machine, and send it to the client 130 and the model provider 110, so that the two parties can safely upload relevant data to the cloud platform provider 120 platform to perform model tasks. In order to further ensure the credibility of the operating environment, the cloud platform provider 120 can also verify the software components and hardware components in the trusted environment. Through this comprehensive verification method, it can provide a strong guarantee for the smooth progress of the machine learning model tasks initiated by users.

下文将结合图2至图7详细描述根据本公开实施例的过程。为了便于理解,在下文描述中提及的具体数据均是示例性的,并不用于限定本公开的保护范围。可以理解,以下描述的实施例还可以包括未示出的附加动作和/或可以省略所示出的动作,本公开的范围在此方面不受限制。The process according to the embodiment of the present disclosure will be described in detail below in conjunction with Figures 2 to 7. For ease of understanding, the specific data mentioned in the following description are exemplary and are not intended to limit the scope of protection of the present disclosure. It is understood that the embodiments described below may also include additional actions not shown and/or may omit the actions shown, and the scope of the present disclosure is not limited in this respect.

图2示出了本公开的一些实施例的用于验证虚拟机的运行环境的方法200的流程图。方法200可以由参考图1所示出的云平台提供方200来执行。在框202,响应于接收到在虚拟机中启动容器的请求,确定虚拟机的内核的第一度量结果。用户可以通过客户端130来在云平台提供方120提供的平台上租借模型提供方110的模型来开展模型任务。当用户通过客户端130发起模型任务请求,云平台提供方120可以接收到用户发起的请求,并根据用户的请求来评估度量虚拟机的运行环境中的内核,内核作为虚拟机运行环境中的关键要素,其性能直接影响到任务的执行效率,这样可以得到一个关于内核的度量结果。FIG2 shows a flow chart of a method 200 for verifying the operating environment of a virtual machine according to some embodiments of the present disclosure. The method 200 may be performed by the cloud platform provider 200 shown in reference FIG1 . In box 202, in response to receiving a request to start a container in a virtual machine, a first measurement result of the kernel of the virtual machine is determined. The user may use the client 130 to rent the model of the model provider 110 on the platform provided by the cloud platform provider 120 to carry out the model task. When the user initiates a model task request through the client 130, the cloud platform provider 120 may receive the request initiated by the user, and evaluate and measure the kernel in the operating environment of the virtual machine according to the user's request. The kernel is a key element in the operating environment of the virtual machine, and its performance directly affects the execution efficiency of the task, so that a measurement result about the kernel can be obtained.

在框204,确定与虚拟机相关联的硬件设备的第二度量结果以及与虚拟机相关联的软件组件的第三度量结果,其中硬件设备至少包括加速器设备和网卡,并且软件组件至少包括管理容器的管理组件。在一些实施例中,可以向硬件设备的制造方发送验证当前硬件设备的度量状态的请求,根据硬件设备的制造方的响应来确定硬件设备的度量结果。例如,在一些实施例中,加速器设备可以是同构或异构的图形加速单元(GPU)等。在一些实施例中,网卡可以是远程网络接口网卡(RNIC)。在一些实施例中,管理容器的管理组件可以是节点代理或者容器的生命周期管理组件。在一些实施例中,可以计算软件组件的度量值来确定软件组件的度量结果。In box 204, determine the second measurement result of the hardware device associated with the virtual machine and the third measurement result of the software component associated with the virtual machine, wherein the hardware device includes at least an accelerator device and a network card, and the software component includes at least a management component for managing the container. In some embodiments, a request to verify the measurement state of the current hardware device can be sent to the manufacturer of the hardware device, and the measurement result of the hardware device is determined according to the response of the manufacturer of the hardware device. For example, in some embodiments, the accelerator device can be a homogeneous or heterogeneous graphics acceleration unit (GPU), etc. In some embodiments, the network card can be a remote network interface network card (RNIC). In some embodiments, the management component of the management container can be a node agent or a life cycle management component of the container. In some embodiments, the measurement value of the software component can be calculated to determine the measurement result of the software component.

在框206,基于第一度量结果、第二度量结果以及第三度量结果,验证虚拟机的运行环境。在一些实施例中,根据对虚拟机的内核的度量结果、对与虚拟机相关联硬件设备的度量结果以及对与虚拟机相关联的软件组件的度量结果,来综合验证虚拟机的运行环境。在一些实施例中,可以将以上度量结果整合成度量报告由第三方验证虚拟机的运行环境的可信度。In block 206, the operating environment of the virtual machine is verified based on the first measurement result, the second measurement result, and the third measurement result. In some embodiments, the operating environment of the virtual machine is comprehensively verified based on the measurement results of the kernel of the virtual machine, the measurement results of the hardware devices associated with the virtual machine, and the measurement results of the software components associated with the virtual machine. In some embodiments, the above measurement results can be integrated into a measurement report to verify the credibility of the operating environment of the virtual machine by a third party.

在本公开的实施例中,当接收到启动容器的请求后,将度量虚拟机的内核例如度量内核的状态和性能,这样能够帮助识别虚拟机基础架构的信息,从而能够识别潜在的问题。同时,还可以对与虚拟机相关联的硬件设备,例如对加速器设备和网卡的性能和状态进行全面而动态地度量,从而能够确保这些硬件设备处于正常状态。此外,还可以度量与虚拟机相关联的软件组件,例如度量管理和编排容器的软件组件,从而能够帮助识别潜在的配置问题,避免软件组件的漏洞,以确保容器正常地工作。接着,综合前面所有的度量结果来动态地对虚拟机的运行环境进行全面验证。In an embodiment of the present disclosure, when a request to start a container is received, the kernel of the virtual machine will be measured, such as the state and performance of the kernel, which can help identify information about the virtual machine infrastructure and thus identify potential problems. At the same time, the performance and state of hardware devices associated with the virtual machine, such as accelerator devices and network cards, can also be comprehensively and dynamically measured to ensure that these hardware devices are in a normal state. In addition, software components associated with the virtual machine can also be measured, such as software components that manage and orchestrate containers, to help identify potential configuration problems and avoid vulnerabilities in software components to ensure that the container works properly. Next, all the previous measurement results are combined to dynamically and comprehensively verify the operating environment of the virtual machine.

这样,不仅能够实时验证虚拟机运行环境,确保虚拟机及其相关硬件和软件组件均处于安全可信状态,还能有效抵御虚拟机内部潜在的安全威胁。同时,这种方法还能提示潜在的性能瓶颈或风险点,为提前进行性能优化或故障修复提供支持,进而显著提升了用户的整体体验。综上,这种综合性的动态的安全与性能管理策略,能够确保虚拟机的稳定运行。In this way, not only can the virtual machine operating environment be verified in real time, ensuring that the virtual machine and its related hardware and software components are in a secure and trustworthy state, but it can also effectively resist potential security threats within the virtual machine. At the same time, this method can also prompt potential performance bottlenecks or risk points, providing support for early performance optimization or fault repair, thereby significantly improving the overall user experience. In summary, this comprehensive and dynamic security and performance management strategy can ensure the stable operation of virtual machines.

图3示出了本公开的一些实施例的用于构建安全可信的执行环境300的示意图。参考图3,主机(CPU)302内嵌有一个特殊的可信模块304,该可信模块304和主机(CPU)302共享物理平台,该可信模块304具备在主机操作系统/虚拟机监视器306上划定安全区域的能力,能够确保在此安全区域内运行的虚拟机(如虚拟机308)保持可信度,任何未经授权的接口或程序都无法访问这一安全区域。与此相比,虚拟机310则为普通虚拟机而不具备这样的特性,有被外部攻击的风险。FIG3 shows a schematic diagram of a secure and trusted execution environment 300 for some embodiments of the present disclosure. Referring to FIG3 , a host (CPU) 302 is embedded with a special trusted module 304, and the trusted module 304 and the host (CPU) 302 share a physical platform. The trusted module 304 has the ability to demarcate a security area on the host operating system/virtual machine monitor 306, and can ensure that the virtual machines (such as virtual machine 308) running in this security area maintain credibility, and any unauthorized interface or program cannot access this security area. In contrast, virtual machine 310 is an ordinary virtual machine and does not have such a feature, and there is a risk of being attacked from the outside.

继续参考图3,可信模块304不仅可以划分安全区域来防御外部攻击,还可以负责可信虚拟机308与普通虚拟机310之间的交互检查。与容器组316不同,容器组312、容器组314运行在可信虚拟机308内,可以使得容器组312以及容器组314内运行的数据如机器学习模型文件处于安全状态而不被恶意窃取、篡改或无授权访问,而容器组316中运行的数据则具有被窃取、篡改的高风险。Continuing to refer to FIG3 , the trusted module 304 can not only divide the security area to defend against external attacks, but also be responsible for the interaction check between the trusted virtual machine 308 and the ordinary virtual machine 310. Unlike the container group 316, the container group 312 and the container group 314 run in the trusted virtual machine 308, which can make the data running in the container group 312 and the container group 314, such as the machine learning model file, in a safe state and not be maliciously stolen, tampered or unauthorized access, while the data running in the container group 316 has a high risk of being stolen and tampered.

在一些实施例中,云平台提供方120可以采用不同厂家的主机(CPU)架构创建可信虚拟机。在一些实施例中,云平台提供方120可以采用相同厂家的主机(CPU)架构创建可信虚拟机。在一些实施例中,模型提供方110提供的机器学习模型文件被加载至云平台提供方120所提供的可信虚拟机308中的容器组312或者容器组314运行。通过可信模块划分出可信虚拟机的安全区域,可以降低在虚拟机内运行的机器学习模型被窃取的风险,提高了运行环境的安全性。In some embodiments, the cloud platform provider 120 can create a trusted virtual machine using a host (CPU) architecture from different manufacturers. In some embodiments, the cloud platform provider 120 can create a trusted virtual machine using a host (CPU) architecture from the same manufacturer. In some embodiments, the machine learning model file provided by the model provider 110 is loaded into the container group 312 or container group 314 in the trusted virtual machine 308 provided by the cloud platform provider 120 for operation. By dividing the secure area of the trusted virtual machine by the trusted module, the risk of the machine learning model running in the virtual machine being stolen can be reduced, thereby improving the security of the operating environment.

图4示出了本公开的一些实施例的需要被验证的虚拟机的内核、虚拟机的硬件设备以及软件组件的架构400的示意图。参考图4,图4示出了固件410、引导加载程序420、硬件组件430、内核440以及软件组件450的架构,这些组件或架构均与容器启动时的虚拟机的运行环境相关联。在启动过程中,引导加载程序420首先运行,加载并启动内核440或固件410。内核440随后接管系统的控制权,管理硬件430和软件资源450,来确保系统的稳定运行。固件410则在整个过程中提供硬件支持和接口,使得内核440和引导加载程序420能够与硬件430进行交互。其中,固件410是写入硬件设备430中的程序,它负责初始化硬件430,并为操作系统提供与硬件430交互的接口。固件410是硬件设备430正常运行的基础,决定了硬件设备430的功能和性能。在一些实施例中,固件410可以是开放式虚拟固件(OVMF)。FIG4 shows a schematic diagram of the architecture 400 of the kernel of the virtual machine, the hardware device of the virtual machine, and the software component of some embodiments of the present disclosure that need to be verified. Referring to FIG4, FIG4 shows the architecture of firmware 410, boot loader 420, hardware component 430, kernel 440, and software component 450, all of which are associated with the operating environment of the virtual machine when the container is started. During the startup process, the boot loader 420 runs first, loads and starts the kernel 440 or firmware 410. The kernel 440 then takes over the control of the system, manages the hardware 430 and software resources 450, to ensure the stable operation of the system. The firmware 410 provides hardware support and interfaces throughout the process, so that the kernel 440 and the boot loader 420 can interact with the hardware 430. Among them, the firmware 410 is a program written into the hardware device 430, which is responsible for initializing the hardware 430 and providing an interface for the operating system to interact with the hardware 430. The firmware 410 is the basis for the normal operation of the hardware device 430 and determines the function and performance of the hardware device 430. In some embodiments, firmware 410 may be open virtual firmware (OVMF).

继续参考图4,引导加载程序420是计算机开机后运行的第一段程序。它的主要任务是初始化系统硬件430和软件环境450,加载并启动内核440或固件410。具体来说,引导加载程序420会进行硬件设备430的初始化和配置,设置内存映射,加载内核映像440或固件410到内存,并跳转到内核440或固件410的入口点。引导加载程序420的存在确保了操作系统能够正确加载并运行。在一些实施例中,引导加载程序420可以是多操作系统启动程序(GRUB)和安全启动环境中的一个验证组件(例如是Shim),两者共同协作来确保正确加载。Continuing to refer to Figure 4, the boot loader 420 is the first program to run after the computer is turned on. Its main task is to initialize the system hardware 430 and the software environment 450, load and start the kernel 440 or the firmware 410. Specifically, the boot loader 420 will initialize and configure the hardware device 430, set the memory map, load the kernel image 440 or the firmware 410 into the memory, and jump to the entry point of the kernel 440 or the firmware 410. The existence of the boot loader 420 ensures that the operating system can be correctly loaded and run. In some embodiments, the boot loader 420 can be a multi-operating system boot program (GRUB) and a verification component (such as Shim) in the secure boot environment, and the two work together to ensure correct loading.

继续参考图4,内核440是操作系统(例如可以是图3所示主机操作系统/虚拟机监视器306)的核心组成部分,它负责管理虚拟机的硬件430和软件资源450。在一些实施例中,硬件设备430中至少包括有(远程)网络接口卡431及其驱动432,GPU设备433及其驱动434以及其他加速器设备435及其驱动436。其中,(远程)网络接口卡431负责传输与容器启动请求相关的数据,GPU设备433以及其他加速器设备435用于计算与容器启动请求相关的数据。Continuing to refer to FIG4 , the kernel 440 is a core component of an operating system (e.g., the host operating system/virtual machine monitor 306 shown in FIG3 ), which is responsible for managing the hardware 430 and software resources 450 of the virtual machine. In some embodiments, the hardware device 430 includes at least a (remote) network interface card 431 and its driver 432, a GPU device 433 and its driver 434, and other accelerator devices 435 and their drivers 436. Among them, the (remote) network interface card 431 is responsible for transmitting data related to the container startup request, and the GPU device 433 and other accelerator devices 435 are used to calculate data related to the container startup request.

继续参考图4,在一些实施例中,软件组件至少包括容器的节点代理453、生命周期管理组件(Containerd)452以及容器运行时类(Runc)451。其中,节点代理453主要负责管理节点上的容器以及与主控制平面的通信。生命周期管理组件452负责对容器的生命周期进行管理,包括容器的创建、删除等。生命周期管理组件452作为容器运行时,会调用容器运行时类451来实际创建和运行容器。容器运行时类451是一个根据OCI(开放容器接口)标准创建并运行容器的命令行工具。Continuing to refer to Figure 4, in some embodiments, the software components include at least a node agent 453 of the container, a lifecycle management component (Containerd) 452, and a container runtime class (Runc) 451. Among them, the node agent 453 is mainly responsible for managing the containers on the node and communicating with the main control plane. The lifecycle management component 452 is responsible for managing the life cycle of the container, including the creation and deletion of the container. When the lifecycle management component 452 is used as a container runtime, it will call the container runtime class 451 to actually create and run the container. The container runtime class 451 is a command line tool that creates and runs containers according to the OCI (Open Container Interface) standard.

如图4所示,在一些实施例中,为了确保关于容器启动的虚拟机的运行环境的可信度,可以度量内核440来得到关于虚拟机的内核440的度量结果。在本公开的实施例中,为了确保关于容器启动的运行环境的可信度,还可以度量硬件设备430来得到关于虚拟机的硬件设备430的度量结果。例如,可以度量GPU设备433的驱动434安装的版本是否正确或者安全漏洞已经被打上补丁,以及GPU设备433是否性能正常。在本公开的实施例中,为了确保关于容器启动的运行环境的可信度,还可以度量上层的软件组件450来得到关于软件组件450的度量结果。在一些实施例中,可以通过完整性和测量架构(IMA)441来实现对运行时的软件组件450进行完整性检查和度量,从而能够确保这些软件组件450没有被篡改或替换。在一些实施例中,将上述的关于内核、硬件以及软件的度量结果组合后发送给第三方来验证关于运行容器的虚拟机的运行环境的可信度。在一些实施例中,可以从底层的固件410向上度量。这种从下至上度量虚拟机的内核、硬件设备以及软件组件的方法,能够全面确保虚拟机的运行环境的可信度,从而避免了数据丢失的风险。As shown in FIG. 4 , in some embodiments, in order to ensure the credibility of the operating environment of the virtual machine started by the container, the kernel 440 can be measured to obtain the measurement result of the kernel 440 of the virtual machine. In an embodiment of the present disclosure, in order to ensure the credibility of the operating environment started by the container, the hardware device 430 can also be measured to obtain the measurement result of the hardware device 430 of the virtual machine. For example, it can be measured whether the version installed by the driver 434 of the GPU device 433 is correct or the security vulnerability has been patched, and whether the GPU device 433 performs normally. In an embodiment of the present disclosure, in order to ensure the credibility of the operating environment started by the container, the upper software component 450 can also be measured to obtain the measurement result of the software component 450. In some embodiments, the integrity and measurement architecture (IMA) 441 can be used to implement the integrity check and measurement of the software component 450 at runtime, so as to ensure that these software components 450 have not been tampered with or replaced. In some embodiments, the above-mentioned measurement results of the kernel, hardware and software are combined and sent to a third party to verify the credibility of the operating environment of the virtual machine running the container. In some embodiments, it can be measured from the underlying firmware 410 upward. This bottom-up approach of measuring the virtual machine's kernel, hardware devices, and software components can fully ensure the credibility of the virtual machine's operating environment, thereby avoiding the risk of data loss.

下面将结合图5A-5D来说明本公开的一些实施例的用于在启动容器时的验证虚拟机运行环境的示例流程。图5A示出了本公开的一些实施例的用于在启动容器时验证运行环境的示例流程500A的示意图。如图5A所示,在510A,接收启动容器的请求。在一些实施例中,用户可以通过图1所示客户端130对云平台提供方120发起机器学习模型任务的请求,从而云平台提供方120可以分析用户发起的任务请求,以为其任务安排合适的计算资源。在一些实施例中,当图1所示云平台提供方120接收用户方通过客户端130发起的启动容器的请求后,可以验证用户即将使用的虚拟机的运行环境是否可信,从而能够使得图1所示模型提供方110以及用户信任云平台提供方120的虚拟机。继续参考图5A,在520A,获取度量报告,度量报告522A由内核度量结果、硬件度量结果以及软件组件的度量结果构成。The following will be combined with Figures 5A-5D to illustrate some embodiments of the present disclosure for verifying the virtual machine operating environment when starting a container. Figure 5A shows a schematic diagram of an example process 500A for verifying the operating environment when starting a container in some embodiments of the present disclosure. As shown in Figure 5A, at 510A, a request to start a container is received. In some embodiments, a user can initiate a request for a machine learning model task to the cloud platform provider 120 through the client 130 shown in Figure 1, so that the cloud platform provider 120 can analyze the task request initiated by the user to arrange appropriate computing resources for its task. In some embodiments, when the cloud platform provider 120 shown in Figure 1 receives the request to start a container initiated by the user through the client 130, it can verify whether the operating environment of the virtual machine to be used by the user is credible, so that the model provider 110 shown in Figure 1 and the user can trust the virtual machine of the cloud platform provider 120. Continuing to refer to Figure 5A, at 520A, a measurement report is obtained, and the measurement report 522A is composed of kernel measurement results, hardware measurement results, and measurement results of software components.

下面将结合图5B来说明本公开的一些实施例的获取度量报告的步骤。图5B示出了本公开的一些实施例的用于在启动容器时验证运行环境的示例架构500B的示意图。结合图5B,在虚拟机监视器502B上构建有可信虚拟机504B。在一些实施例中,当接收到用户发起的请求后,虚拟机504B中的容器的节点代理506B可以通过531B向验证代理508发起验证指示,从而验证代理508B将通过532B从固件510B处获得度量报告,这份度量报告包含了内核度量结果、硬件设备度量结果以及软件组件的度量结果。在一些实施例中,可以以固件510B为起点向上度量。The steps of obtaining a measurement report in some embodiments of the present disclosure will be described below in conjunction with Figure 5B. Figure 5B shows a schematic diagram of an example architecture 500B for verifying the operating environment when starting a container in some embodiments of the present disclosure. In conjunction with Figure 5B, a trusted virtual machine 504B is built on a virtual machine monitor 502B. In some embodiments, upon receiving a request initiated by a user, the node agent 506B of the container in the virtual machine 504B can initiate a verification instruction to the verification agent 508 through 531B, so that the verification agent 508B will obtain a measurement report from the firmware 510B through 532B, and this measurement report includes kernel measurement results, hardware device measurement results, and software component measurement results. In some embodiments, the firmware 510B can be used as a starting point for upward measurement.

下面将结合图5C-5D来说明本公开的一些实施例的用户获取硬件设备度量结果和软件组件度量结果的方法。图5C示出了本公开的一些实施例的度量硬件设备的500C的示意图。如图5C所示,在510C,向硬件设备制造方发送度量请求。在一些实施例中,如果硬件设备是GPU设备,可以通过GPU设备的制造方的诊断工具或者是固件更新来度量该GPU设备的硬件故障或者有无是潜在的安全漏洞,例如可以通过诊断工具向GPU设备制造方发送度量GPU设备的请求。例如还可以向设备制造方发送该GPU的驱动是不是最新版本的驱动的确认请求。在一些实施例中,还可以向设备制造方发送关于度量该GPU设备的性能的请求。在一些实施例中,关于硬件的度量请求的内容可以包括设备的属性、设备的功能、性能以及设备的版本信息等参数。The following will illustrate the method for users of some embodiments of the present disclosure to obtain hardware device measurement results and software component measurement results in conjunction with Figures 5C-5D. Figure 5C shows a schematic diagram of 500C of measuring hardware devices in some embodiments of the present disclosure. As shown in Figure 5C, at 510C, a measurement request is sent to the hardware device manufacturer. In some embodiments, if the hardware device is a GPU device, the hardware failure of the GPU device or the presence or absence of potential security vulnerabilities can be measured through the diagnostic tool or firmware update of the manufacturer of the GPU device. For example, a request to measure the GPU device can be sent to the GPU device manufacturer through the diagnostic tool. For example, a confirmation request can also be sent to the device manufacturer to determine whether the driver of the GPU is the latest version of the driver. In some embodiments, a request to measure the performance of the GPU device can also be sent to the device manufacturer. In some embodiments, the content of the measurement request for hardware can include parameters such as the attributes of the device, the functions and performance of the device, and the version information of the device.

继续参考图5C,在520C,从制造方接收对该度量请求的回应。在一些实施例中,当向设备制造方发送该GPU的驱动是不是最新版本的驱动的确认请求,制造方可以回应这是最新版本的驱动或者不是最新版本的驱动。在一些实施例中,当向设备制造方发送关于度量该GPU设备的性能的请求时,设备制造方可以返回该GPU设备的当前性能参数。5C , at 520C, a response to the measurement request is received from the manufacturer. In some embodiments, when a confirmation request is sent to the device manufacturer to determine whether the driver of the GPU is the latest version of the driver, the manufacturer may respond that it is the latest version of the driver or not. In some embodiments, when a request is sent to the device manufacturer to measure the performance of the GPU device, the device manufacturer may return the current performance parameters of the GPU device.

继续参考图5C,在530C,基于对度量请求的回应来确定硬件设备的度量结果。在一些实施例中,当向设备制造方发送该GPU的驱动是不是最新版本的驱动的确认请求,制造方可以回应这是最新版本的驱动或者不是最新版本的驱动,从而可以根据接收到的制造方对其请求的回应来生成关于该GPU设备的度量结果。在一些实施例中,当向设备制造方发送关于度量该GPU设备的性能的请求时,设备制造方可以返回该GPU设备的当前性能参数,从而可以根据接收到的制造方对性能参数的回应来确定关于当前GPU设备的度量结果。通过这种度量于虚拟机中相关的硬件设备的方法,能够及时发现并防范潜在的安全威胁,例如恶意硬件、硬件故障或被篡改的硬件组件,从而能够避免从虚拟机运行环境的硬件设备发出的攻击。备选地,还可以评估网卡的物理带宽、传输延迟以及传输错误率等指标来确定网卡的度量结果。Continuing to refer to FIG. 5C, at 530C, the measurement result of the hardware device is determined based on the response to the measurement request. In some embodiments, when a confirmation request is sent to the device manufacturer as to whether the driver of the GPU is the latest version of the driver, the manufacturer can respond that it is the latest version of the driver or not, so that the measurement result about the GPU device can be generated according to the received manufacturer's response to its request. In some embodiments, when a request is sent to the device manufacturer about measuring the performance of the GPU device, the device manufacturer can return the current performance parameters of the GPU device, so that the measurement result about the current GPU device can be determined according to the received manufacturer's response to the performance parameters. Through this method of measuring the hardware devices related to the virtual machine, potential security threats, such as malicious hardware, hardware failures or tampered hardware components, can be discovered and prevented in a timely manner, so that attacks from hardware devices in the virtual machine operating environment can be avoided. Alternatively, indicators such as the physical bandwidth, transmission delay, and transmission error rate of the network card can also be evaluated to determine the measurement result of the network card.

图5D示出了本公开的一些实施例的度量软件组件的500D的示意图。在一些实施例中,度量软件组件的方法可以基于完整性度量架构来设计。如图5D所示,在510D,针对软件组件选择度量算法。在一些实施例中,可以选择适合的度量的算法(如SHA-256、SHA-512),用于计算软件组件的哈希值或者其他类型的数字指纹,这些合适的度量的算法能够确保即使微小的文件的变动也会导致度量结果的发生显著变化。借助合适的度量算法,能够精确识别软件组件的恶意变化,从而提升安全性。FIG. 5D shows a schematic diagram of 500D of measuring software components of some embodiments of the present disclosure. In some embodiments, the method of measuring software components can be designed based on the integrity measurement architecture. As shown in FIG. 5D , at 510D, a measurement algorithm is selected for the software component. In some embodiments, a suitable measurement algorithm (such as SHA-256, SHA-512) can be selected to calculate the hash value or other types of digital fingerprints of the software component. These suitable measurement algorithms can ensure that even small changes in files will cause significant changes in the measurement results. With the help of a suitable measurement algorithm, malicious changes in software components can be accurately identified, thereby improving security.

继续参考图5D,在520D,根据预定义的评估策略,计算软件组件安装目录中的每个文件的度量值。在一些实施例中,为了确保对运行环境的度量的灵活性与轻便性,在对软件安装目录下的每个文件遍历后,可以只计算预定义的评估策略中的软件组件的文件的哈希值,例如预定义的评估策略中限定了必须对图4所示的节点代理453、周期管理组件452以及容器运行时类451度量,那么这些软件组件的哈希值是必须要计算的,而其他的软件组件的文件被灵活选择去度量或者是不被度量。这些预定义的软件组件是和容器启动相关联的。通过这种只计算预定义的软件组件的度量值的灵活方式,能够节省算力,从而提高运行性能与效率。Continuing to refer to Figure 5D, in 520D, according to the predefined evaluation strategy, the measurement value of each file in the software component installation directory is calculated. In some embodiments, in order to ensure the flexibility and portability of the measurement of the operating environment, after traversing each file in the software installation directory, only the hash value of the file of the software component in the predefined evaluation strategy can be calculated. For example, the predefined evaluation strategy specifies that the node agent 453, the cycle management component 452 and the container runtime class 451 shown in Figure 4 must be measured, then the hash values of these software components must be calculated, and the files of other software components are flexibly selected to be measured or not measured. These predefined software components are associated with container startup. By this flexible way of only calculating the measurement values of predefined software components, computing power can be saved, thereby improving operating performance and efficiency.

继续参考图5D,在530D,比较度量值来确定预定义的评估策略中的软件组件的度量结果。在一些实施例中,在度量软件组件中预定义的文件时,可以将遍历后计算得到的哈希值(以及相关的文件或目录标识符)与存储在数据库中的对应的哈希值进行比较,如果计算得到的哈希值与数据库中的哈希值相匹配,那么可以认为软件组件是完整的,没有被篡改。如果不匹配,那么意味着文件已经被修改或者已经损坏。通过这种方式,能够确保预定义的评估策略中的软件组件的文件的完整性和安全性,从而能够确保防止恶意软件的插入。Continuing to refer to FIG. 5D , at 530D, the measurement values are compared to determine the measurement results of the software components in the predefined evaluation strategy. In some embodiments, when measuring the predefined files in the software component, the hash value (and the related file or directory identifier) calculated after the traversal can be compared with the corresponding hash value stored in the database. If the calculated hash value matches the hash value in the database, then it can be considered that the software component is complete and has not been tampered with. If it does not match, it means that the file has been modified or damaged. In this way, the integrity and security of the files of the software components in the predefined evaluation strategy can be ensured, thereby ensuring that the insertion of malicious software can be prevented.

返回图5A,在530A,将得到的度量报告发送至第三方验证。结合图5B,验证代理508B在获取到包括内核度量结果、硬件度量结果以及软件度量结果的度量报告后,可以通过533B发送第三方512B来得到关于虚拟机的运行环境的可信度的验证结果。第三方512B处于虚拟机504B之外,这样能够确保第三方512B生成的验证报告的客观性和真实性。在一些实施例中,第三方512B配置有密钥代理服务以及验证服务514B,其中密钥代理服务是一种以安全为中心的服务,用于存储、管理和备份应用程序和用户使用的加密密钥,通常在验证成功时可以分发相应的密钥。在一些实施例中,当确认了虚拟机504B的运行环境是可信的,可以向图1中的模型提供方110以及客户端130发送云平台提供方120是可信的指示。Returning to Fig. 5A, at 530A, the obtained measurement report is sent to a third party for verification. In conjunction with Fig. 5B, after obtaining the measurement report including the kernel measurement results, the hardware measurement results and the software measurement results, the verification agent 508B can send the third party 512B through 533B to obtain the verification result of the credibility of the operating environment of the virtual machine. The third party 512B is outside the virtual machine 504B, so that the objectivity and authenticity of the verification report generated by the third party 512B can be ensured. In some embodiments, the third party 512B is configured with a key proxy service and a verification service 514B, wherein the key proxy service is a security-centric service for storing, managing and backing up encryption keys used by applications and users, and the corresponding keys can usually be distributed when the verification is successful. In some embodiments, when it is confirmed that the operating environment of the virtual machine 504B is credible, an indication that the cloud platform provider 120 is credible can be sent to the model provider 110 and the client 130 in Fig. 1.

继续参考图5A,在540A,接收验证报告,并且如果第三方验证无误的话,可以返回容器镜像的密钥。结合图5B,当第三方512B的验证服务514B根据预定义的评估策略,确定了度量报告的真实性后,第三方512B可以将度量报告的确认详情与启动容器相关的容器镜像仓库518B的密钥通过534B发送给验证代理508B。Continuing to refer to FIG5A , at 540A, the verification report is received, and if the third party verification is correct, the key of the container image can be returned. In conjunction with FIG5B , when the verification service 514B of the third party 512B determines the authenticity of the measurement report according to the predefined evaluation strategy, the third party 512B can send the confirmation details of the measurement report and the key of the container image repository 518B related to the startup container to the verification agent 508B via 534B.

返回参考图5A,在550A,下载容器镜像,并通过获取的密钥对容器镜像解密。结合图5B,当验证代理508B接收到虚拟机504B的运行环境是可信的验证结果以及用于对容器镜像解密的密钥后,节点代理506B可以通过容器的周期管理组件516B在535B从容器镜像仓库518B下载相应的容器镜像,并通过536B对加密的容器镜像解密,这样可以得到解密的容器镜像520B。在一些实施例中,可以将下载到的解密的容器镜像520B备份至本地存储设备524B。在一些实施例中,本地存储设备524B是一种具有一定结构的随机存取设备,对这种设备的读写时按块进行的,可以使用缓冲区存放暂时的数据,等到条件成熟后,从缓存一次性写入设备或者从设备一次性读到缓冲区。Referring back to FIG. 5A , at 550A, the container image is downloaded, and the container image is decrypted by the obtained key. In conjunction with FIG. 5B , when the verification agent 508B receives the verification result that the operating environment of the virtual machine 504B is credible and the key for decrypting the container image, the node agent 506B can download the corresponding container image from the container image repository 518B at 535B through the container's cycle management component 516B, and decrypt the encrypted container image through 536B, so that the decrypted container image 520B can be obtained. In some embodiments, the downloaded decrypted container image 520B can be backed up to a local storage device 524B. In some embodiments, the local storage device 524B is a random access device with a certain structure, and the reading and writing of such a device is performed in blocks. A buffer can be used to store temporary data, and when conditions are ripe, the device is written from the cache once or the buffer is read from the device once.

继续参考图5A,在560A,启动容器。结合图5B,在得到解密的容器镜像520B后,容器的周期管理组件516B可以通过537B调用容器运行时类522B来根据容器的配置信息(例如,容器的镜像520B等)来创建一个新的容器进程,并设置容器的命名空间、控制组和其他必要的隔离措施来实际创建和运行容器。在一些实施例中,当虚拟机的运行环境504B被确认是可信时,可以将机器学习模型文件加载至已经启动的容器中运行。在一些实施例中,可以通过加速器设备来执行机器学习模型文件的推理、精调等任务。Continuing to refer to Figure 5A, at 560A, the container is started. In conjunction with Figure 5B, after obtaining the decrypted container image 520B, the container's cycle management component 516B can call the container runtime class 522B through 537B to create a new container process according to the container's configuration information (e.g., the container's image 520B, etc.), and set the container's namespace, control group, and other necessary isolation measures to actually create and run the container. In some embodiments, when the virtual machine's operating environment 504B is confirmed to be credible, the machine learning model file can be loaded into the already started container for execution. In some embodiments, tasks such as reasoning and fine-tuning of machine learning model files can be performed by an accelerator device.

图6示出了本公开的一些实施例的用于验证虚拟机的运行环境的装置600的框图。如图6所示,装置600包括第一度量结果确定模块602,被配置为响应于接收到在虚拟机中启动容器的请求,确定虚拟机的内核的第一度量结果。装置600还包括第二度量结果确定模块604,被配置为确定与虚拟机相关联的硬件设备的第二度量结果以及与虚拟机相关联的软件组件的第三度量结果,其中硬件设备至少包括加速器设备和网卡,并且软件组件至少包括管理容器的管理组件。此外,装置600还包括虚拟机验证模块606,被配置为基于第一度量结果、第二度量结果以及第三度量结果,验证虚拟机的运行环境。FIG6 shows a block diagram of an apparatus 600 for verifying the operating environment of a virtual machine in some embodiments of the present disclosure. As shown in FIG6 , the apparatus 600 includes a first measurement result determination module 602, which is configured to determine a first measurement result of a kernel of the virtual machine in response to receiving a request to start a container in the virtual machine. The apparatus 600 also includes a second measurement result determination module 604, which is configured to determine a second measurement result of a hardware device associated with the virtual machine and a third measurement result of a software component associated with the virtual machine, wherein the hardware device includes at least an accelerator device and a network card, and the software component includes at least a management component for managing the container. In addition, the apparatus 600 also includes a virtual machine verification module 606, which is configured to verify the operating environment of the virtual machine based on the first measurement result, the second measurement result, and the third measurement result.

图7示出了本公开的一些实施例的电子设备700的框图,设备700可以是本公开的实施例所描述的设备或装置。如图7所示,设备700包括中央处理单元(CPU)和/或图形处理单元(GPU)701,其可以根据存储在只读存储器(ROM)702中的计算机程序指令或者从存储单元708加载到随机访问存储器(RAM)703中的计算机程序指令,来执行各种适当的动作和处理。在RAM 703中,还可以存储设备700操作所需的各种程序和数据。CPU/GPU 701、ROM 702以及RAM 703通过总线704彼此相连。输入/输出(I/O)接口705也连接至总线704。虽然未在图7中示出,设备700还可以包括协处理器。FIG. 7 shows a block diagram of an electronic device 700 of some embodiments of the present disclosure, and the device 700 may be a device or apparatus described in an embodiment of the present disclosure. As shown in FIG. 7 , the device 700 includes a central processing unit (CPU) and/or a graphics processing unit (GPU) 701, which can perform various appropriate actions and processes according to computer program instructions stored in a read-only memory (ROM) 702 or computer program instructions loaded from a storage unit 708 into a random access memory (RAM) 703. In RAM 703, various programs and data required for the operation of the device 700 can also be stored. CPU/GPU 701, ROM 702, and RAM 703 are connected to each other via a bus 704. An input/output (I/O) interface 705 is also connected to the bus 704. Although not shown in FIG. 7 , the device 700 may also include a coprocessor.

设备700中的多个部件连接至I/O接口705,包括:输入单元706,例如键盘、鼠标等;输出单元707,例如各种类型的显示器、扬声器等;存储单元708,例如磁盘、光盘等;以及通信单元709,例如网卡、调制解调器、无线通信收发机等。通信单元709允许设备700通过诸如互联网的计算机网络和/或各种电信网络与其他设备交换信息/数据。A number of components in the device 700 are connected to the I/O interface 705, including: an input unit 706, such as a keyboard, a mouse, etc.; an output unit 707, such as various types of displays, speakers, etc.; a storage unit 708, such as a disk, an optical disk, etc.; and a communication unit 709, such as a network card, a modem, a wireless communication transceiver, etc. The communication unit 709 allows the device 700 to exchange information/data with other devices through a computer network such as the Internet and/or various telecommunication networks.

上文所描述的各个方法或过程可以由CPU/GPU 701来执行。例如,在一些实施例中,方法可被实现为计算机软件程序,其被有形地包含于机器可读介质,例如存储单元708。在一些实施例中,计算机程序的部分或者全部可以经由ROM 702和/或通信单元709而被载入和/或安装到设备700上。当计算机程序被加载到RAM 703并由CPU/GPU 701执行时,可以执行上文描述的方法或过程中的一个或多个步骤或动作。The various methods or processes described above may be performed by the CPU/GPU 701. For example, in some embodiments, the methods may be implemented as a computer software program, which is tangibly contained in a machine-readable medium, such as a storage unit 708. In some embodiments, part or all of the computer program may be loaded and/or installed on the device 700 via the ROM 702 and/or the communication unit 709. When the computer program is loaded into the RAM 703 and executed by the CPU/GPU 701, one or more steps or actions in the methods or processes described above may be performed.

在一些实施例中,以上所描述的方法和过程可以被实现为计算机程序产品。计算机程序产品可以包括计算机可读存储介质,其上载有用于执行本公开的各个方面的计算机可读程序指令。In some embodiments, the methods and processes described above may be implemented as a computer program product. The computer program product may include a computer-readable storage medium carrying computer-readable program instructions for executing various aspects of the present disclosure.

计算机可读存储介质可以是可以保持和存储由指令执行设备使用的指令的有形设备。计算机可读存储介质例如可以是但不限于电存储设备、磁存储设备、光存储设备、电磁存储设备、半导体存储设备或者上述的任意合适的组合。计算机可读存储介质的更具体的例子(非穷举的列表)包括:便携式计算机盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、静态随机存取存储器(SRAM)、便携式压缩盘只读存储器(CD-ROM)、数字多功能盘(DVD)、记忆棒、软盘、机械编码设备、例如其上存储有指令的打孔卡或凹槽内凸起结构、以及上述的任意合适的组合。这里所使用的计算机可读存储介质不被解释为瞬时信号本身,诸如无线电波或者其他自由传播的电磁波、通过波导或其他传输媒介传播的电磁波(例如,通过光纤电缆的光脉冲)、或者通过电线传输的电信号。Computer readable storage medium can be a tangible device that can hold and store instructions used by an instruction execution device. Computer readable storage medium can be, for example, but not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination thereof. More specific examples (non-exhaustive list) of computer readable storage medium include: a portable computer disk, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a static random access memory (SRAM), a portable compact disk read-only memory (CD-ROM), a digital versatile disk (DVD), a memory stick, a floppy disk, a mechanical encoding device, for example, a punch card or a convex structure in a groove on which instructions are stored, and any suitable combination thereof. The computer readable storage medium used here is not interpreted as a transient signal itself, such as a radio wave or other freely propagating electromagnetic wave, an electromagnetic wave propagated by a waveguide or other transmission medium (for example, a light pulse by an optical fiber cable), or an electrical signal transmitted by a wire.

本文所描述的计算机可读程序指令可以从计算机可读存储介质下载到各个计算/处理设备,或者通过网络、例如互联网、局域网、广域网和/或无线网下载到外部计算机或外部存储设备。网络可以包括铜传输电缆、光纤传输、无线传输、路由器、防火墙、交换机、网关计算机和/或边缘服务器。每个计算/处理设备中的网络适配卡或者网络接口从网络接收计算机可读程序指令,并转发该计算机可读程序指令,以供存储在各个计算/处理设备中的计算机可读存储介质中。The computer-readable program instructions described herein can be downloaded from a computer-readable storage medium to each computing/processing device, or downloaded to an external computer or external storage device via a network, such as the Internet, a local area network, a wide area network, and/or a wireless network. The network can include copper transmission cables, optical fiber transmission, wireless transmission, routers, firewalls, switches, gateway computers, and/or edge servers. The network adapter card or network interface in each computing/processing device receives the computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in the computer-readable storage medium in each computing/processing device.

用于执行本公开操作的计算机程序指令可以是汇编指令、指令集架构(ISA)指令、机器指令、机器相关指令、微代码、固件指令、状态设置数据、或者以一种或多种编程语言的任意组合编写的源代码或目标代码,编程语言包括面向对象的编程语言,以及常规的过程式编程语言。计算机可读程序指令可以完全地在用户计算机上执行、部分地在用户计算机上执行、作为一个独立的软件包执行、部分在用户计算机上部分在远程计算机上执行、或者完全在远程计算机或服务器上执行。在涉及远程计算机的情形中,远程计算机可以通过任意种类的网络—包括局域网(LAN)或广域网(WAN)—连接到用户计算机,或者,可以连接到外部计算机(例如利用互联网服务提供商来通过互联网连接)。在一些实施例中,通过利用计算机可读程序指令的状态信息来个性化定制电子电路,例如可编程逻辑电路、现场可编程门阵列(FPGA)或可编程逻辑阵列(PLA),该电子电路可以执行计算机可读程序指令,从而实现本公开的各个方面。The computer program instructions for performing the disclosed operation may be assembler instructions, instruction set architecture (ISA) instructions, machine instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source code or object code written in any combination of one or more programming languages, programming languages including object-oriented programming languages, and conventional procedural programming languages. Computer-readable program instructions may be executed completely on a user's computer, partially on a user's computer, executed as an independent software package, partially on a user's computer, partially on a remote computer, or completely on a remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer via any type of network, including a local area network (LAN) or a wide area network (WAN), or may be connected to an external computer (e.g., utilizing an Internet service provider to connect via the Internet). In certain embodiments, by utilizing the state information of a computer-readable program instruction to customize an electronic circuit, such as a programmable logic circuit, a field programmable gate array (FPGA), or a programmable logic array (PLA), the electronic circuit may execute a computer-readable program instruction, thereby realizing various aspects of the present disclosure.

这些计算机可读程序指令可以提供给通用计算机、专用计算机或其它可编程数据处理装置的处理单元,从而生产出一种机器,使得这些指令在通过计算机或其它可编程数据处理装置的处理单元执行时,产生了实现流程图和/或框图中的一个或多个框中规定的功能/动作的装置。也可以把这些计算机可读程序指令存储在计算机可读存储介质中,这些指令使得计算机、可编程数据处理装置和/或其他设备以特定方式工作,从而,存储有指令的计算机可读介质则包括一个制造品,其包括实现流程图和/或框图中的一个或多个框中规定的功能/动作的各个方面的指令。These computer-readable program instructions can be provided to a processing unit of a general-purpose computer, a special-purpose computer, or other programmable data processing device, thereby producing a machine, so that when these instructions are executed by the processing unit of the computer or other programmable data processing device, a device for implementing the functions/actions specified in one or more boxes in the flowchart and/or block diagram is generated. These computer-readable program instructions can also be stored in a computer-readable storage medium, and these instructions cause the computer, programmable data processing device, and/or other equipment to work in a specific manner, so that the computer-readable medium storing the instructions includes a manufactured product, which includes instructions for implementing various aspects of the functions/actions specified in one or more boxes in the flowchart and/or block diagram.

也可以把计算机可读程序指令加载到计算机、其它可编程数据处理装置、或其它设备上,使得在计算机、其它可编程数据处理装置或其它设备上执行一系列操作步骤,以产生计算机实现的过程,从而使得在计算机、其它可编程数据处理装置、或其它设备上执行的指令实现流程图和/或框图中的一个或多个框中规定的功能/动作。Computer-readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other device so that a series of operating steps are performed on the computer, other programmable data processing apparatus, or other device to produce a computer-implemented process, thereby causing the instructions executed on the computer, other programmable data processing apparatus, or other device to implement the functions/actions specified in one or more boxes in the flowchart and/or block diagram.

附图中的流程图和框图显示了根据本公开的多个实施例的设备、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个框可以代表一个模块、程序段或指令的一部分,所述模块、程序段或指令的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。在有些作为替换的实现中,框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个连续的框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这取决于所涉及的功能。也要注意的是,框图和/或流程图中的每个框、以及框图和/或流程图中的框的组合,可以用执行规定的功能或动作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。The flow chart and block diagram in the accompanying drawings show the possible architecture, function and operation of the equipment, method and computer program product according to multiple embodiments of the present disclosure. In this regard, each frame in the flow chart or block diagram can represent a part of a module, program segment or instruction, and a part of the module, program segment or instruction includes one or more executable instructions for realizing the specified logical function. In some implementations as replacements, the functions marked in the frame can also occur in a sequence different from that marked in the accompanying drawings. For example, two continuous frames can actually be executed substantially in parallel, and they can sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each frame in the block diagram and/or flow chart, and the combination of frames in the block diagram and/or flow chart can be implemented with a dedicated hardware-based system that performs a specified function or action, or can be implemented with a combination of dedicated hardware and computer instructions.

以上已经描述了本公开的各实施例,上述说明是示例性的,并非穷尽性的,并且也不限于所公开的各实施例。在不偏离所说明的各实施例的范围和精神的情况下,对于本技术领域的普通技术人员来说许多修改和变更都是显而易见的。本文中所用术语的选择,旨在最好地解释各实施例的原理、实际应用或对市场中技术的技术改进,或者使得本技术领域的其它普通技术人员能理解本文公开的各实施例。The embodiments of the present disclosure have been described above, and the above description is exemplary, not exhaustive, and is not limited to the disclosed embodiments. Many modifications and changes will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The choice of terms used herein is intended to best explain the principles of the embodiments, practical applications, or technical improvements to the technology in the market, or to enable other persons of ordinary skill in the art to understand the embodiments disclosed herein.

下列出了本公开的一些示例实现。Some example implementations of the present disclosure are listed below.

示例1.一种用于验证虚拟机的运行环境的方法,包括:Example 1. A method for verifying an operating environment of a virtual machine, comprising:

响应于接收到在虚拟机中启动容器的请求,确定所述虚拟机的内核的第一度量结果;In response to receiving a request to start a container in a virtual machine, determining a first measurement result of a kernel of the virtual machine;

确定与所述虚拟机相关联的硬件设备的第二度量结果以及与所述虚拟机相关联的软件组件的第三度量结果,所述硬件设备至少包括加速器设备和网卡,并且所述软件组件至少包括管理所述容器的管理组件;以及Determine a second measurement result of a hardware device associated with the virtual machine and a third measurement result of a software component associated with the virtual machine, the hardware device comprising at least an accelerator device and a network card, and the software component comprising at least a management component that manages the container; and

基于所述第一度量结果、所述第二度量结果以及所述第三度量结果,验证所述虚拟机的运行环境。The operating environment of the virtual machine is verified based on the first measurement result, the second measurement result, and the third measurement result.

示例2.根据示例1所述的方法,其中确定与所述虚拟机相关联的硬件设备的第二度量结果以及与所述虚拟机相关联的软件组件的第三度量结果包括:Example 2. The method of Example 1, wherein determining a second measurement result of a hardware device associated with the virtual machine and a third measurement result of a software component associated with the virtual machine comprises:

向所述硬件设备的制造方发送用于请求确定所述硬件设备的度量状态的度量请求;以及Sending a measurement request for requesting determination of a measurement status of the hardware device to a manufacturer of the hardware device; and

基于针对所述度量请求的响应,确定所述第二度量结果。The second measurement result is determined based on a response to the measurement request.

示例3.根据示例1-2中任一项所述的方法,其中确定与所述虚拟机相关联的硬件设备的第二度量结果以及与所述虚拟机相关联的软件组件的第三度量结果还包括:Example 3. The method according to any one of Examples 1-2, wherein determining a second measurement result of a hardware device associated with the virtual machine and a third measurement result of a software component associated with the virtual machine further comprises:

基于预定义的评估策略,遍历所述软件组件的安装目录中的多个文件;Based on a predefined evaluation strategy, traverse a plurality of files in the installation directory of the software component;

基于度量算法,确定针对所述多个文件中的每个文件的度量值;以及Determining a metric value for each of the plurality of files based on a metric algorithm; and

基于所确定的度量值以及数据库中存储的对应的度量值,确定所述第三度量结果。The third measurement result is determined based on the determined measurement value and the corresponding measurement value stored in the database.

示例4.根据示例1-3中任一项所述的方法,其中所述第一度量结果、所述第二度量结果以及所述第三度量结果构成度量报告,基于所述第一度量结果、所述第二度量结果以及所述第三度量结果,验证所述虚拟机的运行环境包括:Example 4. The method according to any one of Examples 1-3, wherein the first measurement result, the second measurement result, and the third measurement result constitute a measurement report, and based on the first measurement result, the second measurement result, and the third measurement result, verifying the operating environment of the virtual machine includes:

通过第三方基于所述度量报告来验证所述运行环境的可信度,所述第三方处于所述运行环境之外,所述第三方配置有密钥代理服务以及验证服务。The credibility of the operating environment is verified based on the measurement report by a third party, where the third party is outside the operating environment and is configured with a key proxy service and a verification service.

示例5.根据示例1-4中任一项所述的方法,其中通过第三方基于所述度量报告来验证所述度量报告的可信度包括:Example 5. The method of any one of Examples 1-4, wherein verifying the credibility of the measurement report based on the measurement report by a third party comprises:

通过验证代理获取所述度量报告;Obtaining the measurement report through a verification agent;

将所述度量报告发送至所述第三方;以及sending the metric report to the third party; and

其中所述第三方的所述验证服务基于所述预定义的评估策略对所述度量报告评估,以确定所述运行环境的所述可信度。The verification service of the third party evaluates the measurement report based on the predefined evaluation policy to determine the credibility of the operating environment.

示例6.根据示例1-5中任一项所述的方法,还包括:Example 6. The method according to any one of Examples 1-5, further comprising:

响应于所述运行环境是可信的,从所述密钥代理服务接收与所述容器相关联的镜像的密钥。In response to the execution environment being trusted, receiving a key of the image associated with the container from the key proxy service.

示例7.根据示例1-6中任一项所述的方法,还包括Example 7. The method according to any one of Examples 1-6, further comprising

从容器镜像仓库下载与所述容器相关联的所述镜像;以及Downloading the image associated with the container from a container image repository; and

基于所述密钥,对与所述容器相关联的所述镜像解密。Based on the key, the image associated with the container is decrypted.

示例8.根据示例1-7中任一项所述的方法,其中基于所述密钥,对与所述容器相关联的所述镜像解密包括:Example 8. The method of any one of Examples 1-7, wherein based on the key, decrypting the image associated with the container comprises:

将所解密的镜像备份至本地存储设备。Back up the decrypted image to a local storage device.

示例9.根据示例1-8中任一项所述的方法,还包括:Example 9. The method according to any one of Examples 1-8, further comprising:

响应于所述虚拟机的所述运行环境是可信的,向客户端以及模型提供方发送机器学习模型的服务平台是可信的指示;以及In response to the operating environment of the virtual machine being credible, sending an indication to the client and the model provider that the service platform of the machine learning model is credible; and

在所述虚拟机中启动所述容器。The container is started in the virtual machine.

示例10.根据示例1-9中任一项所述的方法,还包括:Example 10. The method according to any one of Examples 1-9, further comprising:

从模型提供方接收针对所述容器的机器学习模型文件;以及receiving a machine learning model file for the container from a model provider; and

在所述加速器设备中运行针对所述容器的所述机器学习模型文件。The machine learning model file for the container is run in the accelerator device.

示例11.一种用于验证虚拟机的运行环境的装置,包括:Example 11. An apparatus for verifying an operating environment of a virtual machine, comprising:

第一度量结果确定模块,被配置为响应于接收到在虚拟机中启动容器的请求,确定所述虚拟机的内核的第一度量结果;A first measurement result determination module, configured to determine a first measurement result of a kernel of the virtual machine in response to receiving a request to start a container in the virtual machine;

第二度量结果确定模块,被配置为确定与所述虚拟机相关联的硬件设备的第二度量结果以及与所述虚拟机相关联的软件组件的第三度量结果,所述硬件设备至少包括加速器设备和网卡,并且所述软件组件至少包括管理所述容器的管理组件;以及a second measurement result determination module configured to determine a second measurement result of a hardware device associated with the virtual machine and a third measurement result of a software component associated with the virtual machine, the hardware device comprising at least an accelerator device and a network card, and the software component comprising at least a management component for managing the container; and

虚拟机验证模块,被配置为基于所述第一度量结果、所述第二度量结果以及所述第三度量结果,验证所述虚拟机的运行环境。The virtual machine verification module is configured to verify the operating environment of the virtual machine based on the first measurement result, the second measurement result and the third measurement result.

示例12.根据示例11所述的装置,其中第二度量结果确定模块包括:Example 12. The apparatus of Example 11, wherein the second metric result determination module comprises:

请求发送模块,被配置为向所述硬件设备的制造方发送用于请求确定所述硬件设备的度量状态的度量请求;以及a request sending module, configured to send a measurement request for requesting determination of a measurement status of the hardware device to a manufacturer of the hardware device; and

第三度量结果确定模块,被配置为基于针对所述度量请求的响应,确定所述第二度量结果。The third measurement result determination module is configured to determine the second measurement result based on a response to the measurement request.

示例13.根据示例11-12中任一项所述的装置,其中第二度量结果确定模块还包括:Example 13. The apparatus of any one of Examples 11-12, wherein the second metric result determination module further comprises:

遍历模块,被配置为基于预定义的评估策略,遍历所述软件组件的安装目录中的多个文件;A traversal module is configured to traverse a plurality of files in the installation directory of the software component based on a predefined evaluation strategy;

度量值确定模块,被配置为基于度量算法,确定针对所述多个文件中的每个文件的度量值;以及a metric value determination module configured to determine a metric value for each of the plurality of files based on a metric algorithm; and

第四度量结果确定模块,被配置为基于所确定的度量值以及数据库中存储的对应的度量值,确定所述第三度量结果。The fourth measurement result determination module is configured to determine the third measurement result based on the determined measurement value and the corresponding measurement value stored in the database.

示例14.根据示例11-13中任一项所述的装置,其中所述第一度量结果、所述第二度量结果以及所述第三度量结果构成度量报告,虚拟机验证模块包括:Example 14. The apparatus according to any one of Examples 11-13, wherein the first measurement result, the second measurement result, and the third measurement result constitute a measurement report, and the virtual machine verification module includes:

可信度验证模块,被配置为通过第三方基于所述度量报告来验证所述运行环境的可信度,所述第三方处于所述运行环境之外,所述第三方配置有密钥代理服务以及验证服务。The credibility verification module is configured to verify the credibility of the operating environment based on the measurement report through a third party, the third party is outside the operating environment, and the third party is configured with a key agency service and a verification service.

示例15.根据示例11-14中任一项所述的装置,其中可信度验证模块包括:Example 15. The apparatus of any one of Examples 11-14, wherein the credibility verification module comprises:

获取模块,被配置为通过验证代理获取所述度量报告;an acquisition module, configured to acquire the measurement report through a verification agent;

发送模块,被配置为将所述度量报告发送至所述第三方;以及a sending module, configured to send the measurement report to the third party; and

评估模块,被配置为其中所述第三方的所述验证服务基于所述预定义的评估策略对所述度量报告评估,以确定所述运行环境的所述可信度。An evaluation module is configured to evaluate the measurement report based on the predefined evaluation policy by the verification service of the third party to determine the credibility of the operating environment.

示例16.根据示例11-15中任一项所述的装置,还包括:Example 16. The apparatus of any one of Examples 11-15, further comprising:

接收模块,被配置为响应于所述运行环境是可信的,从所述密钥代理服务接收与所述容器相关联的镜像的密钥。The receiving module is configured to receive, in response to the operating environment being trusted, a key of the image associated with the container from the key proxy service.

示例17.根据示例11-16中任一项所述的装置,还包括Example 17. The apparatus according to any one of Examples 11-16, further comprising

下载模块,被配置为从容器镜像仓库下载与所述容器相关联的所述镜像;以及A download module, configured to download the image associated with the container from a container image repository; and

解密模块,被配置为基于所述密钥,对与所述容器相关联的所述镜像解密。The decryption module is configured to decrypt the image associated with the container based on the key.

示例18.根据示例11-17中任一项所述的装置,其中解密模块包括:Example 18. The apparatus of any of Examples 11-17, wherein the decryption module comprises:

备份模块,被配置为将所解密的镜像备份至本地存储设备。The backup module is configured to back up the decrypted image to a local storage device.

示例19.根据示例11-18中任一项所述的装置,还包括:Example 19. The apparatus of any one of Examples 11-18, further comprising:

指示发送模块,被配置为响应于所述虚拟机的所述运行环境是可信的,向客户端以及模型提供方发送机器学习模型的服务平台是可信的指示;以及an indication sending module, configured to send an indication that the service platform of the machine learning model is credible to the client and the model provider in response to the operating environment of the virtual machine being credible; and

启动模块,被配置为在所述虚拟机中启动所述容器。A starting module is configured to start the container in the virtual machine.

示例20.根据示例11-19中任一项所述的装置,还包括:Example 20. The apparatus of any one of Examples 11-19, further comprising:

文件接收模块,被配置为从模型提供方接收针对所述容器的机器学习模型文件;以及A file receiving module configured to receive a machine learning model file for the container from a model provider; and

运行模块,被配置为在所述加速器设备中运行针对所述容器的所述机器学习模型文件。A running module is configured to run the machine learning model file for the container in the accelerator device.

示例21.一种电子设备,包括:Example 21. An electronic device comprising:

处理器;以及Processor; and

与所述处理器耦合的存储器,所述存储器具有存储于其中的指令,所述指令在被处理器执行时,使得所述电子设备执行动作,所述动作包括:A memory coupled to the processor, the memory having instructions stored therein, wherein when the instructions are executed by the processor, the electronic device performs actions, the actions comprising:

响应于接收到在虚拟机中启动容器的请求,确定所述虚拟机的内核的第一度量结果;In response to receiving a request to start a container in a virtual machine, determining a first measurement result of a kernel of the virtual machine;

确定与所述虚拟机相关联的硬件设备的第二度量结果以及与所述虚拟机相关联的软件组件的第三度量结果,所述硬件设备至少包括加速器设备和网卡,并且所述软件组件至少包括管理所述容器的管理组件;以及Determine a second measurement result of a hardware device associated with the virtual machine and a third measurement result of a software component associated with the virtual machine, the hardware device comprising at least an accelerator device and a network card, and the software component comprising at least a management component that manages the container; and

基于所述第一度量结果、所述第二度量结果以及所述第三度量结果,验证所述虚拟机的运行环境。The operating environment of the virtual machine is verified based on the first measurement result, the second measurement result, and the third measurement result.

示例22.根据示例21所述的电子设备,其中确定与所述虚拟机相关联的硬件设备的第二度量结果以及与所述虚拟机相关联的软件组件的第三度量结果包括:Example 22. The electronic device of Example 21, wherein determining a second measurement result of a hardware device associated with the virtual machine and a third measurement result of a software component associated with the virtual machine comprises:

向所述硬件设备的制造方发送用于请求确定所述硬件设备的度量状态的度量请求;以及Sending a measurement request for requesting determination of a measurement status of the hardware device to a manufacturer of the hardware device; and

基于针对所述度量请求的响应,确定所述第二度量结果。The second measurement result is determined based on a response to the measurement request.

示例23.根据示例21-22中任一项所述的电子设备,其中确定与所述虚拟机相关联的硬件设备的第二度量结果以及与所述虚拟机相关联的软件组件的第三度量结果还包括:Example 23. The electronic device of any of Examples 21-22, wherein determining a second measurement result of a hardware device associated with the virtual machine and a third measurement result of a software component associated with the virtual machine further comprises:

基于预定义的评估策略,遍历所述软件组件的安装目录中的多个文件;Based on a predefined evaluation strategy, traverse a plurality of files in the installation directory of the software component;

基于度量算法,确定针对所述多个文件中的每个文件的度量值;以及Determining a metric value for each of the plurality of files based on a metric algorithm; and

基于所确定的度量值以及数据库中存储的对应的度量值,确定所述第三度量结果。The third measurement result is determined based on the determined measurement value and the corresponding measurement value stored in the database.

示例24.根据示例21-23中任一项所述的电子设备,其中所述第一度量结果、所述第二度量结果以及所述第三度量结果构成度量报告,基于所述第一度量结果、所述第二度量结果以及所述第三度量结果,验证所述虚拟机的运行环境包括:Example 24. The electronic device according to any one of Examples 21-23, wherein the first measurement result, the second measurement result, and the third measurement result constitute a measurement report, and based on the first measurement result, the second measurement result, and the third measurement result, verifying the operating environment of the virtual machine comprises:

通过第三方基于所述度量报告来验证所述运行环境的可信度,所述第三方处于所述运行环境之外,所述第三方配置有密钥代理服务以及验证服务。The credibility of the operating environment is verified based on the measurement report by a third party, where the third party is outside the operating environment and is configured with a key proxy service and a verification service.

示例25.根据示例21-24中任一项所述的电子设备,其中通过第三方基于所述度量报告来验证所述度量报告的可信度包括:Example 25. The electronic device of any of Examples 21-24, wherein verifying, by a third party, the credibility of the measurement report based on the measurement report comprises:

通过验证代理获取所述度量报告;Obtaining the measurement report through a verification agent;

将所述度量报告发送至所述第三方;以及sending the metric report to the third party; and

其中所述第三方的所述验证服务基于所述预定义的评估策略对所述度量报告评估,以确定所述运行环境的所述可信度。The verification service of the third party evaluates the measurement report based on the predefined evaluation policy to determine the credibility of the operating environment.

示例26.根据示例21-25中任一项所述的电子设备,还包括:Example 26. The electronic device of any of Examples 21-25, further comprising:

响应于所述运行环境是可信的,从所述密钥代理服务接收与所述容器相关联的镜像的密钥。In response to the execution environment being trusted, receiving a key of the image associated with the container from the key proxy service.

示例27.根据示例21-26中任一项所述的电子设备,还包括Example 27. An electronic device according to any one of Examples 21-26, further comprising

从容器镜像仓库下载与所述容器相关联的所述镜像;以及Downloading the image associated with the container from a container image repository; and

基于所述密钥,对与所述容器相关联的所述镜像解密。Based on the key, the image associated with the container is decrypted.

示例28.根据示例21-27中任一项所述的电子设备,其中基于所述密钥,对与所述容器相关联的所述镜像解密包括:Example 28. The electronic device of any of Examples 21-27, wherein based on the key, decrypting the image associated with the container comprises:

将所解密的镜像备份至本地存储设备。Back up the decrypted image to a local storage device.

示例29.根据示例21-28中任一项所述的电子设备,还包括:Example 29. The electronic device of any of Examples 21-28, further comprising:

响应于所述虚拟机的所述运行环境是可信的,向客户端以及模型提供方发送机器学习模型的服务平台是可信的指示;以及In response to the operating environment of the virtual machine being credible, sending an indication to the client and the model provider that the service platform of the machine learning model is credible; and

在所述虚拟机中启动所述容器。The container is started in the virtual machine.

示例30.根据示例21-29中任一项所述的电子设备,还包括:Example 30. The electronic device of any of Examples 21-29, further comprising:

从模型提供方接收针对所述容器的机器学习模型文件;以及receiving a machine learning model file for the container from a model provider; and

在所述加速器设备中运行针对所述容器的所述机器学习模型文件。The machine learning model file for the container is run in the accelerator device.

示例31.一种计算机可读存储介质,其上存储有计算机可执行指令,其中所述计算机可执行指令被处理器执行以实现根据示例1至10中任一项所述的方法。Example 31. A computer-readable storage medium having computer-executable instructions stored thereon, wherein the computer-executable instructions are executed by a processor to implement a method according to any one of Examples 1 to 10.

示例32.一种计算机程序产品,所述计算机程序产品被有形地存储在计算机可读介质上并且包括计算机可执行指令,所述计算机可执行指令在由设备执行时使所述设备执行根据示例1至10中任一项所述的方法。Example 32. A computer program product tangibly stored on a computer-readable medium and comprising computer-executable instructions that, when executed by a device, cause the device to perform a method according to any one of Examples 1 to 10.

尽管已经采用特定于结构特征和/或方法逻辑动作的语言描述了本公开,但是应当理解所附权利要求书中所限定的主题未必局限于上面描述的特定特征或动作。相反,上面所描述的特定特征和动作仅仅是实现权利要求书的示例形式。Although the present disclosure has been described in language specific to structural features and/or methodological logical actions, it should be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or actions described above. Instead, the specific features and actions described above are merely example forms of implementing the claims.

Claims (13)

1. A method for verifying a running environment of a virtual machine, comprising:
In response to receiving a request to launch a container in a virtual machine, determining a first metric result for a kernel of the virtual machine;
Determining a second metric result of a hardware device associated with the virtual machine and a third metric result of a software component associated with the virtual machine, the hardware device including at least an accelerator device and a network card, and the software component including at least a management component that manages the container; and
And verifying the running environment of the virtual machine based on the first measurement result, the second measurement result and the third measurement result.
2. The method of claim 1, wherein determining a second metric result for a hardware device associated with the virtual machine and a third metric result for a software component associated with the virtual machine comprises:
sending a metric request to a manufacturer of the hardware device for requesting determination of a metric state of the hardware device; and
The second metric result is determined based on the response to the metric request.
3. The method of claim 1, wherein determining a second metric result for a hardware device associated with the virtual machine and a third metric result for a software component associated with the virtual machine further comprises:
Traversing a plurality of files in an installation directory of the software component based on a predefined evaluation policy;
determining a metric value for each of the plurality of files based on a metric algorithm; and
The third metric result is determined based on the determined metric values and corresponding metric values stored in a database.
4. The method of claim 3, wherein the first, second, and third metrics constitute a metrics report, validating the operating environment of the virtual machine based on the first, second, and third metrics comprises:
Verifying the trustworthiness of the operating environment based on the metric report by a third party, the third party being outside the operating environment, the third party being configured with a key proxy service and a verification service.
5. The method of claim 4, wherein verifying, by a third party, the trustworthiness of the metric report based on the metric report comprises:
Acquiring the measurement report through a verification agent;
transmitting the metric report to the third party; and
Wherein the verification service of the third party evaluates the metric report based on the predefined evaluation policy to determine the trustworthiness of the operating environment.
6. The method of claim 5, further comprising:
A key of an image associated with the container is received from the key proxy service in response to the operating environment being trusted.
7. The method of claim 6, further comprising
Downloading the image associated with the container from a container image repository; and
Decrypting the image associated with the container based on the key.
8. The method of claim 7, wherein decrypting the image associated with the container based on the key comprises:
The decrypted image is backed up to the local storage device.
9. The method of claim 1, further comprising:
responsive to the running environment of the virtual machine being trusted, sending an indication to a client and a model provider that a service platform of a machine learning model is trusted; and
And starting the container in the virtual machine.
10. The method of claim 9, further comprising:
Receiving a machine learning model file for the container from a model provider; and
Running the machine learning model file for the container in the accelerator device.
11. An apparatus for verifying a running environment of a virtual machine, comprising:
A first metric result determination module configured to determine a first metric result of a kernel of a virtual machine in response to receiving a request to launch a container in the virtual machine;
A second metric result determination module configured to determine a second metric result of a hardware device associated with the virtual machine and a third metric result of a software component associated with the virtual machine, the hardware device including at least an accelerator device and a network card, and the software component including at least a management component that manages the container; and
And the virtual machine verification module is configured to verify the running environment of the virtual machine based on the first measurement result, the second measurement result and the third measurement result.
12. An electronic device, comprising:
a processor; and
A memory coupled with the processor, the memory having instructions stored therein, which when executed by the processor, cause the electronic device to perform the method of any of claims 1-10.
13. A computer program product comprising computer executable instructions, wherein the computer executable instructions are executed by a processor to implement the method of any one of claims 1 to 10.
CN202410599359.9A 2024-05-14 2024-05-14 Method, device, equipment and product for verifying the operating environment of a virtual machine Pending CN118585285A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410599359.9A CN118585285A (en) 2024-05-14 2024-05-14 Method, device, equipment and product for verifying the operating environment of a virtual machine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410599359.9A CN118585285A (en) 2024-05-14 2024-05-14 Method, device, equipment and product for verifying the operating environment of a virtual machine

Publications (1)

Publication Number Publication Date
CN118585285A true CN118585285A (en) 2024-09-03

Family

ID=92533118

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410599359.9A Pending CN118585285A (en) 2024-05-14 2024-05-14 Method, device, equipment and product for verifying the operating environment of a virtual machine

Country Status (1)

Country Link
CN (1) CN118585285A (en)

Similar Documents

Publication Publication Date Title
US11750642B1 (en) Automated threat modeling using machine-readable threat models
KR102419574B1 (en) Systems and methods for correcting memory corruption in computer applications
JP6022718B2 (en) Configuration and validation by trusted providers
US11550568B1 (en) Automatically deploying artifacts
US20210334384A1 (en) Detecting a potential security leak by a microservice
US20160098562A1 (en) Automated Verification of a Software System
KR20170022028A (en) Method and apparatus for security checking of image for container
CN106796641A (en) End-to-end security for hardware running validated software
US10379894B1 (en) Lineage-based trust for virtual machine images
CN102246179A (en) Using transient PCRs to realise trust in application space of a secure processing system
CN112688782A (en) Remote certification method and equipment for combined equipment
KR102134491B1 (en) Network based management of protected data sets
CN111917856A (en) Mirror image file delivery method and related equipment
CN113760339A (en) Vulnerability repair method and device
CN118535188A (en) Platform automation deployment updating method, device, equipment and medium
CN117591195A (en) Method and device for starting target application and storage medium
CN114371859A (en) Application software RASP program update method, server, electronic device and storage medium
CN113297133A (en) Service migration quality guarantee method and system
US11307790B2 (en) Method, device, and computer program product for managing data placement
US11954007B2 (en) Tracking usage of common libraries by means of digitally signed digests thereof
CN111967022A (en) Security vulnerability repairing method and device
US20220141255A1 (en) Security status of security slices
WO2025195060A1 (en) Cdn service orchestration method and apparatus in multi-cloud environment, device, and storage medium
US20230099700A1 (en) Lifecycle hardware, firmware, and software tracking using blockchain
CN114662120A (en) Patch management method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination