CN101488174B - Implementing method for dynamically transparent virtual credible platform module - Google Patents
Implementing method for dynamically transparent virtual credible platform module Download PDFInfo
- Publication number
- CN101488174B CN101488174B CN2009100763933A CN200910076393A CN101488174B CN 101488174 B CN101488174 B CN 101488174B CN 2009100763933 A CN2009100763933 A CN 2009100763933A CN 200910076393 A CN200910076393 A CN 200910076393A CN 101488174 B CN101488174 B CN 101488174B
- Authority
- CN
- China
- Prior art keywords
- vtpm
- equipment
- virtual domain
- management tool
- rear end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a method for seamlessly running trusted application software based on TPM 1.2 standard in virtual domain in Xen virtual machine environment, the components of the method comprise a virtual TPM (vTPM) device carried out in privilege domain, a vTPM device management tool, a vTPM back-end driver, a virtual domain management tool for supporting vTPM and a vTPM front-end driver implemented in virtual domain. An independent vTPM device which is provided with all the functions of the physical TPM is provided for each running virtual domain in privilege domain in the invention;the vTPM device can be created and deleted dynamically. By efficiently and organically coordinating with all the components, the reusability and demultiplexing of trusted data steam are realized, thecommunication between the vTPM device and the corresponding virtual domain is ensured, and trusted computing based on independent TPM in the virtual domain is realized.
Description
Technical field
The present invention relates to computer information safe Trusted Computing field, be meant the implementation method of the virtual credible platform module of dynamically transparent especially.A kind of method is provided in the Xen virtual machine, makes the Xen virtual Domain carry out based on the Trusted Computing of independent virtual credible platform module TPM separately.
Background technology
Virtual machine technique is used the virtualized notion of complete machine, make application software break away from the compatibility constraint and the hardware resource constraint of physical machine, realize the concurrent working of multiple operating system on the same hardware platform, strengthened software security, portability and applicability, and higher dirigibility, cross-platform compatibility, reliability and resource availability is provided.Numerous in recent years operating systems and hardware platform exploitation commercial city are participating in virtual market.Xen is the open source code virtualization product of a maturation, and the Xen virtual machine comprises a monitor of virtual machine, a virtual computational fields of privilege and a plurality of client virtual computational fields.Operating system of each computational fields operation, monitor of virtual machine is between system hardware platform and virtual computational fields operating system software, be responsible for monitoring lower floor hardware, and but the entity of hardware abstraction one-tenth management and dispatching is kept supplying layer computational fields use, also the computational fields for the upper strata provides effective isolation mech isolation test, make each computational fields can resource isolation, performance isolates, fault isolation; The privilege computational fields utilizes virtual Domain management tools manage client computational fields, comprises establishment, deletion, visit physical equipment or the like.
Network times has proposed more and more higher requirement to security and the ease for use of PC, suffers hacker, spyware and viral attack more and more easily with efficiency comes first rather than with the existing P C system that the safety priority principle designs.In order to solve the structural unsafe problems of PC, fundamentally improve its credibility, the TCPA of credible calculating platform alliance (renaming TCG afterwards as) tissue proposes to guarantee by the security that strengthens existing terminal architecture the safety of total system, main thought is (to comprise PC in various terminals, mobile phone and other mobile intelligent terminal etc.) credible platform module (the being called credible chip again) TPM (Trust platformmodule) with safe storage and encryption function, the security that the security feature that provides by TPM improves terminal system be provided on the hardware platform.TPM has a credible platform will reach required three the necessary base features that possess of credible target: protective capability, proof and integrity measurement storage and report.At present, TCG has made a series of technical manual, and many computer vendors have disposed the TPM chip on the computer motherboard of producing separately.
Intel Virtualization Technology and reliable computing technology organically combine and can construct extremely effectively terminal platform security solution.Yet the Xen virtual machine environment does not also have the virtual support computational fields to carry out the software product of Trusted Computing based on virtual TPM at present, credible equipment as main flows such as TPM all can not be concurrent shared by a plurality of operating systems or virtual computational fields institute effectively, and this is that the safety isolation between the how virtual computational fields, the structure of credible base are introduced potential security threat.
Summary of the invention
The implementation method that the objective of the invention is to the virtual credible platform module by dynamically transparent is provided remedies the deficiency of above-mentioned technology.The invention enables the trusted application software based on TPM 1.2 standards seamlessly to move in virtual Domain, promptly virtual Domain can be carried out based on the Trusted Computing of TPM independently separately.
Purpose of the present invention can reach by following measure:
The implementation method of the virtual credible platform module of dynamically transparent, the software that this method need realize in privileged domain comprises: virtual TPM (vTPM) equipment that (1) pure software is realized, (2) vTPM equipment management tool, (3) vTPM rear end drive, the virtual Domain management tool of (4) support vTPM, this method need realize that software is the vTPM front-end driven in virtual Domain
Implementation method:
One, privileged domain is the complete procedure that client virtual domain (virtual Domain) is set up a vTPM equipment:
(1), at first load the vTPM rear end and drive in privileged domain, and start the vTPM equipment management tool, the vTPM equipment management tool carries out a series of initialization operation, starts the vTPM controller then and vTPM rear end audiomonitor is monitored;
(2), in privileged domain, carry out the virtual Domain management tool, the virtual Domain management tool at first starts the virtual Domain operating system nucleus according to the information of virtual domain starting configuration file, writing information triggers the variation that the vTPM rear end drives the vTPM device id that goes to monitor this virtual Domain among the XenStore in the XenStore then, carry out at last and add the vTPM operation of equipment, in adding this operation, the virtual Domain management tool at first judges in the configuration file of the current virtual Domain that will start whether specified the vTPM device id, if do not specify, then distribute a new identification number, preserve this setting then and prepare to create vTPM equipment for this virtual Domain; If it is designated identification number then directly prepares to create vTPM equipment, number ready to this vTPM equipment mark;
(3), the vTPM device flag number ready after, the virtual Domain management tool to pipe special file that the vTPM equipment management tool is communicated by letter in send the instruction of creating vTPM equipment, the vTPM controller that triggers the vTPM equipment management tool that is positioned at the pipeline other end removes to create vTPM equipment;
(4), the vTPM controller receives the instruction of creating vTPM equipment from the pipe special file of communicating by letter with the virtual Domain management tool, reading command head at first, and it is splitted into four parts: (1) vTPM device id, (2) TAG, (3) size of input parameter, (4) order code; And then read in the instruction body portion, and bind next according to vTPM device process of content creating of instruction body, and with the device id that obtains above, start this process then;
(5), after the normal operation of vTPM device process, the vTPM equipment management tool writes the pipe special file that the vTPM controller is communicated by letter with the virtual Domain management tool with corresponding vTPM device id;
(6), after the virtual Domain management tool receives the feedback information of vTPM equipment management tool, this vTPM device id is write XenStore, this write activity will trigger the vTPM rear end and drive and obtain the vTPM device id and preserve;
(7), new vTPM device initialize process, comprise the pipeline that the initialization of global variable and foundation are communicated by letter with the vTPM equipment management tool, because corresponding vTPM equipment of each virtual Domain, therefore there are many communication pipes, pipeline is to distinguish by the vTPM device id, so just realized the binding of virtual Domain and vTPM equipment, after initialization is finished, this vTPM equipment just enters duty, wait for the TPM instruction that pipeline transmits, and the result after will handling sends to the shared pipeline of all vTPM;
Two, the vTPM front and back end drives the process of setting up communication:
(1), virtual Domain operating system loads the vTPM front-end driven, the vTPM front-end driven is set up with the rear end and is driven the passage of communicate by letter, finishes a series of initial work, starts working then, waits for that the trusted application transmission TPM in the virtual Domain instructs;
Three, the vTPM rear end drive and vTPM rear end listener process from the entire flow of the TPM instruction of virtual Domain:
(1), the vTPM front-end driven is issued the driving of vTPM rear end by communication port with the TPM instruction request, different virtual Domain is used different communication ports, therefore the vTPM rear end drives and finds corresponding vTPM device id according to channel number, and fill in into request package, then request package is issued the vTPM equipment management tool;
(2), vTPM rear end audiomonitor at first reads the vTPM rear end and drives the instruction head transmit, obtains the vTPM device id, reads remaining instruction then and handles, result sends to and the pairing pipeline of vTPM device id;
(3), vTPM equipment reads from pipe file and passes the instruction come, and resolves and also handles the TPM instruction, result and vTPM device id are stitched together is returned to vTPM rear end audiomonitor by the shared pipe file of all vTPM equipment;
(4), vTPM rear end audiomonitor reading command execution result from vTPM equipment, drive the trusted application software return to virtual Domain by the vTPM front and back end then, finish a complete TPM operation.
By said method, can seamlessly move based on virtual TPM equipment in the Xen virtual Domain based on the trusted application software of the physics TPM chip of common computer.
The present invention has following advantage compared to existing technology:
1, vTPM equipment adopts pure software to realize, so each virtual Domain can be used all storage spaces of TPM 1.2 normalized definitions.
2, the method that provides can the virtual support territory be carried out efficiently the Trusted Computing based on TPM, show that efficiently (1) come to provide independently TPM equipment for each virtual Domain by full physical vlan TPM equipment, the hardware delay of having avoided visit physics TPM equipment to be produced, (2) key of vTPM equipment, the key handle, data in the PCR register all leave the internal memory of privileged domain in, the delay of having avoided access hard disk to bring, (3) adopt Event triggered to realize the transmission of instruction request and data, not only improve system response speed but also reduced the consumption of hardware resource, (4) adopt half virtual mode to realize the visit of virtual Domain, improve system response speed vTPM equipment.
3, pass through to strengthen the support of the function realization of existing virtual Domain management tool under the Xen environment, realize the unified management of privileged domain the virtual Domain all devices to vTPM.
4, cooperate other assembly to realize the multiplexing and branch usefulness of trust data stream by giving the only sign of each vTPM equipment, improve the effective rate of utilization of system resource.
5, utilize the information that existing XenStore database is stored vTPM equipment under the Xen environment, unified the memory location of virtual Domain information, be convenient to maintenance and management.
Description of drawings
Fig. 1 loads the process flow diagram that the rear end drove and started the vTPM equipment management tool among the present invention.
Fig. 2 is that the virtual Domain management tool starts virtual Domain and notifies the vTPM equipment management tool to create the process flow diagram of vTPM equipment among the present invention.
Fig. 3 is the vTPM controller workflow diagram of vTPM equipment management tool among the present invention.
Fig. 4 is a vTPM device initialize process flow diagram among the present invention.
Fig. 5 is that the vTPM front and back end drives the process flow diagram of setting up communication among the present invention.
Fig. 6 is the process flow diagram of handling among the present invention from the TPM instruction of virtual Domain.
Fig. 7 is the component relation figure that supports the virtual Domain Trusted Computing among the present invention.
Embodiment
The invention provides the implementation method of the virtual credible platform module of dynamically transparent, a kind of method promptly is provided in the Xen virtual machine, feasible trusted application software based on TPM 1.2 standards can seamlessly move in virtual Domain.The assembly of realizing this method is included in virtual TPM (vTPM) equipment, vTPM equipment management tool, the driving of vTPM rear end, the virtual Domain management tool of supporting vTPM equipment and the vTPM front-end driven that realizes that realizes in the privileged domain in virtual Domain.
The deployment of system component is as follows:
Step 3 starts virtual Domain.Start virtual Domain with the virtual Domain management tool of supporting vTPM, notify the vTPM controller to create a vTPM equipment simultaneously for this virtual Domain.
Step 4 is created vTPM equipment.When the vTPM controller is received the message of new virtual domain starting, create and startup vTPM device process, as the vTPM equipment of this virtual Domain correspondence.
Step 5 loads the vTPM front-end driven.In virtual Domain, load the vTPM front-end driven, generate the interface of virtual Domain trusted application softward interview privileged domain vTPM equipment.
System component is handled from the process of the TPM request of access of virtual Domain trusted application software as follows:
1, the trusted application software of virtual Domain sends the TPM instruction;
2, the vTPM front-end driven is intercepted and captured this instruction and is issued the driving of vTPM rear end then;
3, the vTPM rear end drives and handles received command information, issues the vTPM equipment management tool then;
4, the command information that receives of the vTPM rear end audiomonitor analysis of vTPM equipment management tool sends to result corresponding vTPM equipment again;
5, the vTPM device processes receives and processing instruction, then result is returned to vTPM rear end audiomonitor, and vTPM rear end audiomonitor is issued virtual Domain with instruction results, has finished the processing of TPM instruction.
By the method, can seamlessly move based on virtual TPM equipment in the Xen virtual Domain based on the trusted application software of the TPM chip of common computer.
The present invention will be described in further detail in conjunction with the accompanying drawings:
Fig. 1 to Fig. 7 has shown work principle of the present invention and process.
Fig. 1 to Fig. 4 has provided the complete procedure of setting up a vTPM equipment for virtual Domain:
1, as shown in Figure 1, at first load the rear end and drive, and start the vTPM equipment management tool in privileged domain; The vTPM equipment management tool carries out a series of initialization operation, starts the vTPM controller then and vTPM rear end audiomonitor is monitored.
2, as shown in Figure 2, in privileged domain, carry out the virtual Domain management tool, the virtual Domain management tool at first starts the virtual Domain operating system nucleus according to the information of virtual domain starting configuration file, writing information triggers the variation that the vTPM rear end drives the vTPM device id that goes to monitor this virtual Domain among the XenStore in the XenStore then, carries out at last and adds the vTPM operation of equipment.In adding this operation, whether the virtual Domain management tool at first judges in the configuration file of the current virtual Domain that will start designated identification number, if designated identification number, and this mark number can use, and then directly prepares establishment vTPM equipment; If unavailable or not appointment then is that this virtual Domain is distributed a new vTPM device id, preserves this setting and prepare to create vTPM equipment.Number ready to this vTPM equipment mark.
3, the mark number of vTPM equipment ready after, the virtual Domain management tool to pipe special file that the vTPM equipment management tool is communicated by letter in send the vTPM controller of vTPM management tool that the instruction of creating vTPM equipment triggers the other end of pipeline and remove to create vTPM equipment.
4, as shown in Figure 3, the vTPM controller receives the instruction of creating vTPM equipment, reading command head from the pipe special file of communicating by letter with the virtual Domain management tool, and it is splitted into four parts: (1) vTPM device id, (2) TAG, the size of (3) input parameter, (4) order code.And then read in the instruction body portion.Next according to vTPM device process of content creating of instruction body, and bind, start this process then with the device id that obtains above.
5, after the normal operation of vTPM device process, the vTPM controller writes the pipe special file that the vTPM controller is communicated by letter with the virtual Domain management tool with corresponding vTPM device id.
6, after the virtual Domain management tool receives the feedback information of vTPM controller, this vTPM device id is write XenStore.
7, Fig. 4 is a new vTPM device initialize process.Comprise the pipeline that the initialization of global variable and foundation are communicated by letter with the vTPM equipment management tool.Because the corresponding vTPM equipment of each virtual Domain, therefore having many communication pipes, pipeline is to distinguish by the vTPM device id, has so just realized the binding of virtual Domain and vTPM equipment.After initialization was finished, this vTPM equipment just entered duty, wait for the TPM instruction that pipeline transmits, and the instruction after will handling sent to corresponding pipeline.
Fig. 5 has showed that the vTPM front and back end drives the process of setting up communication.Process is as follows:
1, virtual Domain operating system loads the vTPM front-end driven, and the vTPM front-end driven is set up with the rear end and driven the passage of communicating by letter, and finishes a series of initial work, waits for the TPM instruction that the trusted application in the virtual Domain is sent then.
Fig. 6 and Fig. 7 show the entire flow of the rear end listener process of driving of vTPM rear end and vTPM management tool from the TPM instruction of virtual Domain, and flow process is as follows:
1, the vTPM front-end driven is issued the driving of vTPM rear end by communication port with the TPM instruction request, different virtual Domain is used different communication ports, therefore the vTPM rear end drives and finds corresponding vTPM device id according to channel number, and fill in into request package, then request package is issued the vTPM equipment management tool.
2, the vTPM rear end audiomonitor of vTPM telecommunication management instrument at first reads the vTPM rear end and drives the instruction head that transmits, and obtains the vTPM device id, reads remaining instruction and processing then, and result sends to and the pairing pipeline of vTPM device id.
3, vTPM equipment reads from pipe file and passes the instruction come, and resolves and also handles the TPM instruction, and the content in the result and identification number are stitched together is returned to vTPM rear end audiomonitor by the shared pipe file of all vTPM equipment.
4, vTPM rear end audiomonitor reading command execution result from vTPM equipment drives the trusted application software that returns to virtual Domain by the front and back end then, finishes a complete TPM operation, as shown in Figure 7.
Pass through said method, can provide identical with physics TPM chip functions and to the transparent virtual TPM equipment of virtual Domain trusted application software at the Xen virtual machine, use the trusted application software based on TPM 1.2 of physics TPM chip before making, as TrouSerS, TPM Tools etc., not needing to revise just can seamless and operation efficiently in virtual Domain.
Claims (2)
1. the implementation method of the virtual credible platform module of dynamically transparent, it is characterized in that: the software that this method need realize in privileged domain comprises: virtual credible platform module (vTPM) equipment that (1) pure software is realized, (2) vTPM equipment management tool, (3) vTPM rear end drive, the virtual Domain management tool of (4) support vTPM, this method need realize that software is the vTPM front-end driven in virtual Domain
Implementation method:
One, privileged domain is the complete procedure that client virtual domain is set up a vTPM equipment:
(1), at first loading the vTPM rear end in privileged domain drives, and startup vTPM equipment management tool, the vTPM equipment management tool comprises a series of initialization operations of data initialization, pipe file initialization, start vTPM controller and vTPM rear end audiomonitor then, the vTPM controller is monitored the instruction from the virtual Domain management tool; VTPM rear end audiomonitor drives the TPM instruction of monitoring from client virtual domain by the vTPM rear end.
(2), in privileged domain, carry out the virtual Domain management tool, the virtual Domain management tool at first starts this client virtual domain operating system nucleus according to the information of client virtual domain starting configuration file, writing information triggers the variation that the vTPM rear end drives the vTPM device id that goes to monitor this virtual Domain among the XenStore in XenStore then, carries out at last and adds the vTPM operation of equipment.In adding this operation, the virtual Domain management tool at first judges in the configuration file of the current client virtual domain that will start whether specified the vTPM device id, if do not specify, then, preserve this identification number then and prepare to create vTPM equipment for this client virtual domain distributes a new identification number; If designated identification number then directly prepares to create vTPM equipment.Number ready to this vTPM equipment mark.
(3), the vTPM device flag number ready after, the virtual Domain management tool to pipe special file that the vTPM equipment management tool is communicated by letter in send the instruction of creating vTPM equipment, the vTPM controller that triggers the vTPM equipment management tool that is positioned at the pipeline other end removes to create vTPM equipment.
(4), the vTPM controller receives the instruction of creating vTPM equipment from the pipe special file of communicating by letter with the virtual Domain management tool, reading command head at first, and it is splitted into four parts: (1) vTPM device id, (2) TAG, (3) size of input parameter, (4) order code; And then read in the instruction body portion, and bind next according to vTPM device process of content creating of instruction body, and with the device id that obtains above, start this process then.
(5), after the normal operation of vTPM device process, the vTPM equipment management tool writes the pipe special file that the vTPM controller is communicated by letter with the virtual Domain management tool with corresponding vTPM device id.
(6), after the virtual Domain management tool receives the feedback information of vTPM equipment management tool, this vTPM device id is write XenStore, this write activity will trigger the vTPM rear end and drive and obtain the vTPM device id and preserve.
(7), a new vTPM device initialize process, comprise the pipeline that the initialization of global variable and foundation are communicated by letter with the vTPM equipment management tool.Because the corresponding vTPM equipment of each client virtual domain, therefore having many communication pipes, pipeline is to distinguish by the vTPM device id, has so just realized the binding of client virtual domain and vTPM equipment.After initialization was finished, this vTPM equipment just entered duty, wait for the TPM instruction that pipeline transmits, and the result after will handling sent to the shared pipeline of all vTPM.
Two, the vTPM front and back end drives the process of setting up communication:
(1), virtual Domain operating system loads the vTPM front-end driven, the vTPM front-end driven is set up with the rear end and is driven the passage of communicate by letter, finishes a series of initial work, starts working then, waits for that the trusted application transmission TPM in the client virtual domain instructs.
Three, the vTPM rear end drive and vTPM rear end listener process from the entire flow of the TPM instruction of client virtual domain:
(1), the vTPM front-end driven is issued the driving of vTPM rear end by communication port with the TPM instruction request, different client virtual domains uses different communication ports, therefore the vTPM rear end drives and finds corresponding vTPM device id according to channel number, and fill in into request package, then request package is issued the vTPM equipment management tool.
(2), vTPM rear end audiomonitor at first reads the vTPM rear end and drives the instruction head transmit, obtains the vTPM device id, reads remaining instruction then and handles, result sends to and the pairing pipeline of vTPM device id.
(3), vTPM equipment reads from pipe file and passes the instruction come, and resolves and also handles the TPM instruction, result and vTPM device id are stitched together is returned to vTPM rear end audiomonitor by the shared pipe file of all vTPM equipment.
(4), vTPM rear end audiomonitor reading command execution result from vTPM equipment, drive the trusted application software return to client virtual domain by the vTPM front and back end then, finish a complete TPM operation.
2. the implementation method of the virtual credible platform module of dynamically transparent according to claim 1, it is characterized in that:, can seamlessly move based on virtual TPM equipment in the Xen virtual Domain based on the trusted application software of the physics TPM chip of common computer by the method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100763933A CN101488174B (en) | 2009-01-15 | 2009-01-15 | Implementing method for dynamically transparent virtual credible platform module |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100763933A CN101488174B (en) | 2009-01-15 | 2009-01-15 | Implementing method for dynamically transparent virtual credible platform module |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101488174A CN101488174A (en) | 2009-07-22 |
| CN101488174B true CN101488174B (en) | 2010-07-14 |
Family
ID=40891060
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100763933A Expired - Fee Related CN101488174B (en) | 2009-01-15 | 2009-01-15 | Implementing method for dynamically transparent virtual credible platform module |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101488174B (en) |
Families Citing this family (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102110197B (en) * | 2009-12-25 | 2013-04-03 | 中国科学院计算技术研究所 | Method and system for multi-core processor to realize TMP (trusted platform module) in computing environment |
| CN101834860B (en) * | 2010-04-22 | 2013-01-30 | 北京交通大学 | Method for remote dynamic verification on integrality of client software |
| CN102253857B (en) * | 2011-06-24 | 2013-03-27 | 华中科技大学 | Xen virtual machine scheduling control method in multi-core environment |
| CN102855450B (en) * | 2011-06-28 | 2015-10-28 | 上海网技信息技术有限公司 | For carrying out the method and system of insulation blocking to virtual computation environmental |
| CN102289620A (en) * | 2011-08-12 | 2011-12-21 | 华南理工大学 | Credible equipment virtualization system and method based on Xen safety computer |
| CN102436566B (en) * | 2012-01-12 | 2014-07-09 | 冶金自动化研究设计院 | Dynamic trusted measurement method and safe embedded system |
| CN103064730B (en) * | 2012-12-20 | 2015-07-29 | 华中科技大学 | A kind of two-stage disk-scheduling method of facing cloud computing environment |
| CN103677745B (en) * | 2013-12-10 | 2017-01-04 | 中国船舶重工集团公司第七0九研究所 | A kind of method write in Loongson mainboard and read device identification |
| CN105122210B (en) | 2013-12-31 | 2020-02-21 | 华为技术有限公司 | GPU virtualization implementation method and related device and system |
| CN103995732B (en) | 2014-05-26 | 2017-02-22 | 华为技术有限公司 | Virtual trusted platform module function implementation method and management equipment |
| CN104318182B (en) * | 2014-10-29 | 2017-09-12 | 中国科学院信息工程研究所 | A kind of intelligent terminal shielding system and method extended based on processor security |
| CN105389513B (en) * | 2015-11-26 | 2018-10-12 | 华为技术有限公司 | A kind of credible execution method and apparatus of virtual credible platform module vTPM |
| CN105843669A (en) * | 2016-03-21 | 2016-08-10 | 浪潮集团有限公司 | TPM encryption based virtual machine data protection method |
| CN105956465A (en) * | 2016-05-04 | 2016-09-21 | 浪潮电子信息产业股份有限公司 | VTPM-based method for constructing virtual trusted platform |
| CN106528267B (en) * | 2016-10-27 | 2019-08-09 | 广东铂亚信息技术有限公司 | Network communication monitoring system and method based on Xen privileged domain |
| CN106778362B (en) * | 2016-12-26 | 2020-02-28 | 中国电子科技集团公司第三十研究所 | Secure computing environment construction method based on virtualization technology |
| CN106850661A (en) * | 2017-02-28 | 2017-06-13 | 郑州云海信息技术有限公司 | One kind virtualization method for safety monitoring and system |
| CN107704308B (en) * | 2017-09-19 | 2020-10-02 | 浪潮(北京)电子信息产业有限公司 | Virtual platform vTPM management system, trust chain construction method and device, and storage medium |
| CN107861795B (en) * | 2017-11-20 | 2022-04-26 | 浪潮(北京)电子信息产业有限公司 | Method, system and device for simulating physical TCM chip and readable storage medium |
| CN108170516A (en) * | 2018-01-03 | 2018-06-15 | 浪潮(北京)电子信息产业有限公司 | Create method, apparatus, equipment and the computer readable storage medium of vTPM |
| CN108229177A (en) * | 2018-01-03 | 2018-06-29 | 浪潮(北京)电子信息产业有限公司 | The method, apparatus and medium of establishment vTPM based on libvirt |
-
2009
- 2009-01-15 CN CN2009100763933A patent/CN101488174B/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN101488174A (en) | 2009-07-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101488174B (en) | Implementing method for dynamically transparent virtual credible platform module | |
| US9043923B2 (en) | Virtual machine monitor (VMM) extension for time shared accelerator management and side-channel vulnerability prevention | |
| CN101866408B (en) | Transparent trust chain constructing system based on virtual machine architecture | |
| US7987497B1 (en) | Systems and methods for data encryption using plugins within virtual systems and subsystems | |
| CN101655798B (en) | Method for deployment and operation of application in computer and virtual machine environments | |
| CN101488173B (en) | Method for measuring completeness of credible virtual field start-up files supporting non-delaying machine | |
| CN102811239B (en) | A kind of dummy machine system and its method of controlling security | |
| CN105184154A (en) | System and method for providing cryptogrammic operation service in virtualized environment | |
| WO2014207581A2 (en) | Processing a guest event in a hypervisor-controlled system | |
| CN103002445A (en) | Safe mobile electronic equipment for providing application services | |
| CN102262557A (en) | Method for constructing virtual machine monitor by bus architecture and performance service framework | |
| TW202038114A (en) | Binding secure keys of secure guests to a hardware security module | |
| Xu et al. | A framework for privacy-aware computing on hybrid clouds with mixed-sensitivity data | |
| CN1937628A (en) | Method and system for managing data processing target entity | |
| EP2243254B1 (en) | Peer-to-peer streaming and api services for plural applications | |
| CN109635581A (en) | A kind of data processing method, equipment, system and storage medium | |
| CN105556473A (en) | I/O task processing method, device and system | |
| CN109324873A (en) | The equipment and storage medium for virtualizing method for managing security, running kernel-driven | |
| Wan et al. | Building trust into cloud computing using virtualization of TPM | |
| CN101488175B (en) | Method for preventing credible client virtual domain starting crash based on polling mechanism | |
| Feng et al. | MobiGyges: A mobile hidden volume for preventing data loss, improving storage utilization, and avoiding device reboot | |
| CN104102524A (en) | Method for realizing virtual secure element (VSE) | |
| CN101539973B (en) | Method of seamless operation of integrity measurement technology in trusted virtual domain | |
| CN102622245B (en) | Virtual machine automatic-starting control method under sun4v architecture | |
| Miliadis et al. | VenOS: A Virtualization Framework for Multiple Tenant Accommodation on Reconfigurable Platforms |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100714 Termination date: 20120115 |