CN102707985A - Access control method and system for virtual machine system - Google Patents
Access control method and system for virtual machine system Download PDFInfo
- Publication number
- CN102707985A CN102707985A CN2011100755328A CN201110075532A CN102707985A CN 102707985 A CN102707985 A CN 102707985A CN 2011100755328 A CN2011100755328 A CN 2011100755328A CN 201110075532 A CN201110075532 A CN 201110075532A CN 102707985 A CN102707985 A CN 102707985A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- guest virtual
- access control
- guest
- monitor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/468—Specific access rights for resources, e.g. using capability register
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an access control method for a virtual machine system. A virtual machine is arranged in a system to serve as a manager virtual machine, and other virtual machines serve as client virtual machines. An access control module is arranged in the manager virtual machine and used for performing access control over the client virtual machines according to the information of the client virtual machines, and an access control proxy module is arranged in a virtual machine monitor and used for receiving access request information of the client virtual machines and forwarding the access request information to the access control module. By the technical scheme, the scale of the virtual machine monitor is not increased, the safety of the virtual machine monitor is not reduced, the access control over the virtual machines can be performed, the access of the virtual machines to physical resources can be effectively controlled, and safety threat such as attack and communication among the virtual machines and service rejection in the virtual machine system can be avoided.
Description
Technical field
The present invention relates to the resource access technology, relate in particular to a kind of dummy machine system access control method and system based on cloud computing.
Background technology
Cloud computing brings infotech of commercial field (IT, Information Technology) New Times that service provides and consumes.Collaborative, agility, extendability, availability have been strengthened in cloud computing, and the characteristics through optimizing, more efficient calculating reduces cost.In particular, cloud has been described the use of service, application, information and the infrastructure etc. be made up of calculating, network, information and the storage etc. of " resource pool " change.Form in the cloud computing that assembly can be purchased rapidly, deployment and retired, and can expand rapidly or reduce, provide as required, with distribution and consumption mode like the effectiveness compute classes.
(the NIST of USA National Institute of Standard and Technology; National Institute of Standards andTechnology) five key features have been defined to cloud computing, promptly as required from service, broadband access, virtualized resource " pond ", resilient infrastructure, measurable service etc. fast.Many tenants also are the key factors of cloud computing as the essential characteristic of cloud computing.
Why automatically the cloud computing system resource of certain service of Control and Optimization is used, and is because utilized through abstract to a certain degree measurement capability.In cloud computing, Intel Virtualization Technology is one of important selection technology that resource is abstract.
In the virtual machine technology, different according to treating virtual entity, can be divided into dissimilar virtual.Wherein, the system virtualization technology is by a kind of Intel Virtualization Technology of extensive understanding.
The core concept of system virtualizationization is that virtualization software fictionalizes one or more virtual machine on a physical machine.Virtual machine operates in the isolation environment, is the logical machine system with complete hardware function, and it comprises client operating system and application program wherein.In dummy machine system, a plurality of operating systems can be moved multiplexing physical resource independently simultaneously on same physical machine.
In X86 server (adopting the server of complicated order framework computing machine (CISC, Complex Instruction SetComputer) architecture processor), use virtual machine technique can improve the utilization factor of server.Dummy machine system has obtained large-scale commercialization.
Although Intel Virtualization Technology obtains fast development, the safety technique of dummy machine system but seriously lags behind.Operation various services and safeguards system safety on virtual machine is than complicated many on single computing machine.The security threat of dummy machine system is a lot, the for example attack between the virtual machine, resource occupation conflict and the threat etc. of escaping.Therefore, when using virtual machine to bring application and administrative convenience, should pay attention to solving the virtual secure problem more, research secure virtual machine mechanism.At present, which type of secure virtual machine mechanism how the virtual secure problem to be implemented and implemented and still be not sure of still in talking stage.
Summary of the invention
In view of this, fundamental purpose of the present invention is to provide a kind of access control method and system of dummy machine system, can realize the safety management to dummy machine system, also can not increase the processing burden of monitor of virtual machine.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of access control system of dummy machine system is characterized in that, a virtual machine is set as managing virtual machines in dummy machine system, and all the other virtual machines are as guest virtual machine; Said device also comprises access control module and access control proxy module, wherein,
Said access control module is arranged in the managing virtual machines, is used for the guest virtual machine control that conducts interviews;
Said access control proxy module is arranged in the monitor of virtual machine, is used to receive the access request of guest virtual machine, and said access request is forwarded to said access control module.
Preferably, store the client virtual machine information in the database of said managing virtual machines; Wherein, said guest virtual machine information comprises guest virtual machine sign, security policy information.
Preferably, said access request comprises resource access request, visits other guest virtual machine requests.
Preferably; When said guest virtual machine access request is resource access request; Said access control module is further used for said guest virtual machine is carried out authentication, mandate; And after said guest virtual machine authentication is passed through, from said security policy information, obtain the corresponding resource access authority of said guest virtual machine, send to said monitor of virtual machine.
Preferably, said monitor of virtual machine is further used for, and is said guest virtual machine management and Resources allocation according to received resource access authority.
Preferably, when said guest virtual machine access request was other guest virtual machine requests of visit, said access control module was further used for said guest virtual machine is carried out authentication, mandate; And after authentication is passed through, from the said security policy information of the database of said managing virtual machines, obtain the access rights of said guest virtual machine, and send to said monitor of virtual machine other guest virtual machines;
Said monitor of virtual machine is further used for, and allows or do not allow the visit of said guest virtual machine to other guest virtual machines by received access rights.
A kind of access control method of dummy machine system is provided with a virtual machine as managing virtual machines in dummy machine system, all the other virtual machines are as guest virtual machine; Be provided with access control module in the managing virtual machines; The access control proxy module is set in the monitor of virtual machine; Said method also comprises:
Said guest virtual machine sends access request to monitor of virtual machine;
Said access control proxy module obtains the access request of guest virtual machine, and said access request is forwarded to access control module;
After said access control module receives the access request of said customer account management virtual machine,, and the access control result is sent to the monitor of virtual machine kernel to the guest virtual machine control that conducts interviews.
Preferably, store the client virtual machine information in the database of said managing virtual machines; Wherein, said guest virtual machine information comprises guest virtual machine sign, security policy information;
Said access request comprises resource access request, visits other guest virtual machine requests.
Preferably, said to the guest virtual machine control that conducts interviews, for:
When said access request was resource access request, said access control module carried out authentication, mandate to guest virtual machine;
After authentication was passed through, said access control module obtained the corresponding resource access authority of said guest virtual machine from the said security policy information of the database of said managing virtual machines, and sends to said monitor of virtual machine kernel;
Said method also comprises:
Said monitor of virtual machine kernel is said guest virtual machine management and Resources allocation by received resource access authority.
Preferably, said to the guest virtual machine control that conducts interviews, for:
When said access request was other guest virtual machine requests of visit, said access control module carried out authentication, mandate to guest virtual machine;
After authentication was passed through, said access control module obtained the access rights of said guest virtual machine to other guest virtual machines from the said security policy information of the database of said managing virtual machines, and sent to said monitor of virtual machine kernel;
Said method also comprises:
Said monitor of virtual machine kernel allows or does not allow the visit of said guest virtual machine to other guest virtual machines by received access rights.
The present invention is through being divided into virtual machine managing virtual machines and guest virtual machine; And the access control proxy module is set in monitor of virtual machine; Like this; Monitor of virtual machine is forwarded to managing virtual machines with resource access request after receiving the resource access request of guest virtual machine or visiting other guest virtual machine requests, guest virtual machine is carried out operations such as authentication, mandate by managing virtual machines; And allow other client computer are conducted interviews through the back in authentication; Or from being that guest virtual machine is confirmed corresponding resource access authority according to security policy information etc., and send to monitor of virtual machine, by monitor of virtual machine guest virtual machine is carried out corresponding resource access management etc.Technical scheme of the present invention neither increases the scale of monitor of virtual machine; Do not reduce the security of monitor of virtual machine; Can realize again the virtual machine control that conducts interviews; Control the visit of virtual machine effectively, prevent security threats such as the communication between attack, the virtual machine, denial of service between the virtual machine in the dummy machine system physical resource.
Description of drawings
Fig. 1 is the composition structural representation of dummy machine system of the present invention;
Fig. 2 is the process flow diagram of virtual machine method of the present invention;
Fig. 3 is the composition structural representation of managing virtual machines of the present invention.
Embodiment
Basic thought of the present invention does; Through virtual machine being divided into managing virtual machines and guest virtual machine; And the access control proxy module is set in monitor of virtual machine, like this, after monitor of virtual machine receives the resource access request of guest virtual machine or visits other guest virtual machine requests; Resource access request is forwarded to managing virtual machines; Guest virtual machine is carried out operations such as Certificate Authority by managing virtual machines, and allow other client computer are conducted interviews through the back in authentication, or from confirm the resource access authority of correspondence for guest virtual machine according to security policy information etc.; And send to monitor of virtual machine, by monitor of virtual machine guest virtual machine is carried out corresponding resource access management etc.
In dummy machine system, monitor of virtual machine is responsible for the management of physical resource.Virtual machine need could be visited physical resource through monitor of virtual machine.Monitor of virtual machine provides the physical resource access request according to virtual machine, calls corresponding physical resource, distributes to virtual machine and uses.
Monitor of virtual machine has vital role in dummy machine system.Can realize access control through monitor of virtual machine, prevent the safety problem that occurs in the dummy machine system effectively, for example problems such as attack between the virtual machine, communication, resource occupation virtual machine visit physical resource.
Yet along with increasing of virtual machine function, the code size of monitor of virtual machine is increasing, and the safety problem of monitor of virtual machine is more and more.Because monitor of virtual machine is in the critical role of dummy machine system, its safety problem is brought very big potential safety hazard to dummy machine system.
Therefore,, can guarantee the safety of dummy machine system again, when considering, should consider to adopt and to reduce method the monitor of virtual machine security threat to dummy machine system increase security mechanism in order to reduce the safety problem of monitor of virtual machine.
Below, through technical scheme of the present invention is set forth further, specify the present invention and how to overcome the problems referred to above.
Fig. 1 is for the composition structural representation of dummy machine system of the present invention, and is as shown in Figure 1, comprises plural virtual machine and monitor of virtual machine; A virtual machine is set as managing virtual machines in said plural virtual machine, all the other virtual machines are as guest virtual machine; Comprise access control module and database in the managing virtual machines; Be provided with access control proxy module and kernel in the said monitor of virtual machine; Wherein, access control module carries out authentication operations such as authentication, mandate to said guest virtual machine; Database is used to store guest virtual machine identification information, security policy information.Among the present invention, authentication mainly is that the identity of guest virtual machine is carried out authentication, adopts existing authentication mode to get final product, because authentication mode is not to realize emphasis of the present invention, also is to realize easily, and repeating no more here, it realizes details.
Guest virtual machine is further used for resource access request is sent to the access control proxy module; Perhaps; Resource access request is sent to monitor of virtual machine (guest virtual machine needn't be concerned about whether there is the access control proxy module), by asking that the control agent module obtains this resource access request; The access control proxy module is forwarded to access control module with resource access request; Access control module carries out authentication, mandate to guest virtual machine; And after the guest virtual machine authentication is passed through; From the security policy information of database, obtain the corresponding resource access authority of said guest virtual machine; And sending to said monitor of virtual machine kernel, the monitor of virtual machine kernel is said guest virtual machine management and Resources allocation by received resource access authority.Among the present invention; Store the CAMEL-Subscription-Information of guest virtual machine in the security policy information; Promptly store to the signatory authority of the resource access of guest virtual machine; Like allocated bandwidth, information such as the concrete resource type of visit, this security policy information are specifically confirmed by the concrete CAMEL-Subscription-Information of guest virtual machine and operator.
Among the present invention; Guest virtual machine also can be sent to the access request to other guest virtual machines the access control proxy module; Perhaps; To be sent to monitor of virtual machine to the access request of other guest virtual machines, obtain this access request other guest virtual machines by the access control proxy module.The access request that the access control proxy module will be somebody's turn to do other guest virtual machines is forwarded to access control module; Access control module carries out authentication, mandate to guest virtual machine; And after the guest virtual machine authentication is passed through; According to obtaining the access rights of said guest virtual machine in the security policy information, and send to said monitor of virtual machine kernel virtual machine watch-dog and allow or do not allow of the visit of said guest virtual machine other guest virtual machines to other client computer.
Below further introduce dummy machine system of the present invention in detail.
Dummy machine system of the present invention is through the visit of managing virtual machines control guest virtual machine to physical resource, and the communication between the guest virtual machine.
In dummy machine system, start a managing virtual machines.Managing virtual machines is responsible for the control that conducts interviews of guest virtual machine visit physical resource.In managing virtual machines, be provided with access control module and DBM.Access control module is responsible for completion and the guest virtual machine request is carried out work such as authentication, mandate.Information such as data-base recording guest virtual machine ID, security strategy.Guest virtual machine has only the authentication through managing virtual machines, after the access control such as mandate, could visit physical resource.
In monitor of virtual machine, dispose access control agency (being called the access control proxy module).The access control agency is owing to only do agency's use; Therefore do not relate to concrete application processes; Therefore have the lighter characteristics of burden,, the processing burden of monitor of virtual machine is further alleviated through the access control proxy module is set; And the deployment of access control proxy module in monitor of virtual machine can not influence the monitor of virtual machine security.The access control agency catches the access request of guest virtual machine to physical resource, and access request is forwarded to managing virtual machines.The access control module of managing virtual machines carries out authentication, mandate to guest virtual machine; And after the guest virtual machine authentication is passed through; From the security policy information of database, obtain the corresponding resource access authority of said guest virtual machine; And sending to said monitor of virtual machine kernel, the monitor of virtual machine kernel is said guest virtual machine management and Resources allocation by received resource access authority.
Among the present invention, so-called physical resource comprises disk, flash disk, internal memory, network interface card, CPU etc.
Fig. 2 is the process flow diagram of virtual machine method of the present invention, and as shown in Figure 2, among the figure, the label of each step is corresponding with the label shown in Fig. 1, characterize between each unit or unit and network element and the network element alternately; Virtual machine method of the present invention specifically may further comprise the steps:
Step 1, guest virtual machine sends resource access request (physical resource access request) to monitor of virtual machine;
Step 2, the access control proxy module in the monitor of virtual machine is caught resource access request, and resource access request is forwarded to managing virtual machines;
Step 3; Access control module in the managing virtual machines is to the guest virtual machine authentication; And the client virtual identity is carried out authentication according to guest virtual machine identification information (carrying) by resource access request; And from the security policy information of database, obtain the corresponding resource access authority of guest virtual machine through the back, and send to the monitor of virtual machine kernel in authentication;
After step 4, monitor of virtual machine kernel are obtained guest virtual machine resource access authority information, management and distribution physical resource; Here, the monitor of virtual machine kernel mainly carries out resources allocation etc. according to guest virtual machine resource access authority information, is different guest virtual machines and distributes authority corresponding physical resource signatory with it, realizes the resource management to this guest virtual machine.
Step 5, monitor of virtual machine are obtained guest virtual machine can accessed resources information;
Step 6, the monitor of virtual machine kernel sends guest virtual machine with physical resource information;
The virtual machine access control mechanisms that the present invention proposes; Neither increase the code size of monitor of virtual machine; Can not reduce the security of monitor of virtual machine yet; Can realize again the control that conducts interviews of guest virtual machine visit physical resource has been prevented security threats such as the communication between attack, the virtual machine, denial of service between the virtual machine in the dummy machine system effectively.
Fig. 3 is the composition structural representation of managing virtual machines of the present invention, and as shown in Figure 3, managing virtual machines of the present invention comprises access control module and database; Wherein,
Access control module is used for guest virtual machine is carried out authentication, mandate;
Database is used to store guest virtual machine identification information, security policy information.
Said access control module is further used for; After the resource access request of the guest virtual machine that receives the monitor of virtual machine forwarding; Said guest virtual machine is carried out authentication, mandate; And after said guest virtual machine authentication is passed through; From the said security policy information of said database, obtaining the corresponding resource access authority of said guest virtual machine, send to said monitor of virtual machine, is said guest virtual machine management and Resources allocation by said monitor of virtual machine by received resource access authority
The present invention has also put down in writing a kind of monitor of virtual machine, includes kernel, and said monitor of virtual machine also comprises the access control proxy module, is used to receive the resource access request of guest virtual machine, and is forwarded to managing virtual machines.
Aforementioned monitor of virtual machine and managing virtual machines shown in Figure 3 are applied in the dummy machine system shown in Figure 1.
The above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention.
Claims (10)
1. the access control system of a dummy machine system is characterized in that, a virtual machine is set as managing virtual machines in dummy machine system, and all the other virtual machines are as guest virtual machine; Said device also comprises access control module and access control proxy module, wherein,
Said access control module is arranged in the managing virtual machines, is used for the guest virtual machine control that conducts interviews;
Said access control proxy module is arranged in the monitor of virtual machine, is used to receive the access request of guest virtual machine, and said access request is forwarded to said access control module.
2. system according to claim 1 is characterized in that, stores the client virtual machine information in the database of said managing virtual machines; Wherein, said guest virtual machine information comprises guest virtual machine sign, security policy information.
3. system according to claim 1 and 2 is characterized in that, said access request comprises resource access request, visits other guest virtual machine requests.
4. system according to claim 3; It is characterized in that; When said guest virtual machine access request was resource access request, said access control module was further used for said guest virtual machine is carried out authentication, mandate, and after said guest virtual machine authentication is passed through; From said security policy information, obtain the corresponding resource access authority of said guest virtual machine, send to said monitor of virtual machine.
5. system according to claim 4 is characterized in that said monitor of virtual machine is further used for, and is said guest virtual machine management and Resources allocation according to received resource access authority.
6. system according to claim 3 is characterized in that, when said guest virtual machine access request was other guest virtual machine requests of visit, said access control module was further used for said guest virtual machine is carried out authentication, mandate; And after authentication is passed through, from the said security policy information of the database of said managing virtual machines, obtain the access rights of said guest virtual machine, and send to said monitor of virtual machine other guest virtual machines;
Said monitor of virtual machine is further used for, and allows or do not allow the visit of said guest virtual machine to other guest virtual machines by received access rights.
7. the access control method of a dummy machine system is characterized in that, a virtual machine is set as managing virtual machines in dummy machine system, and all the other virtual machines are as guest virtual machine; Be provided with access control module in the managing virtual machines; The access control proxy module is set in the monitor of virtual machine; Said method also comprises:
Said guest virtual machine sends access request to monitor of virtual machine;
Said access control proxy module obtains the access request of guest virtual machine, and said access request is forwarded to access control module;
After said access control module receives the access request of said customer account management virtual machine,, and the access control result is sent to the monitor of virtual machine kernel to the guest virtual machine control that conducts interviews.
8. method according to claim 7 is characterized in that, stores the client virtual machine information in the database of said managing virtual machines; Wherein, said guest virtual machine information comprises guest virtual machine sign, security policy information;
Said access request comprises resource access request, visits other guest virtual machine requests.
9. method according to claim 8 is characterized in that, and is said to the guest virtual machine control that conducts interviews, for:
When said access request was resource access request, said access control module carried out authentication, mandate to guest virtual machine;
After authentication was passed through, said access control module obtained the corresponding resource access authority of said guest virtual machine from the said security policy information of the database of said managing virtual machines, and sends to said monitor of virtual machine kernel;
Said method also comprises:
Said monitor of virtual machine kernel is said guest virtual machine management and Resources allocation by received resource access authority.
10. method according to claim 8 is characterized in that, and is said to the guest virtual machine control that conducts interviews, for:
When said access request was other guest virtual machine requests of visit, said access control module carried out authentication, mandate to guest virtual machine;
After authentication was passed through, said access control module obtained the access rights of said guest virtual machine to other guest virtual machines from the said security policy information of the database of said managing virtual machines, and sent to said monitor of virtual machine kernel;
Said method also comprises:
Said monitor of virtual machine kernel allows or does not allow the visit of said guest virtual machine to other guest virtual machines by received access rights.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100755328A CN102707985A (en) | 2011-03-28 | 2011-03-28 | Access control method and system for virtual machine system |
| PCT/CN2011/081078 WO2012129904A1 (en) | 2011-03-28 | 2011-10-20 | Access control method and system for virtual machine system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100755328A CN102707985A (en) | 2011-03-28 | 2011-03-28 | Access control method and system for virtual machine system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102707985A true CN102707985A (en) | 2012-10-03 |
Family
ID=46900804
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100755328A Pending CN102707985A (en) | 2011-03-28 | 2011-03-28 | Access control method and system for virtual machine system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102707985A (en) |
| WO (1) | WO2012129904A1 (en) |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102929690A (en) * | 2012-11-07 | 2013-02-13 | 曙光云计算技术有限公司 | Method and device for access control of virtual machines |
| CN103020501A (en) * | 2012-11-14 | 2013-04-03 | 曙光云计算技术有限公司 | Access control method and access control device of user data |
| CN103458003A (en) * | 2013-08-15 | 2013-12-18 | 中电长城网际系统应用有限公司 | Access control method and system of self-adaptation cloud computing environment virtual security domain |
| CN103701822A (en) * | 2013-12-31 | 2014-04-02 | 曙光云计算技术有限公司 | Access control method |
| CN103870749A (en) * | 2014-03-20 | 2014-06-18 | 中国科学院信息工程研究所 | System and method for implementing safety monitoring of virtual machine system |
| CN104484219A (en) * | 2014-11-24 | 2015-04-01 | 北京奇虎科技有限公司 | Strategy issuing method and device in virtual platform |
| CN104808997A (en) * | 2015-05-08 | 2015-07-29 | 精航伟泰测控仪器(北京)有限公司 | Development system for supporting industrial intelligent control product based on model design |
| CN104901923A (en) * | 2014-03-04 | 2015-09-09 | 杭州华三通信技术有限公司 | Virtual machine access device and method |
| CN104951694A (en) * | 2014-03-24 | 2015-09-30 | 华为技术有限公司 | Isolation method and apparatus for management virtual machine |
| CN105162788A (en) * | 2015-09-17 | 2015-12-16 | 深圳市深信服电子科技有限公司 | Network permission control system and method |
| CN105303102A (en) * | 2015-11-03 | 2016-02-03 | 浪潮电子信息产业股份有限公司 | Secure access method for virtual machine and virtual machine system |
| CN105491061A (en) * | 2015-12-30 | 2016-04-13 | 中电长城网际系统应用有限公司 | Access control system and method |
| CN105592088A (en) * | 2015-12-24 | 2016-05-18 | 北京奇虎科技有限公司 | Virtual machine flow monitoring method and device, and terminal |
| CN106648832A (en) * | 2016-12-09 | 2017-05-10 | 武汉烽火信息集成技术有限公司 | Virtual machine resource utilization improving device and method thereof |
| CN107636672A (en) * | 2015-06-02 | 2018-01-26 | 华为技术有限公司 | Method in electronic equipment and electronic equipment |
| CN108521397A (en) * | 2018-02-09 | 2018-09-11 | 华为技术有限公司 | A kind of method and system accessing resource service |
| CN108833332A (en) * | 2018-04-11 | 2018-11-16 | 广东省卫生厅政务服务中心 | Multi-tenant access control method based on hypervisor |
| CN108875357A (en) * | 2017-12-20 | 2018-11-23 | 北京安天网络安全技术有限公司 | A kind of program starting method, apparatus, electronic equipment and storage medium |
| CN109324873A (en) * | 2018-09-21 | 2019-02-12 | 郑州云海信息技术有限公司 | The equipment and storage medium for virtualizing method for managing security, running kernel-driven |
| CN109358949A (en) * | 2018-10-18 | 2019-02-19 | 郑州云海信息技术有限公司 | A kind of safe controlled device of virtual machine system |
| CN111209088A (en) * | 2020-01-21 | 2020-05-29 | 湖南麒麟信安科技有限公司 | Agent-free virtual machine peripheral sealing control method, system and medium |
| CN113157396A (en) * | 2021-04-27 | 2021-07-23 | 科东(广州)软件科技有限公司 | Virtualization service system and method |
| CN116483505A (en) * | 2023-05-08 | 2023-07-25 | 江苏云之遥信息科技有限公司 | Intelligent multifunctional cloud desktop system |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104702566B (en) * | 2013-12-06 | 2021-08-06 | 苏州海博智能系统有限公司 | Authorized use method and device of virtual equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1936845A (en) * | 2005-09-19 | 2007-03-28 | 联想(北京)有限公司 | Method and apparatus for dynamic distribution of virtual machine system input-output apparatus |
| CN1953391A (en) * | 2005-10-20 | 2007-04-25 | 联想(北京)有限公司 | Computer management system and computer management method |
| US7380049B2 (en) * | 2005-09-06 | 2008-05-27 | Intel Corporation | Memory protection within a virtual partition |
| CN101452397A (en) * | 2008-11-27 | 2009-06-10 | 上海交通大学 | Forced access control method and apparatus in virtual environment |
-
2011
- 2011-03-28 CN CN2011100755328A patent/CN102707985A/en active Pending
- 2011-10-20 WO PCT/CN2011/081078 patent/WO2012129904A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7380049B2 (en) * | 2005-09-06 | 2008-05-27 | Intel Corporation | Memory protection within a virtual partition |
| CN1936845A (en) * | 2005-09-19 | 2007-03-28 | 联想(北京)有限公司 | Method and apparatus for dynamic distribution of virtual machine system input-output apparatus |
| CN1953391A (en) * | 2005-10-20 | 2007-04-25 | 联想(北京)有限公司 | Computer management system and computer management method |
| CN101452397A (en) * | 2008-11-27 | 2009-06-10 | 上海交通大学 | Forced access control method and apparatus in virtual environment |
Cited By (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102929690A (en) * | 2012-11-07 | 2013-02-13 | 曙光云计算技术有限公司 | Method and device for access control of virtual machines |
| CN103020501A (en) * | 2012-11-14 | 2013-04-03 | 曙光云计算技术有限公司 | Access control method and access control device of user data |
| CN103020501B (en) * | 2012-11-14 | 2017-02-15 | 无锡城市云计算中心有限公司 | Access control method and access control device of user data |
| CN103458003A (en) * | 2013-08-15 | 2013-12-18 | 中电长城网际系统应用有限公司 | Access control method and system of self-adaptation cloud computing environment virtual security domain |
| CN103458003B (en) * | 2013-08-15 | 2016-11-16 | 中电长城网际系统应用有限公司 | A kind of self adaptation cloud computing environment virtual secure domain browsing control method and system |
| CN103701822A (en) * | 2013-12-31 | 2014-04-02 | 曙光云计算技术有限公司 | Access control method |
| US10270782B2 (en) | 2014-03-04 | 2019-04-23 | Hewlett Packard Enterprise Development Lp | Virtual desktopaccess control |
| CN104901923A (en) * | 2014-03-04 | 2015-09-09 | 杭州华三通信技术有限公司 | Virtual machine access device and method |
| CN104901923B (en) * | 2014-03-04 | 2018-12-25 | 新华三技术有限公司 | A kind of virtual machine access mechanism and method |
| CN103870749A (en) * | 2014-03-20 | 2014-06-18 | 中国科学院信息工程研究所 | System and method for implementing safety monitoring of virtual machine system |
| CN104951694A (en) * | 2014-03-24 | 2015-09-30 | 华为技术有限公司 | Isolation method and apparatus for management virtual machine |
| US9971623B2 (en) | 2014-03-24 | 2018-05-15 | Huawei Technologies Co., Ltd. | Isolation method for management virtual machine and apparatus |
| CN104951694B (en) * | 2014-03-24 | 2018-04-10 | 华为技术有限公司 | A kind of partition method and device for managing virtual machine |
| CN104484219A (en) * | 2014-11-24 | 2015-04-01 | 北京奇虎科技有限公司 | Strategy issuing method and device in virtual platform |
| CN104808997A (en) * | 2015-05-08 | 2015-07-29 | 精航伟泰测控仪器(北京)有限公司 | Development system for supporting industrial intelligent control product based on model design |
| CN107636672A (en) * | 2015-06-02 | 2018-01-26 | 华为技术有限公司 | Method in electronic equipment and electronic equipment |
| CN105162788A (en) * | 2015-09-17 | 2015-12-16 | 深圳市深信服电子科技有限公司 | Network permission control system and method |
| CN105162788B (en) * | 2015-09-17 | 2019-07-26 | 深信服科技股份有限公司 | The control system and method for network legal power |
| CN105303102A (en) * | 2015-11-03 | 2016-02-03 | 浪潮电子信息产业股份有限公司 | Secure access method for virtual machine and virtual machine system |
| CN105592088A (en) * | 2015-12-24 | 2016-05-18 | 北京奇虎科技有限公司 | Virtual machine flow monitoring method and device, and terminal |
| CN105491061A (en) * | 2015-12-30 | 2016-04-13 | 中电长城网际系统应用有限公司 | Access control system and method |
| CN106648832B (en) * | 2016-12-09 | 2020-01-14 | 武汉烽火信息集成技术有限公司 | Device and method for improving resource utilization rate of virtual machine |
| CN106648832A (en) * | 2016-12-09 | 2017-05-10 | 武汉烽火信息集成技术有限公司 | Virtual machine resource utilization improving device and method thereof |
| CN108875357A (en) * | 2017-12-20 | 2018-11-23 | 北京安天网络安全技术有限公司 | A kind of program starting method, apparatus, electronic equipment and storage medium |
| CN108875357B (en) * | 2017-12-20 | 2020-05-12 | 北京安天网络安全技术有限公司 | Program starting method and device, electronic equipment and storage medium |
| CN108521397A (en) * | 2018-02-09 | 2018-09-11 | 华为技术有限公司 | A kind of method and system accessing resource service |
| CN108521397B (en) * | 2018-02-09 | 2021-02-12 | 华为技术有限公司 | Method and system for accessing resource service |
| CN108833332A (en) * | 2018-04-11 | 2018-11-16 | 广东省卫生厅政务服务中心 | Multi-tenant access control method based on hypervisor |
| CN109324873A (en) * | 2018-09-21 | 2019-02-12 | 郑州云海信息技术有限公司 | The equipment and storage medium for virtualizing method for managing security, running kernel-driven |
| CN109358949A (en) * | 2018-10-18 | 2019-02-19 | 郑州云海信息技术有限公司 | A kind of safe controlled device of virtual machine system |
| CN111209088A (en) * | 2020-01-21 | 2020-05-29 | 湖南麒麟信安科技有限公司 | Agent-free virtual machine peripheral sealing control method, system and medium |
| CN111209088B (en) * | 2020-01-21 | 2023-08-29 | 湖南麒麟信安科技股份有限公司 | Agent-free virtual machine peripheral sealing control method, system and medium |
| CN113157396A (en) * | 2021-04-27 | 2021-07-23 | 科东(广州)软件科技有限公司 | Virtualization service system and method |
| CN116483505A (en) * | 2023-05-08 | 2023-07-25 | 江苏云之遥信息科技有限公司 | Intelligent multifunctional cloud desktop system |
| CN116483505B (en) * | 2023-05-08 | 2024-03-19 | 江苏云之遥信息科技有限公司 | Intelligent multifunctional cloud desktop system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2012129904A1 (en) | 2012-10-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102707985A (en) | Access control method and system for virtual machine system | |
| CN102811239B (en) | A kind of dummy machine system and its method of controlling security | |
| US20190097807A1 (en) | Network access control based on distributed ledger | |
| US9076013B1 (en) | Managing requests for security services | |
| US9177132B2 (en) | Capturing data parameters in templates in a networked computing environment | |
| US10242221B1 (en) | System and method for automatically securing sensitive data in public cloud using a serverless architecture | |
| US10237245B2 (en) | Restricting guest instances in a shared environment | |
| US9679119B2 (en) | Software utilization privilege brokering in a networked computing environment | |
| US20140380310A1 (en) | Sharing usb key by multiple virtual machines located at different hosts | |
| US9270703B1 (en) | Enhanced control-plane security for network-accessible services | |
| US20120102572A1 (en) | Node controller for an endpoint in a cloud computing environment | |
| CN102411693A (en) | Inherited Product Activation For Virtual Machines | |
| US20140059229A1 (en) | Remote service for executing resource allocation analyses for computer network facilities | |
| Rastogi et al. | Cloud computing implementation: key issues and solutions | |
| CN109284839A (en) | Mobile operation management platform safe operation and big data application system under cloud environment | |
| US9710292B2 (en) | Allowing management of a virtual machine by multiple cloud providers | |
| CN104301289B (en) | Equipment for safety information interaction | |
| CN105184154A (en) | System and method for providing cryptogrammic operation service in virtualized environment | |
| US20140351409A1 (en) | Monitoring client information in a shared environment | |
| Arunarani et al. | FFBAT: A security and cost‐aware workflow scheduling approach combining firefly and bat algorithms | |
| TW201439917A (en) | Expansion of services for a virtual data center guest | |
| US20120323821A1 (en) | Methods for billing for data storage in a tiered data storage system | |
| WO2017107792A1 (en) | Data information processing method, and data storage system | |
| US9838430B1 (en) | Temporarily providing a software product access to a resource | |
| US9253056B2 (en) | System to enhance performance, throughput and reliability of an existing cloud offering |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20121003 |
|
| RJ01 | Rejection of invention patent application after publication |