CN106445641B - Data migration method between secure virtual platforms on discrete computing nodes - Google Patents
Data migration method between secure virtual platforms on discrete computing nodes Download PDFInfo
- Publication number
- CN106445641B CN106445641B CN201610949375.1A CN201610949375A CN106445641B CN 106445641 B CN106445641 B CN 106445641B CN 201610949375 A CN201610949375 A CN 201610949375A CN 106445641 B CN106445641 B CN 106445641B
- Authority
- CN
- China
- Prior art keywords
- security
- virtual machine
- monitor
- application
- monitoring system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013508 migration Methods 0.000 title claims abstract description 35
- 230000005012 migration Effects 0.000 title claims abstract description 35
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000012544 monitoring process Methods 0.000 claims abstract description 58
- 230000003014 reinforcing effect Effects 0.000 claims abstract description 13
- 238000004891 communication Methods 0.000 claims abstract description 12
- 230000002787 reinforcement Effects 0.000 claims abstract description 7
- 238000001514 detection method Methods 0.000 claims description 23
- 238000005192 partition Methods 0.000 claims description 18
- 230000008569 process Effects 0.000 claims description 7
- 238000012545 processing Methods 0.000 claims description 7
- 238000004458 analytical method Methods 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 abstract description 3
- 238000007726 management method Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000008447 perception Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000010223 real-time analysis Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/4557—Distribution of virtual machine instances; Migration and load balancing
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention has provided the data migration method among the safe virtual platform on a discrete computational node, this method has set up a security reinforcement system to the monitor of the virtual machine on each discrete computational node, utilize the independent hardware security monitoring system to simulate the client software of the far-end server under the network environment to release the function, the said security reinforcement system utilizes communication port and interconnection network of the computational node to connect with far-end security server, the security server carries on the unified marking, management, maintenance and upgrading to the version, compatibility and integrality of the virtual machine monitor, security monitor, operating system, middleware and application program stored in the security reinforcement system connected on each computational node; and completing the data migration through the security reinforcing system and the security server.
Description
Technical Field
The invention relates to the field of information security, in particular to a data migration method and a security strategy thereof between security virtual platforms on discrete computing nodes.
Background
In a cloud computing environment, virtual machine migration and data migration on a server cluster are often the case due to the need for load balancing and full exploitation of underlying hardware processing capabilities. With the continuous improvement of network communication bandwidth and transmission rate, discrete computing nodes, especially PCs and notebook computers, form a cluster, and the potential of the computing resources is fully exerted in a cloud computing mode similar to a server cluster, so that the method is a direction with a wide development prospect. Virtual machine migration and data migration on the discrete computing nodes are important factors influencing the cooperative operation efficiency of the discrete computing nodes and are also important factors influencing network security control.
For example, patent application 201310072657.4 discloses a trusted virtual platform, a construction method thereof, and a data migration method between platforms, in which a trusted service domain TSD is constructed based on a virtualized vTPM technology of a TPM security chip, and a TSD extended trust chain establishes a trusted operating environment for a user domain. The user domain completes the call of the security application to the trusted function through interacting with the management domain, and the management domain completes the transmission and processing of the trusted command through interacting with the TSD. And the source platform migration engine interacts with the target platform migration engine, migrates migration data generated based on the security chip and the TSD to the target platform, recovers the data on the target platform, and completes the rapid migration of the TSD and the virtual machine.
However, in an actual application scenario, the installed virtual machine monitors of the discretely distributed computing nodes, such as PCs and notebooks of different users, are different, and the operating systems and application programs included in the running virtual machines are also different. How to carry out unified safety management on a virtual machine monitor on a discrete computing node, an operating system and an application program contained in a virtual machine to be migrated and field operation data is not related to the patent application. Meanwhile, the vTPM technology only solves the problem of construction of a static trusted environment on the computing node, and does not relate to the problems of dynamic security detection and operation environment maintenance in the operation process of the computing node, security migration of a virtual machine and related data and the like.
Disclosure of Invention
The invention aims to provide a data migration method between safety virtual platforms on discrete computing nodes, which solves the problems of virtual machine migration and related data migration between safety virtual platforms on discrete computing nodes under a high-speed network environment, and can realize the purpose of effective network safety control while fully exerting the processing potential of computing resources.
Another objective of the present invention is to provide a method for security detection and data migration between secure virtual platforms on discrete compute nodes, which is implemented by the method
The purpose of the invention is realized by the following technical scheme.
A data migration method between security virtual platforms on discrete computing nodes is characterized in that a security reinforcing system aiming at a virtual machine monitor is established on each discrete computing node, an independent hardware security monitoring system is utilized to simulate the client software release function of a remote server under a network environment, the security reinforcing system is connected with the remote security server by utilizing a communication port and an interconnection network of the computing node, and the security server uniformly marks, manages, maintains and upgrades the version, compatibility and integrity of the virtual machine monitor, the security monitor, an operating system, a middleware and an application program stored in the security reinforcing system connected on each computing node; and completing the data migration through the security reinforcing system and the security server.
The security reinforcing system comprises a security monitor added in the virtual machine monitor, an independent hardware security monitoring system is adopted to be connected with the computing node, and the security reinforcing system is used for detecting and managing the running states of the virtual machine monitor and the virtual machine executing high-security application in real time.
Furthermore, the hardware security monitoring system stores program codes of the virtual machine monitor and the security monitor on one hand, and also stores a simplified operating system, middleware and an application program required by high-security application; the computing node configures a specific security partition through the virtual machine monitor according to the functional requirements and security requirements of different application environments, uploads a simplified operating system, middleware and an application program required by high-security application to the security partition from the hardware security monitoring system, starts the virtual machine integrated on the partition at proper time, completes the expected operation of the high-security application, and cancels the corresponding virtual machine and partition after the operation is completed.
Further, the virtual machine monitor uploads an operating system, middleware and an application program related to the high-security application to a specific security partition, and starts and executes the high-security application; during the execution of the high-security application, the integrity detection of an operating system, middleware and an application program in the partition acquires snapshots of the operating system, the middleware and the application program through a security monitor, and the snapshots are verified through background processing of a hardware security monitoring system; during the execution of the high-security application, if the virtual machine monitor is invaded or the partition of the security application is invaded, the hardware security monitoring system resets the system and cancels all the virtual machines to run.
Furthermore, important intermediate data and final results related in the running process of the high-safety application are stored in the hardware safety monitoring system, and the data and information are effectively prevented from being leaked.
The hardware security monitoring system is connected with a remote security server by utilizing a communication port of a computing node and an interconnection network, and the security server uniformly marks, manages, maintains and upgrades the versions, compatibility and integrality of a virtual machine monitor, a security monitor and a simplified operating system, a middleware and an application program contained in a high-security application which are stored in the hardware security monitoring system connected with each computing node.
When discrete computing nodes are interconnected through a network for cooperative operation, the security server selectively stops and deletes part of high-security applications executed on the computing nodes according to security detection information fed back by independent hardware security monitors on each computing node and according to the requirements of network security control and load balancing, and migrates related security virtual machines and field data to appropriate computing nodes for continuous execution.
According to the method, when the discrete computing nodes are interconnected through the network to perform the cooperative operation, the independent hardware safety monitoring system collects and detects the integrity and the safety of the virtual machine monitor of each computing node and the safety virtual machine executing high-safety application, and sends the detection information to the safety server.
Further, the security server forms global security situation perception and security situation analysis according to detection information fed back by the independent hardware security monitoring systems on the computing nodes, and selectively stops and deletes part of high security applications executed on the computing nodes according to the requirements of load balancing and security control.
Furthermore, the security server transmits the field data of the related security virtual machine to the computing nodes of which the versions of the operating system, the middleware and the application program included in the virtual machine monitor, the security monitor and the high security application all meet the migration requirement of the security virtual machine through a password security channel, establishes the security virtual machine through the virtual machine monitor, and continues to execute the corresponding high security application.
Compared with the prior art, the invention has the following advantages:
1. the method can accurately sense the current security situation of the computing nodes, and provides good security guarantee for the cooperative computing among the discrete computing nodes.
2. The independent hardware safety monitoring system is adopted to detect the real-time storage images of the high-safety application virtual machine and the virtual machine monitor, so that the safety defects of a bottom hardware system of the computing node and hardware trojans/logic bombs are effectively avoided, and the independence and the effectiveness of detection operation are ensured.
3. The security detection operation executed on the hardware security monitoring system is executed in parallel with the system running of the computing node, so that the performance loss caused by the execution of the security detection operation on the computing node is reduced.
4. The security storage area in the independent hardware security monitoring system is adopted to keep the simplified operating system, the middleware and the application program contained in the virtual machine monitor, the security monitor and the high security application, so that the storage and detection of the codes are not dependent on the security of the hardware circuit of the computing node, and the unified management of the codes is firmly guaranteed.
5. The hardware security monitoring system is connected with a remote security server by utilizing a communication port and an interconnection network in a computing node, and the security server uniformly marks, manages, maintains and upgrades the versions, compatibility and integrality of a virtual machine monitor, a security monitor and a simplified operating system, a middleware and an application program contained in high-security application which are stored in the hardware security monitoring system connected with different computing nodes.
6. When discrete computing nodes are interconnected through a network for cooperative operation, the security server selectively stops and deletes part of high-security applications executed on the computing nodes according to security detection information fed back by independent hardware security monitors on the computing nodes and according to the requirements of network security control and load balancing, migrates related security virtual machines and field data to proper computing nodes for continuous execution, and ensures the effectiveness and the security of data migration between security virtual platforms.
Drawings
FIG. 1 is a block diagram of a system in which the present invention is implemented. (attached drawing)
FIG. 2 is a block diagram of a stand-alone hardware security monitoring system in which the present invention may be implemented.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As shown in fig. 1, which is a block diagram of a system architecture implemented by the present invention, a virtual machine migration and related data migration scheme between secure virtual platforms on discrete computing nodes implemented by the present invention is performed based on the security-hardened computing system shown in fig. 1. The core of the invention is that a security monitor is added in a virtual machine monitor, and simultaneously, an independent hardware security monitoring system for security monitoring and security detection is connected.
The specific implementation of the invention is divided into three parts, namely security reinforcement of the computing nodes, unified management of the security server on an independent hardware security monitoring system, and data migration between security virtual platforms.
Part 1: and (5) security reinforcement of the computing node.
The security reinforcement of the computing node comprises the following two aspects:
(1) the functions of the virtual machine monitor and the safety monitor are fused.
Because the virtual machine monitor is positioned below the operating system and above the hardware system, the virtual machine monitor has the highest priority for scheduling software and hardware, and a convenient and efficient safety monitoring mechanism can be realized based on the virtual machine monitor. In fig. 1, the implementation of the present invention is to add a security monitor on the basis of a virtual machine monitor.
For the operation of the operating system and the application software in the virtual machine, because the scheduling of the execution process and the access to the hardware resource are realized through the management of the virtual machine monitor, the security monitor can monitor the related process and operation by adopting the same granularity as the virtual machine monitor, collect the operation parameters of the related process and operation for the security monitor system to perform real-time analysis, and adopt corresponding countermeasures and protection processing on the found attack behavior. For the integrity detection of the virtual machine monitor, the detection of the running state of the virtual machine can play a role in sensing the current situation of the computing node, and the method has an important role in pertinently selecting the detection point of the virtual machine monitor and improving the safety detection efficiency.
(2) And (4) an independent hardware safety monitoring system.
Unlike the virtual machine security monitor which is widely used in the industry at present and is implemented in a software form, an independent hardware security monitoring system is designed and implemented. The hardware security monitoring system is composed of an interface, a routing chip and a group of security monitoring chips, wherein the chips are designed to adopt the highest-level security protection, and meanwhile, the communication among the chips is carried out in a security encryption mode, so that the security of encrypted communication data is ensured.
Program codes of the virtual machine monitor and the safety monitor are stored in the safety monitoring chip, and the codes are uploaded to a computing node platform through a password safety channel when the computing node is powered on, so that the credible root detected by the system is not dependent on the safety of a hardware circuit of the computing node.
And starting and executing the high-level security application. Under the condition that the native operating system and the application program are not attacked, the virtual machine monitor uploads the simplified operating system, the middleware and the application program related to the high-security application to a specific security partition from the security monitoring chip, and the high-security application is started and executed. During execution of the high-security application, the integrity of the operating system, the middleware and the application program in the partition is detected, the snapshot of the operating system, the middleware and the application program is obtained through the security monitor, and the verification is carried out through the background processing of the hardware security monitoring system. During the execution of the high-security application, if the virtual machine monitor is invaded or the partition of the security application is invaded, the hardware security monitoring system resets the system and cancels all the virtual machines to run. And if the high-safety application is successfully completed, the virtual machine monitor cancels the corresponding virtual machine and the safety partition, and schedules the local operating system and the application program to be transferred to be executed.
Important intermediate data and final results related in the running process of the high-safety application are stored in the hardware safety monitoring system, and the leakage of data and information is effectively prevented.
Section 2: and the security server performs unified management on the independent hardware security monitoring system.
The independent hardware safety monitoring system is connected with a remote safety server by utilizing a communication port of a computing node and an interconnection network, and the safety server uniformly marks, manages, maintains and upgrades the versions, compatibility and integrality of a virtual machine monitor, a safety monitor and a simplified operating system, a middleware and an application program contained in a safety monitoring chip of each independent hardware safety monitoring system.
And reporting the locally discovered security attack condition to a security server by a hardware security monitoring system on each computing node. The security server synthesizes the security attack condition discovered in a specific time period, adjusts the related security monitoring strategy and the security fault-tolerant strategy, and carries out security upgrade on the virtual machine monitor, the security monitor and the simplified operating system, the middleware and the application program contained in the high-security application. The security server encrypts the contents and sends the encrypted contents to a security monitoring chipset in a hardware security monitoring system matched with the computing node through an interconnection network, so that the dynamic maintenance and upgrade of the computing node security reinforcing system are realized.
Section 3: data migration between secure virtual platforms.
When the discrete computing nodes carry out cooperative operation through network interconnection, the independent hardware security monitoring system concurrently collects and detects the integrity and the security of the virtual machine monitor of each computing node and the security virtual machine executing high-security application, and sends detection information to the security server.
And the security server forms global security situation perception and security situation analysis according to the security detection information fed back by the independent hardware security monitors on the computing nodes. According to the requirements of load balancing and safety control, high-safety applications executed on part of computing nodes are selectively stopped and deleted, computing nodes with proper computing resources are selected, versions of a virtual machine monitor, a safety monitor, a simplified operating system, middleware and an application program which are contained in the high-safety applications and stored on a hardware safety monitor all meet the migration requirement of the safety virtual machine, field data of the related safety virtual machine is transmitted to a hardware safety monitoring system connected with the computing nodes through a password safety channel, the safety virtual machine is established through the virtual machine monitor, and the corresponding high-safety applications are continuously executed.
Therefore, compared with the prior art, the method and the device have the advantages that the current security situation of the computing nodes is accurately perceived, and good security guarantee is provided for the cooperative computing among the discrete computing nodes. And the independent hardware safety monitoring system is adopted to detect the real-time storage images of the high-safety application virtual machine and the virtual machine monitor, so that the safety defects of a bottom hardware system of the computing node and hardware trojans/logic bombs are effectively avoided, and the independence and the effectiveness of detection operation are ensured.
The hardware security monitoring system is connected with a remote security server by utilizing a communication port and an interconnection network in a computing node, and the security server uniformly marks, manages, maintains and upgrades the versions, compatibility and integrality of a virtual machine monitor, a security monitor and a simplified operating system, a middleware and an application program contained in high-security application which are stored in the hardware security monitoring system connected with different computing nodes.
When discrete computing nodes are interconnected through a network for cooperative operation, the security server selectively stops and deletes part of high-security applications executed on the computing nodes according to security detection information fed back by independent hardware security monitors on the computing nodes and according to the requirements of network security control and load balancing, migrates related security virtual machines and field data to proper computing nodes for continuous execution, and ensures the effectiveness and the security of data migration between security virtual platforms.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (8)
1. A data migration method between security virtual platforms on discrete computing nodes is characterized in that a security reinforcing system aiming at a virtual machine monitor is established on each discrete computing node, an independent hardware security monitoring system is utilized to simulate the client software release function of a remote server under a network environment, the security reinforcing system is connected with the remote security server by utilizing a communication port and an interconnection network of the computing nodes, and the security server uniformly marks, manages, maintains and upgrades the version, compatibility and integrity of the virtual machine monitor, the security monitor, an operating system, middleware and an application program stored in the security reinforcing system connected to each computing node; completing data migration through a security reinforcement system and a security server;
the security reinforcing system comprises a security monitor added in the virtual machine monitor, an independent hardware security monitoring system is adopted to be connected with the computing node, and the security reinforcing system is used for detecting and managing the running states of the virtual machine monitor and the virtual machine executing high-security application in real time;
the hardware security monitoring system stores program codes of the virtual machine monitor and the security monitor on one hand, and also stores an operating system, middleware and an application program required by high security application; the computing node configures a specific security partition through a virtual machine monitor according to the functional requirements and security requirements of different application environments, uploads an operating system, middleware and an application program required by high-security application to the security partition from a hardware security monitoring system, starts the virtual machine integrated on the partition in due time, completes the expected operation of the high-security application, and cancels the corresponding virtual machine and partition after the operation is completed; the hardware safety monitoring system consists of an interface, a routing chip and a group of safety monitoring chips, and the communication between the chips is carried out in a safety encryption mode.
2. The method for data migration between secure virtual platforms on discrete computing nodes as claimed in claim 1, wherein the virtual machine monitor uploads the operating system, middleware and applications involved in the high security application to a specific secure partition, starts and executes the high security application; during the execution of the high-security application, the integrity detection of an operating system, middleware and an application program in the partition acquires snapshots of the operating system, the middleware and the application program through a security monitor, and the snapshots are verified through background processing of a hardware security monitoring system; during the execution of the high-security application, if the virtual machine monitor is invaded or the partition of the security application is invaded, the hardware security monitoring system resets the system and cancels all the virtual machines to run.
3. The method for migrating data between secure virtual platforms on discrete compute nodes as recited in claim 2, wherein important intermediate data and final results involved in the running process of the high-security application are saved in the hardware security monitoring system, thereby effectively preventing data and information leakage.
4. The method for migrating data between secure virtual platforms on discrete compute nodes as claimed in claim 1, wherein the hardware security monitoring system is connected to a remote security server through a communication port of the compute node and an interconnection network, and the security server uniformly marks, manages, maintains and upgrades versions, compatibilities and integralities of the virtual machine monitor, the security monitor, the thin operating system, the middleware and the application program included in the hardware security monitoring system connected to each compute node.
5. The method as claimed in claim 1, wherein when the discrete computing nodes perform cooperative operations via the network interconnection, the security server selectively stops and deletes some of the high security applications executed on the computing nodes according to the security detection information fed back by the independent hardware security monitors on the computing nodes and according to the requirements of network security control and load balancing, and migrates the relevant security virtual machines and site data to the appropriate computing nodes for further execution.
6. The method for data migration between secure virtual platforms on discrete compute nodes as claimed in claim 1, wherein when the discrete compute nodes perform cooperative operations through network interconnection, the independent hardware security monitoring system collects and detects the integrity and security of the virtual machine monitor of each compute node and the secure virtual machine executing the high security application, and sends the detected information to the security server.
7. The method for data migration between secure virtual platforms on discrete compute nodes as claimed in claim 6, wherein the security server forms global security posture awareness and security posture analysis according to the detection information fed back by the independent hardware security monitoring system on each compute node, and selectively stops and deletes part of the high security applications executed on the compute nodes according to the requirements of load balancing and security control.
8. The method for migrating data between secure virtual platforms on discrete compute nodes according to claim 7, wherein the secure server transmits the field data of the related secure virtual machines to the compute nodes whose versions of the operating system, the middleware, and the application program included in the virtual machine monitor, the secure monitor, and the high-security application all satisfy the migration requirements of the secure virtual machines, to the hardware security monitoring system connected to these compute nodes through the secure channel, and establishes the secure virtual machines through the virtual machine monitor, and continues to execute the corresponding high-security applications.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610949375.1A CN106445641B (en) | 2016-11-02 | 2016-11-02 | Data migration method between secure virtual platforms on discrete computing nodes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610949375.1A CN106445641B (en) | 2016-11-02 | 2016-11-02 | Data migration method between secure virtual platforms on discrete computing nodes |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106445641A CN106445641A (en) | 2017-02-22 |
| CN106445641B true CN106445641B (en) | 2020-11-06 |
Family
ID=58177899
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610949375.1A Active CN106445641B (en) | 2016-11-02 | 2016-11-02 | Data migration method between secure virtual platforms on discrete computing nodes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106445641B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018165965A1 (en) * | 2017-03-17 | 2018-09-20 | 深圳市秀趣品牌文化传播有限公司 | System and method for dynamic migration of intensive e-commerce data |
| CN109981412B (en) * | 2017-03-31 | 2020-11-17 | 杭州数梦工场科技有限公司 | Data migration method and device in cluster and storage medium |
| CN109240712B (en) * | 2018-08-22 | 2022-03-22 | 深信服科技股份有限公司 | Data migration method of secure working space, terminal and storage medium |
| CN110008001B (en) * | 2019-03-29 | 2021-01-05 | 网御安全技术(深圳)有限公司 | Security reinforcement method and system for virtual machine monitor and hardware security monitoring card |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102262557A (en) * | 2010-05-25 | 2011-11-30 | 运软网络科技(上海)有限公司 | Method for constructing virtual machine monitor by bus architecture and performance service framework |
| CN102930213A (en) * | 2012-10-25 | 2013-02-13 | 中国航天科工集团第二研究院七〇六所 | Security monitoring system and security monitoring method based on virtual machine |
| CN103139221A (en) * | 2013-03-07 | 2013-06-05 | 中国科学院软件研究所 | Dependable virtual platform and construction method thereof, data migration method among platforms |
| CN103377349A (en) * | 2012-04-27 | 2013-10-30 | 美国博通公司 | Security controlled multi-processor system |
-
2016
- 2016-11-02 CN CN201610949375.1A patent/CN106445641B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102262557A (en) * | 2010-05-25 | 2011-11-30 | 运软网络科技(上海)有限公司 | Method for constructing virtual machine monitor by bus architecture and performance service framework |
| CN103377349A (en) * | 2012-04-27 | 2013-10-30 | 美国博通公司 | Security controlled multi-processor system |
| CN102930213A (en) * | 2012-10-25 | 2013-02-13 | 中国航天科工集团第二研究院七〇六所 | Security monitoring system and security monitoring method based on virtual machine |
| CN103139221A (en) * | 2013-03-07 | 2013-06-05 | 中国科学院软件研究所 | Dependable virtual platform and construction method thereof, data migration method among platforms |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106445641A (en) | 2017-02-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Li et al. | The serverless computing survey: A technical primer for design architecture | |
| EP2880589B1 (en) | Trusted execution environment virtual machine cloning | |
| US10203974B2 (en) | Probe insertion via background virtual machine | |
| US20180039507A1 (en) | System and method for management of a virtual machine environment | |
| US9509553B2 (en) | System and methods for management virtualization | |
| CN106445641B (en) | Data migration method between secure virtual platforms on discrete computing nodes | |
| KR101857009B1 (en) | Container-based platform for android malware analysis and security method using the same in a mobile device | |
| EP2862119B1 (en) | Network based management of protected data sets | |
| US11126468B2 (en) | Agent driven cluster gating for service management | |
| US20130111018A1 (en) | Passive monitoring of virtual systems using agent-less, offline indexing | |
| US11509545B2 (en) | Systems and methods for utilizing network hints to configure the operation of modern workspaces | |
| CN106529284B (en) | Virtual machine monitor security reinforcement method based on security chip | |
| CN106529342B (en) | Virtual machine monitor dynamic integrity detection method based on security chip | |
| US11836227B2 (en) | License verification system and method for workspace-based applications | |
| US11929989B2 (en) | Systems and methods for orchestrated VPN consolidation for modern workspaces | |
| US9349012B2 (en) | Distributed processing system, distributed processing method and computer-readable recording medium | |
| CN101488175B (en) | Method for preventing credible client virtual domain starting crash based on polling mechanism | |
| US11928498B2 (en) | Workspace migration system and method of using the same | |
| US11595404B2 (en) | Systems and methods for secure communications for modern workspaces | |
| US20220308945A1 (en) | Event management system and method for a workspace orchestration system | |
| US20230134096A1 (en) | Migration of workloads across cloud services based upon endpoint performance | |
| US20220308938A1 (en) | Systems and methods for power management for modern workspaces | |
| Benedetti et al. | Open-Source Serverless for Edge Computing: A Tutorial | |
| US11593187B2 (en) | Systems and methods for thread management for modern workspaces | |
| US11816508B2 (en) | Systems and methods for orchestrated resource consolidation for modern workspaces |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 518000 room 205, 2nd floor, new generation maker Park, Xinwei Road, Jiangwei community, Matian street, Guangming District, Shenzhen City, Guangdong Province Patentee after: Shenzhen Shuan Zhongyi Technology Co.,Ltd. Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Patentee before: SHENZHEN QIANHAI SHENGSHENG TECHNOLOGY Co.,Ltd. |
|
| CP03 | Change of name, title or address | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20231011 Address after: Building 205, Building 1, Shenzhen Software Industry Base, No. 81, 83, and 85, Gaoxin South 10th Road, Binhai Community, Yuehai Street, Nanshan District, Shenzhen, Guangdong Province, 518000 Patentee after: ZHONGYUN XIN'AN (SHENZHEN) TECHNOLOGY CO.,LTD. Address before: 518000 room 205, 2nd floor, new generation maker Park, Xinwei Road, Jiangwei community, Matian street, Guangming District, Shenzhen City, Guangdong Province Patentee before: Shenzhen Shuan Zhongyi Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right |