CN109213572A - A kind of confidence level based on virtual machine determines method and server - Google Patents

A kind of confidence level based on virtual machine determines method and server Download PDF

Info

Publication number
CN109213572A
CN109213572A CN201811055433.1A CN201811055433A CN109213572A CN 109213572 A CN109213572 A CN 109213572A CN 201811055433 A CN201811055433 A CN 201811055433A CN 109213572 A CN109213572 A CN 109213572A
Authority
CN
China
Prior art keywords
tpm
measurement results
password
server
owner
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811055433.1A
Other languages
Chinese (zh)
Other versions
CN109213572B (en
Inventor
甄鹏
唐超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201811055433.1A priority Critical patent/CN109213572B/en
Publication of CN109213572A publication Critical patent/CN109213572A/en
Application granted granted Critical
Publication of CN109213572B publication Critical patent/CN109213572B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The embodiment of the invention discloses a kind of confidence levels based on virtual machine to determine method, comprising: server receives the first measurement results that the reliable platform module TPM of virtual machine is reported;If then first measurement results are credible, which determines that first measurement results are the first measuring standard;The server sends reference data to the TPM later, which carries first measuring standard, so that the second measurement results are compared the TPM with first measuring standard, obtain the first reliable result.The embodiment of the invention also discloses a kind of servers.The embodiment of the present invention can be configured by the measuring standard that server carries out virtual machine to virtual machine, and whether the cryptographic Hash not needed in the local successively traversal measurement results of virtual machine is normal value, save allocation of computer resource.

Description

A kind of confidence level based on virtual machine determines method and server
Technical field
The present invention relates to computer safety fields more particularly to a kind of confidence level based on virtual machine to determine method and service Device.
Background technique
Virtualization technology is that one or more virtual computer systems are virtually turned on a physical computer, different Virtual computer system can run operating system and application program independent, each such virtual computer system A referred to as virtual machine.These virtual machines share bottom physical machine hardware resource, but every virtual machine has one's own void Quasi- hardware (such as central processing unit (central processing unit, CPU), memory and input/output (input/ouput, I/O) equipment), it is independent from each other between virtual machine.
With the development of virtualization technology, deployment and application of the virtual machine in Cloud Server are more and more, virtual machine Safety all the more receives attention.The management of current secure virtual machine strategy is single machine management, in virtual machine metric file to be measured It afterwards, whether is normal value by the cryptographic Hash in the local successively traversal measurement results of virtual machine, to guarantee the safety of virtual machine Property.
Since file to be measured does not change substantially, by the local Kazakhstan successively traversed in measurement results of virtual machine Whether uncommon value is normal value, wastes allocation of computer resource.
Summary of the invention
The embodiment of the invention provides a kind of confidence levels based on virtual machine to determine method and server, can pass through service The measuring standard that device carries out virtual machine to virtual machine configures, and does not need in the local Hash successively traversed in measurement results of virtual machine Whether value is normal value, saves allocation of computer resource.
The first aspect of the present invention provides a kind of confidence level based on virtual machine and determines method, comprising:
Server receives the first measurement results that the reliable platform module TPM of virtual machine is reported;
If first measurement results are credible, which determines the first measuring standard according to first measurement results;
The server sends first measuring standard to the TPM, so that the TPM is by the second measurement results and this first degree Amount benchmark is compared, and obtains the first reliable result, which belongs to different twice from first measurement results Measurement results.
In a kind of possible design of first aspect, the reliable platform module TPM which receives virtual machine is reported The first measurement results after further include:
If first measurement results are insincere, which sends the second measuring standard and enabled instruction to the TPM, should Enabled instruction is used to indicate the TPM and starts the virtual machine, and second measurement results and second measuring standard are compared It is right, obtain the second reliable result.
In a kind of possible design of first aspect, the reliable platform module TPM which receives virtual machine is reported The first measurement results before further include:
The server sends first owner's password to the TPM, and the first owner password is corresponding with the TPM;
The server sends second owner's password and file to be measured to the TPM, so that the TPM is close in second owner Measurement is somebody's turn to do file to be measured when code is identical with the first owner password, obtains first measurement results;
Correspondingly, the server sends first measuring standard to the TPM so that the TPM by the second measurement results with First measuring standard is compared, and obtains the first reliable result, comprising:
The server sends third owner password and the first reference data to the TPM, so that the TPM is in third owner Second measurement results are compared with first measuring standard when password and identical the first owner password, obtain this first Reliable result.
In a kind of possible design of first aspect, which sends first owner's password, first owner to the TPM After password is corresponding with the TPM, which to the TPM sends second owner's password and wait before measuring file further include:
The server receives the certification application request that the TPM is reported, and the certification certificate request is for applying and first category The corresponding first authentication certificate of main password;
The server sends the first authentication certificate to the TPM;
Correspondingly, the server receives the first measurement results that the reliable platform module TPM of virtual machine is reported, comprising:
The server receives first measurement results and the second authentication certificate that the TPM is reported;
Correspondingly, the server determines that first measurement results are the first measuring standard if first measurement results are credible, Include:
If the measurement results are credible and the second authentication certificate is identical as the first authentication certificate and this first Measurement results are credible, then the server determines that first measurement results are the first measuring standard.
In a kind of possible design of first aspect, which sends second owner's password and text to be measured to the TPM Part so that the TPM measured when the second owner password is identical with the first owner password should file be measured, obtain this One measurement is as a result, include:
The server sends second owner's password and file to be measured to the TPM, so that the TPM is close as second owner Measurement is somebody's turn to do file to be measured in the first start-up course when code is identical with the first owner password, obtains first measurement results;
Correspondingly, the server receives the first measurement results that the reliable platform module TPM of virtual machine is reported, comprising:
The first measurement knot that the reliable platform module TPM that the server receives virtual machine is reported in the second start-up course Fruit.
The second aspect of the present invention provides a kind of server, comprising:
First receiving module, the first measurement results that the reliable platform module TPM for receiving virtual machine is reported;
First processing module, if credible for first measurement results, it is determined that first receiving module received first Measurement results are the first measuring standard;
First sending module, for sending reference data to the TPM, which is carried at the first processing module Obtained the first measuring standard is managed, so that the second measurement results are compared the TPM with first measuring standard, obtains the One reliable result.
In a kind of possible design of second aspect, the server further include:
Second sending module sends the second measuring standard and starting to the TPM if insincere for first measurement results Instruction, the enabled instruction are used to indicate the TPM and start the virtual machine, and by second measurement results and second measuring standard It is compared, obtains the second reliable result.
In a kind of possible design of second aspect, the server further include:
Third sending module, for sending first owner's password to the TPM, the first owner password is corresponding with the TPM;
4th sending module, for sending second owner's password and file to be measured to the TPM, so that the TPM is at this Measurement is somebody's turn to do file to be measured when second owner's password is identical with the first owner password, obtains first measurement results;
Correspondingly, first sending module, for sending third owner password and reference data, the base value to the TPM The first measuring standard handled according to the first processing module is carried, so that the TPM is in third owner password and is somebody's turn to do Second measurement results are compared with first measuring standard when first owner's password is identical, obtain the first reliable result.
In a kind of possible design of second aspect, the server further include: the second receiving module and the 5th sending module;
Second receiving module, the certification application request reported for receiving the TPM, the certification certificate request is for applying The first authentication certificate corresponding with the first owner password that the third sending module is sent;
5th sending module, for sending the first authentication certificate to the TPM;
Correspondingly, first receiving module, for receiving first measurement results and the second authentication that the TPM is reported Certificate;
Correspondingly, the first processing module, and if first receiving module credible for the measurement results it is received this Two authentication certificates are identical as the first authentication certificate, then the server determines that first measurement results are the first measurement Benchmark.
The third aspect of the present invention provides a kind of server, comprising: memory, transceiver, processor and total linear system System;
Wherein, the memory is for storing program;
The processor is used to execute the program in the memory, includes the following steps:
Server receives the first measurement results that the reliable platform module TPM of virtual machine is reported;
If first measurement results are credible, which determines the first measuring standard according to first measurement results;
The server sends first measuring standard to the TPM, so that the TPM is by the second measurement results and this first degree Amount benchmark is compared, and obtains the first reliable result, which belongs to different twice from first measurement results Measurement results.
The fourth aspect of the present invention provides a kind of computer readable storage medium, deposits in the computer readable storage medium Instruction is contained, when run on a computer, so that computer executes the method that above-mentioned various aspects are somebody's turn to do.
As can be seen from the above technical solutions, the embodiment of the present invention has the advantage that
In the embodiment of the present invention, kind is provided based on the confidence level of virtual machine and determines method, server first receives virtual The first measurement results that the reliable platform module TPM of machine is reported;If first measurement results are credible, the server is according to this First measurement results determine the first measuring standard;The server sends first measuring standard to the TPM, so that the TPM will Second measurement results are compared with first measuring standard, obtain the first reliable result, second measurement results and this first Measurement results belong to measurement results different twice.By the above-mentioned means, virtual machine can be carried out to virtual machine by server Measuring standard configuration, the believable measurement results that server reports TPM are sent to TPM directly as measuring standard, and TPM can With based on measurement results later to be directly compared to obtain with the measuring standard measurement reliable result, and when file to be measured When change, corresponding measuring standard can change in real time with the change of credible measurement results, do not need virtual machine it is local according to Whether the cryptographic Hash in secondary traversal measurement results is normal value, saves allocation of computer resource.
Detailed description of the invention
Fig. 1 is that the confidence level of virtual machine in the embodiment of the present invention determines a configuration diagram of system;
Fig. 2 is that the confidence level of virtual machine in the embodiment of the present invention determines method one embodiment schematic diagram;
Fig. 3 is one embodiment schematic diagram of server in the embodiment of the present invention;
Fig. 4 is another embodiment schematic diagram of server in the embodiment of the present invention;
Fig. 5 is another embodiment schematic diagram of server in the embodiment of the present invention;
Fig. 6 is another embodiment schematic diagram of server in the embodiment of the present invention;
Fig. 7 is a structural schematic diagram of server in the embodiment of the present invention.
Specific embodiment
The embodiment of the invention provides a kind of confidence levels based on virtual machine to determine method, can pass through server centered pair Virtual machine carries out the measuring standard configuration of virtual machine, and the cryptographic Hash not needed in the local successively traversal measurement results of virtual machine is No is normal value, saves allocation of computer resource.
Description and claims of this specification and term " first ", " second ", " third ", " in above-mentioned attached drawing The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage The data that solution uses in this way are interchangeable under appropriate circumstances, so that the embodiment of the present invention described herein for example can be to remove Sequence other than those of illustrating or describe herein is implemented.In addition, term " includes " and " having " and theirs is any Deformation, it is intended that cover it is non-exclusive include, for example, containing the process, method of a series of steps or units, system, production Product or equipment those of are not necessarily limited to be clearly listed step or unit, but may include be not clearly listed or for this A little process, methods, the other step or units of product or equipment inherently.
It should be understood that a kind of confidence level based on virtual machine provided in an embodiment of the present invention determines that method can be applied to such as Fig. 1 Shown in system, referring to Fig. 1, Fig. 1 be the embodiment of the present invention in virtual machine confidence level determine system a framework signal Figure, as shown in Figure 1, server passes through reliable platform module (the trusted platform in network and virtual machine Module, TPM) it interacts.
Virtual machine is credible, and management platform is mounted in the management software of server, under the security strategy that user can be disposed It is sent to virtual machine trusted agent end, achievees the purpose that manage secure virtual machine strategy, it is below that virtual machine is credible for convenience of describing Management platform is referred to as server.
TPM refers to the safety chip for meeting TPM standard, it can be effectively protected personal computer (personal Computer, PC), prevent unauthorized users to access, TPM is typically mounted on computer motherboard, can be with by hardware bus The rest part of system communicates.
Virtual machine trusted agent end is the trusted software for being mounted on virtual machine, can call TPM phase by TPM driving interface Function is closed, and virtual machine can be registered to by virtual machine trusted agent end with the credible management Platform communication of virtual machine, virtual machine On credible management platform, under the premise of virtual machine keeps online, virtual machine is credible, and management platform can be to deploying virtual machine pipe Manage security strategy.
It should be understood that a kind of confidence level based on virtual machine provided in an embodiment of the present invention determines that method can be applied to be deployed in On the virtual machine of server is credible management platform, referring to Fig. 2, Fig. 2 is provided in an embodiment of the present invention a kind of to be based on virtual machine Confidence level determine a flow diagram of method, a kind of confidence level based on virtual machine provided in an embodiment of the present invention determines Method, comprising:
101, server receives the first measurement results that the reliable platform module TPM of virtual machine is reported;
In the embodiment of the present application, in the first measurement knot that the reliable platform module TPM that server receives virtual machine is reported Before fruit, user can first select a measurement template as file to be measured on the server, and then server will be wait measure File is issued in the TPM of virtual machine, completes the deployment to the file to be measured of virtual machine, optionally, server can be preparatory To be measured file to be disposed to virtual machine carries out Hash calculation, obtains the conduct of the first cryptographic Hash and judges virtual machine file to be measured Whether believable standard value.
In the embodiment of the present application, the TPM of virtual machine is receiving that server issues after measuring file, can create plan Slightly space, and by file measure storage into policy space, and being measured when measuring file in TPM needs, call be somebody's turn to do to Measure file.After measuring file deployment success, virtual machine will not be measured immediately, and the virtual machine for deploying Metric policy can be The file to be measured of measurement storage when starting next time, specifically, virtual machine treats measurement file during startup carries out Hash It calculates, obtains the first measurement results, and first measurement results are reported into server.
If 102, the first measurement results are credible, server determines the first measuring standard according to the first measurement results;
In the embodiment of the present application, server receives the first measurement results that the reliable platform module TPM of virtual machine is reported Afterwards, the first measurement results and the first cryptographic Hash can be compared, if unanimously, it is determined that first measurement results are credible, Correspondingly, the first measurement results directly can be determined as the first measuring standard by server.It should be noted that since user exists Be selected as on server file to be measured measurement template can according to the actual conditions of virtual machine this side of server into The corresponding adjustment of row, it is corresponding, if to judge that TPM measures the measurement results that file to be measured adjusted obtains credible for server, Then server can be adjusted correspondingly on the basis of the first measurement results, obtain updated first measuring standard.
103, server sends the first measuring standard to TPM, so that TPM is by the second measurement results and the first measuring standard It is compared, obtains the first reliable result, the second measurement results belong to measurement results different twice from the first measurement results.
In the embodiment of the present application, if the first measurement results are credible, server determines first degree according to the first measurement results Benchmark is measured, which can be used as the contrasting foundation of the confidence level of the measurement results after TPM judgement.Server to TPM sends the first measuring standard, so that the second measurement results are compared TPM with the first measuring standard, obtaining first can Letter is as a result, the second measurement results belong to measurement results different twice from the first measurement results.
In the embodiment of the present application, TPM receives the first measuring standard that server issues, using the first measuring standard as after The comparison basis of measurement results confidence level treats measurement file in TPM during startup and carries out Hash calculation, obtains second degree For amount as a result, it is desirable to illustrate, although the first measurement results and the second measurement results belong to measurement results different twice, but can To be the identical measurement file of content, i.e. the first measurement results and the second measurement results can wrap containing identical cryptographic Hash, It can wrap containing different cryptographic Hash.
In the embodiment of the present application, the second measurement results are compared TPM with the first measuring standard, obtain the first credible knot Fruit may include following 3 kinds of situations:
1, when file to be measured is by server active accommodation, TPM determines that the first measurement results and the second measurement results exist Difference, then it is insincere for obtaining the first reliable result;
2, when the unserviced device active accommodation of file to be measured, TPM determines that the first measurement results are deposited with the second measurement results In difference, then it is insincere for obtaining the first reliable result;
3, when the unserviced device active accommodation of file to be measured, determine that the first measurement results are not present with the second measurement results Difference, then it is credible for obtaining the first reliable result.
When file to be measured is adjusted, TPM determines that the first measurement results have differences with the second measurement results, obtains first After reliable result is insincere, virtual machine can be prevented to start by TPM, and TPM can report the second measurement results to server, and by the Two measurement results are compared with the first cryptographic Hash adjusted, if the second measurement results are credible, server is according to second degree Amount result determines the second measuring standard, sends the second measuring standard to TPM.
When the unserviced device active accommodation of file to be measured, TPM determines that the first measurement results and the second measurement results exist Difference, then it is insincere for obtaining the first reliable result, and reports the first measurement results to server, and server is known that the void The measurement file of quasi- machine is destroyed, and carries out corresponding safety measure.
In the embodiment of the present application, first that the reliable platform module TPM of server reception virtual machine first is reported is measured As a result;If the first measurement results are credible later, server determines the first measuring standard according to the first measurement results;Finally service Device sends the first measuring standard to TPM, so that the second measurement results are compared TPM with the first measuring standard, obtains the One reliable result, the second measurement results belong to measurement results different twice from the first measurement results.By the above-mentioned means, can be with It is configured by the measuring standard that server carries out virtual machine to virtual machine, the believable measurement results that server reports TPM are straight It connects and is sent to TPM as measuring standard, TPM can be based on measurement results later be directly compared with the measuring standard To measurement reliable result, and when wait measure file change when, corresponding measuring standard can with the change of credible measurement results and Change in real time, whether the cryptographic Hash not needed in the local successively traversal measurement results of virtual machine is normal value, saves calculating Machine configures resource.
Optionally, on the basis of above-mentioned Fig. 2 corresponding embodiment, it is provided in an embodiment of the present invention based on virtual machine can Reliability determines in first alternative embodiment of method, the reliable platform module TPM that server receives virtual machine report first After measurement results, can also include:
If the first measurement results are insincere, server sends the second measuring standard and enabled instruction, enabled instruction to TPM It is used to indicate TPM starting virtual machine, and the second measurement results are compared with the second measuring standard, obtains the second credible knot Fruit.
In the embodiment of the present application, if the first measurement results are insincere, wherein it is insincere can for when file to be measured by After destruction, when TPM judges that the cryptographic Hash of the first measurement results and the first measuring standard has differences, then the first credible knot is obtained Fruit be it is insincere, when the unserviced device active accommodation of file to be measured, and TPM determines the first measurement results and the second measurement results Have differences, and report the first measurement results to server, server it is known that the virtual machine file to be measured by It destroys, also available first measurement results are insincere for server.Server carries out corresponding safety measure to virtual machine later With restarting measure.Wherein, restarting measure can be with are as follows: server can receive second that user reconfigures manually Measuring standard and enabled instruction, second measuring standard can be different from the first measuring standard, and enabled instruction can exist for user The franchise code of server side input.After franchise code is issued to TPM by server, TPM can restart virtual machine, and will be by second degree Amount result is compared with the second measuring standard, obtains the second reliable result.
In the embodiment of the present application, server, can be by the second of user's manual configuration when the first measurement results are insincere Measuring standard and enabled instruction are issued to TPM, and TPM is allowed to restart virtual machine, and after being carried out based on second measuring standard Comparison that continuous measurement is credible, so that server can directly be restarted to virtual machine and benchmark when measurement results are insincere Reconfigure, do not need locally to configure in order benchmark in virtual machine, further save allocation of computer resource.
Optionally, on the basis of the corresponding embodiment of above-mentioned Fig. 2 and an optional embodiment, the present invention is implemented The confidence level based on virtual machine that example provides determines in second alternative embodiment of method that server receives the credible of virtual machine Before the first measurement results for relying console module TPM to report further include:
Server sends first owner's password to TPM, and first owner's password is corresponding with TPM;
Server sends second owner's password and file to be measured to TPM, so that TPM is in second owner's password and first Owner's password measures file to be measured when identical, obtain the first measurement results;
Correspondingly, server sends reference data to TPM, reference data carries the first measuring standard, so that TPM will Second measurement results are compared with the first measuring standard, obtain the first reliable result, comprising:
Server sends third owner password to TPM and reference data, reference data carry the first measuring standard, so that TPM is obtained the second measurement results are compared with the first measuring standard in third owner password and identical first owner's password, Obtain the first reliable result.
In the embodiment of the present application, server to TPM send first owner's password, first owner's password it is corresponding with TPM it Before, server can first receive first owner's password of user's input and the address of TPM corresponding with the first owner password Information, the first owner password are that user is determined as password corresponding with TPM.The first of user's input is received in server After owner's password, which can be issued to corresponding with the address information of the corresponding TPM of the first owner password TPM.Optionally, before server sends first owner's password to TPM, the legitimacy of first owner's password can be first detected, The legitimacy can refer to the requirement for whether meeting password complexity, such as length, capital and small letter and the requirement of spcial character etc.. TPM can be initialized after receiving first owner's password that server issues, and using the first owner password as it Unique web-privilege password Web when being measured afterwards.
In the embodiment of the present application, owner's password can be configured whether successful information feeds back to server by TPM, when configuration belongs to When main password fails, it is prompted to the specific error message of server, and server can configure owner's password again.
In the embodiment of the present application, after server sends first owner's password to TPM, server sends second to TPM and belongs to Main password and file to be measured, so that TPM measures file to be measured in second owner's password and identical first owner's password, Obtain the first measurement results.Server also while having sent second owner's password, second owner's password can to when measuring file To be that user inputs in server side, second owner's password as the file to be measured of user configuration virtual machine permission according to According to.The TPM of virtual machine is receiving that server issues after measuring file, first determines whether second owner's password and the first owner Whether password is identical, and if they are the same, then the file to be measured that TPM can be determined that the user issues from server is legal, then can be into One step measures file to be measured, and obtains the first measurement results.If second owner's password and first owner's password be not identical, TPM The file to be measured that can be determined that the user issues from server is illegal, then refuses further to measure file to be measured.
In the embodiment of the present application, second owner's password and file to be measured are sent to TPM in server, so that TPM exists File to be measured is measured when second owner's password and identical first owner's password, after obtaining the first measurement results, if the first measurement Credible result, then server determines the first measuring standard according to the first measurement results, and sends third owner password and the to TPM One reference data, so that TPM is in third owner password and identical first owner's password by the second measurement results and first degree Amount benchmark is compared, and obtains the first reliable result.
In the embodiment of the present application, server is after having determined the first measuring standard, when sending the first reference data to TPM, Third owner's password is also had sent simultaneously, wherein third owner's password can be what user inputted in server side, third owner Password can be identical as second owner's password, can also be different.Measurement base of the third owner password as user configuration virtual machine Quasi- permission foundation.The TPM of virtual machine first determines whether that third owner is close after receiving the first measuring standard that server issues Whether code and first owner's password are identical, and if they are the same, then TPM can be determined that the measuring standard that the user issues from server closes Method then can further measure file to be measured, and obtain the second measurement results, and by the second measurement results and the first measuring standard It is compared, obtains the first reliable result.If third owner password and first owner's password be not identical, TPM can be determined that this The measuring standard that user issues from server is illegal, then refuses further to measure file to be measured.
In the embodiment of the present application, file to be measured can be what server was selected from measurement template, such as example Have in the measurement template file of CentOS6.4: 1 ,/etc/environment;2,/etc/profile;3,/etc/shells; 4,/etc/password;5 ,/bin/ etc..
In the embodiment of the present application, optionally, server sends second owner's password and file to be measured to TPM, so that TPM measures file to be measured in second owner's password and identical first owner's password, obtains the first measurement results, can wrap Include: server sends second owner's password and file to be measured to TPM, so that TPM is as second owner's password and the first owner File to be measured is measured when password is identical in the first start-up course, obtains the first measurement results;Correspondingly, server receives void The first measurement results that the reliable platform module TPM of quasi- machine is reported may include: that server receives the believable flat of virtual machine The first measurement results that platform module TPM is reported in the second start-up course.
In the embodiment of the present application, server is being issued when measuring file and measuring standard, has issued the second owner respectively Password and third owner's password only judge that second owner's password and third owner password are close with the first owner respectively in TPM When code is identical, credible judgement just further can be measured and be measured, the TPM of virtual machine is allowed to carry out server Password permission identification increase the safety of virtual machine on the basis of saving allocation of computer resource.
Optionally, on the basis of above-mentioned Fig. 2 corresponding second optional embodiment, base provided in an embodiment of the present invention In the third alternative embodiment that the confidence level of virtual machine determines method, server to TPM send first owner's password, first After owner's password is corresponding with TPM, server is to TPM second owner's password of transmission and wait wrap before measuring file It includes:
Server receives the certification application request that TPM is reported, and certification certificate request is for applying and first owner's password pair The the first authentication certificate answered;
Server sends the first authentication certificate to TPM;
Correspondingly, server receives the first measurement results that the reliable platform module TPM of virtual machine is reported, can wrap It includes:
Server receives the first measurement results and the second authentication certificate that TPM is reported;
Correspondingly, server determines that the first measurement results are the first measuring standard if the first measurement results are credible, comprising:
If measurement results are credible and the second authentication certificate is identical as the first authentication certificate and the first measurement results Credible, then server determines that the first measurement results are the first measuring standard.
In the embodiment of the present application, after server sends first owner's password to TPM, can be initialized, and by this Unique web-privilege password Web when one owner's password is measured as after.TPM can be generated based on the first owner password Corresponding code key, and certification application request is reported to server according to the code key, certification certificate request belongs to for applying with first The corresponding first authentication certificate of main password, server are sent after receiving the certification application request that TPM is reported to TPM First authentication certificate, the first authentication certificate can be used for whether server identifies measurement results that subsequent TPM is reported It is legal.
In the embodiment of the present application, specifically, TPM is generated after receiving the first authentication certificate later each time First measurement results, and when the first measurement results are reported to server, all carry the second authentication certificate, wherein second Authentication certificate can be identical or not identical as the first authentication certificate, when the second authentication certificate is tested with the first identity When card certificate is identical, the measurement results that server then determines that TPM is reported are legal.Server can be further continued for judging first degree later Measure the credibility of result, specifically, server can file be measured to be disposed to virtual machine in advance carry out Hash calculation, obtain To the first cryptographic Hash as the whether believable standard value of virtual machine file to be measured is judged, server receives the believable of virtual machine After the first measurement results that console module TPM is reported, the first measurement results and the first cryptographic Hash can be compared, if one It causes, it is determined that first measurement results are credible, correspondingly, the first measurement results directly can be determined as the first measurement by server Benchmark.
In the embodiment of the present application, server can store measurement results after determining that measurement results that TPM is reported are legal It is carried out as the result is shown in measurement report database or directly in the related display terminal of server side.
In the embodiment of the present application, server needs to receive the second verifying certificate that TPM is reported, only in measuring standard It, just can be further true according to the first measurement results when server judges the second verifying certificate and the first verifying certificate is identical Determine measuring standard, server is allowed to carry out the certificate authority identification of measurement results, so that the measuring standard then issued is It is credible and be not tampered with, on the basis of saving allocation of computer resource, increase the safety of virtual machine.
The server 30 in the present invention is described in detail below, referring to Fig. 3, Fig. 3 is to take in the embodiment of the present invention Business 30 one embodiment schematic diagram of device, server 30 include:
First receiving module 301, the first measurement results that the reliable platform module TPM for receiving virtual machine is reported;
First processing module 302, if credible for the first measurement results, it is determined that the first receiving module 301 received the One measurement results are the first measuring standard;
First sending module 303, for sending reference data to TPM, reference data is carried 302 at first processing module The first obtained measuring standard is managed, so that the second measurement results are compared TPM with the first measuring standard, obtaining first can Believe result.
In the present embodiment, the first receiving module 301, the reliable platform module TPM for receiving virtual machine report One measurement results;First processing module 302, if credible for the first measurement results, it is determined that the first receiving module 301 is received First measurement results are the first measuring standard;First sending module 303, for sending reference data to TPM, reference data is carried The first measuring standard for thering are at first processing module 302 reasons obtain, so that TPM is by the second measurement results and the first measuring standard It is compared, obtains the first reliable result.
In the embodiment of the present application, a kind of server 30, first the first receiving module 301 are provided, for receiving virtual machine The first measurement results for reporting of reliable platform module TPM;Then first processing module 302, if being used for the first measurement results It is credible, it is determined that received first measurement results of the first receiving module 301 are the first measuring standard;Last first sending module 303, for sending reference data to TPM, reference data carries the first measurement base that 302 reasons at first processing module obtain Standard obtains the first reliable result so that the second measurement results are compared TPM with the first measuring standard.Pass through above-mentioned side Formula, server 30 can be configured by carrying out the measuring standard of virtual machine to virtual machine, and server 30 reports TPM believable Measurement results are sent to TPM directly as measuring standard, TPM can based on by measurement results later directly with the measuring standard It is compared to obtain measurement reliable result, and when changing wait measure file, corresponding measuring standard can be tied with credible measurement The change of fruit and change in real time, do not need successively to traverse whether the cryptographic Hash in measurement results is normal value virtual machine is local, Save allocation of computer resource.
Optionally, on the basis of the embodiment corresponding to above-mentioned Fig. 3, referring to Fig. 4, clothes provided in an embodiment of the present invention It is engaged in another embodiment of device 30, server 30 further include:
Second sending module 401 sends the second measuring standard and starting to TPM if insincere for the first measurement results Instruction, enabled instruction is used to indicate TPM starting virtual machine, and the second measurement results are compared with the second measuring standard, Obtain the second reliable result.
In the embodiment of the present application, server 30, can be by the of user's manual configuration when the first measurement results are insincere Two measuring standards and enabled instruction are issued to TPM, allow TPM to restart virtual machine, and carry out based on second measuring standard The credible comparison of subsequent measurement so that when measurement results are insincere, server 30 directly virtual machine can restart and Benchmark reconfigures, and does not need locally to configure in order benchmark in virtual machine, further saves allocation of computer resource.
Optionally, on the basis of the embodiment corresponding to above-mentioned Fig. 3, referring to Fig. 5 service provided in an embodiment of the present invention In another embodiment of device 30, referring to Fig. 5, server 30 further include:
Third sending module 501, for sending first owner's password to TPM, first owner's password is corresponding with TPM;
4th sending module 502, for sending second owner's password and file to be measured to TPM, so that TPM is second File to be measured is measured when owner's password and identical first owner's password, obtains the first measurement results;
Correspondingly, the first sending module 303, for being taken to TPM transmission third owner password and reference data, reference data With the first measuring standard that the processing of first processing module 302 obtains, so that TPM is close in third owner password and the first owner Second measurement results are compared with the first measuring standard when identical for code, obtain the first reliable result.
In the embodiment of the present application, server 30 is being issued when measuring file and measuring standard, has issued the second category respectively Main password and third owner's password, only TPM judge second owner's password and third owner password respectively with the first owner When password is identical, credible judgement just further can be measured and be measured, the TPM of virtual machine is serviced The password permission identification of device 30 increases the safety of virtual machine on the basis of saving allocation of computer resource.
Optionally, on the basis of the embodiment corresponding to above-mentioned Fig. 5, referring to Fig. 6 service provided in an embodiment of the present invention In another embodiment of device 30,
Server 30 further include: the second receiving module 601 and the 5th sending module 602;
Second receiving module 601, for receiving the certification application request that TPM reports, certification certificate request for apply with The corresponding first authentication certificate of first owner's password that third sending module is sent;
5th sending module 602, for sending the first authentication certificate to TPM;
Correspondingly, the first receiving module 301, for receiving the first measurement results and the second authentication card that TPM is reported Book;
Correspondingly, first processing module 302, and if first receiving module 301 received second credible for measurement results Authentication certificate is identical as the first authentication certificate, then server 30 determines that the first measurement results are the first measuring standard.
In the embodiment of the present application, server 30 needs to receive the second verifying certificate that TPM is reported, only in measuring standard Have when server 30 judges the second verifying certificate and the first verifying certificate is identical, just can further be tied according to the first measurement Fruit determines measuring standard, and server 30 is allowed to carry out the certificate authority identification of measurement results, so that the measurement then issued Benchmark is credible and is not tampered with, and on the basis of saving allocation of computer resource, increases the safety of virtual machine.
Fig. 7 is a kind of server architecture schematic diagram provided in an embodiment of the present invention, which can be because of configuration or performance It is different and generate bigger difference, it may include one or more central processing units (central processing Units, CPU) 522 (for example, one or more processors) and memory 532, one or more storages apply journey The storage medium 530 (such as one or more mass memory units) of sequence 542 or data 544.Wherein, 532 He of memory Storage medium 530 can be of short duration storage or persistent storage.The program for being stored in storage medium 530 may include one or one With upper module (diagram does not mark), each module may include to the series of instructions operation in server.Further, in Central processor 522 can be set to communicate with storage medium 530, execute on server 500 a series of in storage medium 530 Instruction operation.
Server 500 can also include one or more power supplys 526, one or more wired or wireless networks Interface 550, one or more input/output interfaces 558, and/or, one or more operating systems 541, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM etc..
The step as performed by server can be based on the server architecture shown in Fig. 7 in above-described embodiment.
CPU 522 is for executing following steps:
Receive the first measurement results that the reliable platform module TPM of virtual machine is reported;
If the first measurement results are credible, the first measuring standard is determined according to the first measurement results;
The first measuring standard is sent to TPM, so that the second measurement results are compared TPM with the first measuring standard, The first reliable result is obtained, the second measurement results belong to measurement results different twice from the first measurement results.
Optionally, CPU 522 is also used to execute following steps:
If the first measurement results are insincere, the second measuring standard and enabled instruction are sent to TPM, enabled instruction is for referring to Show that TPM starts virtual machine, and the second measurement results are compared with the second measuring standard, obtains the second reliable result.
Optionally, CPU 522 is also used to execute following steps:
First owner's password is sent to TPM, first owner's password is corresponding with TPM;
Second owner's password and file to be measured are sent to TPM, so that TPM is close in second owner's password and the first owner Code measures file to be measured when identical, obtains the first measurement results;
CPU 522 is specifically used for executing following steps:
Third owner password and the first reference data are sent to TPM, so that TPM is in third owner password and the first owner Second measurement results are compared with the first measuring standard when password is identical, obtain the first reliable result.
Optionally, CPU 522 is specifically used for executing following steps:
The certification application request that TPM is reported is received, certification certificate request is for applying for corresponding with first owner's password the One identity authentication proof book;
The first authentication certificate is sent to TPM;
CPU 522 is specifically used for executing following steps:
Receive the first measurement results and the second authentication certificate that TPM is reported;
CPU 522 is specifically used for executing following steps:
If measurement results are credible and the second authentication certificate is identical as the first authentication certificate and the first measurement results It is credible, it is determined that the first measurement results are the first measuring standard.
Optionally, CPU 522 is specifically used for executing following steps:
Second owner's password and file to be measured are sent to TPM, so that TPM is close as second owner's password and the first owner Code measures file to be measured when identical in the first start-up course, obtains the first measurement results;
Optionally, CPU 522 is specifically used for executing following steps:
Receive the first measurement results that the reliable platform module TPM of virtual machine is reported in the second start-up course.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided by the present invention, it should be understood that disclosed system, device and method can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the present invention Portion or part steps.And storage medium above-mentioned include: USB flash disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic or disk etc. are various can store program The medium of code.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although referring to before Stating embodiment, invention is explained in detail, those skilled in the art should understand that: it still can be to preceding Technical solution documented by each embodiment is stated to modify or equivalent replacement of some of the technical features;And these It modifies or replaces, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.

Claims (10)

1. a kind of confidence level based on virtual machine determines method characterized by comprising
Server receives the first measurement results that the reliable platform module TPM of virtual machine is reported;
If first measurement results are credible, the server determines the first measuring standard according to first measurement results;
The server sends first measuring standard to the TPM so that the TPM by the second measurement results with it is described First measuring standard is compared, and obtains the first reliable result, and second measurement results belong to first measurement results Measurement results different twice.
2. the method according to claim 1, wherein the server receives the reliable platform module of virtual machine After the first measurement results that TPM is reported further include:
If first measurement results are insincere, the server sends the second measuring standard and enabled instruction to the TPM, The enabled instruction is used to indicate the TPM and starts the virtual machine, and by second measurement results and described second degree Amount benchmark is compared, and obtains the second reliable result.
3. method according to claim 1 or 2, which is characterized in that the server receives the reliable platform of virtual machine Before the first measurement results that module TPM is reported further include:
The server sends first owner's password to the TPM, and the first owner password is corresponding with the TPM;
The server sends second owner's password and file to be measured to the TPM, so that the TPM belongs to described second The file to be measured is measured when main password is identical with the first owner password, obtains first measurement results;
Correspondingly, the server sends first measuring standard to the TPM, so that the TPM ties the second measurement Fruit is compared with first measuring standard, obtains the first reliable result, comprising:
The server sends third owner password and the first reference data to the TPM, so that the TPM is in the third Second measurement results are compared with first measuring standard when owner's password and identical the first owner password, Obtain first reliable result.
4. according to the method described in claim 3, it is characterized in that, the server to the TPM send first owner's password, After the first owner password is corresponding with the TPM, the server is to the TPM second owner's password of transmission and wait spend Before amount file further include:
The server receives the certification application request that the TPM reports, and the certification certificate request is for applying and described the The corresponding first authentication certificate of one owner's password;
The server sends the first authentication certificate to the TPM;
Correspondingly, the server receives the first measurement results that the reliable platform module TPM of virtual machine is reported, comprising:
The server receives first measurement results and the second authentication certificate that the TPM is reported;
Correspondingly, the server determines that first measurement results are the first measurement base if first measurement results are credible It is quasi-, comprising:
If the measurement results are credible and the second authentication certificate and the first authentication certificate are identical and described First measurement results are credible, then the server determines that first measurement results are the first measuring standard.
5. according to the method described in claim 3, it is characterized in that, the server sends second owner's password to the TPM With file to be measured so that described in the TPM measures when the second owner password is identical with the first owner password File to be measured obtains first measurement results, comprising:
The server sends second owner's password and file to be measured to the TPM, so that the TPM belongs to when described second The file to be measured is measured when main password is identical with the first owner password in the first start-up course, obtains described first Measurement results;
Correspondingly, the server receives the first measurement results that the reliable platform module TPM of virtual machine is reported, comprising:
The first measurement knot that the reliable platform module TPM that the server receives virtual machine is reported in the second start-up course Fruit.
6. a kind of server characterized by comprising
First receiving module, the first measurement results that the reliable platform module TPM for receiving virtual machine is reported;
First processing module, if credible for first measurement results, it is determined that first receiving module received first Measurement results are the first measuring standard;
First sending module, for sending reference data to the TPM, the reference data carries the first processing module The first obtained measuring standard is handled, so that the second measurement results are compared the TPM with first measuring standard, Obtain the first reliable result.
7. server according to claim 6, which is characterized in that the server further include:
Second sending module sends the second measuring standard and starting to the TPM if insincere for first measurement results Instruction, the enabled instruction are used to indicate the TPM and start the virtual machine, and will second measurement results and described the Two measuring standards are compared, and obtain the second reliable result.
8. server according to claim 6 or 7, which is characterized in that the server further include:
Third sending module, for sending first owner's password to the TPM, the first owner password is opposite with the TPM It answers;
4th sending module, for sending second owner's password and file to be measured to the TPM, so that the TPM is in institute State second owner's password it is identical with the first owner password when measure the file to be measured, obtain the first measurement knot Fruit;
Correspondingly, first sending module, for sending third owner password and reference data, the benchmark to the TPM Data carry the first measuring standard that the first processing module is handled, so that the TPM is in the third owner Second measurement results are compared with first measuring standard when password and identical the first owner password, are obtained First reliable result.
9. server according to claim 8, which is characterized in that the server further include: the second receiving module and Five sending modules;
Second receiving module, the certification application request reported for receiving the TPM, the certification certificate request are used for Shen Please the first authentication certificate corresponding with the first owner password that the third sending module is sent;
5th sending module, for sending the first authentication certificate to the TPM;
Correspondingly, first receiving module, tested for receiving first measurement results that the TPM is reported and the second identity Demonstrate,prove certificate;
Correspondingly, the first processing module, if the credible and described received institute of first receiving module for the measurement results It is identical as the first authentication certificate to state the second authentication certificate, then the server determines first measurement results For the first measuring standard.
10. a kind of computer readable storage medium, including instruction, when run on a computer, so that computer executes such as Method described in any one of claims 1 to 5.
CN201811055433.1A 2018-09-10 2018-09-10 Credibility determination method based on virtual machine and server Active CN109213572B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811055433.1A CN109213572B (en) 2018-09-10 2018-09-10 Credibility determination method based on virtual machine and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811055433.1A CN109213572B (en) 2018-09-10 2018-09-10 Credibility determination method based on virtual machine and server

Publications (2)

Publication Number Publication Date
CN109213572A true CN109213572A (en) 2019-01-15
CN109213572B CN109213572B (en) 2021-10-22

Family

ID=64987618

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811055433.1A Active CN109213572B (en) 2018-09-10 2018-09-10 Credibility determination method based on virtual machine and server

Country Status (1)

Country Link
CN (1) CN109213572B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112422478A (en) * 2019-08-21 2021-02-26 烽火通信科技股份有限公司 Virtual machine security authentication method and system
CN112527358A (en) * 2020-12-16 2021-03-19 中安可信(青岛)网络科技有限公司 Self-measurement-based credible application credibility measurement method, device and system
WO2023061397A1 (en) * 2021-10-12 2023-04-20 中兴通讯股份有限公司 Trusted measurement method and apparatus, computer device, and readable medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7222062B2 (en) * 2003-12-23 2007-05-22 Intel Corporation Method and system to support a trusted set of operational environments using emulated trusted hardware
US20080015808A1 (en) * 2006-05-02 2008-01-17 The Johns Hopkins University Methods and system for program execution integrity measurement
CN103501303A (en) * 2013-10-12 2014-01-08 武汉大学 Active remote attestation method for measurement of cloud platform virtual machine
CN103888251A (en) * 2014-04-11 2014-06-25 北京工业大学 Virtual machine credibility guaranteeing method in cloud environment
CN104216743A (en) * 2014-08-27 2014-12-17 中国船舶重工集团公司第七0九研究所 Method and system for maintaining start completeness of configurable virtual machine
CN104796427A (en) * 2015-04-30 2015-07-22 浪潮电子信息产业股份有限公司 Method and device for trusted cloud host static measurement based on Trust Grub
CN104951708A (en) * 2015-06-11 2015-09-30 浪潮电子信息产业股份有限公司 File measurement and protection method and device
CN105227319A (en) * 2015-10-23 2016-01-06 浪潮电子信息产业股份有限公司 A kind of method of authentication server and device
CN105678162A (en) * 2016-02-03 2016-06-15 浪潮电子信息产业股份有限公司 TPM-based control method for safe startup of operating system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7222062B2 (en) * 2003-12-23 2007-05-22 Intel Corporation Method and system to support a trusted set of operational environments using emulated trusted hardware
US20080015808A1 (en) * 2006-05-02 2008-01-17 The Johns Hopkins University Methods and system for program execution integrity measurement
CN103501303A (en) * 2013-10-12 2014-01-08 武汉大学 Active remote attestation method for measurement of cloud platform virtual machine
CN103888251A (en) * 2014-04-11 2014-06-25 北京工业大学 Virtual machine credibility guaranteeing method in cloud environment
CN104216743A (en) * 2014-08-27 2014-12-17 中国船舶重工集团公司第七0九研究所 Method and system for maintaining start completeness of configurable virtual machine
CN104796427A (en) * 2015-04-30 2015-07-22 浪潮电子信息产业股份有限公司 Method and device for trusted cloud host static measurement based on Trust Grub
CN104951708A (en) * 2015-06-11 2015-09-30 浪潮电子信息产业股份有限公司 File measurement and protection method and device
CN105227319A (en) * 2015-10-23 2016-01-06 浪潮电子信息产业股份有限公司 A kind of method of authentication server and device
CN105678162A (en) * 2016-02-03 2016-06-15 浪潮电子信息产业股份有限公司 TPM-based control method for safe startup of operating system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
QIN XI 等: "An integrity measurement model for embedded system-based trusted computing platform", 《2010 3RD INTERNATIONAL CONFERENCE ON ADVANCED COMPUTER THEORY AND ENGINEERING(ICACTE)》 *
张飞飞 等: "基于vTPM两阶段度量构建可信虚拟域", 《信息系统工程》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112422478A (en) * 2019-08-21 2021-02-26 烽火通信科技股份有限公司 Virtual machine security authentication method and system
CN112422478B (en) * 2019-08-21 2022-10-21 烽火通信科技股份有限公司 Virtual machine security authentication method and system
CN112527358A (en) * 2020-12-16 2021-03-19 中安可信(青岛)网络科技有限公司 Self-measurement-based credible application credibility measurement method, device and system
WO2023061397A1 (en) * 2021-10-12 2023-04-20 中兴通讯股份有限公司 Trusted measurement method and apparatus, computer device, and readable medium

Also Published As

Publication number Publication date
CN109213572B (en) 2021-10-22

Similar Documents

Publication Publication Date Title
US9766914B2 (en) System and methods for remote maintenance in an electronic network with multiple clients
US10796001B2 (en) Software verification method and apparatus
CN112527912B (en) Data processing method and device based on block chain network and computer equipment
CN108933838B (en) Application data processing method and device
CN109213572A (en) A kind of confidence level based on virtual machine determines method and server
CN106357694B (en) Access request processing method and device
CN111461720B (en) Identity verification method and device based on blockchain, storage medium and electronic equipment
CN110221949A (en) Automate operation management method, apparatus, equipment and readable storage medium storing program for executing
CN111224952A (en) Network resource acquisition method and device for directional flow and storage medium
CN111935195B (en) Distributed system management method, device, storage medium and distributed management system
CN112181599B (en) Model training method, device and storage medium
CN114428661A (en) Mirror image management method and device
CN111491298A (en) Authentication method and system based on EMQTT server access, server and client
CN114500025B (en) Account identifier acquisition method, device, server and storage medium
CN113852479B (en) Secure network construction method, device, equipment and computer storage medium
CN111491296A (en) Marathon L B-based access authentication method and system, server and vehicle-mounted client
CN116962399A (en) Management method and device of computing nodes and electronic equipment
CN116011000A (en) Access method, device and computing equipment
CN104243415A (en) Capacity calling method and device
CN116980164A (en) Access request processing method, system, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant