CN101984631A - Safety dynamic migration method of Xen virtual machine - Google Patents
Safety dynamic migration method of Xen virtual machine Download PDFInfo
- Publication number
- CN101984631A CN101984631A CN2010105337155A CN201010533715A CN101984631A CN 101984631 A CN101984631 A CN 101984631A CN 2010105337155 A CN2010105337155 A CN 2010105337155A CN 201010533715 A CN201010533715 A CN 201010533715A CN 101984631 A CN101984631 A CN 101984631A
- Authority
- CN
- China
- Prior art keywords
- physical server
- algorithm
- data
- virtual machine
- cryptographic hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a safety dynamic migration method of an Xen virtual machine, which comprises the following steps: generating a key on a source physical server based on an SSL protocol by a symmetric cryptographic algorithm; generating a public key and a private key on a target physical server based on an SSL protocol by an asymmetric cryptographic algorithm, and transmitting the public key to the source physical server; encrypting the key by the public key on the source physical server, and transmitting the encrypted key to the target physical server; decrypting the encrypted key by the private key on the target physical server to obtain the key; encrypting a transfer object by the key on the source physical server, and transmitting the encrypted transfer object to the target physical server; and after the target physical server receives the encrypted transfer object, decrypting the encrypted transfer object so as to complete migration of the transfer object from the source physical server to the target physical server. The safety dynamic migration method effectively prevents a listener from stealing the transmitted data so as to ensure transmission security of the migrated data.
Description
Technical field
The present invention relates to a kind of data dynamic migration method, refer to a kind of Xen secure virtual machine dynamic migration method especially.
Background technology
In computer realm of today, the application of Intel Virtualization Technology more and more widely.The virtual computer components that are meant are moving on the virtual basis rather than on the real basis.Intel Virtualization Technology can enlarge the capacity of hardware, simplify the process that reconfigures of software, can on a platform, move a plurality of operating systems simultaneously, and application program can move in separate space and be independent of each other, to significantly improve the operating efficiency of computer.
Xen is the virtualization product of increasing income.The Xen virtualized environment is made of Xen Hypervisor, Domain U (being divided into partly virtual and fully virtualized again), Domain 0.Xen Hypervisor is core and the basis of Xen, concerning virtual machine, Xen Hypervisor is abstract hardware layer, and virtual machine moves on XenHypervisor, Xen Hypervisor is responsible for the scheduling and the Memory Allocation of virtual machine, and the execution of control virtual machine.Domain U is the virtualized product of Xen, is can be for the virtual machine of user's use.Domain U divides two types: fully virtualized virtual machine and half virtual virtual machine, " half virtual virtual machine " is meant that the virtual server of having revised operating system in order to be suitable for Xen, " fully virtualized virtual machine " are meant the virtual server of operation unmodified operating system.Domain 0 is the franchise virtual machine of Xen, is a special Linux kernel who revised, and Domain 0 is for the special virtual machine of Domain U service, does not generally use for the user.
Dynamic migration is also named thermophoresis, exactly a virtual machine is moved on the target physical server from a source physical server.After migration was finished, virtual machine is smoothness run still, and the user can not perceive any difference.For the Xen product, the dynamic migration of Xen virtual machine is meant moves to certain the Domain U on the physical server of source on the target physical server.
The Xen community that increases income provides a series of Virtual Machine Manager and control tool, comprises xl, xm, xend, libxenctl etc., and xm wherein is an order line Virtual Machine Manager instrument, and it provides the function of dynamic migration.As Fig. 1, as follows based on the dynamic migration method of the Xen virtual machine of xm:
The first, between source physical server 10 and target physical server 20, set up network and be connected.Source physical server 10 and target physical server 20 may be connected on the same switch simultaneously, also may middlely cross over complicated network environment, even need to cross over Internet.
The second, by network, certain Domain U virtual machine 11 state and information (this state and information are referred to as data) at this moment of Xen is moved on the target physical server 20 from source physical server 10.The information of Domain U virtual machine 11 is meant Domain U virutal machine memory information, and virutal machine memory information is the main body of transfer of data.For example, one is used the virtual machine of 2G internal memory just to need to transmit the information of 2G size.The state of Domain U virtual machine 11 comprises virtual machine configuration and equipment state.
The 3rd, suspend the Domain U virtual machine 11 in (hang-up) source physical server 10, and the migration information that Domain U virtual machine 11 changes in carrying out second step process.Before this third step, Domain U virtual machine 11 is keeping running status always, though second step has been sent to the total data of Domain U virtual machine 11 on the target physical server 20, but, in the second step implementation, Domain U virtual machine 11 may have been revised its information again.Therefore, this third step is taked Domain U virtual machine 11 measures in first time-out (hang-up) the source physical server 10, guaranteeing that the Domain U virtual machine 11 in the source physical server 10 no longer changes its information, and then the information transfer that the Domain U virtual machine 11 in the source physical server 10 is changed in the second step implementation is in target physical server 20.Because second step can not continue the long time (approximately 1-3 minute, relevant with memory size), thereby Domain U virutal machine memory change in information amount can be very not big yet, so the time of this third step cost yet very short (general 200-600 millisecond).
The 4th, recover the Domain U virtual machine 21 in the target physical server 20.After the total data of the Domain U virtual machine 11 in the source physical server 10 (all states and information) is moved in the target physical server 20 veritably, forms new Domain U virtual machine 21 (being in suspended state) in target physical server 20, just can recover the Domain U virtual machine 21 of hang-up in the target physical server 20, so Domain U virtual machine 21 just moves on target physical server 20.
In practice, for example, when hardware need be safeguarded, just dynamic migration method that can be by above-mentioned Xen virtual machine based on xm with the Domain U virtual machine (vm) migration that needs in the physical server of source to safeguard to standby machine (being the target physical server), after maintenance is finished, it is moved back on the original source physical server, this transition process can make the still normally operation after recovery of all system services and application program again, and the user can not perceive because the interruption that hardware maintenance causes.And for example, when high availability heartbeat detects certain physical server and breaks down, just dynamic migration method that can be by above-mentioned Xen virtual machine based on xm all the virtual machine dynamic migrations on this physical server that breaks down to another normal physical server, thereby guarantee virtual machine can be because of the mistake of bottom physical hardware the machine of delaying.
As from the foregoing, the dynamic migration method of above-mentioned Xen virtual machine based on xm can make between a plurality of physical servers realizes load balancing, and the Domain U virtual machine (vm) migration of realizing by the dynamic migration method of above-mentioned Xen virtual machine can not impact user's work.But, from practice, can find, owing to may cross over complicated network environment between source physical server and the target physical server, or even Internet, and their network service between the two is without any encryption measures, thereby just can there be following two kinds of potential safety hazards in the Domain U virtual machine (vm) migration of realizing based on the dynamic migration method of above-mentioned Xen virtual machine:
First kind, the data of migration are monitored.The prison hearer is by the network between monitoring source and target physical server, the just total data that can obtain to transmit in the transition process.If the user is in store confidential data (such as user's bank card password) on virtual machine, so,, thereby produce great potential safety hazard just the network service of not encrypting might cause user's confidential data to be revealed.In addition, the prison hearer also may understand virtual machine internal program characteristics and leak by analyzing the data of monitoring, and virtual machine is attacked.
Second kind, the data of migration are modified.The hacker can not only monitor the network between source and target physical server, can also revise the data of transmitting between them.The hacker can be by revising the data that transmit, in virtual machine, insert Bug, and then control whole virtual machine, all data of virtual machine, behavior are exposed in hacker's eye fully, the hacker can collect security information or confidential information from the running environment of virtual machine, releasing virus makes the paralysis of virtual machine running environment, causes serious potential safety hazard.
Summary of the invention
The object of the present invention is to provide a kind of Xen secure virtual machine dynamic migration method, this method can prevent to supervise the data that the hearer steals transmission, guarantees the safety of transmission data.
To achieve these goals, the present invention has adopted following technical scheme:
A kind of Xen secure virtual machine dynamic migration method, it is characterized in that: it comprises the steps:
Step 1: on the physical server of source,, adopt symmetric encipherment algorithm to generate key based on ssl protocol;
Step 2: on the target physical server,, adopt rivest, shamir, adelman to generate PKI and private key, give this source physical server by Network Transmission with the PKI that generates based on ssl protocol;
Step 3: on the physical server of source, utilize the PKI that receives, give this target physical server by Network Transmission with encrypted secret key to secret key encryption;
Step 4: on the target physical server, utilize private key that encrypted secret key is decrypted, obtain key;
Step 5: on the physical server of source, utilize key that transmission object is encrypted, the transmission object of encrypting is transferred on the target physical server;
Step 6: after the target physical server receives the transmission object of encryption, the transmission object of this encryption is decrypted, thereby finishes the migration of transmission object from the source physical server to the target physical server.
Advantage of the present invention is:
In the process of the Domain U virtual machine of the inventive method in dynamic migration Xen, between source and target physical server, utilize ssl protocol to set up a kind of safe communication mechanism, thereby prevented that effectively the prison hearer from stealing the data of transmission, guaranteed the transmission security of migration data.In addition, the inventive method has been introduced data integrity verifying mechanism, thereby has prevented that effectively the hacker from distorting the data of transmission.
Description of drawings
Fig. 1 is based on the dynamic migration procedure chart of the Xen virtual machine of xm;
Fig. 2 is the realization flow figure of the inventive method first embodiment;
Fig. 3 is the realization flow figure of the inventive method second embodiment.
Embodiment
Ssl protocol (abbreviation of Secure Socket Layer, secure socket layer protocol) can provide a kind of secret transmission mechanism on Internet.Ssl protocol has been specified a kind of mechanism that the Information Security layering is provided between application protocol (as HTTP, Telenet, NMTP, FTP etc.) and ICP/IP protocol, it provides data encryption, server authentication, message integrity and optional client authentication for TCP/IP connects.Xen secure virtual machine dynamic migration method of the present invention is set up a kind of safe communication mechanism based on ssl protocol between source physical server and target physical server.
Xen secure virtual machine dynamic migration method of the present invention is carried out in Domain 0 virtual machine.Describe the present invention below.
As shown in Figure 2, Xen secure virtual machine dynamic migration method of the present invention comprises the steps one to six:
Step 1: on the physical server of source,, adopt symmetric encipherment algorithm to generate key based on ssl protocol;
Step 2: on the target physical server, based on ssl protocol, adopt rivest, shamir, adelman to generate PKI and private key, the PKI that generates is transferred to this source physical server with plaintext form (or other form) by network (based on ICP/IP protocol, following networking transmission is all based on ICP/IP protocol);
Step 3: on the physical server of source, utilize the PKI that receives, give this target physical server by Network Transmission with encrypted secret key to secret key encryption;
Step 4: on the target physical server, utilize private key that encrypted secret key is decrypted, obtain key;
Step 5: on the physical server of source, utilize key that transmission object is encrypted, the transmission object of encrypting is transferred on the target physical server;
Step 6: after the target physical server receives the transmission object of encryption, the transmission object of this encryption is decrypted, thereby finishes the migration of transmission object from the source physical server to the target physical server.
In step 1 of the present invention, used symmetric encipherment algorithm.Symmetric encipherment algorithm (claiming the encrypted private key algorithm again) is the cryptographic algorithm that same key is used in a kind of encryption and decryption.The characteristics of symmetric encipherment algorithm are that algorithm is open, amount of calculation is little, enciphering rate is fast, encryption efficiency is high.Because the inventive method is wanted the data volume of dynamic migration bigger (being generally the data of several GB sizes), and the process need of migration is finished as early as possible, so the inventive method has adopted this encryption efficiency height, the fast symmetric encipherment algorithm of enciphering rate to come transmission object is encrypted.If there is not key,, also can't decipher even if the prison hearer has stolen transmission object in the network transport process.
In step 2 of the present invention, used rivest, shamir, adelman.Rivest, shamir, adelman is to generate two different fully but a pair of key---PKI and private keys coupling fully can only decipher with private key with the data of public key encryption, if there is not private key, does not also decipher even if obtained ciphered data.Rivest, shamir, adelman is than slow thousands of times of symmetrical cryptographic algorithm, but aspect communication security, rivest, shamir, adelman but has the advantage (because private key has only deciphering person oneself to hold, can not transmit, so there is any potential safety hazard hardly) that symmetric encipherment algorithm is difficult to reach on network.Therefore, Communication Security Problem in view of the symmetric encipherment algorithm existence, in the methods of the invention, in order to guarantee the safety of key, the target physical server generates PKI and private key by rivest, shamir, adelman, and the PKI that generates is sent to the source physical server, thereby the PKI that the source physical server utilizes this rivest, shamir, adelman to generate is encrypted key, the private key that this rivest, shamir, adelman generates has only the target physical server to hold, and this private key can not transmit in network, therefore, other people can't obtain this private key.After will being sent to the target physical server from the source physical server by the transmission object of secret key encryption, have only the target physical server to decipher encrypted secret key by private key, obtain utilizing the key of deciphering that the transmission object of encrypting is decrypted behind the key, even and if the prison hearer has obtained encrypted secret key, because of there not being the private key of decruption key, also can't obtain key, guaranteed the transmission safety of key thus, and then guaranteed the safety of transmission object, prevented that the prison hearer from stealing the data of transmission.
In actual applications, can the total data (state and the information of Domain U virtual machine) of the Domain U virtual machine on the physical server of source be moved on the target physical server from the source physical server once by the invention described above method shown in Fig. 2, that is to say that the transmission object in the step 5 can be the total data of the Domain U virtual machine on the physical server of source.In addition, also can the total data in the Domain U virtual machine on the physical server of source be moved on the target physical server from the source physical server in batch by the invention described above method shown in Fig. 2, the a part of data of each migration, that is to say that the transmission object in the step 5 can be the partial data of the Domain U virtual machine on the physical server of source.Carry out step 5 and six, finish the migration of a part of data, therefore, step 5 and six need repeat repeatedly, stops when finishing until the total data migration of Domain U virtual machine.
The inventive method shown in Fig. 2 utilizes the mode of rivest, shamir, adelman and symmetric encipherment algorithm collaborative work to guarantee the data transmission security of Domain U virtual machine in the dynamic migration process, solved the network monitoring person and stolen data problem, eliminated because the potential safety hazard that data leak caused.
In order further to solve hacker's altered data problem on the basis of stealing data problem solution network monitoring person, the present invention has introduced data integrity verifying mechanism, has proposed following safe dynamic migration method, as shown in Figure 3:
Steps A: on the physical server of source,, adopt symmetric encipherment algorithm to generate key based on ssl protocol;
Step B: on the target physical server,, adopt rivest, shamir, adelman to generate PKI and private key, give this source physical server with plaintext form (or other form) by Network Transmission with the PKI that generates based on ssl protocol;
Step C: on the physical server of source, utilize the PKI that receives, give this target physical server by Network Transmission with encrypted secret key to secret key encryption;
Step D: on the target physical server, utilize private key that encrypted secret key is decrypted, obtain key;
Step e: add the cryptographic Hash step, be specially:, calculate the cryptographic Hash of data to be transmitted by hash algorithm; These data to be transmitted add that himself corresponding cryptographic Hash is as transmission object;
Step F: on the physical server of source, utilize key that transmission object is encrypted, the transmission object of encrypting is transferred on the target physical server;
Step G: after the target physical server receives the transmission object of encryption, the transmission object of this encryption is decrypted, thereby finishes the migration of transmission object from the source physical server to the target physical server;
Step H: checking procedure is specially: the data and the cryptographic Hash that extract transmission from the transmission object of deciphering; By hash algorithm, calculate the cryptographic Hash of data of this transmission of extraction; Cryptographic Hash that calculates and the cryptographic Hash that extracts are compared, obtain the cryptographic Hash comparative result; If being two cryptographic Hash, the cryptographic Hash comparative result equates that then the notification source physical server this time transmits successfully; If the cryptographic Hash comparative result is that two cryptographic Hash are unequal, the transmission object of encrypting in the step F that then retransfers (may cause loading error occurring by unstable networks, therefore take retransmission mechanism); If retransfer, after the cryptographic Hash that the cryptographic Hash that sends and Practical Calculation are gone out compares, the cryptographic Hash comparative result still is that two cryptographic Hash are unequal, then notification source physical server data may be distorted in transport process, abandon continuing to transmit data (just stopping whole dynamic migration).
In step e, used hash algorithm.Hash algorithm can be mapped as the binary value of random length the less binary value of regular length, this less binary value is cryptographic Hash, cryptographic Hash is the unique and extremely compact numeric representation form of one piece of data, if one section plaintext of hash and even only change a word of this section plaintext, cryptographic Hash subsequently all will produce different values, it is impossible finding two different data of same cryptographic Hash, therefore, the inventive method uses hash algorithm to finish the verification of data integrity.
In actual applications, can the total data of the Domain U virtual machine on the physical server of source be moved on the target physical server from the source physical server once by the invention described above method shown in Fig. 3, that is to say that the data to be transmitted in the step e can be the total data of the Domain U virtual machine on the physical server of source.In addition, also can the total data in the Domain U virtual machine on the physical server of source be moved on the target physical server from the source physical server in batch by the invention described above method shown in Fig. 3, data block of each migration, the specific implementation method is: the data block that the total data in the Domain U virtual machine on the physical server of source is divided into a plurality of preseting lengths (is considered the computational efficiency and the data transmission efficiency of hash algorithm, the length of data block can be set at 4KB, certainly, also can be set at other length, for example 1KB, 2KB, 1MB, 2MB etc.), once move a data block; For step e, the data to be transmitted in this step refer to a data block; Carry out a step e to H, finish the migration of a data block, therefore, want the total data in the Domain U virtual machine has been moved, will repeat repeatedly step e to H, the total data in Domain U virtual machine (i.e. all data blocks) migration finishes or target physical server notification source physical server is abandoned stopping when continuation transmits data.
In the measure that the transmission data are encrypted, the inventive method shown in Fig. 3 has been taked data integrity verifying mechanism again, guaranteed that data can not distorted by the hacker in the network migration process, eliminated the potential safety hazard that causes by distorting the virtual machine internal data, for example, security information or confidential information leakage, virus release, the paralysis of virtual machine running environment etc.
In the present invention, symmetric encipherment algorithm can be any in 3DES algorithm, aes algorithm, DES algorithm, Blowfish algorithm, CAST algorithm, IDEA algorithm, RC2 algorithm or the RC5 algorithm.Rivest, shamir, adelman can be any in RSA public key algorithm, DH algorithm or the DSA algorithm.Hash algorithm can be any in SHA-1 algorithm, MD4 algorithm, MD5 algorithm, SHA-256 algorithm, SHA-384 algorithm or the SHA-512 algorithm, and cryptographic Hash can place the head or the afterbody of data to be transmitted (data block) to constitute transmission object.
Above-mentioned is preferred embodiment of the present invention and the know-why used thereof; for a person skilled in the art; under the situation that does not deviate from the spirit and scope of the present invention; any based on conspicuous changes such as the equivalent transformation on the technical solution of the present invention basis, simple replacements, all belong within the protection range of the present invention.
Claims (9)
1. Xen secure virtual machine dynamic migration method, it is characterized in that: it comprises the steps:
Step 1: on the physical server of source,, adopt symmetric encipherment algorithm to generate key based on ssl protocol;
Step 2: on the target physical server,, adopt rivest, shamir, adelman to generate PKI and private key, give this source physical server by Network Transmission with the PKI that generates based on ssl protocol;
Step 3: on the physical server of source, utilize the PKI that receives, give this target physical server by Network Transmission with encrypted secret key to secret key encryption;
Step 4: on the target physical server, utilize private key that encrypted secret key is decrypted, obtain key;
Step 5: on the physical server of source, utilize key that transmission object is encrypted, the transmission object of encrypting is transferred on the target physical server;
Step 6: after the target physical server receives the transmission object of encryption, the transmission object of this encryption is decrypted, thereby finishes the migration of transmission object from the source physical server to the target physical server.
2. the method for claim 1 is characterized in that:
Described transmission object is the total data of the Domain U virtual machine on the physical server of described source.
3. the method for claim 1 is characterized in that:
Described transmission object is the partial data of the Domain U virtual machine on the physical server of described source; Described step 5 and described step 6 repeat repeatedly, move until the total data of Domain U virtual machine to stop when finishing.
4. the method for claim 1 is characterized in that:
Also comprise before the described step 5 and add the cryptographic Hash step, this interpolation cryptographic Hash step is specially: by hash algorithm, calculate the cryptographic Hash of data to be transmitted; These data to be transmitted add that himself corresponding cryptographic Hash is as the transmission object in the described step 5;
Also comprise checking procedure after the described step 6, this checking procedure is specially: the data and the cryptographic Hash that extract transmission from the transmission object of deciphering; By hash algorithm, calculate the cryptographic Hash of data of this transmission of extraction; Cryptographic Hash that calculates and the cryptographic Hash that extracts are compared; If two cryptographic Hash equate, then notify described source physical server this time to transmit successfully; If two cryptographic Hash are unequal, then retransfer; Cryptographic Hash comparative result after if retransfer still is that two cryptographic Hash are unequal, then notifies described source physical server data may to be distorted in transport process, abandons continuing to transmit data.
5. method as claimed in claim 4 is characterized in that:
Total data in the Domain U virtual machine on the physical server of described source is divided into the data block of a plurality of preseting lengths, and this data block is the data to be transmitted in the described interpolation cryptographic Hash step;
Described interpolation cryptographic Hash step, described step 5, described step 6 and described checking procedure repeat repeatedly, and the total data migration in Domain U virtual machine finishes or abandons stopping when continuation transmits data.
6. as each described method in the claim 1 to 5, it is characterized in that:
Described symmetric encipherment algorithm is any in 3DES algorithm, aes algorithm, DES algorithm, Blowfish algorithm, CAST algorithm, IDEA algorithm, RC2 algorithm or the RC5 algorithm.
7. as each described method in the claim 1 to 5, it is characterized in that:
Described rivest, shamir, adelman is any in RSA public key algorithm, DH algorithm or the DSA algorithm.
8. as claim 4 or 5 described methods, it is characterized in that:
Described hash algorithm is any in SHA-1 algorithm, MD4 algorithm, MD5 algorithm, SHA-256 algorithm, SHA-384 algorithm or the SHA-512 algorithm.
9. as claim 4 or 5 described methods, it is characterized in that:
Described cryptographic Hash places the head of data described to be transmitted or afterbody and constitutes described transmission object.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105337155A CN101984631A (en) | 2010-11-05 | 2010-11-05 | Safety dynamic migration method of Xen virtual machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105337155A CN101984631A (en) | 2010-11-05 | 2010-11-05 | Safety dynamic migration method of Xen virtual machine |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101984631A true CN101984631A (en) | 2011-03-09 |
Family
ID=43641802
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105337155A Pending CN101984631A (en) | 2010-11-05 | 2010-11-05 | Safety dynamic migration method of Xen virtual machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101984631A (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102118458A (en) * | 2011-03-10 | 2011-07-06 | 浪潮(北京)电子信息产业有限公司 | Method and system for live migration of virtual machine |
| CN102609347A (en) * | 2012-02-17 | 2012-07-25 | 江苏南开之星软件技术有限公司 | Method for detecting load hotspots in virtual environment |
| CN102932459A (en) * | 2012-11-05 | 2013-02-13 | 广州杰赛科技股份有限公司 | Security control method of virtual machine |
| CN103888263A (en) * | 2014-04-04 | 2014-06-25 | 国建正坤数字科技(北京)有限公司 | Security realizing method applied to mobile business system |
| CN105700945A (en) * | 2016-01-12 | 2016-06-22 | 中南大学 | Clean room environment-based safe virtual machine migration method |
| CN105959108A (en) * | 2016-06-27 | 2016-09-21 | 收付宝科技有限公司 | Method, device and system for encrypting and decrypting cloud payment limiting secret key |
| CN106464674A (en) * | 2014-05-12 | 2017-02-22 | 谷歌公司 | Managing NIC-encrypted flows for migrating guests or tasks |
| CN108155988A (en) * | 2017-12-22 | 2018-06-12 | 浪潮(北京)电子信息产业有限公司 | A kind of moving method, device, equipment and readable storage medium storing program for executing for protecting key |
| CN108551441A (en) * | 2018-03-29 | 2018-09-18 | 四川畅云出行信息技术有限公司 | A kind of implementation method of vehicle-mounted networking device |
| CN109165080A (en) * | 2018-08-10 | 2019-01-08 | 云宏信息科技股份有限公司 | Guard method, device and the physical machine of the online transition process internal storage data of virtual machine |
| CN109684044A (en) * | 2019-01-03 | 2019-04-26 | 北京工业大学 | The binding method of virtual machine and vTPCM during static migrating |
| CN110347483A (en) * | 2018-04-08 | 2019-10-18 | 中兴通讯股份有限公司 | Physical machine is to virtual machine migration method, device and storage medium |
| WO2020000285A1 (en) * | 2018-06-28 | 2020-01-02 | Intel Corporation | Secure virtual machine migration using encrypted memory technologies |
| CN111124599A (en) * | 2019-11-08 | 2020-05-08 | 海光信息技术有限公司 | Virtual machine memory data migration method and device, electronic equipment and storage medium |
| CN115118526A (en) * | 2022-08-23 | 2022-09-27 | 北京润尼尔网络科技有限公司 | VR device data migration method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1612642A2 (en) * | 2004-06-30 | 2006-01-04 | Microsoft Corporation | Systems and methods for licensing operating systems using an emulated computing environment |
| CN101405694A (en) * | 2006-03-21 | 2009-04-08 | 国际商业机器公司 | Method and apparatus for migrating a virtual TPM instance and preserving uniqueness and completeness of the instance |
| CN101739282A (en) * | 2008-11-18 | 2010-06-16 | 华为技术有限公司 | Method, device and system for managing virtual machine |
-
2010
- 2010-11-05 CN CN2010105337155A patent/CN101984631A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1612642A2 (en) * | 2004-06-30 | 2006-01-04 | Microsoft Corporation | Systems and methods for licensing operating systems using an emulated computing environment |
| CN101405694A (en) * | 2006-03-21 | 2009-04-08 | 国际商业机器公司 | Method and apparatus for migrating a virtual TPM instance and preserving uniqueness and completeness of the instance |
| CN101739282A (en) * | 2008-11-18 | 2010-06-16 | 华为技术有限公司 | Method, device and system for managing virtual machine |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102118458A (en) * | 2011-03-10 | 2011-07-06 | 浪潮(北京)电子信息产业有限公司 | Method and system for live migration of virtual machine |
| CN102609347A (en) * | 2012-02-17 | 2012-07-25 | 江苏南开之星软件技术有限公司 | Method for detecting load hotspots in virtual environment |
| CN102609347B (en) * | 2012-02-17 | 2015-09-30 | 江苏南开之星软件技术有限公司 | A kind of method of load Hot spots detection under virtualized environment |
| CN102932459B (en) * | 2012-11-05 | 2016-02-10 | 广州杰赛科技股份有限公司 | A kind of method of controlling security of virtual machine |
| CN102932459A (en) * | 2012-11-05 | 2013-02-13 | 广州杰赛科技股份有限公司 | Security control method of virtual machine |
| CN103888263B (en) * | 2014-04-04 | 2017-07-11 | 国建正坤数字科技(北京)有限公司 | A kind of security solution method for being applied to mobile business affairs system |
| CN103888263A (en) * | 2014-04-04 | 2014-06-25 | 国建正坤数字科技(北京)有限公司 | Security realizing method applied to mobile business system |
| CN106464674A (en) * | 2014-05-12 | 2017-02-22 | 谷歌公司 | Managing NIC-encrypted flows for migrating guests or tasks |
| CN106464674B (en) * | 2014-05-12 | 2021-11-16 | 谷歌有限责任公司 | Managing NIC encryption streams for migrating customers or tasks |
| US10693850B2 (en) | 2014-05-12 | 2020-06-23 | Google Llc | Managing NIC-encrypted flows for migrating guests or tasks |
| CN105700945A (en) * | 2016-01-12 | 2016-06-22 | 中南大学 | Clean room environment-based safe virtual machine migration method |
| CN105700945B (en) * | 2016-01-12 | 2019-01-11 | 中南大学 | A kind of secure virtual machine moving method based on clean |
| CN105959108A (en) * | 2016-06-27 | 2016-09-21 | 收付宝科技有限公司 | Method, device and system for encrypting and decrypting cloud payment limiting secret key |
| CN108155988A (en) * | 2017-12-22 | 2018-06-12 | 浪潮(北京)电子信息产业有限公司 | A kind of moving method, device, equipment and readable storage medium storing program for executing for protecting key |
| CN108551441A (en) * | 2018-03-29 | 2018-09-18 | 四川畅云出行信息技术有限公司 | A kind of implementation method of vehicle-mounted networking device |
| CN110347483A (en) * | 2018-04-08 | 2019-10-18 | 中兴通讯股份有限公司 | Physical machine is to virtual machine migration method, device and storage medium |
| WO2020000285A1 (en) * | 2018-06-28 | 2020-01-02 | Intel Corporation | Secure virtual machine migration using encrypted memory technologies |
| CN109165080A (en) * | 2018-08-10 | 2019-01-08 | 云宏信息科技股份有限公司 | Guard method, device and the physical machine of the online transition process internal storage data of virtual machine |
| CN109684044A (en) * | 2019-01-03 | 2019-04-26 | 北京工业大学 | The binding method of virtual machine and vTPCM during static migrating |
| CN111124599A (en) * | 2019-11-08 | 2020-05-08 | 海光信息技术有限公司 | Virtual machine memory data migration method and device, electronic equipment and storage medium |
| CN111124599B (en) * | 2019-11-08 | 2021-04-30 | 海光信息技术股份有限公司 | Virtual machine memory data migration method and device, electronic equipment and storage medium |
| CN115118526A (en) * | 2022-08-23 | 2022-09-27 | 北京润尼尔网络科技有限公司 | VR device data migration method |
| CN115118526B (en) * | 2022-08-23 | 2022-11-25 | 北京润尼尔网络科技有限公司 | VR device data migration method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101984631A (en) | Safety dynamic migration method of Xen virtual machine | |
| CN111130757B (en) | Multi-cloud CP-ABE access control method based on block chain | |
| Bhardwaj et al. | Security algorithms for cloud computing | |
| CN105700945B (en) | A kind of secure virtual machine moving method based on clean | |
| Pant et al. | Three step data security model for cloud computing based on RSA and steganography | |
| CN105933113A (en) | Secret key backup recovering method and system, and related devices | |
| US11936778B2 (en) | Systems and methods of post-quantum security management | |
| CN107368737A (en) | A kind of processing method for preventing copy-attack, server and client | |
| CN103378971A (en) | Data encryption system and method | |
| CN110401538A (en) | Data ciphering method, system and terminal | |
| US20210200883A1 (en) | Enclave Fork Support | |
| CN107391232A (en) | A kind of system level chip SOC and SOC systems | |
| Abdul-Jabbar et al. | Integrity and security in cloud computing environment: a review | |
| CN102984146A (en) | Data management method for cloud computing | |
| CN117240625B (en) | Tamper-resistant data processing method and device and electronic equipment | |
| Bakro et al. | Hybrid blockchain-enabled security in cloud storage infrastructure using ECC and AES algorithms | |
| Pradeep et al. | Survey on the key management for securing the cloud | |
| Mavrogiannopoulos et al. | A linux kernel cryptographic framework: decoupling cryptographic keys from applications | |
| Checkoway et al. | Where did i leave my keys? Lessons from the juniper dual ec incident | |
| Darwish et al. | Privacy and security of cloud computing: a comprehensive review of techniques and challenges | |
| Bouamama et al. | Cloud Key Management using Trusted Execution Environment. | |
| Han et al. | Scalable and secure virtualization of hsm with scaletrust | |
| Apostol et al. | A survey on privacy enhancements for massively scalable storage systems in public cloud environments | |
| CN108985079A (en) | Data verification method and verifying system | |
| Kaur et al. | Enhancement in homomorphic encryption scheme for cloud data security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING CENTURY BROADBAND INTERNET DATA CENTER CO. Free format text: FORMER OWNER: BEIJING BANYANO DATA CENTER SOLUTIONS LTD. Effective date: 20121022 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20121022 Address after: 100015 No. 3, building 5, building 1, Jiuxianqiao East Road, Chaoyang District, Beijing Applicant after: Beijing Century Broadband Internet Data Center Co., Ltd. Address before: 100015 No. 3, building 5, building 1, Jiuxianqiao East Road, Chaoyang District, Beijing Applicant before: Beijing BANYANO Data Center Solutions Ltd. |
|
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110309 |