CN102999357A - Configuration method and system of trusty machine - Google Patents
Configuration method and system of trusty machine Download PDFInfo
- Publication number
- CN102999357A CN102999357A CN201210466678XA CN201210466678A CN102999357A CN 102999357 A CN102999357 A CN 102999357A CN 201210466678X A CN201210466678X A CN 201210466678XA CN 201210466678 A CN201210466678 A CN 201210466678A CN 102999357 A CN102999357 A CN 102999357A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- terminal
- trusted
- machine
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000001514 detection method Methods 0.000 claims abstract description 13
- 230000008859 change Effects 0.000 claims description 18
- 238000012216 screening Methods 0.000 claims description 8
- 238000012546 transfer Methods 0.000 claims description 8
- 230000006870 function Effects 0.000 abstract description 12
- 238000010586 diagram Methods 0.000 description 7
- 239000002699 waste material Substances 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000013522 software testing Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a configuration method and a configuration system of a trusty machine for solving the problem that a computer resource is wasted for the reason that a computer cannot fully exert functions due to the setting of the trusty machine. The method comprises the following steps of: generating terminal information of each terminal, and adding the virtual machine information of the trusty virtual machine into the terminal information targeted at a terminal installed with a trusty virtual machine; receiving the terminal information sent by each terminal, and storing the terminal information in a control set; randomly acquiring one piece of terminal information from the control set, and detecting whether the virtual machine information exists in the terminal information; and if the existence of the virtual machine information in the terminal information is detected, configuring the trusty virtual machine as a trusty machine, if the existence of the virtual machine information in the terminal information is not detected, re-acquiring a piece of terminal information from the control set, and further carrying out detection operation.
Description
Technical Field
The invention relates to computer security technology, in particular to a configuration method and a configuration system of a trusted machine.
Background
Generally, a user can use a computer to perform work, such as writing a document, browsing a web page, downloading a file, transferring a file, and the like, and thus, the computer performing the work behavior may be referred to as a work machine. However, the web page may be hung up in horse, and the downloaded file may also have a virus, so that these behaviors cannot be guaranteed to be safe.
In the management and maintenance of enterprise computer security, however, a computer needs to be designated as a trusted machine on which files are considered secure. That is, if a file in a computer is detected to exist in the trusted computer as well, the file can be considered to be trusted.
Just because the files on the trusted machine are considered to be absolutely secure, the files in the trusted machine cannot be modified or added at will. Thus, once a computer is designated as a trusted machine, the computer cannot become a work machine, and the main function of the trusted machine is to serve as a reference for file security, most of the resources in the computer that is a trusted machine are not utilized, e.g., the work function is not used. Therefore, the computer does not function sufficiently, which causes waste of computer resources.
Disclosure of Invention
The embodiment of the invention provides a configuration method and a configuration system of a trusted machine, which aim to solve the problem that the computer resource is wasted because the trusted machine is set and the computer does not fully play a function.
In order to solve the above problem, an embodiment of the present invention discloses a configuration method of a trusted machine, including:
generating terminal information of each terminal, and adding virtual machine information of a trusted virtual machine in the terminal information aiming at the terminal provided with the trusted virtual machine, wherein the terminal information is suitable for storing description information related to the terminal, the virtual machine information is suitable for identifying the trusted virtual machine installed in the terminal, and the trusted virtual machine is a virtual machine without safety problem;
receiving terminal information sent by each terminal, and storing the terminal information in a control set;
randomly acquiring terminal information from the control set, and detecting whether the terminal information has virtual machine information;
if the terminal information is detected to have virtual machine information, configuring the trusted virtual machine as a trusted machine, wherein a file configured in the trusted machine is safe;
and if the virtual machine information does not exist in the terminal information, acquiring one piece of terminal information from the control set again, and continuing to execute the detection operation.
In the embodiment of the invention, the virtual machine information comprises a virtual machine identifier, and the virtual machine identifier is a unique identifier of virtual hardware in a trusted virtual machine.
In the embodiment of the present invention, configuring the trusted virtual machine as a trusted machine includes: and selecting a trusted virtual machine in the terminal by adopting a virtual machine identifier, and configuring the trusted virtual machine as a trusted machine.
In this embodiment of the present invention, before adding the virtual machine information of the trusted virtual machine to the terminal information, the method further includes: screening out virtual machines without safety problems according to preset conditions aiming at terminals provided with the virtual machines; and configuring the virtual machine without the security problem as a trusted virtual machine.
In an embodiment of the present invention, the preset condition is to prohibit or limit a change of data in the virtual machine, where the change of data includes at least one of: software installation and file transfer.
In the embodiment of the present invention, a plurality of trusted virtual machines are installed in a terminal, the terminal information further includes an IP address of the terminal, and configuring the trusted virtual machines as trusted machines includes: selecting each trusted virtual machine installed in the terminal through the IP address of the terminal; and uniquely identifying a trusted virtual machine in the terminal by adopting the virtual machine identifier, and configuring the trusted virtual machine as a trusted machine.
In the embodiment of the present invention, the method further includes: and selecting the terminal through the IP address of the terminal, and configuring the terminal as a trusted machine.
Correspondingly, the embodiment of the invention also discloses a configuration system of the trust machine, which comprises the following steps: the system comprises a server and a plurality of terminals;
the terminal includes:
the generating module is suitable for generating terminal information; wherein,
aiming at the terminal installed with the trusted virtual machine, the method further comprises the following steps:
the adding module is suitable for adding virtual machine information of the trusted virtual machine in the terminal information, wherein the terminal information is suitable for storing description information related to the terminal, the virtual machine information is suitable for identifying the trusted virtual machine installed in the terminal, and the trusted virtual machine refers to a virtual machine without safety problems;
the server includes:
the receiving module is suitable for receiving terminal information sent by each terminal and storing the terminal information in a control set;
the detection module is suitable for randomly acquiring terminal information from the control set and detecting whether the terminal information has virtual machine information or not; if yes, triggering the configuration module, if not, returning to the detection module, and acquiring terminal information from the control set again to continue to execute detection operation;
and the configuration module is suitable for configuring the trusted virtual machine into a trusted machine, wherein the file configured in the trusted machine is safe.
In the embodiment of the invention, the virtual machine information comprises a virtual machine identifier, and the virtual machine identifier is a unique identifier of virtual hardware in a trusted virtual machine.
In an embodiment of the present invention, the configuration module includes: and the first configuration submodule is suitable for selecting a trusted virtual machine in the terminal by adopting a virtual machine identifier and configuring the trusted virtual machine as a trusted machine.
In the embodiment of the present invention, for a terminal installed with a virtual machine, the terminal further includes: the screening module is suitable for screening out the virtual machines without safety problems according to preset conditions; and the configuration module is suitable for configuring the virtual machine without the security problem into a trusted virtual machine.
In an embodiment of the present invention, the preset condition is to prohibit or limit a change of data in the virtual machine, where the change of data includes at least one of: software installation and file transfer.
In the embodiment of the present invention, a plurality of trusted virtual machines are installed in a terminal, the terminal information further includes an IP address of the terminal, and the configuration module includes: the selection submodule is suitable for selecting each trusted virtual machine installed in the terminal through the IP address of the terminal; and the second configuration submodule is suitable for uniquely identifying one trusted virtual machine in the terminal by adopting the virtual machine identifier and configuring the trusted virtual machine as a trusted machine.
The embodiment of the invention also comprises the following steps: and the third configuration submodule is suitable for selecting the terminal through the IP address of the terminal and configuring the terminal as a trusted machine.
Compared with the prior art, the invention has the following advantages:
firstly, because the virtual machine is a virtual, independent computer system running in the terminal, and files, data and the like related to the virtual machine are independent of the computer, if it is determined that the virtual machine has no security problem, the virtual machine is used as a trusted virtual machine, and the trusted virtual machine can be configured as a trusted machine, and the terminal installed with the trusted virtual machine can also be used as a working machine. Therefore, the invention can take the trusted virtual installed in the terminal as the trusted machine if the terminal information sent by the terminal is detected to have the virtual machine information. The safety of the trusted machine is ensured, and meanwhile, the waste of resources in the computer is avoided.
Secondly, the virtual machine information comprises a virtual machine identifier, wherein the virtual machine identifier is the only identifier of virtual hardware in the virtual machine. Therefore, the trusted virtual machine installed in the terminal can be uniquely selected through the virtual machine identifier, and the trusted virtual machine is configured to be the trusted machine. The trusted virtual machine can be quickly identified through the virtual machine identification, and then the configuration of the trusted machine is quickly completed.
Thirdly, the virtual machines need to be screened according to preset conditions, the screened virtual machines without safety problems are configured to be trusted virtual machines, and the safety of the trusted virtual machines can be ensured. Further, the preset condition is to prohibit or limit the change of data in the virtual machine, so that the data in the virtual machine cannot be changed randomly, and the security of the virtual machine is affected.
And thirdly, if a plurality of trusted virtual machines are installed in the terminal, selecting each trusted virtual machine installed in the terminal through the IP address of the terminal, and further configuring the trusted virtual machines as trusted machines. Meanwhile, the terminal is provided with a plurality of trusted virtual machines, so that resources are fully utilized and can not be used as a working machine without wasting resources, the safety and stability of files and data in the terminal can be ensured, and the terminal can be selected through an IP address and configured as a trusted machine.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a configuration method of a trusted machine according to an embodiment of the present invention;
FIG. 2 is a flow diagram of a method for configuring a trusted machine in accordance with an alternate embodiment of the present invention;
FIG. 3 is a block diagram of a configuration system of a trusted machine according to an embodiment of the present invention;
FIG. 4 is a block diagram of a configuration module in a server in accordance with an alternate embodiment of the present invention;
fig. 5 is a block diagram of a terminal according to an alternative embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the management and maintenance of enterprise computer security, it is necessary to designate a computer as a trusted machine on which files are considered to be absolutely secure. That is, if a file in a computer is detected to exist in the trusted computer as well, the file can be considered to be trusted.
Since the files on the trusted machine are considered to be absolutely secure, the files in the trusted machine cannot be modified or added at will. Since the security of the files in the computer cannot be guaranteed when the computer is used as a working machine, once a computer is designated as a trusted machine, the computer cannot be used as the working machine, and the main function of the trusted machine is used as a reference for the security of the files, most of the resources in the computer as the trusted machine are not utilized, for example, the working function is not used. Therefore, the computer does not function sufficiently, which causes waste of computer resources.
The invention provides a configuration method of a trusted machine, which can configure a virtual machine in a computer, then set the virtual machine as the trusted machine, wherein the virtual machine is in an isolated environment in the computer, so that the computer can still execute other functions without influencing the virtual security, therefore, the computer can normally execute other functions when setting the virtual machine as the trusted machine, and the waste of resources in the computer can not be caused.
Referring to fig. 1, a flowchart of a configuration method of a trusted machine according to an embodiment of the present invention is shown.
Step 101, generating terminal information of each terminal, and adding virtual machine information of a trusted virtual machine in the terminal information aiming at the terminal provided with the trusted virtual machine;
each terminal generates a piece of terminal information, wherein the terminal information is suitable for storing the description information related to the terminal, such as: terminal name, operating system configured in the terminal, address of the terminal, and the like. The terminal information is subsequently transmitted to the server, so that the server can search the corresponding terminal through the terminal information.
The invention sets a virtual machine in a terminal, namely a computer in advance, wherein the virtual machine (Virtualmachine) refers to a complete computer system which has complete hardware system functions and runs in a completely isolated environment through software simulation.
One or more virtual computers, i.e., virtual machines, can be simulated on one computer by virtual machine software, and these virtual machines can work like real computers, for example, an operating system can be installed in the virtual machine, an application program can be installed, network resources can be accessed, and the like.
The virtual machine may be considered an application on a computer, but for applications running in the virtual machine, the virtual machine is a real computer. Thus, when software testing is performed in a virtual machine, the operating system of the virtual machine may likewise crash, but the operating system on the computer is not affected. Moreover, by using the "Undo" function of the virtual machine, the virtual machine can be restored to the state before the test.
As can be seen from the above, a virtual machine is a virtual, independent computer system that runs in a terminal, and can run as a real computer. After the virtual machine is installed in the computer, files, data and the like related to the virtual machine are independent of the computer, so that the modification of the files in the computer with the virtual machine does not affect the virtual machine, namely the terminal can be used as a working machine after the virtual machine is installed, and resources can be fully utilized.
Therefore, the virtual machine in the terminal can be configured as a trusted machine, and the terminal can be used as a working machine at the same time, so that the safety of the trusted machine is ensured, and the waste of resources in the computer is avoided.
However, since a virtual machine is a complete computer system running in a completely isolated environment, if the virtual machine is used as a working machine, the virtual machine may be unsafe, and therefore, if the virtual machine is to be used as a trusted machine, it is first ensured that the virtual machine is safe, that is, to determine that the virtual machine has no security problem, the virtual machine without security problem is used as a trusted virtual machine.
Therefore, in the embodiment of the present invention, when the terminal information is generated, if it is detected that the trusted virtual machine is installed in the terminal, since the trusted virtual machine can be used as a trusted machine, the virtual machine information in which the trusted virtual machine is added to the terminal information can be acquired. The virtual machine information may be a common identifier adapted to indicate that a trusted virtual machine is installed in the terminal. Of course, the virtual machine information may also include data related to the trusted virtual machine, such as a virtual machine name, an operating system, and the like, which are suitable for describing the trusted virtual machine.
If the trusted virtual machine is to be used as a trusted machine, the terminal can send the terminal information of the terminal to the server.
102, receiving terminal information sent by each terminal, and storing the terminal information in a control set;
in order to maintain and ensure the security of each terminal in the system, the terminal first needs to send its own terminal information to a trusted machine configuration end, such as a server end for company security maintenance. The terminal information sent by the terminal may be received and then saved in the control set of the server, and then the configuration operation of the trusted machine may be further performed based on the terminal information. The terminal information is related information describing the terminal, and may include data such as a terminal name, a terminal identifier, and an IP address of the terminal, and of course, if a trusted virtual machine is configured in the terminal, the terminal information may also include virtual machine information.
The control set is a set for storing data when the server performs configuration, and may store terminal data, and may also store other data, such as a security check record, and the like.
In the embodiment of the invention, the terminal information is stored in the control set, and the server can associate the control set with the operation platform, so that the terminal information can be displayed on the operation platform. Therefore, in the embodiment of the invention, not only the server can configure the trust machine according to the terminal information, but also the user can autonomously configure the trust machine in the operation platform.
after receiving and storing the terminal information of each terminal in the control set, when configuring the trusted machine, the above method may randomly obtain one piece of terminal information from the control set, and then detect whether the terminal information has the virtual machine information.
If so, that is, it is detected that the terminal information includes virtual machine information, then step 104 is executed, and if not, that is, it is detected that the terminal information includes no virtual machine information, step 103 is executed again, and one piece of terminal information is obtained from the control set again to continue the detection.
The virtual machine information is suitable for identifying a virtual machine installed in the terminal, and may include, for example, a name of the virtual machine, an operating system of the virtual machine, and the like.
the file configured in the trusted machine is secure, that is, if it is detected that the file in a certain computer also exists in the trusted machine, the file can be considered to be trusted.
Therefore, if it is detected that the terminal information includes the virtual machine information, the virtual machine information identifies a trusted virtual machine installed in the terminal, that is, a virtual machine that does not have a security problem, and the virtual machine installed in the terminal may be configured as a trusted machine. For example, the information of the virtual machine is added to the relevant configuration file of the virtual machine, and when the virtual machine needs to perform file security comparison in security maintenance, the virtual machine can be found, and then whether the file is secure or not is detected.
In summary, since the virtual machine is a virtual and independent computer system running in the terminal, and files, data, and the like related to the virtual machine are independent of the computer, if it is determined that the virtual machine has no security problem, the virtual machine is used as a trusted virtual machine, and the trusted virtual machine can be configured as a trusted machine, and the terminal on which the trusted virtual machine is installed can also be used as a working machine. Therefore, the invention can take the trusted virtual installed in the terminal as the trusted machine if the terminal information sent by the terminal is detected to have the virtual machine information. The safety of the trusted machine is ensured, and meanwhile, the waste of resources in the computer is avoided.
Optionally, the virtual machine information includes a virtual machine identifier, where the virtual machine identifier is a unique identifier of virtual hardware in the virtual machine.
When the virtual machine is installed, the serial number of the virtual hardware in the virtual machine is added into the registry, after the terminal acquires the serial number of the virtual hardware, the serial number of the virtual hardware can be directly used as a virtual machine identifier, or the serial number of the virtual hardware can be calculated through some algorithms, and a corresponding MID value is calculated and used as a virtual machine identifier and a unique identifier of the virtual hardware in the virtual machine.
Wherein, the MID (Mobile Internet Device) value is a unique characteristic value calculated by the number of the hardware.
When the terminal sends the terminal information, in addition to information such as the name of the terminal itself, if the trusted virtual machine is installed in the terminal information, the virtual machine identifier of the trusted virtual machine may be added to the virtual machine information, and the terminal information may be sent together with the virtual machine identifier added to the terminal information.
Optionally, configuring the trusted virtual machine installed in the terminal as a trusted machine includes:
and selecting a trusted virtual machine in the terminal by adopting a virtual machine identifier, and configuring the trusted virtual machine as a trusted machine.
Because the virtual machine identifier is the unique identifier of the virtual hardware in the virtual machine, that is, the virtual machine identifier is the unique identifier of the virtual hardware in the trusted virtual machine, one virtual machine identifier can uniquely represent one trusted virtual machine. Therefore, when configuring the trusted machine, the trusted virtual machine installed in the terminal can be uniquely selected by adopting the virtual machine identifier, and then the trusted virtual machine is configured as the trusted machine.
In the actual processing, a trusted machine configuration file may be maintained at the server side, where the trusted machine configuration file may include data such as a name of a trusted machine, an identifier of the trusted machine, an operating system of the trusted machine, and an address of the trusted machine. Therefore, after a trusted virtual machine in the terminal is detected, a trusted virtual machine can be uniquely selected through the virtual machine identifier, and after the trusted virtual machine is used as a trusted machine, relevant data of the trusted virtual machine, such as the name, the virtual machine identifier, the operating system, the address and the like of the trusted virtual machine, can be acquired and added to a corresponding position in the trusted machine configuration file, so that the configuration of the trusted machine is completed.
The data related to the trusted virtual machine may be pre-configured in the virtual machine information and transmitted together with the terminal information, or may be acquired separately after the trusted virtual machine is selected, which is not limited in the present invention.
Of course, some terminals in the actual processing may also be configured as a trusted machine as long as they meet the condition of being a trusted machine, which is not limited by the present invention.
The computer's compliance with the condition as a trusted machine may be as follows: the files in the computer are secure, or the computer is not acting as a working machine or the like, so that the absolute security of the files on the trusted machine can be guaranteed.
In summary, the virtual machine information of the present invention includes a virtual machine identifier, where the virtual machine identifier is a unique identifier of virtual hardware in the virtual machine. Therefore, the trusted virtual machine in the terminal can be uniquely selected through the virtual machine identifier, and the trusted virtual machine is configured to be the trusted machine. The trusted virtual machine can be quickly identified through the virtual machine identification, and then the configuration of the trusted machine is quickly completed.
Optionally, before adding the virtual machine information of the trusted virtual machine to the terminal information, the method further includes:
screening out virtual machines without safety problems according to preset conditions aiming at terminals provided with the virtual machines; and configuring the virtual machine without the security problem as a trusted virtual machine.
A virtual machine may be installed in a terminal, but cannot be configured as a trusted machine until it cannot be confirmed whether the virtual machine is secure, and therefore, for a terminal in which a virtual machine is installed, it is first determined whether the virtual machine is secure.
The invention is provided with a preset condition, the preset condition is one of the standards for measuring the safety of the virtual machine, and the virtual machine can be screened according to the preset condition to determine whether the virtual machine has a safety problem. If the virtual machine meets the preset conditions, the virtual machine is a virtual machine without safety problems, and the virtual machine can be configured to be a trusted virtual machine subsequently; and if the virtual machine does not meet the preset conditions, the virtual machine is a virtual machine with a safety problem and cannot be configured as a trusted virtual machine.
After the configuration of the trusted virtual machine, the relevant data of the trusted virtual machine can be acquired subsequently to form virtual machine information, the virtual machine information is added into the terminal information and sent to the server, and the subsequent configuration step of the trusted machine is carried out.
Optionally, the preset condition is to prohibit or limit a change of data in the virtual machine, where the change of data includes at least one of: software installation and file transfer.
Due to the random installation of software, transmission of files, etc. in the computer system, data in the computer system is changed, and further, the computer system may be invaded by virus, so that the computer system becomes unsafe.
In order to ensure the security of the trusted virtual machine, a preset condition is used as a criterion for measuring whether the virtual machine is secure, so as to determine whether the virtual machine is secure, and whether the virtual machine can be configured as a virtual machine, the preset condition may be to prohibit or limit the change of data in the virtual machine.
After the virtual machine is installed in the terminal, enterprise software, files and the like which are determined to be safe can be installed in the virtual machine, if data in the virtual machine is not changed, all data in the virtual machine are safe, the virtual machine does not have safety problems, and the virtual machine can be configured to be a trusted virtual machine.
After the virtual machine is installed in the terminal, enterprise software, files and the like which are determined to be safe can be installed in the virtual machine, and if data change in the virtual machine is limited later, for example, the data change can be carried out only through verification of a safety mark such as a password, a serial number and the like. Since the security identifier cannot be acquired at will, that is, the possession of the security identifier can be considered as being certified, the security of the data can be ensured, in which case even if the data is changed, it is also secure and allowed.
The change of data may refer to software installation, file transfer, etc., where file transfer may refer to uploading or downloading files in a virtual machine by any means, such as through a USB, network, etc.
In summary, the virtual machines need to be screened according to the preset conditions, and the screened virtual machines without security problems are configured as trusted virtual machines, so that the security of the trusted virtual machines can be ensured. Further, the preset condition is to prohibit or limit the change of data in the virtual machine, so that the data in the virtual machine cannot be changed randomly, and the security of the virtual machine is affected.
Referring to fig. 2, a flowchart of a configuration method of a trusted machine according to an alternative embodiment of the present invention is shown.
Optionally, the terminal is provided with a plurality of trusted virtual machines, and the terminal information further includes an IP address of the terminal.
In actual processing, since an enterprise may employ a plurality of different operating systems, such as windows xp, Win7, Linux, and the like, in order to ensure the security of various operating systems in security maintenance, at least one trusted virtual machine may be configured for each operating system. A plurality of trusted virtual machines may be configured, and the trusted virtual machines of different operating systems may be installed in different terminals or may be installed in the same terminal.
In the above step, configuring the trusted virtual machine in the terminal as a trusted machine includes:
if a plurality of trusted virtual machines are installed in one terminal, all the trusted virtual machines installed in the terminal can adopt the network card of the terminal, and all the trusted virtual machines installed in the terminal have the same IP address. Therefore, if all the trusted virtual machines installed in the terminal are set as trusted machines. Namely, all the trusted virtual machines installed in the terminal can be quickly selected through the IP address.
Of course, the trusted virtual machine may also use its own virtual network card to set the IP address, which is not limited in the present invention.
Wherein, the IP (Internet Protocol, Protocol for interconnection between networks) address is a 32-bit address allocated to each host connected to the network.
After all the trusted virtual machines installed in the terminal are selected through the IP address, since the trusted machine should be assigned to each specific trusted virtual machine during configuration, for configuration of each trusted virtual machine, it is still necessary to uniquely identify one trusted virtual machine in the terminal through a virtual machine identifier. After a trusted virtual machine in the terminal is identified, the trusted virtual machine may be configured as a trusted machine.
Optionally, the terminal is selected through an IP address of the terminal, and is configured as a trusted machine.
If a plurality of trusted virtual machines are installed in one terminal, the resources of the terminal are fully utilized, and even if the terminal is not used as a working machine, the resources are not wasted.
After all the virtual machines installed in the terminal are selected by the IP address, the terminal can be selected by the IP address. Because the terminal is not used as a working machine, the safety and the stability of files and data in the terminal can be ensured, and simultaneously, the terminal is provided with a plurality of credible virtual machines so that resources are fully utilized. Therefore, after the terminal is selected through the IP address, the terminal can be configured as a trusted machine.
In the actual processing, the terminal information may include an IP address, a terminal name, a working group where the terminal is located, and an operating system of the terminal, and the terminal information may further include virtual machine information after the virtual machine is installed in the terminal. The virtual machine information may include a virtual machine name, an operating system of the virtual machine, an IP address of the virtual machine, a virtual machine identifier, and the like, where the IP address of the virtual machine may be the same as or different from the IP address of the terminal where the virtual machine is located, that is, the IP address is configured according to a virtual network card of the virtual machine.
Then, whether the virtual machine is installed in the terminal, how many virtual machines are installed, and whether the virtual machine is a trusted virtual machine can be further detected through the terminal information. And furthermore, the operating system of the trusted virtual machine can be known through the virtual machine information, and a trusted virtual machine can be uniquely determined.
In addition to the above automatic configuration process, the present invention also supports manual configuration, which is basically consistent with the above automatic process and will not be described herein again.
In summary, if a plurality of trusted virtual machines are installed in the terminal, each trusted virtual machine installed in the terminal may be selected through the IP address of the terminal, and the trusted virtual machine is further configured as a trusted machine. Meanwhile, the terminal is provided with a plurality of trusted virtual machines, so that resources are fully utilized and can not be used as a working machine without wasting resources, the safety and stability of files and data in the terminal can be ensured, and the terminal can be selected through an IP address and configured as a trusted machine.
Referring to fig. 3, a configuration system structure diagram of a trusted machine according to an embodiment of the present invention is shown.
Correspondingly, the invention also provides a configuration system of the trust machine, which comprises the following steps: a server 1 and a plurality of terminals 2, 2 respectively1……2nWherein n is a positive integer. Suppose terminal 21In which a trusted virtual machine is installed.
The terminal 2 then comprises: a generating module 20 adapted to generate terminal information;
then for terminal 2 installed with trusted virtual machine1The method also comprises the following steps:
an adding module 23, adapted to add virtual machine information of the trusted virtual machine to the terminal information, where the terminal information is adapted to store description information related to the terminal, the virtual machine information is adapted to identify a trusted virtual machine installed in the terminal, and the trusted virtual machine refers to a virtual machine that does not have a security problem;
the server 1 includes: a receiving module 11, a detecting module 12 and a configuration module 13, wherein:
the receiving module 11 is adapted to receive terminal information sent by each terminal and store the terminal information in a control set;
the detection module 12 is adapted to randomly acquire terminal information from the control set, and detect whether the terminal information includes virtual machine information; if yes, triggering the configuration module, if not, returning to the detection module, and acquiring terminal information from the control set again to continue to execute detection operation;
a configuration module 13, adapted to configure the trusted virtual machine as a trusted machine, wherein a file configured in the trusted machine is secure.
Optionally, the virtual machine information includes a virtual machine identifier, where the virtual machine identifier is a unique identifier of virtual hardware in a trusted virtual machine.
Referring to fig. 4, a block diagram of a configuration module in a server according to an alternative embodiment of the present invention is shown.
Optionally, the configuration module 13 includes:
the first configuration submodule 131 is adapted to select a trusted virtual machine in the terminal by using a virtual machine identifier, and configure the trusted virtual machine as a trusted machine.
Referring to fig. 5, a block diagram of a terminal according to an alternative embodiment of the present invention is shown.
Optionally, for the terminal 2 installed with virtual machine1The method also comprises the following steps:
the screening module 21 is adapted to screen out virtual machines without safety problems according to preset conditions;
a configuration module 22, adapted to configure the virtual machine without security problem as a trusted virtual machine.
Optionally, the preset condition is to prohibit or limit a change of data in the virtual machine, where the change of data includes at least one of: software installation and file transfer.
Optionally, the terminal is installed with a plurality of trusted virtual machines, the terminal information further includes an IP address of the terminal,
the configuration module 13 includes:
a selection submodule 132 adapted to select each trusted virtual machine installed in the terminal by an IP address of the terminal;
the second configuration submodule 133 is adapted to uniquely identify a trusted virtual machine in the terminal by using the virtual machine identifier, and configure the trusted virtual machine as a trusted machine.
And a third configuration submodule 134, adapted to select a terminal by its IP address and configure the terminal as a trusted machine.
For the system embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
The invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above detailed description is given to a configuration method and system of a trusted machine provided by the present invention, and a specific example is applied in the present document to explain the principle and the implementation of the present invention, and the description of the above embodiment is only suitable for helping understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (14)
1. A method of configuring a trusted machine, comprising:
generating terminal information of each terminal, and adding virtual machine information of a trusted virtual machine in the terminal information aiming at the terminal provided with the trusted virtual machine, wherein the terminal information is suitable for storing description information related to the terminal, the virtual machine information is suitable for identifying the trusted virtual machine installed in the terminal, and the trusted virtual machine is a virtual machine without safety problem;
receiving terminal information sent by each terminal, and storing the terminal information in a control set;
randomly acquiring terminal information from the control set, and detecting whether the terminal information has virtual machine information;
if the terminal information is detected to have virtual machine information, configuring the trusted virtual machine as a trusted machine, wherein a file configured in the trusted machine is safe;
and if the virtual machine information does not exist in the terminal information, acquiring one piece of terminal information from the control set again, and continuing to execute the detection operation.
2. The method of claim 1, wherein the virtual machine information includes a virtual machine identifier, and the virtual machine identifier is a unique identifier of virtual hardware in a trusted virtual machine.
3. The method of claim 2, configuring the trusted virtual machine as a trusted machine, comprising:
and selecting a trusted virtual machine in the terminal by adopting a virtual machine identifier, and configuring the trusted virtual machine as a trusted machine.
4. The method according to claim 2, before adding the virtual machine information of the trusted virtual machine to the terminal information, further comprising:
screening out virtual machines without safety problems according to preset conditions aiming at terminals provided with the virtual machines;
and configuring the virtual machine without the security problem as a trusted virtual machine.
5. The method of claim 4, wherein the preset condition is to prohibit or limit a change of data in the virtual machine, wherein the change of data comprises at least one of: software installation and file transfer.
6. The method of claim 2, wherein a plurality of trusted virtual machines are installed in the terminal, the terminal information further includes an IP address of the terminal,
configuring the trusted virtual machine as a trusted machine, including:
selecting each trusted virtual machine installed in the terminal through the IP address of the terminal;
and uniquely identifying a trusted virtual machine in the terminal by adopting the virtual machine identifier, and configuring the trusted virtual machine as a trusted machine.
7. The method of claim 6, further comprising:
and selecting the terminal through the IP address of the terminal, and configuring the terminal as a trusted machine.
8. A trusted machine configuration system comprising: the system comprises a server and a plurality of terminals;
the terminal includes:
the generating module is suitable for generating terminal information; wherein,
aiming at the terminal installed with the trusted virtual machine, the method further comprises the following steps:
the adding module is suitable for adding virtual machine information of the trusted virtual machine in the terminal information, wherein the terminal information is suitable for storing description information related to the terminal, the virtual machine information is suitable for identifying the trusted virtual machine installed in the terminal, and the trusted virtual machine refers to a virtual machine without safety problems;
the server includes:
the receiving module is suitable for receiving terminal information sent by each terminal and storing the terminal information in a control set;
the detection module is suitable for randomly acquiring terminal information from the control set and detecting whether the terminal information has virtual machine information or not; if yes, triggering the configuration module, if not, returning to the detection module, and acquiring terminal information from the control set again to continue to execute detection operation;
and the configuration module is suitable for configuring the trusted virtual machine into a trusted machine, wherein the file configured in the trusted machine is safe.
9. The system of claim 8, wherein the virtual machine information includes a virtual machine identifier, and the virtual machine identifier is a unique identifier of virtual hardware in the trusted virtual machine.
10. The system of claim 9, the configuration module, comprising:
and the first configuration submodule is suitable for selecting a trusted virtual machine in the terminal by adopting a virtual machine identifier and configuring the trusted virtual machine as a trusted machine.
11. The system of claim 9, for a terminal installed with a virtual machine, the terminal further comprising:
the screening module is suitable for screening out the virtual machines without safety problems according to preset conditions;
and the configuration module is suitable for configuring the virtual machine without the security problem into a trusted virtual machine.
12. The system of claim 11, the preset condition is to prohibit or limit a change of data in the virtual machine, wherein the change of data comprises at least one of: software installation and file transfer.
13. The system of claim 9, wherein a plurality of trusted virtual machines are installed in the terminal, the terminal information further includes an IP address of the terminal,
the configuration module includes:
the selection submodule is suitable for selecting each trusted virtual machine installed in the terminal through the IP address of the terminal;
and the second configuration submodule is suitable for uniquely identifying one trusted virtual machine in the terminal by adopting the virtual machine identifier and configuring the trusted virtual machine as a trusted machine.
14. The apparatus of claim 13, further comprising:
and the third configuration submodule is suitable for selecting the terminal through the IP address of the terminal and configuring the terminal as a trusted machine.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210466678.XA CN102999357B (en) | 2012-11-16 | 2012-11-16 | A kind of collocation method and system of trusting machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210466678.XA CN102999357B (en) | 2012-11-16 | 2012-11-16 | A kind of collocation method and system of trusting machine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102999357A true CN102999357A (en) | 2013-03-27 |
| CN102999357B CN102999357B (en) | 2015-11-25 |
Family
ID=47927962
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210466678.XA Active CN102999357B (en) | 2012-11-16 | 2012-11-16 | A kind of collocation method and system of trusting machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102999357B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116501448A (en) * | 2023-06-21 | 2023-07-28 | 内江师范学院 | Container packaging method and device applied to multiple virtual machines |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101305333A (en) * | 2003-11-26 | 2008-11-12 | 国际商业机器公司 | Tamper-resistant trusted virtual machine |
| CN101800730A (en) * | 2009-02-09 | 2010-08-11 | 国际商业机器公司 | Safety enhanced virtual machine communication method and virtual machine system |
| CN101957900A (en) * | 2010-10-26 | 2011-01-26 | 中国航天科工集团第二研究院七○六所 | Credible virtual machine platform |
| US20110141124A1 (en) * | 2009-12-14 | 2011-06-16 | David Halls | Methods and systems for securing sensitive information using a hypervisor-trusted client |
| CN102984229A (en) * | 2012-11-16 | 2013-03-20 | 北京奇虎科技有限公司 | Method and system for assembling confidence machine |
-
2012
- 2012-11-16 CN CN201210466678.XA patent/CN102999357B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101305333A (en) * | 2003-11-26 | 2008-11-12 | 国际商业机器公司 | Tamper-resistant trusted virtual machine |
| CN101800730A (en) * | 2009-02-09 | 2010-08-11 | 国际商业机器公司 | Safety enhanced virtual machine communication method and virtual machine system |
| US20110141124A1 (en) * | 2009-12-14 | 2011-06-16 | David Halls | Methods and systems for securing sensitive information using a hypervisor-trusted client |
| CN101957900A (en) * | 2010-10-26 | 2011-01-26 | 中国航天科工集团第二研究院七○六所 | Credible virtual machine platform |
| CN102984229A (en) * | 2012-11-16 | 2013-03-20 | 北京奇虎科技有限公司 | Method and system for assembling confidence machine |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116501448A (en) * | 2023-06-21 | 2023-07-28 | 内江师范学院 | Container packaging method and device applied to multiple virtual machines |
| CN116501448B (en) * | 2023-06-21 | 2023-09-01 | 内江师范学院 | Container packaging method and device applied to multiple virtual machines |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102999357B (en) | 2015-11-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109743315B (en) | Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website | |
| CN109492378B (en) | Identity verification method based on equipment identification code, server and medium | |
| CN108989355B (en) | Vulnerability detection method and device | |
| US9176758B2 (en) | Controlling virtualization resource utilization based on network state | |
| EP2989543B1 (en) | Method and device for updating client | |
| US9450980B2 (en) | Automatic malignant code collecting system | |
| CN111031111B (en) | Page static resource access method, device and system | |
| JP2009151723A (en) | Web page safety determination system | |
| US20130024944A1 (en) | Confidential information leakage prevention system, confidential information leakage prevention method and confidential information leakage prevention program | |
| CN111752770A (en) | Service request processing method, system, computer device and storage medium | |
| EP2570960A2 (en) | Method of controlling information processing system, program for controlling apparatus | |
| KR102242219B1 (en) | Method and device for preventing the server from being attacked | |
| CN112685682A (en) | Method, device, equipment and medium for identifying forbidden object of attack event | |
| CN111079138A (en) | Abnormal access detection method and device, electronic equipment and readable storage medium | |
| CN111984520A (en) | Buried point testing method, computer device and computer-readable storage medium | |
| CN102984229B (en) | For configuring the method and system of trust machine | |
| CN111124429B (en) | Continuous delivery method and device | |
| US9349012B2 (en) | Distributed processing system, distributed processing method and computer-readable recording medium | |
| CA2959574C (en) | Access control system and access control method | |
| CN104333558A (en) | Website detection method and device | |
| CN106485139B (en) | A kind of safe verification method of application program | |
| CN102999357B (en) | A kind of collocation method and system of trusting machine | |
| CN112559352A (en) | Interface test method, device, equipment and storage medium | |
| CN111935107A (en) | Identity authentication method, device, system, electronic equipment and storage medium | |
| CN108234399B (en) | Interface communication method and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20161208 Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26, Patentee after: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee after: QAX Technology Group Inc. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |