CN103414558A - XEN cloud platform-based virtual machine block device isolation method - Google Patents
XEN cloud platform-based virtual machine block device isolation method Download PDFInfo
- Publication number
- CN103414558A CN103414558A CN2013102993870A CN201310299387A CN103414558A CN 103414558 A CN103414558 A CN 103414558A CN 2013102993870 A CN2013102993870 A CN 2013102993870A CN 201310299387 A CN201310299387 A CN 201310299387A CN 103414558 A CN103414558 A CN 103414558A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- key
- remote server
- block device
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an XEN cloud platform-based virtual machine block device isolation method and belongs to the information security field. The method comprises the following steps that: S1, generation and access of protection keys are performed when a client virtual machine is newly built; S2, a secure connection is constructed between the client virtual machine and a remote server; S3, the client virtual machines makes a block device read-write request to the remote server, and encryption and decryption processing is performed on block data before the remote server executes the request; and S4, a physical layer performs reading operation on the block data. According to the XEN cloud platform-based virtual machine block device isolation method of the invention, a key management and encryption mechanism is introduced to a system isolation scheme so as to protect the access of the block device; when writing and reading data, the remote server can see the data, while, the data that can be seen by the remote server is the data which have been subjected to encryption protection, so the remote server cannot correctly analyze the meaning of the data, and therefore, a purpose of ''being seen but not understood'' can be achieved.
Description
Technical field
The invention belongs to field of information security technology, relate in particular to a kind of partition method of virtual machine block device based on XEN cloud platform.
Background technology
The concept of cloud is in twentieth century nineties the earliest, is proposed by American John McCarthy, and he pointed out that computer resource can offer the public as a kind of service as water, electricity at that time, and this just becomes the origin of cloud thought.From in March, 2006, Amazon (Amazon) is released elasticity and is calculated cloud (EC2, Elastic Computer Cloud) service, to the CEO Eric Schmidt of Google (Eric Schmidt), " concept of cloud computing; cloud computing has progressed into an age of rapidly growing up up till now; cloud has been deep in people's production and life gradually, becomes the part that people live is proposed first in search engine conference (SES San Jose).
But the leakage problem of the various user profile of high in the clouds appearance now makes the high in the clouds information security issue increasingly serious.And the core of high in the clouds information security is the safety that guarantees virtual-machine data.
Nowadays, the cloud security problem becomes one of maximum obstruction of cloud development.Open source code virtual machine monitor of XEN() as the topmost carrier of cloud, most situations still " are run nakedly " in the machine room of operator, from the security threat of cloud inside, are threatening all cloud users' data security.
Summary of the invention
Purpose of the present invention is for the existing PKI(Public Key Infrastructure of XEN cloud environment utilization) technology, i.e. " PKIX ", and other safety prevention measures are encrypted the block device of virtual machine, so that the fail safe of XEN virtual-machine data, a kind of security isolation method of virtual machine block device based on XEN cloud platform provided to be provided.
In order to realize above goal of the invention, the technical scheme that the present invention takes is: a kind of partition method of virtual machine block device based on XEN cloud platform comprises the following steps:
S1, carry out generation and the access of Protective Key when newly-built client virtual machine;
S2, set up safety and connect between client virtual machine and remote server;
S3, client virtual machine proposes the block device read-write requests to remote server, before remote server is carried out request, blocks of data is carried out to the encryption and decryption processing;
S4, physical layer is carried out the read operation of blocks of data.
Preferably: step S1 comprises step by step following:
S11. at XEN cloud platform, add key management system;
S12. when creating new virtual machine, virtual machine is encrypted, for it generates Protective Key;
S13. set up the mapping set of virtual machine ID and corresponding Protective Key, and the mapping table in mapping set is stored in to local key database, the Protective Key generated leaves remote server in.
Preferably: in S12, generate Protective Key and comprise step by step following:
S121: utilize the Tick Count function of current C PU to generate random number, then random number was carried out to the Hash operation, generation length is the string of 256;
S122: the strings of 256 are divided into to the substring of four groups 64, more respectively substring are added the noise of CPU, internal memory, network and I/O;
S123: add after noise again to first substring carry out 128 cross the Hash operation, the Hash of crossing that carries out 128 that simultaneously rear three substrings joined end to end operates;
S124: the string of two 128 generated in step S13 is joined end to end and forms the Protective Key of 256.
Preferably: the detailed process of step S2 is as follows: by the key negotiation module at remote server, set up the shared key between client virtual machine and remote server, and by shared key, set up the safety connection between client virtual machine and remote server.
Preferably: step S2 comprises step by step following:
S21: key negotiation module sends the request of KC_HELLO packet to remote server and sets up the safety connection;
S22: remote server generates a large prime number ρ and its primitive root integer r and private key KA after receiving the HELLO packet, after calculating PKI KA, replys the KC_SYN packet that includes ρ, r and PKI KA;
S23: receive the KC_SYN packet of remote server transmission when client virtual machine after, take out ρ, r, the private key KB of ρ, r and generation is calculated, produces the PKI KB of oneself, and to the remote server reply, carry the KC_SYN_ACK packet of self PKI KB;
S24: after remote server is received the KC_SYN_ACK of client virtual machine reply, by calculating shared key, and attempt sending to client virtual machine the request that safety connects of setting up by shared key;
S25: client virtual machine by the shared key of self calculating, is confirmed safe connection request after receiving that remote server is attempted setting up safe connection request, is replied if success sends KC_ESTB_ACK.
Preferably: step S3 comprises step by step following:
S31. between remote server and hardware virtual unit, add VMM as intermediary;
S32. when client virtual machine sends the block device read-write requests to remote server, by VMM, caught the request of " being absorbed in ";
S33. before blocks of data is by the Power Simulator utilization in remote server, be encrypted decryption oprerations; S34.VMM replaces the hardware virtual unit that the block device read-write requests is sent in remote server and serves as the Power Simulator that rear end drives the role, and Power Simulator will ask simulation to write as the agency.
Preferably: step S33 comprises step by step following:
S331: set up to the encrypting and decrypting module and safe key is provided and guarantees the key agreement interface of secret key safety;
S332: by key agreement interface interchange key negotiation module, obtain the encryption and decryption key of corresponding virtual machine;
S333: the ID by corresponding virtual machine finds the corresponding keyword KEY made an appointment, and data block is carried out to encryption and decryption;
S334: when block device is closed, destroy corresponding key.
Beneficial effect of the present invention: although remote server can be seen data when writing with reading out data; but the data after the just encipherment protection that remote server is seen; can't correctly resolve its implication; method of the present invention has introduced key management in the isolation of system scheme and encryption mechanism is protected the access of block device; like this; even in remote server, have the block device access rights; but do not have corresponding key to be decrypted it; also just can't correctly resolve its content, reach the purpose of " visible failing to understand ".Method of the present invention is to be isolated into means, and the protection of take is target from XEN internal security hidden danger.Data are to transmit by the form of data block, so the fail safe of block device is particularly important.Aspect block device, concrete passing through adds the means such as encryption in the XEN cloud environment, realize the isolating and protecting between virtual machine, improved the fail safe of XEN cloud environment virtual machine.
The accompanying drawing explanation
Fig. 1 is key product process figure;
Fig. 2 is block device file encryption flow figure;
Fig. 3 is the configuration diagram of the embodiment of the present invention;
Fig. 4 is the overall flow figure of the embodiment of the present invention.
Embodiment
For making purpose of the present invention, technical scheme and advantage clearer, referring to the accompanying drawing embodiment that develops simultaneously, the present invention is described in further details.
The principle explanation:
Communication of the present invention is to take piece to be unit of transfer, allows client and server communicate, and encrypting purpose is in order to allow intermediate module can't read out the data of transmission.Client can be carried out encryption and decryption to blocks of data by key management system, thereby reads the blocks of data that remote server transmits.
What the cipher key change in key management system was original is the diffe-hellman algorithm, but there is the hidden danger of blocking attack and Replay Attack in the Diffie-Hellman algorithm, the present invention will realize on the Diffie-Hellman basis that safety connects the negotiation of key, and service time, stamp prevented from blocking and Replay Attack as the bag sequence number.
In order not allow Power Simulator in remote server know transferring content (directly and the hardware communications of bottom), so increased the VMM of intermediary virtual monitor.
The technical scheme that the present invention takes is as follows: a kind of partition method of virtual machine block device based on XEN cloud platform comprises the following steps:
S1, carry out generation and the access of Protective Key when newly-built client virtual machine;
S2, set up safety and connect between client virtual machine and remote server;
S3, client virtual machine proposes the block device read-write requests to remote server, before remote server is carried out request, blocks of data is carried out to the encryption and decryption processing;
S4, physical layer is carried out the read operation of blocks of data.
S1 comprises step by step following:
S11. at XEN cloud platform, add key management system;
S12. when creating new virtual machine, virtual machine is encrypted, for it generates Protective Key;
S13. set up the mapping set of virtual machine ID and corresponding Protective Key, and the mapping table in mapping set is stored in to local key database, the Protective Key generated leaves remote server in.
In S12, generating Protective Key comprises step by step following: (referring to Fig. 1)
S121: utilize the Tick Count function of current C PU to generate random number, then random number was carried out to Hash operation (a kind of existing digital signature technology), generation length is the string of 256;
S122: the strings of 256 are divided into to the substring of four groups 64, more respectively substring are added the noise of CPU, internal memory, network and I/O;
S123: add after noise again to first substring carry out 128 cross the Hash operation, the Hash of crossing that carries out 128 that simultaneously rear three substrings joined end to end operates;
S124: the string of two 128 generated in step S13 is joined end to end and forms the key of 256.
The S2 detailed process is as follows: by the key negotiation module (being the key management system submodule) that is positioned at remote server, set up the shared key between client virtual machine and remote server, and by shared key, set up the safety connection between client virtual machine and remote server.
Step S2 specifically comprises step by step following:
S21: key negotiation module sends the request of KC_HELLO packet to remote server and sets up the safety connection;
S22: remote server generates a large prime number ρ and its primitive root integer r and private key KA after receiving the HELLO packet, after calculating PKI KA, replys the KC_SYN packet that includes ρ, r and PKI KA;
S23: receive the KC_SYN packet of remote server transmission when client virtual machine after, take out ρ, r, the private key KB of ρ, r and generation is calculated, produces the PKI KB of oneself, and to the remote server reply, carry the KC_SYN_ACK packet of self PKI KB;
S24: after remote server is received the KC_SYN_ACK of client virtual machine reply, by calculating shared key, and attempt sending to client virtual machine the request that safety connects of setting up by shared key;
S25: client virtual machine by the shared key of self calculating, is confirmed safe connection request after receiving that remote server is attempted setting up safe connection request, is replied if success sends KC_ESTB_ACK.
Step S3 specifically comprises step by step following:
S31. between remote server and hardware virtual unit, add the VMM(virtual machine manager, Virtual Machine Monitor) as intermediary;
S32. when client virtual machine sends the block device read-write requests to remote server, by VMM, caught the request of " being absorbed in ";
S33. before blocks of data is by the Power Simulator utilization in remote server, be encrypted decryption oprerations;
S34.VMM replaces the hardware virtual unit that the block device read-write requests is sent in remote server and serves as the Power Simulator that rear end drives the role, and Power Simulator will ask simulation to write as the agency, and real the driving starts access hardware.
Step S33 specifically comprises step by step following:
S331: set up to the encrypting and decrypting module and safe key is provided and guarantees the key agreement interface (being the submodule of key negotiation module) of secret key safety;
S332: by key agreement interface interchange key negotiation module, obtain the encryption and decryption key of corresponding virtual machine;
S333: the ID by corresponding virtual machine finds the corresponding keyword KEY made an appointment, and data block is carried out to encryption and decryption;
S334: when block device is closed, destroy corresponding key.
The specific embodiment of the invention is as follows: (participating in Fig. 2, Fig. 3 and Fig. 4)
1) when creating a new virtual machine; key management system is this Dom U(client virtual machine) the generation key; and set up the mapping set UUID(Universally Unique Identifier of virtual machine and counterpart keys); and mapping table is stored in to local key database; the Protective Key generated is placed on remote server; guarantee that key and mapping table can not be acquired simultaneously, thereby improved the security performance of cipher key system.
2) client virtual machine Dom U is connected by key with remote server Dom0: key negotiation module sends the request of KC_HELLO packet to remote server and sets up the safety connection; Remote server generates a large prime number ρ and its primitive root integer r after receiving the KC_HELLO packet, and private key KA, after calculating PKI KA, replys the KC_SYN packet that contains ρ, r and PKI KA; Client is after the KC_SYN packet, and the private key KB of taking-up, r and generation calculates, and generates PKI KB, and replys to remote server the KC_SYN_ACK packet that carries self PKI KB; Remote server, after receiving the KC_SYN_ACK of client virtual machine, by the key calculated, and is attempted setting up the safety connection to client by shared key; Client virtual machine receives after remote server attempts setting up safe connection request, by the shared key of self calculating, safe connection request is confirmed, if success sends KC_ESTB_ACK, reply, so far client virtual machine and remote server have been set up safe connection.
3) client virtual machine and remote server carry out transfer of data: block device sends read-write requests, the request " be absorbed in " is by Hypervison(VMM) catch, before blocks of data is utilized by QEMU, it is carried out to the encryption and decryption operation, Hypervisor replaces HVM(hardware virtual machine hardware virtual unit) the block device request is sent to the DM(remote server) in serve as QEMU (the Quick EMUlator that rear end drives the role, Power Simulator), QEMU will ask simulation to write as the agency, and at this moment real the driving just can access hardware.
As shown in Figure 2:
VM-01(virtual unit, Virtual Machine) with VM-02, by Hypervisor(, be VMM to the access request of block device file) be delivered to the Domain0(remote server).Because Hypervisor (being VMM) is credible, namely be not related to the castable data content, so during the QUME of blocks of data in just arriving XEN cloud platform, blocks of data is carried out to the encryption and decryption operation.
4) the transparent encryption and decryption of blocks of data: set up to the encrypting and decrypting module and safe key is provided and guarantees the key agreement interface (being the submodule of key negotiation module) of secret key safety; By key agreement interface interchange key negotiation module, obtain the encryption and decryption key of corresponding virtual machine; The correctness of the UUID generated in the UUID by corresponding virtual machine and step 1) and the mapping table of key checking encryption and decryption key, thus determine whether data block is carried out to encryption and decryption; When block device is pent, destroy corresponding key.
Characteristics of the present invention are; although Dom0 can write and reading out data; but data block is through encryption; the data block that just is subject to encipherment protection that Dom0 sees; but can't correctly resolve its implication, in the isolation of system scheme, introduce key management and encryption mechanism is protected the access of block device.Like this, even in Dom0, have the block device access rights, but do not have corresponding key to be decrypted it, just can't correctly resolve its content yet.
Those of ordinary skill in the art will appreciate that, embodiment described here is in order to help reader understanding's implementation method of the present invention, should be understood to that protection scope of the present invention is not limited to such special statement and embodiment.Those of ordinary skill in the art can make various other various concrete distortion and combinations that do not break away from essence of the present invention according to these technology enlightenments disclosed by the invention, and these distortion and combination are still in protection scope of the present invention.
Claims (7)
1. partition method of the virtual machine block device based on XEN cloud platform is characterized in that: comprise the following steps:
S1, carry out generation and the access of Protective Key when newly-built client virtual machine;
S2, set up safety and connect between client virtual machine and remote server;
S3, client virtual machine proposes the block device read-write requests to remote server, before remote server is carried out request, blocks of data is carried out to the encryption and decryption processing;
S4, physical layer is carried out the read operation of blocks of data.
2. a kind of partition method of virtual machine block device based on XEN cloud platform according to claim 1, it is characterized in that: S1 comprises step by step following:
S11. at XEN cloud platform, add key management system;
S12. when creating new virtual machine, virtual machine is encrypted, for it generates Protective Key;
S13. set up the mapping set of virtual machine ID and corresponding Protective Key, and the mapping table in mapping set is stored in to local key database, the Protective Key generated leaves remote server in.
3. a kind of partition method of virtual machine block device based on XEN cloud platform according to claim 2 is characterized in that: in S12, generate Protective Key and comprise step by step following:
S121: utilize the Tick Count function of current C PU to generate random number, then random number was carried out to the Hash operation, generation length is the string of 256;
S122: the strings of 256 are divided into to the substring of four groups 64, more respectively substring are added the noise of CPU, internal memory, network and I/O;
S123: add after noise again to first substring carry out 128 cross the Hash operation, the Hash of crossing that carries out 128 that simultaneously rear three substrings joined end to end operates;
S124: the string of two 128 generated in step S13 is joined end to end and forms the Protective Key of 256.
4. a kind of partition method of virtual machine block device based on XEN cloud platform according to claim 1, it is characterized in that: the S2 detailed process is as follows: by the key negotiation module at remote server, set up the shared key between client virtual machine and remote server, and by shared key, set up the safety connection between client virtual machine and remote server.
5. a kind of partition method of virtual machine block device based on XEN cloud platform according to claim 4, it is characterized in that: S2 comprises step by step following:
S21: key negotiation module sends the request of KC_HELLO packet to remote server and sets up the safety connection;
S22: remote server generates a large prime number ρ and its primitive root integer r and private key KA after receiving the HELLO packet, after calculating PKI KA, replys the KC_SYN packet that includes ρ, r and PKI KA;
S23: receive the KC_SYN packet of remote server transmission when client virtual machine after, take out ρ, r, the private key KB of ρ, r and generation is calculated, produces the PKI KB of oneself, and to the remote server reply, carry the KC_SYN_ACK packet of self PKI KB;
S24: after remote server is received the KC_SYN_ACK of client virtual machine reply, by calculating shared key, and attempt sending to client virtual machine the request that safety connects of setting up by shared key;
S25: client virtual machine by the shared key of self calculating, is confirmed safe connection request after receiving that remote server is attempted setting up safe connection request, is replied if success sends KC_ESTB_ACK.
6. a kind of partition method of virtual machine block device based on XEN cloud platform according to claim 1, it is characterized in that: S3 comprises step by step following:
S31. between remote server and hardware virtual unit, add VMM as intermediary;
S32. when client virtual machine sends the block device read-write requests to remote server, by VMM, caught the request of " being absorbed in ";
S33. before blocks of data is by the Power Simulator utilization in remote server, be encrypted decryption oprerations;
S34.VMM replaces the hardware virtual unit that the block device read-write requests is sent in remote server and serves as the Power Simulator that rear end drives the role, and Power Simulator will ask simulation to write as the agency.
7. a kind of partition method of virtual machine block device based on XEN cloud platform according to claim 6, it is characterized in that: S33 comprises step by step following:
S331: set up to the encrypting and decrypting module and safe key is provided and guarantees the key agreement interface of secret key safety;
S332: by key agreement interface interchange key negotiation module, obtain the encryption and decryption key of corresponding virtual machine;
S333: the keyword KEY by the ID of corresponding virtual machine finds corresponding prior agreement, carry out encryption and decryption to data block;
S334: when block device is pent, destroy corresponding key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2013102993870A CN103414558A (en) | 2013-07-17 | 2013-07-17 | XEN cloud platform-based virtual machine block device isolation method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2013102993870A CN103414558A (en) | 2013-07-17 | 2013-07-17 | XEN cloud platform-based virtual machine block device isolation method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103414558A true CN103414558A (en) | 2013-11-27 |
Family
ID=49607544
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2013102993870A Pending CN103414558A (en) | 2013-07-17 | 2013-07-17 | XEN cloud platform-based virtual machine block device isolation method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103414558A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104601550A (en) * | 2014-12-24 | 2015-05-06 | 国家电网公司 | System and method for transmitting reversely quarantined file based on cluster array |
CN105871939A (en) * | 2016-06-26 | 2016-08-17 | 杨越 | Virtual machine safety isolation system under network environment |
WO2017045244A1 (en) * | 2015-09-15 | 2017-03-23 | 中国科学院信息工程研究所 | System and method for providing cipher operation service in virtualization environment |
CN109274646A (en) * | 2018-08-22 | 2019-01-25 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Key management client server side method, system and medium based on KMIP protocol |
CN109672521A (en) * | 2018-12-26 | 2019-04-23 | 贵州华芯通半导体技术有限公司 | Safe storage system and method based on encription algorithms approved by the State Password Administration Committee Office engine implementation |
CN109684030A (en) * | 2018-11-22 | 2019-04-26 | 海光信息技术有限公司 | Virutal machine memory key generating device and method, encryption method and SoC system |
CN114244515A (en) * | 2022-02-25 | 2022-03-25 | 中瓴智行(成都)科技有限公司 | Hypervisor-based virtual machine communication method and device, readable storage medium and electronic equipment |
CN117294541A (en) * | 2023-11-27 | 2023-12-26 | 浙江深大智能科技有限公司 | Multiple encryption method, system, equipment and medium for anti-ticket-brushing of ticket business system |
CN117407864A (en) * | 2023-12-13 | 2024-01-16 | 苏州元脑智能科技有限公司 | Trusted domain expansion method, system, device, equipment and computer medium |
-
2013
- 2013-07-17 CN CN2013102993870A patent/CN103414558A/en active Pending
Non-Patent Citations (1)
Title |
---|
邵长庚: "Xen云环境虚拟机安全隔离技术研究与实现", 《电子科技大学硕士论文》 * |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104601550A (en) * | 2014-12-24 | 2015-05-06 | 国家电网公司 | System and method for transmitting reversely quarantined file based on cluster array |
WO2017045244A1 (en) * | 2015-09-15 | 2017-03-23 | 中国科学院信息工程研究所 | System and method for providing cipher operation service in virtualization environment |
CN105871939A (en) * | 2016-06-26 | 2016-08-17 | 杨越 | Virtual machine safety isolation system under network environment |
CN109274646B (en) * | 2018-08-22 | 2020-12-22 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Key management client server side method, system and medium based on KMIP protocol |
CN109274646A (en) * | 2018-08-22 | 2019-01-25 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Key management client server side method, system and medium based on KMIP protocol |
CN109684030A (en) * | 2018-11-22 | 2019-04-26 | 海光信息技术有限公司 | Virutal machine memory key generating device and method, encryption method and SoC system |
CN109684030B (en) * | 2018-11-22 | 2021-05-04 | 海光信息技术股份有限公司 | Virtual machine memory key generation device and method, encryption method and SoC system |
CN109672521A (en) * | 2018-12-26 | 2019-04-23 | 贵州华芯通半导体技术有限公司 | Safe storage system and method based on encription algorithms approved by the State Password Administration Committee Office engine implementation |
CN109672521B (en) * | 2018-12-26 | 2022-11-29 | 贵州华芯通半导体技术有限公司 | Security storage system and method based on national encryption engine |
CN114244515A (en) * | 2022-02-25 | 2022-03-25 | 中瓴智行(成都)科技有限公司 | Hypervisor-based virtual machine communication method and device, readable storage medium and electronic equipment |
CN117294541A (en) * | 2023-11-27 | 2023-12-26 | 浙江深大智能科技有限公司 | Multiple encryption method, system, equipment and medium for anti-ticket-brushing of ticket business system |
CN117294541B (en) * | 2023-11-27 | 2024-04-16 | 浙江深大智能科技有限公司 | Multiple encryption method, system, equipment and medium for anti-ticket-brushing of ticket business system |
CN117407864A (en) * | 2023-12-13 | 2024-01-16 | 苏州元脑智能科技有限公司 | Trusted domain expansion method, system, device, equipment and computer medium |
CN117407864B (en) * | 2023-12-13 | 2024-02-27 | 苏州元脑智能科技有限公司 | Trusted domain expansion method, system, device, equipment and computer medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103414558A (en) | XEN cloud platform-based virtual machine block device isolation method | |
US10841082B2 (en) | System and method for blockchain smart contract data privacy | |
CN111245597B (en) | Key management method, system and equipment | |
Xu et al. | Weak leakage-resilient client-side deduplication of encrypted data in cloud storage | |
Yang et al. | Provable data possession of resource-constrained mobile devices in cloud computing | |
CN104639516B (en) | Identity identifying method, equipment and system | |
WO2017097041A1 (en) | Data transmission method and device | |
CN109858265A (en) | A kind of encryption method, device and relevant device | |
CN110945550A (en) | Processing and storing blockchain data in a trusted execution environment | |
Wan et al. | An improved vTPM migration protocol based trusted channel | |
CN104298472A (en) | Layered computing virtualization implementing method and device | |
CN104468562A (en) | Portable transparent data safety protection terminal oriented to mobile applications | |
CN103516523A (en) | Data encryption system structure based on cloud storage | |
CN109842589A (en) | A kind of cloud storage encryption method, device, equipment and storage medium | |
CN104463012A (en) | Virtual machine image file exporting and importing method and device | |
JP2022177828A (en) | Method, apparatus and computer program for federated learning with reduced information leakage (federated learning with partitioned and dynamically-shuffled model updates) | |
CN204180095U (en) | A kind of ciphering and deciphering device for network data encryption transmission | |
Kumar et al. | TPA auditing to enhance the privacy and security in cloud systems | |
CN111143850B (en) | Safety protection system and method for satellite data distributed virtual storage | |
CN104092733A (en) | Credibility distribution type file system based on HDFS | |
KR102096637B1 (en) | Distributed Ledger for logging inquiry time in blockchain | |
CN101834852B (en) | Realization method of credible OpenSSH for protecting platform information | |
CN105790932A (en) | Encryption method through using machine codes as bases | |
CN102025743A (en) | Method and device for exporting mirror image of virtual machine in cloud computing | |
CN115001744A (en) | Cloud platform data integrity verification method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131127 |
|
RJ01 | Rejection of invention patent application after publication |