CN103455373A - Dynamic migration security framework of virtual machine - Google Patents
Dynamic migration security framework of virtual machine Download PDFInfo
- Publication number
- CN103455373A CN103455373A CN2013104269050A CN201310426905A CN103455373A CN 103455373 A CN103455373 A CN 103455373A CN 2013104269050 A CN2013104269050 A CN 2013104269050A CN 201310426905 A CN201310426905 A CN 201310426905A CN 103455373 A CN103455373 A CN 103455373A
- Authority
- CN
- China
- Prior art keywords
- migration
- virtual machine
- security
- strategy
- resource
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a security framework and relates to the technical field of computer information security, in particular to a dynamic migration security framework of a virtual machine. The dynamic migration security framework is composed of a centralized control engine and a local migration engine; the centralized control engine provides functions of two-way authentication, access control and security audit under the control of a security policy, monitors resource utilization of a physical server and the virtual machine in real time, and provides resource basis for dynamic migration of the virtual machine. The local migration engine completes the dynamic migration of the virtual machine in stages according to the established migration strategy and under the control of the security policy. The security framework is supportive of a plurality of security mechanisms and the dynamic migration strategies of the virtual machine, security of sensitive information of the virtual machine can be effectively protected, security attacks upon the dynamic migration of the virtual machine are resisted, and compatibility is high.
Description
Technical field
The present invention relates to the computer information safety technique field, be to provide a kind of security framework, particularly a kind of virtual machine dynamic migration security framework.
Background technology
Along with the development of Intel Virtualization Technology, produced a lot of new technologies, wherein the virtual machine dynamic migration be virtual exclusive be also one of its most important technology.The virtual machine dynamic migration, refer to virtual machine in when operation and can continue to provide under the prerequisite of service, the virtual platform server operation from a virtual platform server migration to other.The virtual machine dynamic migration has realized that the virtual machine running status is by the migration of network fast transparent between physical machine, can, for flexible deployment, resource optimization and the power management etc. of dynamic adjustment, system on-line maintenance and Active Fault Tolerant and the application of the load of large-scale virtual environment, be widely used.
At present, the main virtual platform manufacturers of several families such as Citrix Systems, VMware and Microsoft have all proposed own virtual machine dynamic migration technology.Yet, but existing great potential safety hazard in existing virtual machine dynamic migration technology and product, some security breaches of yet having exposed, seldom even do not consider the security of dynamic migration in the realization of dynamic migration.Industry has realized that security and the importance thereof of virtual machine dynamic migration, and has carried out deep research.Security threat and attack for the virtual machine dynamic migration mainly comprise three classes:
(1) control plane
Monitor of virtual machine starts and the communication mechanism of managing virtual machines dynamic migration must be differentiated and can resist attack.In addition, must protect the agreement used in control plane to avoid deception and Replay Attack.Lacking correct access control can make the assailant can start arbitrarily virtual machine (vm) migration.The control plane that the assailant may handle monitor of virtual machine is to affect the virtual machine dynamic migration and to obtain the control of client operating system.Attack for control plane comprises the control of moving into, the control of moving out, issue false resource etc.;
(2) data plane
Must guarantee to carry out virtual machine (vm) migration data plane security and protect it to avoid spying upon and destroying client operation system state.Can cause the leakage of sensitive information in client operating system for the passive attack of data plane, and active attack can cause the destruction fully of client operating system.The assailant can use such as ARP deception, DNS poisons and the technology such as routing detours, makes it logically in the migration transmission path, thereby causes the man-in-the-middle attack for the virtual machine dynamic migration;
(3) transferring module
Realize that the monitor of virtual machine assembly of virtual machine dynamic migration function must can resist attack.Because transferring module is provided services on the Internet, carry out the transmission of virtual machine by service, common software vulnerability can be utilized to destroy monitor of virtual machine by long-range attack person as stack, heap and integer overflow.Even virtual machine (vm) migration also seldom is considered as open service, the code of transferring module does not but obtain detailed examination.
The Xensploit instrument, carry out man-in-the-middle attack to the dynamic migration of virtual machine.Its principle is, in virtual machine dynamic migration process, when virtual machine transmits in network, to control the internal memory of virtual machine.Xensploit, based on the fragroute framework, can attack the virtual machine dynamic migration of Xen and VMware.
Summary of the invention
In order to solve the problem of prior art, the invention provides a kind of virtual machine dynamic migration security framework, it is by Security Assurance Mechanism is provided, and the security of protection virtual machine sensitive information, resist the security attack for the virtual machine dynamic migration.
The technical solution adopted in the present invention is as follows:
A kind of virtual machine dynamic migration security framework, by centralized control engine and the local migration engine be positioned on each separate server, formed, described centralized control engine is grasped the service condition of physics and virtual resource in platform on the whole, under the control of safety transfer strategy, initiate as required the operation of virtual machine dynamic migration, the load balancing in the implementation platform scope; Described local migration engine provides the local resource service condition, receives the migration request of centralized control engine and carry out actual migration operation to the centralized control engine.
The centralized control engine by safety transfer strategy, identity discriminating, access control, security audit, focus detect, six parts of safety transfer management form, wherein,
The safety transfer strategy: the security strategy of management and formulation virtual machine dynamic migration, only have the migration request that meets the safety transfer strategy, could allow to carry out;
Identity is differentiated: by modes such as public key certificate, territory, source, the aiming field of virtual machine (vm) migration carried out to the bidirectional identification discriminating, veritify the legitimacy of territory, source, aiming field identity;
Access control: access control or the access control based on the role are forced in the relevant operation to the virtual machine dynamic migration, request etc., and the virtual machine that only has the dynamic migration authority could dynamically be moved;
Security audit: record the every operation vestige in virtual machine dynamic migration process, as a kind of measure of following the trail of, collecting evidence afterwards, trace risk and leak that the virtual machine dynamic migration is relevant;
Focus is detected: periodically with local migration engine in resource monitor send request, obtain each physical server and the virtual machine service condition for CPU, internal memory and the network bandwidth, and collect the resource general situation of application that forms whole platform, search resource according to the resource general situation of application and use focus, offer the safety transfer administration module and use;
Safety transfer management: finally determine whether to initiate and how to initiate the dynamic migration operation of virtual machine, when meeting the virtual machine (vm) migration resource requirement, to local migration engine, " migration request " signal occurs.
Focus is detected in part, the detecting mainly based on following of focus:
The service-level agreement of A, virtual machine can not be satisfied;
B, physical server surpass reservation threshold for the utilization rate of CPU and bandwidth;
Internal memory frequently occurs and swaps out in C, physical server.
Described local migration engine by resource monitor, migration monitor, migration is supported, migration operation, migration wake up, six parts of safe transmission form, wherein,
Resource monitor: be responsible for obtaining the service condition of the resources such as CPU on home server, internal memory and the network bandwidth and the resource service condition of each virtual machine;
Migration is supported: provide the virtual machine dynamic migration required brace foundation, comprise migration strategy and migration optimisation strategy, migration is monitored module and is selected applicable migration strategy and migration optimisation strategy according to conditions such as current resource service condition, available network bandwidth;
Migration is monitored: receive migration request from the centralized control engine, monitor alternately with the migration in aiming field, select suitable migration strategy and migration optimisation strategy from the migration supporting module;
Migration operation: according to selected migration strategy and migration optimisation strategy, complete the copy of virtual machine state from the territory, source to aiming field; Migration operation module has copied the final state information of VME operating system, to aiming field, sends " copy finishes " signal;
Migration activates: receive " copy finishes " signal, activate the virtual machine of new migration in aiming field, recover the service in territory, source on aiming field, return to " moving successfully " information to the territory, source;
Safe transmission: guarantee the transmission security of virtual machine in transition process by measures such as data encryptions, protect its confidentiality and integrity.
The beneficial effect that technical scheme provided by the invention is brought is:
Security framework of the present invention is supported multiple safe mechanism and virtual machine dynamic migration strategy, effectively protects the security of virtual machine sensitive information, resists the security attack for the virtual machine dynamic migration, and has stronger compatibility.
The accompanying drawing explanation
The structural drawing that Fig. 1 is a kind of virtual machine dynamic migration security framework of the present invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing, embodiment of the present invention is described further in detail.
The virtual machine dynamic migration security framework of the present embodiment is comprised of centralized control engine and the local migration engine be positioned on each separate server.
The centralized control engine is grasped the service condition of physics and virtual resource in platform on the whole, under the control of safety transfer strategy, initiates as required the operation of virtual machine dynamic migration, the load balancing in the implementation platform scope.
The centralized control engine by safety transfer strategy, identity discriminating, access control, security audit, focus detect, six parts of safety transfer management form.
(1) safety transfer strategy: the security strategy of management and formulation virtual machine dynamic migration, only have the migration request that meets the safety transfer strategy, could allow to carry out.
(2) identity is differentiated: by modes such as public key certificate, territory, source, the aiming field of virtual machine (vm) migration carried out to the bidirectional identification discriminating, veritify the legitimacy of territory, source, aiming field identity.
(3) access control: access control or the access control based on the role are forced in the relevant operation to the virtual machine dynamic migration, request etc., and the virtual machine that only has the dynamic migration authority could dynamically be moved.
(4) security audit: record the every operation vestige in virtual machine dynamic migration process, as a kind of measure of following the trail of, collecting evidence afterwards, trace risk and leak that the virtual machine dynamic migration is relevant.
(5) focus is detected: periodically with local migration engine in resource monitor send request, obtain each physical server and the virtual machine service condition for CPU, internal memory and the network bandwidth, and collect the resource general situation of application that forms whole platform, search resource according to the resource general situation of application and use focus, offer the safety transfer administration module and use.
Focus detect mainly based on following some: the SLA of virtual machine can not be satisfied, and for example can not obtain the network bandwidth of expectation; Physical server surpasses reservation threshold for the utilization rate of CPU and bandwidth; Internal memory frequently occurs and swaps out etc. in physical server.
(6) safety transfer management: finally determine whether to initiate and how to initiate the dynamic migration operation of virtual machine.When meeting the virtual machine (vm) migration resource requirement, to local migration engine, " migration request " signal occurs.
Local migration engine provides the local resource service condition, receives the migration request of centralized control engine and carry out actual migration operation to the centralized control engine.
Local migration engine mainly by resource monitor, migration monitor, migration is supported, migration operation, migration wake up, six parts of safe transmission form.
(1) resource monitor: be responsible for obtaining the service condition of the resources such as CPU on home server, internal memory and the network bandwidth and the resource service condition of each virtual machine.Under virtual environment, each virtual machine is not quite similar for the demand of different resource, depends on the application program of wherein carrying out.
(2) migration is supported: provide the virtual machine dynamic migration required brace foundation, comprise migration strategy and migration optimisation strategy, migration is monitored module and is selected applicable migration strategy and migration optimisation strategy according to conditions such as current resource service condition, available network bandwidth.
(3) migration is monitored: receive migration request from the centralized control engine, monitor alternately with the migration in aiming field, select suitable migration strategy and migration optimisation strategy from the migration supporting module.The initialization of carrying out the virtual machine dynamic migration is monitored in migration in aiming field, as moved the building work of virtual machine at aiming field, create the territory, source virtual unit, carry out the dynamic assignment of internal memory for newly-built territory, newly-built territory arranged etc.After initialization completes, aiming field sends " starting migration " signal by monitor of virtual machine VMM to source domain migration operation module, enters migration operation module.
(4) migration operation: according to selected migration strategy and migration optimisation strategy, complete the copy of virtual machine state from the territory, source to aiming field.Migration operation module has copied the final state information of VME operating system, to aiming field, sends " copy finishes " signal.
(5) migration activates: receive " copy finishes " signal, activate the virtual machine of new migration in aiming field, recover the service in territory, source on aiming field, return to " moving successfully " information to the territory, source.Territory, source VMM receives this information, destroys in the territory, source by the migration virtual machine.
(6) safe transmission: guarantee the transmission security of virtual machine in transition process by measures such as data encryptions, protect its confidentiality and integrity.
The principle of work of the present embodiment is as follows:
(1) environment structure
(1) virtual environment
In virtual environment, establish two physical server Sa and Sb and moving respectively territory, source A and aiming field B.In the A of territory, source, moving monitor of virtual machine VMM, franchise virtual machine Dom0, virtual machine VMa; In aiming field B, moving monitor of virtual machine VMM, franchise virtual machine Dom0.
Aiming field B has the required resource of virtual machine dynamic migration, and the virtual machine VMa in the A of territory, source will move in aiming field B according to virtual machine dynamic migration security framework.
(2) virtual machine dynamic migration security framework
Virtual machine dynamic migration security framework is comprised of centralized control engine and the local migration engine be positioned on separate server.Centralized control is engine-operated in server independently, and local migration engine runs in the franchise virtual machine Dom0 of territory, source A and territory, source B.
(2) centralized control engine
The centralized control engine is grasped the service condition of physics and virtual resource in platform on the whole, according to preset strategy, under the control of safety transfer strategy, initiates as required the operation of virtual machine dynamic migration, the load balancing in the implementation platform scope.The centralized control engine by safety transfer strategy, identity discriminating, access control, security audit, focus detect, six parts of safety transfer management form.
(3) local migration engine
Local migration engine provides the local resource service condition, receives the migration request of centralized control engine and carry out actual migration operation to the centralized control engine.Local migration engine by resource monitor, migration monitor, migration is supported, migration operation, migration wake up, six parts of safe transmission form.
(4) framework initialization
(1) the migration security strategy is formulated: by the safety transfer policy module formulate the virtual machine dynamic migration should be satisfied security strategy; Also formulate Mandatory Access Control etc. simultaneously.
(2) identity is differentiated: territory, the source A of participation virtual machine dynamic migration process and PKI digital certificate CertA and the CertB of aiming field B are set, carry out the bidirectional identification of territory, source A and aiming field B by the PKI digital certificate and differentiate.
(3) rights management: the authority that participates in virtual machine in virtual machine dynamic migration process is set, as the migration virtual machine.
(4) focus is detected condition: set focus and detect condition, focus is detected module and is carried out focus and detect accordingly, and selects to meet the virtual machine of virtual machine dynamic migration resource requirement.
(5) safe transmission parameter: safe transmission cryptographic algorithm used, key length, operator scheme, hash algorithm etc. are set.
(6) migration is supported: the migration strategy that the virtual machine dynamic migration is used is set, and as tactful as copy after internal memory pre-copy strategy, internal memory etc., the migration optimisation strategy, as internal memory compression, dma mode etc.
(5) virtual machine dynamic migration
(1) focus in the centralized control engine is detected by resource monitor Real-time Obtaining physical server Sa, Sb in local migration engine and the resource service condition in virtual machine source territory A and aiming field B, form resource general situation of application in whole virtual environment, detect condition according to focus, select to meet the aiming field B of virtual machine dynamic migration resource requirement.
(2) bidirectional identification that carries out territory, source A and aiming field B is differentiated, by the authority of rear inspection source territory A and aiming field B.Only have by rear, select cryptographic algorithm, key length, operator scheme and hash algorithm, and set up secure transmission tunnel.Safety transfer management in the A of territory, source is monitored the migration request signal is occurred to the migration in the A of territory, source.
(3) receive migration request, the migration in the A of territory, source is monitored with the migration in aiming field B and is monitored alternately, selects suitable migration strategy and migration optimisation strategy from the migration supporting module.
(4) carry out the initialization of virtual machine dynamic migration, as moved the building work of virtual machine VMa' at aiming field B, create the territory, source virtual unit, carry out the dynamic assignment of internal memory for newly-built territory, newly-built territory arranged etc.After initialization completes, aiming field sends " starting migration " signal by monitor of virtual machine VMM to territory, source A migration operation module, enters migration operation module.
(5) according to selected migration strategy and migration optimisation strategy, complete the copy of virtual machine state from territory, source A to aiming field B.The operation transferring module has copied the final state information of VME operating system, to aiming field B, sends " copy finishes " signal.
(6) in aiming field B, migration activates and receives " copy finishes " signal, activates the virtual machine VMa' of new migration, and the service that recovers territory, source A on aiming field B, return to " moving successfully " information to territory, source A.In the A of territory, source, VMM receives this information, destroys in the territory, source by migration virtual machine VMa.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (4)
1. a virtual machine dynamic migration security framework, by centralized control engine and the local migration engine be positioned on each separate server, formed, described centralized control engine is grasped the service condition of physics and virtual resource in platform on the whole, under the control of safety transfer strategy, initiate as required the operation of virtual machine dynamic migration, the load balancing in the implementation platform scope; Described local migration engine provides the local resource service condition, receives the migration request of centralized control engine and carry out actual migration operation to the centralized control engine.
2. a kind of virtual machine dynamic migration security framework according to claim 1, it is characterized in that, described centralized control engine by safety transfer strategy, identity discriminating, access control, security audit, focus detect, six parts of safety transfer management form, wherein
The safety transfer strategy: the security strategy of management and formulation virtual machine dynamic migration, only have the migration request that meets the safety transfer strategy, could allow to carry out;
Identity is differentiated: by modes such as public key certificate, territory, source, the aiming field of virtual machine (vm) migration carried out to the bidirectional identification discriminating, veritify the legitimacy of territory, source, aiming field identity;
Access control: access control or the access control based on the role are forced in the relevant operation to the virtual machine dynamic migration, request etc., and the virtual machine that only has the dynamic migration authority could dynamically be moved;
Security audit: record the every operation vestige in virtual machine dynamic migration process, as a kind of measure of following the trail of, collecting evidence afterwards, trace risk and leak that the virtual machine dynamic migration is relevant;
Focus is detected: periodically with local migration engine in resource monitor send request, obtain each physical server and the virtual machine service condition for CPU, internal memory and the network bandwidth, and collect the resource general situation of application that forms whole platform, search resource according to the resource general situation of application and use focus, offer the safety transfer administration module and use;
Safety transfer management: finally determine whether to initiate and how to initiate the dynamic migration operation of virtual machine, when meeting the virtual machine (vm) migration resource requirement, to local migration engine, " migration request " signal occurs.
3. a kind of virtual machine dynamic migration security framework according to claim 2, is characterized in that, described focus is detected in part, the detecting mainly based on following of focus:
The service-level agreement of A, virtual machine can not be satisfied;
B, physical server surpass reservation threshold for the utilization rate of CPU and bandwidth;
Internal memory frequently occurs and swaps out in C, physical server.
4. a kind of virtual machine dynamic migration security framework according to claim 1, is characterized in that, described local migration engine by resource monitor, migration monitor, migration is supported, migration operation, migration wake up, six parts of safe transmission form, wherein,
Resource monitor: be responsible for obtaining the service condition of the resources such as CPU on home server, internal memory and the network bandwidth and the resource service condition of each virtual machine;
Migration is supported: provide the virtual machine dynamic migration required brace foundation, comprise migration strategy and migration optimisation strategy, migration is monitored module and is selected applicable migration strategy and migration optimisation strategy according to conditions such as current resource service condition, available network bandwidth;
Migration is monitored: receive migration request from the centralized control engine, monitor alternately with the migration in aiming field, select suitable migration strategy and migration optimisation strategy from the migration supporting module;
Migration operation: according to selected migration strategy and migration optimisation strategy, complete the copy of virtual machine state from the territory, source to aiming field; Migration operation module has copied the final state information of VME operating system, to aiming field, sends " copy finishes " signal;
Migration activates: receive " copy finishes " signal, activate the virtual machine of new migration in aiming field, recover the service in territory, source on aiming field, return to " moving successfully " information to the territory, source;
Safe transmission: guarantee the transmission security of virtual machine in transition process by measures such as data encryptions, protect its confidentiality and integrity.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013104269050A CN103455373A (en) | 2013-09-18 | 2013-09-18 | Dynamic migration security framework of virtual machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013104269050A CN103455373A (en) | 2013-09-18 | 2013-09-18 | Dynamic migration security framework of virtual machine |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103455373A true CN103455373A (en) | 2013-12-18 |
Family
ID=49737779
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013104269050A Pending CN103455373A (en) | 2013-09-18 | 2013-09-18 | Dynamic migration security framework of virtual machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103455373A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104158826A (en) * | 2014-09-04 | 2014-11-19 | 中电长城网际系统应用有限公司 | Scheduling method for virtual machine migration and system |
| CN105094944A (en) * | 2015-06-10 | 2015-11-25 | 中国联合网络通信集团有限公司 | Virtual machine migration method and apparatus |
| CN106127024A (en) * | 2016-07-20 | 2016-11-16 | 浪潮电子信息产业股份有限公司 | A kind of efficient VM migrates Data Protection Scheme |
| CN106598713A (en) * | 2016-11-24 | 2017-04-26 | 上海交通大学 | Secure dynamic virtual machine migration method and system |
| CN107066312A (en) * | 2017-04-14 | 2017-08-18 | 济南浪潮高新科技投资发展有限公司 | Using the virtual machine (vm) migration implementation method of automatic compatible technology |
| WO2017206678A1 (en) * | 2016-06-02 | 2017-12-07 | 中兴通讯股份有限公司 | Information acquisition method and device |
| CN108073449A (en) * | 2017-11-21 | 2018-05-25 | 山东科技大学 | A kind of virtual machine dynamic laying method |
| CN111124599A (en) * | 2019-11-08 | 2020-05-08 | 海光信息技术有限公司 | Virtual machine memory data migration method and device, electronic equipment and storage medium |
| CN113535707A (en) * | 2021-08-05 | 2021-10-22 | 南京华飞数据技术有限公司 | Method for managing personnel information data based on big data |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080295096A1 (en) * | 2007-05-21 | 2008-11-27 | International Business Machines Corporation | DYNAMIC PLACEMENT OF VIRTUAL MACHINES FOR MANAGING VIOLATIONS OF SERVICE LEVEL AGREEMENTS (SLAs) |
| CN101739282A (en) * | 2008-11-18 | 2010-06-16 | 华为技术有限公司 | Method, device and system for managing virtual machine |
| CN101957900A (en) * | 2010-10-26 | 2011-01-26 | 中国航天科工集团第二研究院七○六所 | Credible virtual machine platform |
| CN102571821A (en) * | 2012-02-22 | 2012-07-11 | 浪潮电子信息产业股份有限公司 | Cloud security access control model |
| CN102724176A (en) * | 2012-02-23 | 2012-10-10 | 北京市计算中心 | Intrusion detection system facing cloud calculating environment |
| CN103064733A (en) * | 2011-10-20 | 2013-04-24 | 电子科技大学 | Cloud computing virtual machine live migration technology |
| CN103281306A (en) * | 2013-05-03 | 2013-09-04 | 四川省电力公司信息通信公司 | Virtualized infrastructure platform for cloud data centers |
-
2013
- 2013-09-18 CN CN2013104269050A patent/CN103455373A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080295096A1 (en) * | 2007-05-21 | 2008-11-27 | International Business Machines Corporation | DYNAMIC PLACEMENT OF VIRTUAL MACHINES FOR MANAGING VIOLATIONS OF SERVICE LEVEL AGREEMENTS (SLAs) |
| CN101739282A (en) * | 2008-11-18 | 2010-06-16 | 华为技术有限公司 | Method, device and system for managing virtual machine |
| CN101957900A (en) * | 2010-10-26 | 2011-01-26 | 中国航天科工集团第二研究院七○六所 | Credible virtual machine platform |
| CN103064733A (en) * | 2011-10-20 | 2013-04-24 | 电子科技大学 | Cloud computing virtual machine live migration technology |
| CN102571821A (en) * | 2012-02-22 | 2012-07-11 | 浪潮电子信息产业股份有限公司 | Cloud security access control model |
| CN102724176A (en) * | 2012-02-23 | 2012-10-10 | 北京市计算中心 | Intrusion detection system facing cloud calculating environment |
| CN103281306A (en) * | 2013-05-03 | 2013-09-04 | 四川省电力公司信息通信公司 | Virtualized infrastructure platform for cloud data centers |
Non-Patent Citations (1)
| Title |
|---|
| 刘鹏程,陈榕: "面向云计算的虚拟机动态迁移框架", 《计算机工程》 * |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104158826B (en) * | 2014-09-04 | 2017-12-05 | 中电长城网际系统应用有限公司 | A kind of dispatching method and its system of the migration of Virtual machine |
| CN104158826A (en) * | 2014-09-04 | 2014-11-19 | 中电长城网际系统应用有限公司 | Scheduling method for virtual machine migration and system |
| CN105094944A (en) * | 2015-06-10 | 2015-11-25 | 中国联合网络通信集团有限公司 | Virtual machine migration method and apparatus |
| CN105094944B (en) * | 2015-06-10 | 2018-06-29 | 中国联合网络通信集团有限公司 | A kind of virtual machine migration method and device |
| WO2017206678A1 (en) * | 2016-06-02 | 2017-12-07 | 中兴通讯股份有限公司 | Information acquisition method and device |
| CN107463476A (en) * | 2016-06-02 | 2017-12-12 | 中兴通讯股份有限公司 | The acquisition methods and device of information |
| CN106127024A (en) * | 2016-07-20 | 2016-11-16 | 浪潮电子信息产业股份有限公司 | A kind of efficient VM migrates Data Protection Scheme |
| CN106598713A (en) * | 2016-11-24 | 2017-04-26 | 上海交通大学 | Secure dynamic virtual machine migration method and system |
| CN107066312A (en) * | 2017-04-14 | 2017-08-18 | 济南浪潮高新科技投资发展有限公司 | Using the virtual machine (vm) migration implementation method of automatic compatible technology |
| CN108073449A (en) * | 2017-11-21 | 2018-05-25 | 山东科技大学 | A kind of virtual machine dynamic laying method |
| CN108073449B (en) * | 2017-11-21 | 2021-08-27 | 山东科技大学 | Dynamic virtual machine placement method |
| CN111124599A (en) * | 2019-11-08 | 2020-05-08 | 海光信息技术有限公司 | Virtual machine memory data migration method and device, electronic equipment and storage medium |
| CN113535707A (en) * | 2021-08-05 | 2021-10-22 | 南京华飞数据技术有限公司 | Method for managing personnel information data based on big data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103455373A (en) | Dynamic migration security framework of virtual machine | |
| CN103645949A (en) | Virtual machine dynamic migration security framework | |
| US10171432B2 (en) | Systems to implement security in computer systems | |
| Gu et al. | Secure live migration of SGX enclaves on untrusted cloud | |
| CN103841198A (en) | Cleanroom cloud computing data processing method and system | |
| CN102811239B (en) | A kind of dummy machine system and its method of controlling security | |
| Zunnurhain et al. | Security attacks and solutions in clouds | |
| US20120324236A1 (en) | Trusted Snapshot Generation | |
| CN102202046A (en) | Network-operating-system-oriented trusted virtual operating platform | |
| CN105224867A (en) | A kind of based on the Host Security reinforcement means under virtualized environment | |
| CN103984536B (en) | I/O request number systems and its method in a kind of cloud computing platform | |
| Wan et al. | An improved vTPM migration protocol based trusted channel | |
| CN110851188B (en) | Domestic PLC (programmable logic controller) trusted chain implementation device and method based on binary architecture | |
| CN102332069B (en) | Method and system for full life cycle security management of virtual machine | |
| Kumara et al. | Hypervisor and virtual machine dependent Intrusion Detection and Prevention System for virtualized cloud environment | |
| Wang et al. | Virtual machine-based intrusion detection system framework in cloud computing environment. | |
| Jin et al. | Cloud virtual machine lifecycle security framework based on trusted computing | |
| Xu et al. | A survey: cloud data security based on blockchain technology | |
| US9734325B1 (en) | Hypervisor-based binding of data to cloud environment for improved security | |
| RU2557476C2 (en) | Robust and secure hardware-computer system in cloud computing environment | |
| Eckel et al. | Secure attestation of virtualized environments | |
| Kim et al. | An iot device-trusted remote attestation framework | |
| Wang et al. | Research on application of trusted computing 3.0 in industrial control system of nuclear power plant | |
| Liu et al. | Secure streaming forensic data transmission for trusted cloud | |
| CN104714877A (en) | Mixed monitoring and measurement method and system used on virtual machines |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20131218 |