CN103885725B - A kind of virtual machine access control system and its control method based on cloud computing environment - Google Patents

A kind of virtual machine access control system and its control method based on cloud computing environment Download PDF

Info

Publication number
CN103885725B
CN103885725B CN201410100951.6A CN201410100951A CN103885725B CN 103885725 B CN103885725 B CN 103885725B CN 201410100951 A CN201410100951 A CN 201410100951A CN 103885725 B CN103885725 B CN 103885725B
Authority
CN
China
Prior art keywords
resource pool
secure
module
virtual machine
pool
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410100951.6A
Other languages
Chinese (zh)
Other versions
CN103885725A (en
Inventor
邹丹丹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ECDATA INFORMATION TECHNOLOGY Co Ltd
Original Assignee
ECDATA INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ECDATA INFORMATION TECHNOLOGY Co Ltd filed Critical ECDATA INFORMATION TECHNOLOGY Co Ltd
Priority to CN201410100951.6A priority Critical patent/CN103885725B/en
Publication of CN103885725A publication Critical patent/CN103885725A/en
Application granted granted Critical
Publication of CN103885725B publication Critical patent/CN103885725B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of virtual machine access control system and its control method based on cloud computing environment includes:Judge whether the carry agreement of virtual machine meets the carry agreement of physical resource server;Judge that the resource pool needed for the order that external Virtual machine sends whether there is in storage pool;In the presence of, open and decrypt the resource pool in the storage pool;When not existing, the required resource pool is created and encrypts;Resource pool and corresponding secure ID needed for creating, judges whether the secure ID of resource pool meets matching principle, when the secure ID of resource pool meets matching principle, judges whether the attribute for needing the secure ID for changing the resource pool;Open and decrypt already present resource pool;During successful decryption, judge that external Virtual machine accesses whether the secure ID of process is mated with the secure ID that decrypts, and call result output module.Isolating for host and virtual machine can be realized according to the matching degree of mark, resource pool encryption method and storage server carry agreement.

Description

A kind of virtual machine access control system and its control method based on cloud computing environment
Technical field
The present invention relates to the virtual machine access control field in computer realm, and in particular to a kind of based on cloud computing environment Virtual machine access control system and its control method.
Background technology
Cloud computing is the tradition meter such as Distributed Calculation, parallel computation, effectiveness calculating, the network storage, virtualization, load balancing Calculation machine and the product of network technical development fusion.In based on cloud computing virtual environment run computer processes, be with Other virtual machine isolation of operation on one physical hardware.Each virtual machine can actually be stored in a physical hard disk On, shut down and be carried from and be safe to continue isolation and guarantee.
However, above-mentioned safety measure still cannot be avoided the presence of some potential safety hazards in practice.Typically, virtual machine meeting Hardware on shared machine, such as CPU, internal memory, disk and the network equipment;Once the shared data of certain virtual machine infection, then Other virtual machines for sharing same resource will be affected.In addition, if attacker breaks through virtual machine, virtual machine has been taken All controls, or system supervisor(Hypervisor)Situations such as there is leak occurs, and can there are many safety Problem.
Content of the invention
It is an object of the invention to provide a kind of virtual machine access control system and its controlling party based on cloud computing environment Method, under virtual environment, virtual machine is considered as to operate in the individual process on host, by accessing money to process and process The control in source, realizes the security isolation of virtual machine.When breaking through for a certain virtual machine, other virtual machines are not interfered with, it is to avoid Other virtual machines are caused to be rejected service.
In order to achieve the above object, the present invention is achieved through the following technical solutions:
A kind of virtual machine access control system based on cloud computing environment, is characterized in, the control system includes:Identifier Identification and matching module, and connected storage pool identification module, establishment/open resource pool module, distribution/more new logo mould The mutual modular converter of block, identifier and result output module.
Storage pool identification module, establishment/open resource pool module, distribution/update mark module, the mutual modular converter of identifier It is sequentially connected;The mark is created/is opened resource pool module and is connected with above-mentioned result output module.
A kind of control method of the virtual machine access control system based on cloud computing environment, is characterized in, the control method Comprising:
Step 1, storage pool identification module judge whether the carry agreement of the external Virtual machine meets external physical resource clothes The predefined carry agreement of business device, and will determine that result is stored in identifier identification and matching module;
Step 2, creates/opens resource pool module and judge whether the resource pool needed for the order that the external Virtual machine sends is deposited It is in storage pool;In the presence of, above-mentioned establishment/opening resource pool module is opened and decrypts the resource pool in the storage pool;No In the presence of, the establishment/opening resource pool module creation simultaneously encrypts the required resource pool;
Step 3, the resource pool needed for above-mentioned establishment/opening resource pool module creation, distribution/renewal mark module is should The new resource pool for creating creates corresponding secure ID, and whether identifier identification and matching module judges the secure ID of the resource pool Meet matching principle, when the secure ID of the resource pool meets matching principle, judge whether to need mutually to change by identifier Module changes the attribute of the secure ID of the resource pool;
Step 4, above-mentioned establishment/opening resource pool module are opened and decrypt already present resource pool;When successful decryption, Above-mentioned identifier identification and matching module judge external Virtual machine access the secure ID of process whether with the safety post that decrypts Know coupling, and call above-mentioned result output module.
The control method of the above-mentioned virtual machine access control system based on cloud computing environment, is characterized in, above-mentioned step Rapid 1 comprises the steps of:
Step 1.1, when not meeting, above-mentioned identifier identification and matching module triggers above-mentioned result output module, the knot Fruit output module calls terminal computer to show and accesses failure, and virtual machine is accessed and terminated.
The storage pool identification module when meeting, is triggered above-mentioned establishment/opening resource pool module 20, is continued by step 1.2 Execution step 2.
The above-mentioned virtual machine access control method based on cloud computing environment, is characterized in, above-mentioned step 3 is comprising as follows Step:
Step 3.1, above-mentioned establishment/opening resource pool module creation simultaneously encrypt required resource pool, and resource is stored Order the operating system of incoming above-mentioned physical resource server.
Step 3.2, needed for the order that the external Virtual machine is sent by the operating system of above-mentioned physical resource server External file is stored in the resource pool of the new establishment, and storage is completed feedback of the information to above-mentioned establishment/opening resource pool mould Block.
Step 3.3, above-mentioned establishment/opening resource pool module will distribute the incoming above-mentioned distribution of secure ID order/more New logo module.
Step 3.4, above-mentioned distribution/renewal mark module are that the resource pool of above-mentioned new establishment creates corresponding safety post Know, and the secure ID is sent to above-mentioned identifier identification and matching module.
Step 3.5, it is former that above-mentioned identifier identification and matching module judges whether the secure ID of the resource pool meets coupling Then;When meeting, by incoming for secure ID result output module;When not meeting, by the secure ID feed back to above-mentioned distribution/ The secure ID that mark module 30 re-creates the resource pool is updated, execution step 3.4 is redirected.
Step 3.6, when the secure ID of the resource pool meets matching principle, above-mentioned result output module passes through terminal The secure ID of the computer export resource pool, and display whether to need the attribute for changing the secure ID;When needing to change, adjust The attribute that the secure ID is changed with the mutual modular converter of above-mentioned identifier;When need not change, the encryption wound of the resource pool is completed Build, the external Virtual machine is able to access that the resource pool on the physical resource server.
The control method of the above-mentioned virtual machine access control system based on cloud computing environment, is characterized in, above-mentioned step Rapid 4 comprise the steps of:
Step 4.1, above-mentioned establishment/opening resource pool module are opened according to the order that external Virtual machine sends and are decrypted The resource pool of presence;During successful decryption, the identifier identification and matching module judges the secure ID of external Virtual machine;Decryption failure When, the access failure of the virtual machine.
Step 4.2, when successful decryption, above-mentioned identifier identification and matching module judges that external Virtual machine accesses process Whether secure ID is mated with the secure ID that decrypts, and calls above-mentioned result output module.
The control method of the above-mentioned virtual machine access control system based on cloud computing environment, is characterized in, above-mentioned step In rapid 3.6, when the secure ID of the resource pool meets matching principle, above-mentioned distribution/renewal mark module generates resource pool Secure ID attribute for dynamically labeled;The mutual modular converter of above-mentioned identifier can be by the secure ID with dynamic attribute Be converted to the secure ID with static attribute.
The control method of the above-mentioned virtual machine access control system based on cloud computing environment, is characterized in, above-mentioned step Rapid 4.2 comprise the steps of:
Step 4.2.1, when the secure ID of already present resource pool is mismatched with the secure ID of external Virtual machine, on The result output module that states accesses failure by above-mentioned terminal computer.
Step 4.2.2, when the secure ID of already present resource pool is mated with the secure ID of external Virtual machine, outside Virtual machine is able to access that the resource pool in the storage server.
The present invention has advantages below compared with prior art:
The virtual machine access control method based on cloud computing of the present invention can be according to the matching degree of mark, resource pool encryption Method and storage server carry agreement prevent malicious process from attacking realizing isolating for host and virtual machine Hypervisor, and then control the use of virtual machine.Prevent malicious user from further controlling after obtaining a virtual right to use The administrative power of hypervisor, affects other virtual machines of trustship to use;Realize isolating for virtual machine and virtual machine.Prevent one The collapse of virtual machine, does not interfere with the normal use of other virtual machines.
Description of the drawings
Fig. 1 is a kind of overall schematic of the virtual machine access control system based on cloud computing environment of the present invention.
Fig. 2 is a kind of embodiment schematic diagram of the virtual machine access control system based on cloud computing environment of the present invention.
Fig. 3 is a kind of overall flow schematic diagram of the virtual machine access control method based on cloud computing environment of the present invention.
Specific embodiment
Below in conjunction with accompanying drawing, by describing a preferably specific embodiment in detail, the present invention is further elaborated.
As shown in figure 1, a kind of virtual machine access control system based on cloud computing environment, the control system includes:Mark Symbol identification and matching module 50, and connected storage pool identification module 10, establishment/open resource pool module 20, distribution/update The mutual modular converter 40 of mark module 30, identifier and result output module 60.
Above-mentioned storage pool identification module 10, create/open resource pool module 20, distribution/update mark module 30, mark Accord with mutual modular converter 40 to be sequentially connected;Above-mentioned result output module 60 is connected with above-mentioned establishment/opening resource pool module 20.
As shown in Fig. 2 when the multiple virtual machines based on cloud computing access main frame shared file, multiple virtual machines are by terminal meter Calculation machine 100 carries out information processing and display as host, and multiple terminal computers 100 pass through multiple physical resource servers 200 with storage server 300 transmit, exchange information.Multiple physical resource servers 200 include a primary physical Resource Server 210 and multiple Aided Physical Resource Servers 220;The access control system of virtual machine is arranged on primary physical Resource Server 210 On, multiple Aided Physical Resource Servers 220, primary physical Resource Server 210 with 300 transmission information of storage server.Base When multiple virtual machines of cloud computing access main frame shared file, each virtual machine for being arranged on terminal computer 100 passes through The virtual machine access control system being arranged on primary physical Resource Server 210 is entered to the shared file in storage server 300 Row is accessed.
As shown in figure 3, a kind of virtual machine access control method based on cloud computing environment, the control method includes:
A kind of virtual machine access control method based on cloud computing environment, the control method include:
Step 1, interface of the storage pool identification module 10 by physical resource server with external Virtual machine are attached, and sentence Whether the carry agreement of the disconnected external Virtual machine meets the predefined carry agreement of physical resource server 200, and will determine that knot Fruit is stored in identifier identification and matching module 50.
Network File System protocol should be gone for based on the virtual machine access control method of cloud computing environment(Net File System agreements, abbreviation NFS protocol), global file system agreement(Google File System agreements, abbreviation GFS Agreement), general purpose I nternet file system protocol(Common Internet File System agreements)Etc. agreement.The step 1 Specifically comprise the steps of:
Step 1.1, when not meeting, above-mentioned identifier identification and matching module 50 triggers above-mentioned result output module 60, The result output module 60 calls terminal computer 100 to show and accesses failure, and virtual machine is accessed and terminated.
The storage pool identification module 10, when meeting, is triggered establishment/opening resource pool module 20 by step 1.2.
In the present embodiment, virtual machine access protocal is Network File System protocol(Net File System agreements, referred to as NFS protocol), storage pool identification module 10 is according to Mandatory Access Control(Mandatory Access Control, referred to as MAC)Agreement during identification storage carry;When the carry agreement of external Virtual machine is that virt_use_nfs is " virt_use_ nfs-->During off ", storage pool identification module 10 judges that the carry agreement of the external Virtual machine does not meet the external physical resource The predefined carry agreement of server, execution step 1.1;When the carry agreement of external Virtual machine for virt_use_nfs is “virt_use_nfs-->During on ", reservoir identification module 10 judges that the carry agreement of the external Virtual machine meets the external physical The predefined carry agreement of Resource Server, execution step 1.2.
Step 2, creates/opens resource pool module 20 and judge resource pool needed for the order that the external Virtual machine sends whether It is present in the storage pool of the storage server 300, in the presence of, above-mentioned establishment/opening resource pool module 20 is opened and is decrypted Resource pool in the storage pool, jumps to step 4;When not existing, the establishment/opening resource pool module 20 is created and encrypts the institute The resource pool for needing, execution step 3.
In the present embodiment, the resource pool in the storage pool of storage server 300 includes virtual image, virtual hard disk subregion The resource informations such as table, virtual network.
Step 3, creates/opens the resource pool needed for resource pool module 20 is created, and distribution/renewal mark module 30 is new for this The resource pool of establishment creates corresponding secure ID, and whether identifier identification and matching module 50 judges the secure ID of the resource pool Meet matching principle, when the secure ID of the resource pool meets matching principle, judge whether to need mutually to change by identifier Module 40 changes the attribute of the secure ID of the resource pool.The step 3 is comprised the steps of:
Step 3.1, creates/opens the resource pool needed for resource pool module 20 is created and encrypted, and resource storage is ordered The operating system of incoming above-mentioned physical resource server 200.
The resource pool for newly creating is encrypted according to hash algorithm in the present embodiment.
Step 3.2, the outside needed for the order that the external Virtual machine is sent by the operating system of physical resource server 200 File is stored in the resource pool of the new establishment, and storage is completed feedback of the information to above-mentioned establishment/opening resource pool module 20.
Step 3.3, creates/opens resource pool module 20 by incoming for distribution secure ID order distribution/renewal mark module 30.
Step 3.4, distribution/update the resource pool corresponding secure ID of establishment that mark module 30 is above-mentioned new establishment, and The secure ID is sent to above-mentioned identifier identification and matching module 50.
For example, the secure ID of resource pool is svirt_image_t:s0:C441, c961, sensitivity level S are 0 grade, category level Respectively 441,961.Sensitivity level S may range from 0-15, and the sensitive rank of the bigger representative of numeral is higher.
Step 3.5, identifier identification and matching module 50 judge whether the resource pool secure ID for generating meets matching principle; When meeting, by incoming for secure ID result output module 60;When not meeting, the secure ID is fed back to distribution/renewal mark Know the secure ID that module 30 re-creates the resource pool, redirect execution step 3.4;
Step 3.6, when the secure ID of the resource pool meets matching principle, as a result output module 60 is calculated by terminal Machine 100 exports the secure ID of the resource pool, and displays whether to need the attribute for changing the secure ID;When needing to change, adjust The attribute that the secure ID is changed with the mutual modular converter 40 of above-mentioned identifier;When need not change, the encryption of the resource pool is completed Create, the external Virtual machine is able to access that the resource pool on the physical resource server 200.
In above-mentioned step 3.6, it is dynamic mark that distribution/renewal mark module 30 generates the attribute of the secure ID of resource pool Note;Secure ID with dynamic attribute can be converted to the mutual modular converter 40 of identifier the safety post with static attribute Know.
Step 4, creates/opens resource pool module 20 and open and decrypt already present resource pool;When successful decryption, mark Symbol identification and matching module 50 judges that external Virtual machine accesses whether the secure ID of process is mated with the secure ID that decrypts, and Call result output module 60.The step 4 is comprised the steps of:
Step 4.1, the order that establishment/opening resource pool module 20 is sent according to external Virtual machine are opened and are decrypted existing Resource pool;During successful decryption, the identifier identification and matching module 50 judges the secure ID of external Virtual machine;Decryption failure When, the access failure of the virtual machine.
Step 4.2, when successful decryption, identifier identification and matching module 50 judges that external Virtual machine accesses the safety of process Identify whether to mate with the secure ID that decrypts, and call above-mentioned result output module 60.The step 4.2 includes following step Suddenly:
Step 4.2.1, when the secure ID of already present resource pool is mismatched with the secure ID of external Virtual machine, on The result output module 60 that states shows access failure by above-mentioned terminal computer 100;
Step 4.2.2, when the secure ID of already present resource pool is mated with the secure ID of external Virtual machine, outside Virtual machine is able to access that the resource pool in the storage server 300.
For example, when the secure ID of resource pool is:svirt_image_t: s9:C453, c478, mate the virtuality for accessing Machine accesses the secure ID of process::svirt_t: s9:C453, c478, then mate and be proved to be successful, and external Virtual machine can lead to Cross physical resource server 200 and access the resource in storage server 300.
Although present disclosure has been made to be discussed in detail by above preferred embodiment, but it should be appreciated that above-mentioned Description is not considered as limitation of the present invention.After those skilled in the art have read the above, for the present invention's Multiple modifications and substitutions all will be apparent.Therefore, protection scope of the present invention should be limited to the appended claims.

Claims (6)

1. a kind of control method of the virtual machine access control system based on cloud computing environment, it is characterised in that the control system Comprising:Identifier identification and matching module(50), and connected storage pool identification module(10), create/open resource pool mould Block(20), distribution/update mark module(30), the mutual modular converter of identifier(40)And result output module(60);
Described storage pool identification module(10), create/open resource pool module(20), distribution/update mark module(30), mark Know the mutual modular converter of symbol(40)It is sequentially connected;The establishment/opening resource pool module(20)With described result output module(60) Connection;
The control method includes:Step 1, described storage pool identification module(10)Whether judge the carry agreement of external Virtual machine Meet external physical Resource Server(200)Predefined carry agreement, and by described judged result be stored in identifier identification Matching module(50);
Step 2, described establishment/opening resource pool module(20)Judge the resource pool needed for the order that the external Virtual machine sends Whether there is in storage pool;In the presence of, described establishment/opening resource pool module(20)Open and decrypt in the storage pool Resource pool;When not existing, the establishment/opening resource pool module(20)Create and encrypt the required resource pool;
Step 3, described establishment/opening resource pool module(20)Create required resource pool, described distribution/more new logo mould Block(30)Resource pool for the new establishment creates corresponding secure ID, described identifier identification and matching module(50)Judging should Whether the secure ID of resource pool meets matching principle, when the secure ID of the resource pool meets matching principle, judges whether Need by the mutual modular converter of described identifier(40)Change the attribute of the secure ID of the resource pool;
Step 4, described establishment/opening resource pool module(20)Open and decrypt already present resource pool;When successful decryption, Described identifier identification and matching module(50)Judge external Virtual machine access the secure ID of process whether with the peace that decrypts Full mark coupling, and call described result output module(60).
2. the control method of the virtual machine access control system based on cloud computing environment as claimed in claim 1, its feature exist In described step 1 is comprised the steps of:
Step 1.1, when not meeting, described identifier identification and matching module(50)The described result output module of triggering(60), The result output module(60)Call terminal computer(100)Show and access failure, virtual machine is accessed and terminated;
Step 1.2, when meeting, by the storage pool identification module(10)Described establishment/opening resource pool the module of triggering(20), after Continuous execution step 2.
3. the control method of the virtual machine access control system based on cloud computing environment as claimed in claim 2, its feature exist In described step 3 is comprised the steps of:
Step 3.1, described establishment/opening resource pool module(20)Resource pool needed for creating and encrypting, and resource is stored Order incoming physical resource server(200)Operating system;
Step 3.2, described physical resource server(200)Operating system order that the external Virtual machine is sent needed for External file is stored in the resource pool of the new establishment, and storage is completed feedback of the information to described establishment/opening resource pool mould Block(20);
Step 3.3, described establishment/opening resource pool module(20)Will the distribution incoming described distribution of secure ID order/more New logo module(30);
Step 3.4, described distribution/renewal mark module(30)Resource pool for above-mentioned new establishment creates corresponding safety post Know, and the secure ID is sent to described identifier identification and matching module(50);
Step 3.5, described identifier identification and matching module(50)Judge whether the secure ID of the resource pool meets coupling original Then;When meeting, by incoming for secure ID result output module(60);When not meeting, the secure ID is fed back to described Distribution/update mark module(30)The secure ID of the resource pool is re-created, execution step 3.4 is redirected;
Step 3.6, when the secure ID of the resource pool meets matching principle, described result output module(60)By described Terminal computer(100)The secure ID of the resource pool is exported, and displays whether to need the attribute for changing the secure ID;Need When to be changed, the mutual modular converter of described identifier is called(40)Change the attribute of the secure ID;When need not change, this is completed The encryption of resource pool is created, and the external Virtual machine is able to access that the physical resource server(200)On resource pool.
4. the control method of the virtual machine access control system based on cloud computing environment as claimed in claim 1, its feature exist In described step 4 is comprised the steps of:
Step 4.1, described establishment/opening resource pool module(20)The order sent according to external Virtual machine is opened and is decrypted The resource pool of presence;During successful decryption, the identifier identification and matching module(50)Judge the secure ID of external Virtual machine;Decryption During failure, terminate the access of the virtual machine;
Step 4.2, when successful decryption, described identifier identification and matching module(50)Judge that external Virtual machine accesses process Whether secure ID is mated with the secure ID that decrypts, and calls described result output module(60).
5. the control method of the virtual machine access control system based on cloud computing environment as claimed in claim 3, its feature exist In, in described step 3.6, when the secure ID of the resource pool meets matching principle, described distribution/renewal mark module (30)The attribute for generating the secure ID of resource pool is dynamically labeled;The mutual modular converter of described identifier(40)To can have The secure ID of dynamic attribute is converted to the secure ID with static attribute.
6. the control method of the virtual machine access control system based on cloud computing environment as claimed in claim 4, its feature exist In described step 4.2 is comprised the steps of:
Step 4.2.1, when the secure ID of already present resource pool is mismatched with the secure ID of external Virtual machine, described As a result output module(60)Call terminal computer(100)Show and access failure;
Step 4.2.2, when the secure ID of already present resource pool is mated with the secure ID of external Virtual machine, external Virtual Machine is able to access that storage server(300)On resource pool.
CN201410100951.6A 2014-03-19 2014-03-19 A kind of virtual machine access control system and its control method based on cloud computing environment Active CN103885725B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410100951.6A CN103885725B (en) 2014-03-19 2014-03-19 A kind of virtual machine access control system and its control method based on cloud computing environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410100951.6A CN103885725B (en) 2014-03-19 2014-03-19 A kind of virtual machine access control system and its control method based on cloud computing environment

Publications (2)

Publication Number Publication Date
CN103885725A CN103885725A (en) 2014-06-25
CN103885725B true CN103885725B (en) 2017-03-15

Family

ID=50954645

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410100951.6A Active CN103885725B (en) 2014-03-19 2014-03-19 A kind of virtual machine access control system and its control method based on cloud computing environment

Country Status (1)

Country Link
CN (1) CN103885725B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105653938A (en) * 2015-12-31 2016-06-08 中国电子科技网络信息安全有限公司 Sandbox protection system and method for virtual machine
CN106101113B (en) * 2016-06-24 2019-04-30 中国科学院计算技术研究所 A kind of cloud computing data security annotation management method and system
CN108345491B (en) * 2017-01-24 2021-08-13 北京航空航天大学 Cross-platform virtual machine mandatory access control method in cloud computing environment
CN108121593B (en) * 2017-12-22 2019-06-25 四川大学 A kind of virtual machine process anomaly detection method and system
US11283800B2 (en) * 2019-03-08 2022-03-22 International Business Machines Corporation Secure interface control secure storage hardware tagging

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103020501A (en) * 2012-11-14 2013-04-03 曙光云计算技术有限公司 Access control method and access control device of user data
CN103164283A (en) * 2012-05-10 2013-06-19 上海兆民云计算科技有限公司 Method and system for dynamic scheduling management of virtualized resources in virtualized desktop system
CN103248696A (en) * 2013-05-10 2013-08-14 无锡云动科技发展有限公司 Dynamic configuration method for virtual resource in cloud computing environment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8918488B2 (en) * 2009-02-04 2014-12-23 Citrix Systems, Inc. Methods and systems for automated management of virtual resources in a cloud computing environment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103164283A (en) * 2012-05-10 2013-06-19 上海兆民云计算科技有限公司 Method and system for dynamic scheduling management of virtualized resources in virtualized desktop system
CN103020501A (en) * 2012-11-14 2013-04-03 曙光云计算技术有限公司 Access control method and access control device of user data
CN103248696A (en) * 2013-05-10 2013-08-14 无锡云动科技发展有限公司 Dynamic configuration method for virtual resource in cloud computing environment

Also Published As

Publication number Publication date
CN103885725A (en) 2014-06-25

Similar Documents

Publication Publication Date Title
CN108632284B (en) User data authorization method, medium, device and computing equipment based on block chain
AU2018299716B2 (en) Key attestation statement generation providing device anonymity
US12039058B2 (en) Systems and methods of performing computation operations using secure enclaves
AU2016226593B2 (en) Systems and methods for securing data
TWI701929B (en) Cryptographic calculation, method for creating working key, cryptographic service platform and equipment
US20230246821A1 (en) Network bound encryption for recovery of trusted execution environments
CN107743133A (en) Mobile terminal and its access control method and system based on trustable security environment
CN108885665A (en) System and method for decrypting the network flow in virtualized environment
US10601590B1 (en) Secure secrets in hardware security module for use by protected function in trusted execution environment
US10193690B1 (en) Systems and methods to secure data using computer system attributes
CN107548499A (en) The technology booted safely for virtual network function
US20230319023A1 (en) Network bound encryption for orchestrating workloads with sensitive data
CN103885725B (en) A kind of virtual machine access control system and its control method based on cloud computing environment
CN103107994A (en) Vitualization environment data security partition method and system
TW202011712A (en) Cryptographic operation and working key creation method and cryptographic service platform and device
JP7445358B2 (en) Secure Execution Guest Owner Control for Secure Interface Control
WO2020073712A1 (en) Method for sharing secure application in mobile terminal, and mobile terminal
CN107196907A (en) A kind of guard method of Android SO files and device
US9864853B2 (en) Enhanced security mechanism for authentication of users of a system
US20230036165A1 (en) Security broker with post-provisioned states of the tee-protected services
Prasadreddy et al. A threat free architecture for privacy assurance in cloud computing
US11856002B2 (en) Security broker with consumer proxying for tee-protected services
US20230030816A1 (en) Security broker for consumers of tee-protected services
CN104717235B (en) A kind of resources of virtual machine detection method
CN117992993B (en) Data management and control method and system based on trusted execution environment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant