CN104580314A - Data isolation method and device for cloud computing system as well as terminal - Google Patents
Data isolation method and device for cloud computing system as well as terminal Download PDFInfo
- Publication number
- CN104580314A CN104580314A CN201310506847.2A CN201310506847A CN104580314A CN 104580314 A CN104580314 A CN 104580314A CN 201310506847 A CN201310506847 A CN 201310506847A CN 104580314 A CN104580314 A CN 104580314A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- user
- virtual
- caller
- called
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention provides a data isolation method and device for a cloud computing system as well as a terminal. The data isolation method comprises the following steps: establishing a virtual trust domain for a user logging in the cloud computing system, wherein the virtual trust domain comprises one or more virtual machines distributed for the same user; according to the virtual machines distributed for the same user in the virtual trust domain, establishing an information table of the user, wherein the information table of the user comprises user information and the attribute information of the virtual machines distributed for the user; when a communication request between the virtual machines is received, according to the information table of the user, judging whether a calling virtual machine and a called virtual machine belong to the same user or not, and thus obtaining a judging result; when the judging result shows that the calling virtual machine and the called virtual machine belong to the same user, allowing the calling virtual machine to communicate with the called virtual machine; when the judging result shows that the calling virtual machine and the called virtual machine do not belong to the same user, forbidding the calling virtual machine to communicate with the called virtual machine.
Description
Technical field
The present invention relates to the communications field, particularly a kind of method of cloud computing system data isolation, device and terminal.
Background technology
In cloud computing system, many tenants are its typical operational modes, and namely different users uses same cloud computing system to store their sensitive data.In this case, the data from different user need strict keeping apart, and the data belonged between same user then need seamless interconnected.
In existing solution, data encryption is more feasible technology.It can be solved from the mode of encryption by user, and namely each user takes first to encrypt the confidentiality of mode to data uploaded again and protects to the data be stored in cloud computing system.In this case, even if user data has been revealed, unauthorized person also cannot obtain the sensitive information comprised in data easily.
Except user is except encryption, the encryption technology based on attribute is the higher data protection mode that compares.It is by arranging different attributes for a file, and each attribute is equivalent to an independently key, and this key can only be untied and the information of this attribute to correspondence from this file.
Existing data isolation technology also exists following shortcoming:
For user from encryption technology, although realize simple, the operation complexity of meeting adding users and data maintenance complexity.Although the cloud computing system used is on behalf of preservation sensitive information, user still needs for the confidentiality of oneself data is responsible for.
For the data encryption based on attribute, it is the cipher mode that a kind of cost is relatively high, and its needs a centralized authentication center to ensure certification to user property and authentication.In other one side, the isolation of sensitive information when the data encryption technology based on attribute is applicable to share identical file between user, instead of the isolation of file itself.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of method of cloud computing system data isolation, device and terminal, carries out data isolation for different users, ensures the safety of user storage data, makes simple, reduce costs.
For solving the problems of the technologies described above, embodiments of the invention provide a kind of method of cloud computing system data isolation, comprising:
For the user logging in cloud computing system creates virtual trust domain, wherein, described virtual trust domain comprises: at least one virtual machine distributed for same user;
According to being the virtual machine that same user distributes in described virtual trust domain, create the information table of described user; Wherein, the information table of described user comprises: the attribute information of user profile and the virtual machine for this user distribution;
When receiving the communication request between virtual machine, according to the information table of described user, judge whether caller virtual machine and called virtual machine belong to same user, obtain judged result;
When described judged result is for being, allow the communication between described caller virtual machine and described called virtual machine;
When described judged result is no, forbid the communication between described caller virtual machine and described called virtual machine.
Wherein, the attribute information of described virtual machine at least comprises: virtual machine owning user, resident physical host, virtual medium access control vMAC address and/or virtual IP(Internet Protocol) vIP address.
Wherein, the method for above-mentioned cloud computing system data isolation also comprises:
When the virtual machine in described virtual trust domain changes, upgrade the information table of described user according to described change.
Wherein, the step of the communication between described caller virtual machine and described called virtual machine is allowed specifically to comprise:
Generate a pair public and private key, and PKI is given described called virtual machine, private key is given described caller virtual machine;
Described called virtual machine allows the communication between described caller virtual machine and described called virtual machine after verifying that described caller virtual machine is legal according to described public and private key.
Wherein, between described caller virtual machine with described called virtual machine by described virtual trust domain for the credible direct link tunnel set up in advance between virtual machine communicates.
Wherein, described direct link tunnel is based on the two layer tunnel of vMAC address or the three layer tunnel based on vIP address.
For solving the problems of the technologies described above, embodiments of the invention also provide a kind of device of cloud computing system data isolation, comprising:
First creation module, creates virtual trust domain for the user for logging in cloud computing system, and wherein, described virtual trust domain comprises: at least one virtual machine distributed for same user;
Second creation module, for according to being the virtual machine that same user distributes in described virtual trust domain, creates the information table of described user; Wherein, the information table of described user comprises: the attribute information of user profile and the virtual machine for this user distribution;
Judge module, for when receiving the communication request between virtual machine, according to the information table of described user, judges whether caller virtual machine and called virtual machine belong to same user, obtain judged result;
First Executive Module, for when described judged result is for being, allows the communication between described caller virtual machine and described called virtual machine;
Second Executive Module, during for being no when described judged result, forbids the communication between described caller virtual machine and described called virtual machine.
Wherein, the attribute information of described virtual machine at least comprises: virtual machine owning user, resident physical host, virtual medium access control vMAC address and/or virtual IP(Internet Protocol) vIP address.
Wherein, the device of above-mentioned cloud computing system data isolation also comprises:
Update module, for when the virtual machine in described virtual trust domain changes, upgrades the information table of described user according to described change.
Wherein, described first Executive Module comprises:
Generation module, for when described judged result is for being, generates a pair public and private key, and PKI is given described called virtual machine, private key is given described caller virtual machine;
First implementation sub-module, after verifying that described caller virtual machine is legal, allows the communication between described caller virtual machine and described called virtual machine for described called virtual machine according to described public and private key.
For solving the problems of the technologies described above, embodiments of the invention also provide a kind of terminal, comprising: the device of cloud computing system data isolation as above.
The beneficial effect of technique scheme of the present invention is as follows:
The method of the cloud computing system data isolation of the embodiment of the present invention, user first for logging in cloud computing system creates virtual trust domain, wherein, this virtual trust domain comprises at least one virtual machine for same user distributes, then according in virtual trust domain being the virtual machine that same user distributes, create the information table of user, the information table of this user comprises the attribute information of user profile and the virtual machine for this user distribution, when receiving the communication request between virtual machine, according to the information table of user, judge whether caller virtual machine and called virtual machine belong to same user, when judged result is for being, allow the communication between caller virtual machine and called virtual machine, otherwise, forbid the communication between caller virtual machine and called virtual machine.Carry out data isolation for different users, ensure the safety of user storage data, simple, and reduce cost.
Accompanying drawing explanation
Fig. 1 is the method flow diagram of cloud computing system data isolation of the present invention;
Fig. 2 is the schematic diagram of the U-shaped connection of method one specific embodiment of cloud computing system data isolation of the present invention;
Fig. 3 is the structural representation of method one specific embodiment of cloud computing system data isolation of the present invention;
Fig. 4 is the workflow diagram of method one specific embodiment of cloud computing system data isolation of the present invention;
Fig. 5 is the apparatus structure schematic diagram of cloud computing system data isolation of the present invention.
Embodiment
For making the technical problem to be solved in the present invention, technical scheme and advantage clearly, be described in detail below in conjunction with the accompanying drawings and the specific embodiments.
The method of the cloud computing system data isolation of the embodiment of the present invention, carries out data isolation for different users, has ensured the safety of user storage data, simple, and reduces cost.
As Figure 1-4, the method for the cloud computing system data isolation of the embodiment of the present invention, comprising:
Step 11, for the user logging in cloud computing system creates virtual trust domain, wherein, described virtual trust domain comprises: at least one virtual machine distributed for same user;
Step 12, according to being the virtual machine that same user distributes in described virtual trust domain, creates the information table of described user; Wherein, the information table of described user comprises: the attribute information of user profile and the virtual machine for this user distribution;
Step 13, when receiving the communication request between virtual machine, according to the information table of described user, judges whether caller virtual machine and called virtual machine belong to same user, obtain judged result;
Step 14, when described judged result is for being, allows the communication between described caller virtual machine and described called virtual machine;
Step 15, when described judged result is no, forbids the communication between described caller virtual machine and described called virtual machine.
The method of the cloud computing system data isolation of the embodiment of the present invention, user first for logging in cloud computing system creates virtual trust domain, wherein, this virtual trust domain comprises at least one virtual machine for same user distributes, then according in virtual trust domain being the virtual machine that same user distributes, create the information table of user, the information table of this user comprises the attribute information of user profile and the virtual machine for this user distribution, when receiving the communication request between virtual machine, according to the information table of user, judge whether caller virtual machine and called virtual machine belong to same user, when judged result is for being, allow the communication between caller virtual machine and called virtual machine, otherwise, forbid the communication between caller virtual machine and called virtual machine.Carry out data isolation for different users, ensure the safety of user storage data, simple, and reduce cost.
In specific embodiments of the invention, the attribute information of described virtual machine at least comprises: virtual machine owning user, resident physical host, virtual medium access control vMAC address and/or virtual IP(Internet Protocol) vIP address.
Concrete, user profile can comprise address name, user's login name and/or IP address etc. can the information of identifying user identity.
Wherein, the method for the cloud computing system data isolation of the embodiment of the present invention can also comprise:
When the virtual machine in described virtual trust domain changes, upgrade the information table of described user according to described change.
Now, the information table of user keeps synchronous at any time with the virtual machine distributed for this user, ensure that the accuracy that between virtual machine, communication judges, adds practicality and fail safe.
Concrete, when virtual machine drift about, increase, the change such as minimizing time, the information table of user is upgraded according to the change of virtual machine, the information table of user and virtual machine is made to keep synchronous, wherein, virtual machine owning user and IP address, can as the identify labels of virtual machine not along with the change of virtual machine changes.
Wherein, the step of the communication between described caller virtual machine and described called virtual machine is allowed specifically to comprise:
Generate a pair public and private key, and PKI is given described called virtual machine, private key is given described caller virtual machine;
Described called virtual machine allows the communication between described caller virtual machine and described called virtual machine after verifying that described caller virtual machine is legal according to described public and private key.
Now, public and private key set up the communication security strengthened between virtual machine, the virtual machine avoided because of erroneous judgement different user belongs to same user and the leaking data caused, and adds fail safe and the reasonability of data protection.
According to the basic conception of virtual machine, to reside between the virtual machine on Same Physical main frame interconnected can be realized by the virtual switch module on virtual machine manager Hypervisor, the virtual switch vSwitch function of VMware as farsighted in prestige and open source code virtual machine monitor XEN.Under this communication pattern, the leak of Hypervisor platform may cause the phenomenon of bypass attack to occur, and then causes leaking data.
Therefore, in specific embodiments of the invention, between described caller virtual machine with described called virtual machine by described virtual trust domain for the credible direct link tunnel set up in advance between virtual machine communicates.
A kind of specific embodiment, the mode of carrying out communicating above by credible direct link tunnel is referred to as U-shaped connection.Now, even if the communication resided between the virtual machine on Same Physical main frame is not also undertaken by the virtual switch mode on Hypervisor, but undertaken by the mode of U-shaped connection, avoid the leaking data occurred because of bypass attack, ensure that the fail safe of transfer of data.
Concrete, described direct link tunnel is based on the two layer tunnel of vMAC address or the three layer tunnel based on vIP address.
Now, malicious virtual machine is difficult to be penetrated into by the leak of Hypervisor exchange aspect be on other virtual machines of Same Physical machine, reaches the object of effectively isolation between different virtual machine, has ensured the fail safe of transfer of data.
In specific embodiments of the invention, controlled as the data isolation of executive agent to cloud computing system by the trusted root pre-set.
Specific embodiments of the invention are illustrated as follows below.
As shown in Figure 3,4, by trusted root as executive agent, when user 1 is after A area logs in cloud computing system, trusted root first creates virtual trust domain 1 for user 1, virtual trust domain 1 is included in the virtual machine 1 and 2 for user 1 distribution in physical network A, then the information table of user 1 is created according to virtual machine 1 and 2, the information table of user 1 comprises the attribute information of user profile and virtual machine 1 and 2, and the attribute information of virtual machine comprises virtual machine owning user, resident physical host, vMAC address and vIP address;
When user 2 is after A area logs in cloud computing system, first create virtual trust domain 2 for user 2 equally, virtual trust domain 2 comprises the virtual machine 3 and 4 for user 2 distributes, and then creates the information table of user 2 according to virtual machine 3 and 4, comprises the attribute information of user profile and virtual machine 3 and 4;
When receiving virtual machine 1 to the communication request of virtual machine 2, can judge that virtual machine 1 and 2 belongs to same user according to the information table of user 1, then a pair public and private key XY is generated, virtual machine 1 is given by PKI X, private key Y gives virtual machine 2, after virtual machine 1 is according to the 2-in-1 method of public and private key verifying virtual machines, allow the communication between virtual machine 1 and 2;
When receiving virtual machine 1 to the communication request of virtual machine 3, according to the information table of user 1 and user 2, can judge that virtual machine 1 and 3 does not belong to same user, forbidding the communication between virtual machine 1 and 3;
When user 1 because of go on business or other reason to B area, and when B area logs in cloud computing system, first in physical network B, distribute virtual machine 5 for user 1, then the attribute information of virtual machine 1 in virtual trust domain 1 is inherited in virtual machine 5, virtual machine 1 is drifted about, and the virtual machine in virtual trust domain 1 is changed to virtual machine 2 and 5, the information table of user 1 upgrades according to the change of virtual machine simultaneously;
When receiving virtual machine 5 to the communication request of virtual machine 2, can judge that virtual machine 5 and 2 belongs to same user according to the information table of user 1, then a pair public and private key WZ is generated, virtual machine 5 is given by PKI W, private key Z gives virtual machine 2, after virtual machine 5 is according to the 2-in-1 method of public and private key verifying virtual machines, allow the communication between virtual machine 5 and 2.
The method of the cloud computing system data isolation of the embodiment of the present invention, carries out data isolation for different users, has ensured the safety of user storage data, simple, and reduces cost.
As shown in Figure 5, embodiments of the invention additionally provide a kind of device of cloud computing system data isolation, comprising:
First creation module, creates virtual trust domain for the user for logging in cloud computing system, and wherein, described virtual trust domain comprises: at least one virtual machine distributed for same user;
Second creation module, for according to being the virtual machine that same user distributes in described virtual trust domain, creates the information table of described user; Wherein, the information table of described user comprises: the attribute information of user profile and the virtual machine for this user distribution;
Judge module, for when receiving the communication request between virtual machine, according to the information table of described user, judges whether caller virtual machine and called virtual machine belong to same user, obtain judged result;
First Executive Module, for when described judged result is for being, allows the communication between described caller virtual machine and described called virtual machine;
Second Executive Module, during for being no when described judged result, forbids the communication between described caller virtual machine and described called virtual machine.
The device of the cloud computing system data isolation of the embodiment of the present invention, carries out data isolation for different users, has ensured the safety of user storage data, simple, and reduces cost.
In specific embodiments of the invention, the attribute information of described virtual machine at least comprises: virtual machine owning user, resident physical host, virtual medium access control vMAC address and/or virtual IP(Internet Protocol) vIP address.
Wherein, the device of the cloud computing system data isolation of the embodiment of the present invention can also comprise:
Update module, for when the virtual machine in described virtual trust domain changes, upgrades the information table of described user according to described change.
Now, the information table of user keeps synchronous at any time with the virtual machine distributed for this user, ensure that the accuracy that between virtual machine, communication judges, adds practicality and fail safe.
Wherein, described first Executive Module can comprise:
Generation module, for when described judged result is for being, generates a pair public and private key, and PKI is given described called virtual machine, private key is given described caller virtual machine;
First implementation sub-module, after verifying that described caller virtual machine is legal, allows the communication between described caller virtual machine and described called virtual machine for described called virtual machine according to described public and private key.
Now, public and private key set up the communication security strengthened between virtual machine, add fail safe and the reasonability of data protection.
Wherein, between described caller virtual machine with described called virtual machine by described virtual trust domain for the credible direct link tunnel set up in advance between virtual machine communicates.
Concrete, described direct link tunnel is based on the two layer tunnel of vMAC address and the three layer tunnel based on vIP address.
The device of the cloud computing system data isolation of the embodiment of the present invention is the device corresponding with the method for above-mentioned cloud computing system data isolation, all implementations in said method are all applicable in the embodiment of this device, can reach too: carry out data isolation for different users, ensure the safety of user storage data, simple, and reduce cost.
Because the application of installation of the cloud computing system data isolation of the embodiment of the present invention is in terminal, therefore, the embodiment of the present invention additionally provides a kind of terminal, comprising: the device of the cloud computing system data isolation as described in above-described embodiment.Wherein, the described example that realizes of the device of above-mentioned cloud computing system data isolation is all applicable in the embodiment of this terminal, also can reach identical technique effect.
The above is the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the prerequisite not departing from principle of the present invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (11)
1. a method for cloud computing system data isolation, is characterized in that, comprising:
For the user logging in cloud computing system creates virtual trust domain, wherein, described virtual trust domain comprises: at least one virtual machine distributed for same user;
According to being the virtual machine that same user distributes in described virtual trust domain, create the information table of described user; Wherein, the information table of described user comprises: the attribute information of user profile and the virtual machine for this user distribution;
When receiving the communication request between virtual machine, according to the information table of described user, judge whether caller virtual machine and called virtual machine belong to same user, obtain judged result;
When described judged result is for being, allow the communication between described caller virtual machine and described called virtual machine;
When described judged result is no, forbid the communication between described caller virtual machine and described called virtual machine.
2. method according to claim 1, is characterized in that, the attribute information of described virtual machine at least comprises: virtual machine owning user, resident physical host, virtual medium access control vMAC address and/or virtual IP(Internet Protocol) vIP address.
3. method according to claim 1, is characterized in that, also comprises:
When the virtual machine in described virtual trust domain changes, upgrade the information table of described user according to described change.
4. method according to claim 1, is characterized in that, allows the step of the communication between described caller virtual machine and described called virtual machine specifically to comprise:
Generate a pair public and private key, and PKI is given described called virtual machine, private key is given described caller virtual machine;
Described called virtual machine allows the communication between described caller virtual machine and described called virtual machine after verifying that described caller virtual machine is legal according to described public and private key.
5. the method according to claim 1 or 4, is characterized in that, between described caller virtual machine with described called virtual machine by described virtual trust domain for the credible direct link tunnel set up in advance between virtual machine communicates.
6. method according to claim 5, is characterized in that, described direct link tunnel is based on the two layer tunnel of vMAC address or the three layer tunnel based on vIP address.
7. a device for cloud computing system data isolation, is characterized in that, comprising:
First creation module, creates virtual trust domain for the user for logging in cloud computing system, and wherein, described virtual trust domain comprises: at least one virtual machine distributed for same user;
Second creation module, for according to being the virtual machine that same user distributes in described virtual trust domain, creates the information table of described user; Wherein, the information table of described user comprises: the attribute information of user profile and the virtual machine for this user distribution;
Judge module, for when receiving the communication request between virtual machine, according to the information table of described user, judges whether caller virtual machine and called virtual machine belong to same user, obtain judged result;
First Executive Module, for when described judged result is for being, allows the communication between described caller virtual machine and described called virtual machine;
Second Executive Module, during for being no when described judged result, forbids the communication between described caller virtual machine and described called virtual machine.
8. device according to claim 7, is characterized in that, the attribute information of described virtual machine at least comprises: virtual machine owning user, resident physical host, virtual medium access control vMAC address and/or virtual IP(Internet Protocol) vIP address.
9. device according to claim 8, is characterized in that, also comprises:
Update module, for when the virtual machine in described virtual trust domain changes, upgrades the information table of described user according to described change.
10. device according to claim 7, is characterized in that, described first Executive Module comprises:
Generation module, for when described judged result is for being, generates a pair public and private key, and PKI is given described called virtual machine, private key is given described caller virtual machine;
First implementation sub-module, after verifying that described caller virtual machine is legal, allows the communication between described caller virtual machine and described called virtual machine for described called virtual machine according to described public and private key.
11. 1 kinds of terminals, is characterized in that, comprising: the device of the cloud computing system data isolation as described in any one of claim 7-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310506847.2A CN104580314A (en) | 2013-10-24 | 2013-10-24 | Data isolation method and device for cloud computing system as well as terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310506847.2A CN104580314A (en) | 2013-10-24 | 2013-10-24 | Data isolation method and device for cloud computing system as well as terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104580314A true CN104580314A (en) | 2015-04-29 |
Family
ID=53095487
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310506847.2A Pending CN104580314A (en) | 2013-10-24 | 2013-10-24 | Data isolation method and device for cloud computing system as well as terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104580314A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108781220A (en) * | 2016-03-18 | 2018-11-09 | 甲骨文国际公司 | The system and method for providing the resident protection of data using remote agent |
| WO2023184203A1 (en) * | 2022-03-30 | 2023-10-05 | Intel Corporation | Techniques to implement confidential computing with a remote device via use of trust domains |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070171921A1 (en) * | 2006-01-24 | 2007-07-26 | Citrix Systems, Inc. | Methods and systems for interacting, via a hypermedium page, with a virtual machine executing in a terminal services session |
| CN101969638A (en) * | 2010-09-30 | 2011-02-09 | 中国科学院软件研究所 | Method for protecting international mobile subscriber identity (IMSI) in mobile communication |
| CN102571698A (en) * | 2010-12-17 | 2012-07-11 | 中国移动通信集团公司 | Access authority control method, system and device for virtual machine |
| CN103139159A (en) * | 2011-11-28 | 2013-06-05 | 上海贝尔股份有限公司 | Safety communication among virtual machines in cloud computing framework |
-
2013
- 2013-10-24 CN CN201310506847.2A patent/CN104580314A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070171921A1 (en) * | 2006-01-24 | 2007-07-26 | Citrix Systems, Inc. | Methods and systems for interacting, via a hypermedium page, with a virtual machine executing in a terminal services session |
| CN101969638A (en) * | 2010-09-30 | 2011-02-09 | 中国科学院软件研究所 | Method for protecting international mobile subscriber identity (IMSI) in mobile communication |
| CN102571698A (en) * | 2010-12-17 | 2012-07-11 | 中国移动通信集团公司 | Access authority control method, system and device for virtual machine |
| CN103139159A (en) * | 2011-11-28 | 2013-06-05 | 上海贝尔股份有限公司 | Safety communication among virtual machines in cloud computing framework |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108781220A (en) * | 2016-03-18 | 2018-11-09 | 甲骨文国际公司 | The system and method for providing the resident protection of data using remote agent |
| CN108781220B (en) * | 2016-03-18 | 2021-05-04 | 甲骨文国际公司 | System and method for providing data residency protection using remote agent |
| WO2023184203A1 (en) * | 2022-03-30 | 2023-10-05 | Intel Corporation | Techniques to implement confidential computing with a remote device via use of trust domains |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11290346B2 (en) | Providing mobile device management functionalities | |
| US11722465B2 (en) | Password encryption for hybrid cloud services | |
| US11627120B2 (en) | Dynamic crypto key management for mobility in a cloud environment | |
| US10595202B2 (en) | Dynamic access to hosted applications | |
| US10334075B2 (en) | Virtual browser integration | |
| US10331882B2 (en) | Tracking and managing virtual desktops using signed tokens | |
| KR101722631B1 (en) | Secured access to resources using a proxy | |
| CN103843303B (en) | The management control method and device of virtual machine, system | |
| CN101317417B (en) | Network access control for many-core systems | |
| US9218494B2 (en) | Secure client drive mapping and file storage system for mobile device management type security | |
| US20160308858A1 (en) | Authentication of a client device based on entropy from a server or other device | |
| CN103020543B (en) | A kind of virtual disk reflection encryption handling system and method | |
| EP3090338A2 (en) | Providing mobile device management functionalities | |
| US20190042302A1 (en) | Systems and methods for establishing scalable credential creation and access | |
| CN111083088A (en) | Cloud platform hierarchical management method and device based on multiple security domains | |
| CN104580314A (en) | Data isolation method and device for cloud computing system as well as terminal | |
| CN110121857A (en) | A kind of method and apparatus of authority distribution | |
| Shamseddine et al. | Mitigating rogue node attacks in edge computing | |
| CN104811446A (en) | Novel network safety protection system | |
| Wu et al. | 5G Network Slicing Security | |
| Raza et al. | A review on security issues and their impact on hybrid cloud computing environment | |
| CN114785612B (en) | Cloud platform management method, device, equipment and medium | |
| Pavelka et al. | Practical Aspects of Attacks Against Remote MS Windows Corporate Environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150429 |