CN104951354B - A kind of scheduling virtual machine algorithm security verification method based on dynamic migration - Google Patents
A kind of scheduling virtual machine algorithm security verification method based on dynamic migration Download PDFInfo
- Publication number
- CN104951354B CN104951354B CN201510309318.2A CN201510309318A CN104951354B CN 104951354 B CN104951354 B CN 104951354B CN 201510309318 A CN201510309318 A CN 201510309318A CN 104951354 B CN104951354 B CN 104951354B
- Authority
- CN
- China
- Prior art keywords
- filter
- scheduling
- weighing apparatus
- virtual machine
- main frame
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention discloses a kind of scheduling virtual machine algorithm security verification method based on dynamic migration.This method is:1) data message of the control plane network of target cloud platform is monitored;2) data message is converted into host information file, scheduling request information file and scheduling result message file;3) scheduling virtual machine algorithm to be verified filters out a filter set according to host information file, scheduling request information file and scheduling result message file;4) Host List in scheduling request information file after the filtering of dispatch request each time is obtained according to filter set;5) weight that all weighing apparatus are calculated is replaced using Selection of chiller for each Host List;6) the scheduling result main frame of dispatch request is predicted to judge whether safety according to the obtained filter set and the weighing apparatus weight.This method Detection accuracy is high, and accuracy rate is up to more than 99.5%.
Description
Technical field
The present invention relates to a kind of scheduling virtual machine algorithm security verification method, more particularly to based on dynamic under a kind of cloud environment
The scheduling virtual machine algorithm security verification method of state migration, belongs to virtual machine and technical field of network security.
Background technology
Cloud computing technology is used widely at present, and in cloud computing architecture, dynamic migration of virtual machine turns into public affairs
There are cloud and the necessary functions of private clound.Dynamic migration of virtual machine refers to from a physical machine migrate a virtual machine to another
Individual physical machine, and virtual machine continues executing with a kind of technology of original instruction without interruption in transition process.Cloud service provides
Business carries out the technology such as load balancing, centralized management, fault-tolerant using dynamic migration of virtual machine technology.Dynamic migration of virtual machine is providing
While scalability and flexibility, many safety problems are also brought.Current industry is generally the safety problem of dynamic migration
It is classified as three classes:Control plane safety, datum plane safety and transferring module safety.
Control plane safety:It is used for initiating and managing the logical of dynamic migration of virtual machine between monitor of virtual machine (VMM)
Letter mechanism should add identity discriminating and tamper-proof mechanisms.Security study personnel influence virtual machine possibly through VMM is captured
Dynamic migration is so as to realizing the complete control to virtual machine.
Datum plane safety:The data communication channel of virtual machine (vm) migration must carry out security hardening, to prevent possible prison
Listen attack and Tampering attack.Passive monitoring attack may cause the leakage for being migrated virtual machine sensitive data, and active is usurped
Changing attack then may cause whole virtual machine to be broken.
Transferring module safety:The VMM modules for performing shift function must have the ability for resisting external attack.If safety
Researcher can utilize transferring module in leak capture VMM if, security study personnel can obtain completely VMM and
The authority of all virtual machines on VMM.
Security study personnel propose safely many security verification methods for datum plane at present, for reality
Testing platform includes currently a popular Xen platforms and VMware platforms.And transferring module is safely mainly to monitor of virtual machine
The excavation of security breaches, it is no different with general discovering software vulnerabilities, therefore its safety analytical method is attributable to common software leak
Excavate a kind of.There is presently no the correlation technique excavated safely for control plane appearance.
The security verification method of control plane in dynamic migration
The communication mechanism for being used for initiating and managing dynamic migration of virtual machine between VMM should add identity and differentiate and prevent usurping
Change mechanism, in addition, the agreement used in control plane should be able to prevent from monitoring attack and Replay Attack.Lack access control
Mechanism may cause security study personnel to be able to carry out arbitrary virtual machine (vm) migration.
1. move into control:By initiating moving into for unauthorized, attacker can move to target virtual machine attacker certainly
In oneself physical machine, so as to realize the complete control to virtual machine.
2. control of moving out:By initiating moving out for unauthorized, attacker substantial amounts of virtual machine can be adjourned one it is legal
Physical machine on, its overload is caused, so as to realize Denial of Service (DOS) attack.
3. the notice of false resource, in the environment that a dynamic migration performs between cloud main frame automatically, attacker can be with
By the available resources that control plane notice is false, pretend to possess many idle CPU, move virtual machine so as to influence control plane
Enter in the physical machine possessed to attacker.
Current most of cloud platforms are required for manually to initiate virtual machine (vm) migration, and the access control mechanisms of its control plane are
It is very simple.For example, Xen platforms using host address white list determine that the main body for migrating order can be performed.But by
Automation migration between the virtual machine based on load balancing may be across the master inside multiple management domains, multiple management domains
Machine address is unforeseen, therefore this white list mechanism practicality is not high, it is necessary to propose the plan of new control plane
Slightly mechanism.
The security verification method of datum plane in dynamic migration
In order to prevent monitoring and Tampering attack, the datum plane of virtual machine (vm) migration from must carry out security hardening.Attacker has
Cheated possibly also with ARP, between DNS pollutions, the technology such as routing detours oneself will be placed in migration path, attacker can send out this moment
Play man-in-the-middle attack.
1. passively listen:The leakage that may cause sensitive information is attacked for passively listening for datum plane.Pass through monitoring
The network data flow of migration path and correlation, attacker can extract many data from the internal memory for be migrated virtual machine,
Including password, key, application data and other valuable sources.
2. actively change:The person of internaling attack may distort when virtual machine carries out network migration to internal storage data, from
And cause grave danger.Such man-in-the-middle attack may cause virtual machine to be captured completely.
Even if employing appropriate encryption and identity differentiating administrative mechanism, attacker is also possible that by monitoring transport number
Key message is captured according to stream.For example, attacker can be by the feature of migrating data stream, such as Data Migration size and time-consuming
It is migration which virtual machine is carried out to differentiate, so that it is determined that the destination host of the virtual machine (vm) migration.This information may be attacked
The person of hitting is used for initiating the second wheel attack for the main frame where some special virtual machine or migration virtual machine.
The cloud platform of main flow at present, such as Xen and VMware, acquiescence is all not turned on datum plane defencive function, so as to cause
Potential safety hazard.
The security verification method of transferring module in dynamic migration
The VMM modules for performing dynamic migration function are required to resist the attack of outside.Transferring module provides virtual machine
The network service of migration.General software vulnerability, such as stack overflow, heap overflow, integer overflow may be used for by long-range attack person
Capture whole VMM.It is a utility interface to be not generally regarded as due to virtual machine (vm) migration, therefore the code in transferring module is very
Strict source code security audit may be have passed through unlike other parts code, this just more likely triggers security breaches.
This software vulnerability attack is almost typical in various softwares, and this leak needs in VMM transferring modules
Great care.Because VMM controls all virtual machines run thereon, therefore VMM itself leak compares other common softwares
The harm of leak is much greater.If attacker attempts to capture VMM by transferring module, that is run on this VMM is all virtual
Machine and the virtual machine that may be migrated on this VMM in the future can all be captured.Integer was just once repeatedly exposed on Xen platforms to overflow
Spring a leak, these leaks are likely to cause whole VMM to be controlled completely by attacker, so as to cause security threat.
The shortcomings that existing several method and limitation
1) in dynamic migration in the security verification method of datum plane and dynamic migration transferring module security verification
Method carries out infiltration demonstration just for datum plane and transferring module, but the Data Migration of in general cloud platform be all by
Encryption, therefore datum plane attack will not prove effective, and carrying out infiltration for transferring module needs to rely on the safety of transferring module
Leak could be completed, and with the continuous offer of cloud platform software version, existing security breaches can be repaired constantly, so as to cause
It can use without security breaches, also can not just be realized for the security verification method of transferring module.
2) in existing dynamic migration control plane security verification method, simply propose general concept, lack tool
The implementation of body, thus it is little to the cloud platform control plane security hardening directive function in practice.
The content of the invention
Dynamic migration of virtual machine safety problem under cloud environment at present, it is broadly divided into control plane safety, datum plane peace
Complete and transferring module three classes of safety.Currently existing scheme has carried out safely safe anti-mainly for datum plane safety and transferring module
Shield, lack the analysis to control plane safety.There are three classes for the security verification method of control plane:1) it is directed to load balancing
The security verification method of algorithm;2) it is directed to the security verification method of dispatching algorithm;3) for the safety of migration execute instruction
Property verification method.Infiltration 2) this programme is directed in gives demonstration.
It is an object of the invention to provide the scheduling virtual machine algorithm security based on dynamic migration under a kind of cloud environment to test
Card method, the present invention can be realized to the inverse of filter in dispatching algorithm and weighing apparatus by monitoring dispatch network communication data
To network security researcher can utilize this method to obtain the dispatching algorithm of cloud service provider, so as to be further safety
Property checking prepare.The general principle of scheduling virtual machine mechanism is as shown in Figure 1.
The technical solution adopted for the present invention to solve the technical problems is:
The scheduling virtual machine algorithm security verification method based on dynamic migration, its step are under a kind of cloud environment:
1) entered using modes such as leaks in the control plane network of target cloud platform and monitored, monitoring content is AMQP
The data message of agreement;
2) the monitoring message of previous step is utilized, the inventive method is converted into using AMQP packet parsing technologies and can recognize that
File format, i.e. host information file and scheduling request information file;
3) dispatching algorithm mainly realizes different algorithm effects by the various combination of filter and weighing apparatus, its principle
As shown in Figure 1.When dispatch request arrives, cloud platform realizes the filtering to Host List, filtering first with filter set
Fall not meeting the main frame of the requirement of dispatch request, each main frame is given a mark followed by weighing apparatus list, choose fraction most
High main frame is as final scheduling result.Due to filter and weighing apparatus have it is multiple, it is therefore desirable to by preparing in advance, collect
Good possible filter and weighing apparatus set;
4) because final scheduling destination have passed through filter certainly, therefore can be with by dispatching destination host
Filter is screened, selects the final filter for being possible to enable.When dispatch request is more, what the present invention was filtered out
Filter set also just closer to the filter set truly enabled, has at this moment also gone out the scheduling of target cloud platform with regard to conversed analysis
This part of the filter of algorithm;
5) filter inversely gone out using previous step, we can obtain the row of the main frame after the filtering of dispatch request each time
Table, according to the principle of dispatching algorithm, weighing apparatus can give a mark to each main frame in filtering aft engine list, according to weighing apparatus
Weight, weighting draw the final score of each main frame, the scheduling result of the final dispatch request be exactly final score highest that
Platform main frame.In each scheduling process, the host resource where the virtual machine newly dispatched can take.Therefore the score of main frame
It can change therewith.We have found that in identical filters aft engine list, regulation goal main frame can jump to separately from some main frame
One main frame, we term it main frame conversion phenomena for this phenomenon.The reason for generation main frame is changed is because this two main frame sheets
The score come is close, is once dispatched due to preceding, virtual machine occupies the resource of one of main frame, causes it to be dispatched this time
Middle score reduces, and low to have crossed another main frame, our this phenomenons are referred to as " Selection of chiller replacement ".We can be approximately considered hair
The score of two main frames of raw " Selection of chiller replacement " is roughly equal in this is dispatched twice.The calculation formula of main frame score
For:
Main frame score=1 score of weighing apparatus × 1 weight of the weighing apparatus+weight of 2 scores of weighing apparatus × weighing apparatus 2+...+weighing apparatus
N scores × weighing apparatus n weights,
The score of wherein each weighing apparatus can be by each weighing apparatus according to host information file and scheduling request information file meter
Calculate, each weighing apparatus weight is unknown number.
Assuming that it is main frame 1, main frame 2 respectively that two main frames that Selection of chiller is replaced, which occur, a side can be thus listed
Journey, i.e.,:Once dispatched before main frame 1 and once dispatch that once to dispatch score+main frame 2 before score=main frame 2 latter after score+main frame 1
Secondary scheduling score.This member of equation of main frame score is exactly the fraction that weighing apparatus weighting is drawn, therefore the unknown number of equation is exactly institute
There is the weight of weighing apparatus." Selection of chiller replacement " phenomenon often occurs once, our cans list an equation.As long as scheduling please
Ask enough, the number that " main frame replacement phenomenon " occurs is also bigger, and equation is also more obtained from.As long as there are enough numbers
The equation (number for being more than or equal to weighing apparatus) of amount, it is possible to form equation group.According to the theory of linear algebra, n member first powers
Journey group has a unique solution, and solution is exactly out the weight of each weighing apparatus required by us.To the Part II of this dispatching algorithm, weigh
The reverse of device has also been completed.In order to preferably illustrate the above method, the process of equation solution is illustrated here.Assuming that treat
Verifying virtual machines dispatching algorithm is provided with three weighing apparatus, respectively CPU weighing apparatus, internal memory weighing apparatus and hard disk weighing apparatus, its
Weight is respectively 0.3,0.5,0.2.By the analysis to 600 dispatch requests, it has been found that No. 7 times main frames replace phenomenons, because
This can obtain 7 equations, along with acquiescence " weight and for 1 " equation as known conditions, just have 8 equations altogether,
It is as follows:
Because weighing apparatus only have 3, therefore unknown number also just has 3, using least square solution this by 8 equation groups
Into 3 yuan of linear function groups, it is (0.2926,0.5075,0.1998) that can obtain its solution, very close actual value (0.3,
0.5,0.2), it is seen that the validity of this method.
6) scheduling result of dispatch request is predicted using filter and weighing apparatus inversely out, according to prediction
Unanimously whether (being same main frame) is the scheduling result of scheduling result and reality to judge scheduling virtual machine algorithm to be verified
No safety;If the scheduling result of prediction is consistent with actual scheduling result, it is judged as dangerous, otherwise this is to be verified virtually
Machine dispatching algorithm is safe.
7) further, the filter mainly includes 16 kinds of filters, respectively CPU filters, internal memory filter, hard
Disk filter, instance number filter, I/O operation filter, it is realm filter, same to host filter, different host filters, same
Server group filter, different server set filter, type filter, mirror image attribute filter, computing architecture filter, IP
Address filter, trusted filter, guard filter etc..These filters are all the cloud platforms of increasing income of current most main flow
The filter that OpenStack is carried;
8) further, the weighing apparatus mainly include 3 kinds of weighing apparatus, respectively CPU weighing apparatus, internal memory weighing apparatus, hard
Disk weighing apparatus.Internal memory weighing apparatus are the weighing of being carried of the cloud platform OpenStack that increases income of current most main flow in these filters
Device.
Compared with prior art, beneficial effects of the present invention
, also can be more and more using the user of cloud service as cloud computing is increasingly popularized, existing cloud framework is all supported
Dynamic migration mechanism, dynamic migration safety problem will be inevitable, and in this case, dispatching algorithm just seems outstanding safely
To be important.
Existing several security verification methods, pacify primarily directed to datum plane safety in dynamic migration and transferring module
Complete, not specifically for the security verification method of control plane safety.The migration of current cloud computing platform is generally all not added with
Close, the especially safety problem of control plane is than more serious, and this is just to attacker with opportunity.
It is proposed by the present invention to be moved based on dynamic compared with the existing security verification scheme for dynamic migration of virtual machine
The scheduling virtual machine algorithm security verification method of shifting, the blank of control plane secure context in the world is filled up at present, can
Effectively facilitate cloud service provider and carry out improvements in security in control plane secure context, to prevent the malicious sabotage of attacker.And
And this method versatility is preferable, it is only necessary to which being connected to target cloud platform network can property checking with high safety.This method inspection simultaneously
It is high to survey accuracy rate, in the case where there are enough data sets, accuracy rate is up to more than 99.5%.
Brief description of the drawings
The present invention is further described with reference to the accompanying drawings and examples.
Fig. 1 is scheduling virtual machine mechanism principle figure;
Fig. 2 is the inventive method flow chart.
Embodiment
The present invention is explained in further detail below in conjunction with the accompanying drawings, the inventive method flow is as shown in Figure 2.
1) security study personnel need to obtain the network insertion authority of target cloud platform by existing attack meanses, can be right
The communication channel of virtual machine (vm) migration is monitored.
2) intercepted and captured using monitoring the software such as Wireshark packets related to scheduling, save as pcap forms
Network package data.
3) use it is proposed that dispatching algorithm reverse method, using the network package data preserved in 2) to input, to it
Analyzed, final dispatching algorithm reverse method is analyzed, and can be succeeded and inversely be obtained the dispatching algorithm of target cloud platform, bag
Include and which filter, which weighing apparatus enabled, and the corresponding parameter of filter.
Embodiment:
In a practical situation, security study personnel are needed by network vulnerability scanning, password Brute Force, social engineering
Be connected to etc. mode in the internal communication network of cloud platform, and the communication network send dispatch command for cloud scheduler must be through
Link.Then software is monitored with packet to monitor the packet for being sent to scheduler and the packet for carrying out child scheduler.
The form of packet is AMQP agreements, therefore using section bag software Wireshark cans completion for supporting AMQP protocol analysis
Snoop-operations.Being sent to the packet of scheduler includes 1) the instant essential information of all physical hosts, such as available CPU, can use interior
Deposit resource etc.;2) relevant information of scheduling virtual machine request each time.The packet for carrying out child scheduler is mainly the tune of scheduler
Result is spent, i.e. scheduling virtual machine request is finally determined on which physical host is moved to.
Security study personnel need to have gained some understanding to the existing dispatching algorithm of target cloud platform, it is necessary to substantially know its tune
Degree algorithm is likely to use which filter and weighing apparatus, forms a complete or collected works, and the scheduler and weighing apparatus inside complete or collected works are pacified
Full researcher needs to have understood its general principle, and design parameter value requires no knowledge about, and the present invention can calculate automatically
Cloud service provider specifically have activated which of complete or collected works filter and weighing apparatus, and wherein undetermined design parameter takes
Value.For practical operation angle, we realize the prototype system VisualSARA of a dispatching algorithm reverse method, are one
The individual interface application run in Windows operating system.Program operation is needed using two files as input, and first
Individual file is host information file, and second file is scheduling request information file, and both of these documents can pass through previous step
Wireshark captures network packet and obtained after arranging form.Then our prototype system VisualSARA, unit are opened
" Run " button is run, and at this moment dispatching algorithm reverse method starts to perform the conversed analysis work of dispatching algorithm, and daily record
Information and intermediate result are shown in the text box on interface.After certain time (depending on two input file sizes)
VisualSARA operations finish, and obtain the enabled filter of target cloud platform and weighing apparatus and its design parameter.Utilize these
Information, security study personnel can reduce the dispatching algorithm of cloud platform, once intercept and capture the dispatch request of virtual machine, it becomes possible to predict
Any go out it to be finally dispatched on platform physical host, so as to prepare for its next step security verification.
Claims (10)
1. a kind of scheduling virtual machine algorithm security verification method based on dynamic migration, its step are:
1) data message of the control plane network of target cloud platform is monitored;
2) data message is converted into host information file and scheduling request information file;
3) scheduling virtual machine algorithm to be verified goes out a filtering according to the host information file and scheduling request information document screening
Device set, and obtain a weighing apparatus set;
4) master in the scheduling request information file after the filtering of dispatch request each time is obtained according to the filter set
Machine list;
5), can be to every in the Host List using the weighing apparatus of the scheduling virtual machine algorithm to be verified for each Host List
Individual main frame is given a mark, then according to Selection of chiller replace Framework computing obtain used in weighing apparatus weight;The main frame choosing
Select and replace with:Once dispatched before main frame 1 after once dispatching after score+main frame 1 and once dispatching score+main frame 2 before score=main frame 2
Score is once dispatched, then claims main frame 1 that Selection of chiller occurs with main frame 2 and replaces;
6) scheduling result is predicted according to obtained the filter set and the weighing apparatus weight, according to the tune of prediction
Degree result and actual scheduling result whether unanimously come judge scheduling virtual machine algorithm to be verified whether safety;If the tune of prediction
It is consistent with actual scheduling result to spend result, then is judged as dangerous, otherwise the scheduling virtual machine algorithm to be verified is safe.
2. the method as described in claim 1, it is characterised in that the data message is the data message of AMQP agreements.
3. method as claimed in claim 1 or 2, it is characterised in that the method for calculating the weight of the weighing apparatus is:To each
The main frame that Selection of chiller is replaced occurs in Host List and establishes an equation, the unknown number of equation is calculated for the scheduling virtual machine to be verified
The weight of all weighing apparatus in method, so as to obtain a multi head linear equation group, it is solved to obtain the weight of each weighing apparatus.
4. method as claimed in claim 1 or 2, it is characterised in that the filter of the verifying virtual machines dispatching algorithm includes:
CPU filters, internal memory filter, hard disk filter, instance number filter, I/O operation filter, realm filter, with main frame mistake
Filter, different host filters, with server group filter, different server set filter, type filter, mirror image attribute mistake
Filter, computing architecture filter, IP address filter, trusted filter and guard filter.
5. method as claimed in claim 1 or 2, it is characterised in that the weighing apparatus of the verifying virtual machines dispatching algorithm include:
Internal memory weighing apparatus.
6. method as claimed in claim 5, it is characterised in that the weighing apparatus of the verifying virtual machines dispatching algorithm also include:
CPU weighing apparatus and hard disk weighing apparatus.
7. method as claimed in claim 1 or 2, it is characterised in that carry out snoop-operations using bag software Wireshark is cut.
8. method as claimed in claim 1 or 2, it is characterised in that the data of monitoring include:Be sent to scheduler packet and
Carry out the data of child scheduler.
9. method as claimed in claim 8, it is characterised in that the packet for being sent to scheduler includes all physical hosts
Instant essential information and the relevant information of scheduling virtual machine request each time;It is described come child scheduler packet include scheduling
The scheduling result of device.
10. method as claimed in claim 9, it is characterised in that the instant essential information of the physical host includes available CPU
With free memory resource.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510309318.2A CN104951354B (en) | 2015-06-08 | 2015-06-08 | A kind of scheduling virtual machine algorithm security verification method based on dynamic migration |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510309318.2A CN104951354B (en) | 2015-06-08 | 2015-06-08 | A kind of scheduling virtual machine algorithm security verification method based on dynamic migration |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104951354A CN104951354A (en) | 2015-09-30 |
CN104951354B true CN104951354B (en) | 2017-12-08 |
Family
ID=54166023
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510309318.2A Expired - Fee Related CN104951354B (en) | 2015-06-08 | 2015-06-08 | A kind of scheduling virtual machine algorithm security verification method based on dynamic migration |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104951354B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105491152A (en) * | 2015-12-25 | 2016-04-13 | 国云科技股份有限公司 | Method of cloud storage resource configurable scheduler |
CN105704233B (en) * | 2016-03-19 | 2019-04-16 | 浙江大学 | A kind of channel distribution method towards Initiative Defense |
CN105938437B (en) * | 2016-05-30 | 2019-03-22 | 北京大学 | Resist under a kind of cloud environment with the virtual machine deployment method stayed |
CN107689892B (en) * | 2017-09-12 | 2020-11-10 | 中国人民解放军信息工程大学 | Coexistence attack defense method |
CN109597673B (en) * | 2017-09-30 | 2022-10-04 | 华为云计算技术有限公司 | Method for creating virtual machine and scheduling equipment |
CN109710276B (en) * | 2018-12-21 | 2021-10-29 | 郑州云海信息技术有限公司 | Agile method and device for continuous integration and continuous delivery of OpenStack cloud platform |
CN110445803A (en) * | 2019-08-21 | 2019-11-12 | 之江实验室 | A kind of traffic smoothing moving method of isomery cloud platform |
CN110545268A (en) * | 2019-08-21 | 2019-12-06 | 之江实验室 | multidimensional mimicry voting method based on process elements |
CN115189928B (en) * | 2022-06-25 | 2023-10-17 | 中国人民解放军战略支援部队信息工程大学 | Dynamic security migration method and system for password service virtual machine |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101876921A (en) * | 2009-04-29 | 2010-11-03 | 华为技术有限公司 | Method, device and system for migration decision-making of virtual machine |
CN101937357A (en) * | 2009-07-01 | 2011-01-05 | 华为技术有限公司 | Virtual machine migration decision-making method, device and system |
CN102193824A (en) * | 2010-03-18 | 2011-09-21 | 微软公司 | Virtual machine homogenization to enable migration across heterogeneous computers |
CN103257878A (en) * | 2013-05-16 | 2013-08-21 | 浪潮通信信息系统有限公司 | Cross-platform smooth transfer method of application program based on Cloud calculation |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8555278B2 (en) * | 2011-05-02 | 2013-10-08 | Symantec Corporation | Method and system for migrating a selected set of virtual machines between volumes |
US20140101656A1 (en) * | 2012-10-10 | 2014-04-10 | Zhongwen Zhu | Virtual firewall mobility |
US9342343B2 (en) * | 2013-03-15 | 2016-05-17 | Adventium Enterprises, Llc | Wrapped nested virtualization |
-
2015
- 2015-06-08 CN CN201510309318.2A patent/CN104951354B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101876921A (en) * | 2009-04-29 | 2010-11-03 | 华为技术有限公司 | Method, device and system for migration decision-making of virtual machine |
CN101937357A (en) * | 2009-07-01 | 2011-01-05 | 华为技术有限公司 | Virtual machine migration decision-making method, device and system |
CN102193824A (en) * | 2010-03-18 | 2011-09-21 | 微软公司 | Virtual machine homogenization to enable migration across heterogeneous computers |
CN103257878A (en) * | 2013-05-16 | 2013-08-21 | 浪潮通信信息系统有限公司 | Cross-platform smooth transfer method of application program based on Cloud calculation |
Non-Patent Citations (5)
Title |
---|
Application-Transparent Live Migration for Virtual Machine on Network Security Enhanced Hypervisor;Chen Xiaoqin等;《China Communication》;20110531;第32-42页 * |
一种改进的基于可信计算技术的虚拟机迁移方法;杨双;《计算机与数字工程》;20121031;第41卷(第10期);第1650-1653页 * |
虚拟可信平台层次化安全体系结构设计;沈晴霓等;《北京工业大学学报》;20100531;第36卷(第5期);第605-610页 * |
虚拟可信平台技术现状与发展趋势;沈拟晴;《专题研究》;20100430;第34-36页 * |
虚拟机动态迁移中的安全分析;蒋学援等;《计算机科学与探索》;20110531;第5卷(第5期);第452-457页 * |
Also Published As
Publication number | Publication date |
---|---|
CN104951354A (en) | 2015-09-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104951354B (en) | A kind of scheduling virtual machine algorithm security verification method based on dynamic migration | |
Sultan et al. | Container security: Issues, challenges, and the road ahead | |
Porras et al. | A security enforcement kernel for OpenFlow networks | |
Shu et al. | Security in software-defined networking: Threats and countermeasures | |
Le et al. | Cloud computing and virtualization | |
Li et al. | Exploring new opportunities to defeat low-rate DDoS attack in container-based cloud environment | |
Udd et al. | Exploiting bro for intrusion detection in a SCADA system | |
CN106575323A (en) | A security and trust framework for virtualized networks | |
CN106203126A (en) | A kind of validating vulnerability method and system based on simulated environment | |
AlKadi et al. | Mixture localization-based outliers models for securing data migration in cloud centers | |
Aldribi et al. | Data sources and datasets for cloud intrusion detection modeling and evaluation | |
Majhi et al. | A study on security vulnerability on cloud platforms | |
Chen et al. | A cloud security assessment system based on classifying and grading | |
Khan et al. | Towards an applicability of current network forensics for cloud networks: A SWOT analysis | |
Sagare et al. | Security analysis of SDN routing applications | |
Wu et al. | State of the art and research challenges in the security technologies of network function virtualization | |
Sehgal et al. | Cloud Computing with Security and Scalability.: Concepts and Practices | |
Mishra | A Proficient Mechanism for Cloud Security Supervision in Distributive Computing Environment. | |
Sun et al. | Cloud armor: Protecting cloud commands from compromised cloud services | |
CN103413093B (en) | A kind of XEN cloud platform virtual machine partition method based on internal memory isolation | |
Chawla et al. | VMGuard: State-based proactive verification of virtual network isolation with application to NFV | |
CN105701400A (en) | Virtual machine platform safety control method and device | |
Fan et al. | Dynamic hybrid honeypot system based transparent traffic redirection mechanism | |
GLAVAN et al. | Multi-access edge computing analysis of risks and security measures | |
Xiao et al. | Cloud computing security issues and countermeasures |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20171208 |
|
CF01 | Termination of patent right due to non-payment of annual fee |