CN105007261A - Security protection method for image file in virtual environment - Google Patents

Security protection method for image file in virtual environment Download PDF

Info

Publication number
CN105007261A
CN105007261A CN201510295527.6A CN201510295527A CN105007261A CN 105007261 A CN105007261 A CN 105007261A CN 201510295527 A CN201510295527 A CN 201510295527A CN 105007261 A CN105007261 A CN 105007261A
Authority
CN
China
Prior art keywords
image file
virtual machine
file
corresponding
identifier
Prior art date
Application number
CN201510295527.6A
Other languages
Chinese (zh)
Inventor
付才
张嘉夫
韩兰胜
刘铭
崔永泉
汤学明
骆婷
Original Assignee
华中科技大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华中科技大学 filed Critical 华中科技大学
Priority to CN201510295527.6A priority Critical patent/CN105007261A/en
Publication of CN105007261A publication Critical patent/CN105007261A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/083Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/10Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
    • H04L67/1095Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network for supporting replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes or user terminals or syncML
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/38Protocols for telewriting; Protocols for networked simulations, virtual reality or games

Abstract

The present invention discloses a security protection method for an image file in a virtual environment, concretely comprising the following steps: obtaining information of an image file of a virtual machine; generating a unique identifier corresponding to the image file; verifying the identifier and judging whether the image is legal when the virtual machine is started, normally starting the virtual machine when the verification is passed, and otherwise, judging the image file of the virtual machine to be an illegal image and disenabling starting of the virtual machine by destroying the structure of the image file through a certain method. It is important to note that the behavior for destroying the image file is reversible, i.e., the destroyed image file can be recovered. The security protection method of the present invention ensures security of the loaded image file during starting of the virtual machine every time, and effectively performs security protection for the image file by utilizing the uniqueness of the generated identifier and a series of measures such as destroying the illegal image file, thereby improving security of the whole system.

Description

一种虚拟化环境下镜像文件的安全防护方法 A kind of virtual safety protection method of image files in the environment

技术领域 FIELD

[0001] 本发明属于云计算领域,更具体地,涉及一种虚拟化环境下镜像文件的安全防护方法。 [0001] The present invention belongs to the field of cloud computing, and more particularly, to a security method for a virtual image file of the environment.

背景技术 Background technique

[0002] 云计算代表着一种新的商业计算模式,其在各方面的实际应用上还有很多不确定的地方,面临着很多的安全挑战。 [0002] Cloud computing represents a new model of business computing, there are many places that uncertainty, faces many security challenges in the practical application of all aspects. 其中,对于云平台中用户数据安全的问题尤其突出,主要表现在如下方面:在云中虚拟化的效率要求多个组织的虚拟机共存于同一物理资源上。 Among them, the cloud platform for user data security problem is particularly prominent, mainly in the following areas: virtualization in the cloud virtual machine efficiency requirements of multiple organizations coexist on the same physical resources. 虽然传统的数据中心的安全仍然适用于云环境,但是物理隔离和基于硬件的安全不能保护防止在同一服务器上虚拟机之间的攻击。 While traditional data center security still applies to the cloud, but the physical isolation and protection of hardware-based security can not prevent attacks between virtual machines on the same server. 管理访问是通过互联网,而不是传统数据中心模式中坚持的受控制的和限制的直接或到现场的连接。 Management access through the Internet, instead of connecting adhere to the restrictions and controlled directly or to the site of the traditional data center model. 这增加了本地虚拟机镜像及磁盘文件的风险和暴露机会,将需要对系统控制和访问控制限制的变化进行严密监控。 This increases the risk of local virtual machine image and disk files and exposure opportunities, the need to closely monitor changes in restrictions on control and access control systems.

发明内容 SUMMARY

[0003] 针对当前云环境下数据安全存在的缺陷,本发明的目的在于提供一种虚拟化环境下镜像文件的安全防护方法,旨在在当前基础上加强用户数据安全的保护,也使得安全检查在用户每次启动虚拟机时发生,提高校验的强制性及准确性,同时对于不安全的虚拟机第一时间阻止其启动,从而提高系统的整体的安全等级。 [0003] The current cloud environment for the defect data security presence, object of the present invention to provide a security method for a virtual image file of the environment, to strengthen security protection of user data in the current basis, but also makes the security check It occurs every time a user starts a virtual machine, and improve the accuracy of mandatory verification, as well as for unsecure virtual machine the first time to prevent it started, thereby improving the overall safety level of the system.

[0004] 为实现上述目的,本发明提供了一种虚拟化环境下镜像文件的安全防护方法,包括以下步骤: [0004] To achieve the above object, the present invention provides a safety protection method for a virtual image file of the environment, comprising the steps of:

[0005] (I)获取需要保护的镜像文件的基本信息,包括文件名、文件类型、文件大小及文件创建时间; [0005] (I) obtain basic information you need to protect the image file, including file name, file type, file size and file creation time;

[0006] (2)提取所述镜像文件的基本信息中的非文字信息,并将这些信息按照预设顺序组合构成最终的有效信息,根据有效信息生成该镜像文件对应的唯一标识; [0006] (2) extracting the non-text information in the basic information of the image file, and the information to make the final composition significance information according to a preset order, to generate a unique identifier corresponding to the image file in accordance with valid information;

[0007] (3)得到镜像文件的对应标识后,进行镜像文件与其对应标识的绑定; After [0007] (3) to give the corresponding image file is identified, for the image file corresponding to the identified binding;

[0008] (4)当虚拟机启动加载镜像文件时,根据该镜像文件所对应的标识对该镜像文件进行合法性检查,若该镜像文件已绑定标识且标识合法则正常加载镜像文件并启动虚拟机;否则认为该虚拟机非法,锁定该虚拟机镜像文件并阻止其启动。 [0008] (4) When the virtual machine boot loader image file, based on the image file corresponding to the identified image file to check the validity, if the image file and the bind ID is the identifier valid image file and start a normal load virtual machine; otherwise deemed illegal virtual machine, the virtual machine image file locking and prevent it from starting.

[0009] 本发明的一个实施例中,所述步骤(2)中标识的生成方式是秘密的,且生成的标识是唯一的。 [0009] In an embodiment of the present invention, the step (2) described embodiment generates the secret identification, and the generated identity is unique.

[0010] 本发明的一个实施例中,所述标识的生成方法为:使用公用的签名算法,或者自行设计算法。 [0010] An embodiment of the present invention, is a method for generating the identification: signature algorithm using a common or designed algorithm.

[0011] 本发明的一个实施例中,所述步骤(3)中镜像文件与其对应标识的绑定具体包括:使用数据库技术将镜像文件与其对应标识绑定,或将标识写入镜像文件的任何位置。 [0011] In an embodiment of the present invention, the step of binding embodiments (3) corresponding to the image file identifier comprises: using a database technology mirror file corresponding to identifier binding, or identification of any document written image position.

[0012] 本发明的一个实施例中,所述将标识写入镜像文件的任何位置具体包括:将标识写入镜像文件末尾,或散列的存储在镜像文件中。 Anywhere embodiment of a [0012] embodiment of the present invention, the image file is written to the identifier comprises: identifying the end of writing the image file, stored in a hash or image file.

[0013] 本发明的一个实施例中,所述步骤(4)中对该镜像文件进行合法性检查具体包括:校验镜像文件是否已绑定对应标识,并通过步骤(2)中的方法生成该镜像文件的对应标识,校验新生成的该对应标识是否与镜像文件中的对应标识一致合法。 Verifying that the corresponding image file has been identified to bind, and generated by the steps of the method (2): [0013] An embodiment of the present invention, the step (4) to check the validity of the embodiment comprises an image file corresponding to the identifier of the image file, verification identifier corresponding to the newly generated image file is consistent with the corresponding valid identification.

[0014] 本发明的一个实施例中,所述方法还包括: [0014] An embodiment of the present invention, the method further comprising:

[0015] (5)在判断该虚拟机非法时,通过破坏镜像文件结构的方法阻止非法虚拟机的启动。 [0015] (5) when it is determined that illegal virtual machine, the virtual machine is prevented from starting the illegal image file structure by the process of destruction.

[0016] 本发明的一个实施例中,所述破坏镜像文件结构的方法具体为:重写镜像文件的文件头。 Embodiment of a method of [0016] embodiment of the present invention, the image file structure damage is specifically: rewrites the file header of the image file.

[0017] 本发明的一个实施例中,所述镜像文件的破坏是可逆的,即管理员可以对镜像文件头部的前128字节再次异或并改写,以便可恢复已被破坏的虚拟机镜像文件,使其可以再次正常加载。 [0017] An embodiment of the present invention, the image file damage is reversible, i.e., the administrator may again be different for the front mirror 128 bytes or a file header and rewrite, so as to recover the damaged virtual machine embodiment image file so that it can be loaded normally again.

[0018] 通过本发明所构思的以上技术方案,与现有技术相比,本发明具有以下的有益效果: [0018] The present invention is contemplated by the above technical solution, compared with the prior art, the present invention has the following advantages:

[0019] (I)由于步骤(3)中使用的标识生成方法具有灵活多变的特性,管理员可以对其定期更新,以淘汰过时的算法,使用更加安全高效的签名算法。 [0019] (I) due to the step (3) identifies the generation method used has flexible features, administrators can be updated regularly to eliminate outdated algorithms, the use of more safe and efficient signature algorithm.

[0020] (2)由于步骤(4)中使用的校验过程是通过修改虚拟化系统源代码并重新编译安装实现的,因此校验的过程是强制的,是不可绕过的,校验在每次开启虚拟机前都会被执行,即每次开启虚拟机都会对其合法性进行检查。 [0020] (2) The verification process step (4) is used in a virtual system by modifying the source code and recompile the installation achieved, thus checking process is mandatory, is not bypassed, the check each virtual machine will be turned on before the execution, that is, every time you open the virtual machine will check their legitimacy.

[0021] (3)用户无法通过直接拷贝标识的方式通过校验,原因如下:镜像文件的标识是根据对应文件的属性信息生成的,它们具有唯一性的特点,这些文件属性包括但不局限于文件名、文件大小、创建时间等。 [0021] (3) users can not check the copy format directly following reasons identifier: identifies the image file is generated according to the attribute information of the corresponding file, which have unique characteristics of these attributes include, but are not limited to documents file name, file size, creation time. 因此生成的标识同样具有唯一性的特点。 Thus generated identity also has the characteristics of uniqueness.

[0022] (4)在步骤(5)中对于非法镜像文件的破坏可以在校验失败时立即执行的,故本次启动虚拟机时就会生效,即启动失败,且该步骤是通过破坏文件结构阻止其加载的,用户是无法自行恢复的,除非通过对应的恢复程序才能解锁镜像文件,使其可正常加载。 [0022] (4) in step (5) for the destruction of the image file may be illegally performed immediately upon verification fails, it will take effect during this startup virtual machine, i.e., fails to start, and this step is performed by destruction of documents structure to prevent its load, the user is unable to recover on their own, unless in order to unlock the corresponding image file through the recovery program, so that it can be properly loaded.

附图说明 BRIEF DESCRIPTION

[0023] 图1是本发明中虚拟化环境下镜像文件防护方法的流程图。 [0023] FIG. 1 is a flowchart illustrating image file protection method of the present invention, the virtualization environment.

具体实施方式 Detailed ways

[0024] 为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。 [0024] To make the objectives, technical solutions and advantages of the present invention will become more apparent hereinafter in conjunction with the accompanying drawings and embodiments of the present invention will be further described in detail. 应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。 It should be understood that the specific embodiments described herein are only intended to illustrate the present invention and are not intended to limit the present invention.

[0025] 如图1所示,本发明中虚拟化环境下镜像文件的安全防护方法包括以下步骤: [0025] As shown, the method of the present invention, image file security virtual environment comprises the steps of 1:

[0026] (I)获取需要保护的镜像文件的基本信息,包括但不限于文件名、文件类型、文件大小及文件创建时间等。 [0026] (I) for basic information of the image files to be protected, including but not limited to the file name, file type, file size, and file creation time. 这些信息可以唯一的代表该镜像文件,作为下一步生成镜像文件标识的依据。 This information can be the only representative of the image file, image file as the basis for the next generation of identity.

[0027] (2)提取之前得到的镜像文件的基本信息中的非文字信息,并将这些信息按照预设顺序组合构成最终的有效信息,根据有效信息生成该镜像文件对应的唯一标识。 [0027] (2) non-text image file basic information obtained before extraction, and that constitute a final composition useful information according to a preset order, a unique identifier generated based on the corresponding significance information to the image file.

[0028] 其中,标识的生成方式是秘密的,也是不局限的:可以使用公开的签名算法,也可以自行设计算法实现,只需确保生成的标识具有唯一性及不可逆的特点即可。 [0028] wherein the generating mode identification is secret, it is not limited: You can use public signature algorithm, you can design algorithm, just make sure the generated identity is unique and can be irreversible features.

[0029] (3)得到镜像文件的对应标识后,进行镜像文件与其对应标识的绑定。 (3) to give the corresponding image file identification [0029], the image file corresponding to bind ID.

[0030] 其中,标识与镜像文件的绑定方式是多样的,包括但并不局限于如下方法:使用数据库技术将镜像文件与其对应标识绑定,或将标识写入镜像文件的任何位置,如镜像文件末尾,或散列的存储在镜像文件中等。 [0030] wherein the binding mode identifies the image file are diverse, including but not limited to, the following: use database technology mirror file corresponding to identifier binding, or write to any position identification image file, such as mirroring end of the file, or hash storage medium in the image file.

[0031] (4)当虚拟机启动,加载镜像文件时,根据该镜像文件所对应的标识对该镜像文件进行合法性检查,若该镜像文件已绑定标识且标识合法则正常加载镜像文件并启动虚拟机;否则认为该虚拟机非法,锁定该虚拟机镜像文件并阻止其启动。 [0031] (4) When the virtual machine starts, load the image file, based on the image file corresponding to the identified image file to check the validity, if the image file and the bind ID is valid identifier and the image file is loaded normally start the virtual machine; otherwise deemed illegal virtual machine, the virtual machine image file locking and prevent it from starting.

[0032] 具体地,可以通过修改虚拟化系统源代码的方法,为虚拟化系统添加校验镜像文件标识的功能模块。 [0032] Specifically, addition of functional modules for the identified image file checksum virtualization system virtualization system by modifying the method of source code.

[0033] 其中校验的过程是强制的,是不可绕过的,校验在每次开启虚拟机前都会被执行,即每次开启虚拟机都会对其合法性进行检查。 [0033] wherein the verification process is mandatory, is not bypassed, check before turning on each virtual machine will be executed, that is, each virtual machine will open check their legitimacy. 该模块的主要功能是校验镜像文件是否已绑定对应标识,并通过模拟之前生成镜像文件标识的过程,校验具体镜像文件标识是否一致合法。 The main function of this module is to check whether or not the corresponding image file has been identified to bind, and generates the image file identified by the process simulation before, the specific image file identification verification is consistent legitimate.

[0034] (5)通过破坏镜像文件结构的方法阻止非法虚拟机的启动,即重写镜像文件的文件头,对文件头部的前128字节异或并改写,这样加载镜像文件时就不能正确读取文件头信息,从而阻止该虚拟机启动。 [0034] (5) prevents illegal virtual machine to start by the method of destruction of the structure of the image file, i.e. image file header rewriting, the first 128 bytes of the file header and rewrite the exclusive OR, so that when the image file can not be loaded the right to read the file header information, thus preventing the virtual machine is started.

[0035] 需要注意的是:对镜像文件的破坏是可逆的,即管理员可以对镜像文件头部的前128字节再次异或并改写,这样就可恢复已被破坏的虚拟机镜像文件,使其可以再次正常加载。 [0035] Note that: the destruction of the image file is reversible, that is, the administrator can again different to the first 128 bytes of the file header or image and rewrite, so you can restore damaged virtual machine image file, it can be loaded normally again.

[0036]另外对校验失败的非法镜像文件,应立即破坏其文件结构,即锁定该镜像文件,使其不能正常启动,除非通过额外的恢复程序进行解锁后,该镜像文件才能正常加载并启动虚拟机。 [0036] In addition to the illegal image file checksum failure, should immediately destroy the file structure, the image file that is locked, it can not start properly, unless by unlocking additional recovery program, the image file to load and start normal virtual machine.

[0037] 本领域的技术人员容易理解,以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。 [0037] Those skilled in the art will readily appreciate, the above-described preferred embodiment of the present invention only but are not intended to limit the present invention, any modifications within the spirit and principle of the present invention, equivalent substitutions, and improvements, etc., should be included within the scope of the present invention.

Claims (10)

1.一种虚拟化环境下镜像文件安全防护方法,包括以下步骤: (1)获取需要保护的镜像文件的基本信息,包括文件名、文件类型、文件大小及文件创建时间; (2)提取所述镜像文件的基本信息中的非文字信息,并将这些信息按照预设顺序组合构成最终的有效信息,根据有效信息生成该镜像文件对应的唯一标识; (3)得到镜像文件的对应标识后,进行镜像文件与其对应标识的绑定; (4)当虚拟机启动加载镜像文件时,根据该镜像文件所对应的标识对该镜像文件进行合法性检查,若该镜像文件已绑定标识且标识合法则正常加载镜像文件并启动虚拟机;否则认为该虚拟机非法,锁定该虚拟机镜像文件并阻止其启动。 Safety mirror file 1. A method in a virtualized environment, comprising the steps of: (1) obtaining basic information image file to be protected, including file name, file type, file size, and file creation time; (2) extracting basic information of said non-text information in the image file, and the information to make the final composition significance information according to a preset order, generating useful information to uniquely identify the corresponding image file according; to obtain the image file corresponding to the identifier (3), image file corresponding to bind identification; (4) when the virtual machine boot loader image file, based on the image file corresponding to the identified image file to check the validity, if the image file and the bind ID is valid identification the normal load the image file and start the virtual machine; otherwise deemed illegal virtual machine, the virtual machine image file locking and prevent it from starting.
2.根据权利要求1所述的方法,其特征在于,所述步骤(2)中标识的生成方式是秘密的,且生成的标识是唯一的。 2. The method according to claim 1, wherein said step (2) generating a mode identification are secret, and the generated ID is unique.
3.根据权利要求2所述的方法,其特征在于,所述标识的生成方法为:使用公用的签名算法,或者自行设计算法。 3. The method according to claim 2, wherein the identifier generation method is as follows: using a common signature algorithm or algorithms designed.
4.根据权利要求1或2所述的方法,其特征在于,所述步骤(3)中镜像文件与其对应标识的绑定具体包括:使用数据库技术将镜像文件与其对应标识绑定,或将标识写入镜像文件的任何位置。 4. The method of claim 1 or claim 2, wherein said binding step (3) in the image file corresponding to the identifier comprises: using a database technology mirror file corresponding to identifier binding, identifying or write to any location of the image file.
5.根据权利要求4所述的方法,其特征在于,所述将标识写入镜像文件的任何位置具体包括:将标识写入镜像文件末尾,或散列的存储在镜像文件中。 The method according to claim 4, characterized in that the identification of the writing of any location of the image file comprises: identifying the end of writing the image file, stored in a hash or image file.
6.根据权利要求1或2所述的方法,其特征在于,所述步骤(4)中对该镜像文件进行合法性检查具体包括:校验镜像文件是否已绑定对应标识,并通过步骤(2)中的方法生成该镜像文件的对应标识,校验新生成的该对应标识是否与镜像文件中的对应标识一致合法。 The method according to claim 1 or claim 2, wherein said step (4) to check the validity of the image file comprises: checking whether the image file corresponding to the identified bound, and in step ( method 2) is generated corresponding to the identifier of the image file, verification identifier corresponding to the newly generated image file is consistent with the corresponding valid identification.
7.根据权利要求1或2所述的方法,其特征在于,所述方法还包括: (5)在判断该虚拟机非法时,通过破坏镜像文件结构的方法阻止非法虚拟机的启动。 7. The method of claim 1 or claim 2, wherein said method further comprises: (5) when it is determined that illegal virtual machine, the virtual machine is prevented from starting the illegal image file structure by the process of destruction.
8.根据权利要求7所述的方法,其特征在于,所述破坏镜像文件结构的方法具体为:重写镜像文件的文件头。 8. The method according to claim 7, wherein said image file structure damage is specifically: rewrites the file header of the image file.
9.根据权利要求8所述的方法,其特征在于,所述镜像文件的破坏是可逆的,即管理员可以对镜像文件头部的前128字节再次异或并改写,以便可恢复已被破坏的虚拟机镜像文件,使其可以再次正常加载。 9. The method according to claim 8, wherein the image file damage is reversible, i.e., the administrator may again be different for the front mirror 128 bytes or a file header and rewrite, so as to be restored has been the destruction of the virtual machine image file so that it can be loaded normally again.
10.根据权利要求7所述的方法,其特征在于,对校验失败的非法镜像文件,立即破坏其文件结构,即锁定该镜像文件,使其不能正常启动,除非通过额外的恢复程序进行解锁后,该镜像文件才能正常加载并启动虚拟机。 10. The method according to claim 7, characterized in that the illegal image file verification fails, immediately destroy the file structure, i.e., the locked image file, it can not start properly, unless unlocked by an additional recovery procedure after the image file to load properly and start the virtual machine.
CN201510295527.6A 2015-06-02 2015-06-02 Security protection method for image file in virtual environment CN105007261A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510295527.6A CN105007261A (en) 2015-06-02 2015-06-02 Security protection method for image file in virtual environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510295527.6A CN105007261A (en) 2015-06-02 2015-06-02 Security protection method for image file in virtual environment

Publications (1)

Publication Number Publication Date
CN105007261A true CN105007261A (en) 2015-10-28

Family

ID=54379784

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510295527.6A CN105007261A (en) 2015-06-02 2015-06-02 Security protection method for image file in virtual environment

Country Status (1)

Country Link
CN (1) CN105007261A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106911744A (en) * 2015-12-23 2017-06-30 北京神州泰岳软件股份有限公司 The management method and managing device of a kind of image file
CN106911744B (en) * 2015-12-23 2019-11-08 北京神州泰岳软件股份有限公司 A kind of management method and managing device of image file

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101465770A (en) * 2009-01-06 2009-06-24 北京航空航天大学 Method for disposing inbreak detection system
US20100299315A1 (en) * 2005-08-09 2010-11-25 Nexsan Technologies Canada Inc. Data archiving system
CN101976317A (en) * 2010-11-05 2011-02-16 北京世纪互联工程技术服务有限公司 Virtual machine image safety method in private cloud computing application
CN102214118A (en) * 2010-04-08 2011-10-12 中国移动通信集团公司 Method, system and device for controlling virtual machine (VM)
CN102419803A (en) * 2011-11-01 2012-04-18 成都市华为赛门铁克科技有限公司 Method, system and device for searching and killing computer virus
CN102917046A (en) * 2012-10-17 2013-02-06 广州杰赛科技股份有限公司 Virtual machine starting control method in cloud system
CN103064706A (en) * 2012-12-20 2013-04-24 曙光云计算技术有限公司 Starting method and device for virtual machine system
CN103092650A (en) * 2013-01-09 2013-05-08 华中科技大学 Virtual machine mirror image generating method and device based on software preinstallation in cloud environment
CN103457974A (en) * 2012-06-01 2013-12-18 中兴通讯股份有限公司 Safety control method and device for virtual machine mirror images
CN103906068A (en) * 2012-12-26 2014-07-02 华为技术有限公司 Virtual base station establishment method and device
CN104463012A (en) * 2014-11-24 2015-03-25 东软集团股份有限公司 Virtual machine image file exporting and importing method and device

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100299315A1 (en) * 2005-08-09 2010-11-25 Nexsan Technologies Canada Inc. Data archiving system
CN101465770A (en) * 2009-01-06 2009-06-24 北京航空航天大学 Method for disposing inbreak detection system
CN102214118A (en) * 2010-04-08 2011-10-12 中国移动通信集团公司 Method, system and device for controlling virtual machine (VM)
CN101976317A (en) * 2010-11-05 2011-02-16 北京世纪互联工程技术服务有限公司 Virtual machine image safety method in private cloud computing application
CN102419803A (en) * 2011-11-01 2012-04-18 成都市华为赛门铁克科技有限公司 Method, system and device for searching and killing computer virus
CN103457974A (en) * 2012-06-01 2013-12-18 中兴通讯股份有限公司 Safety control method and device for virtual machine mirror images
CN102917046A (en) * 2012-10-17 2013-02-06 广州杰赛科技股份有限公司 Virtual machine starting control method in cloud system
CN103064706A (en) * 2012-12-20 2013-04-24 曙光云计算技术有限公司 Starting method and device for virtual machine system
CN103906068A (en) * 2012-12-26 2014-07-02 华为技术有限公司 Virtual base station establishment method and device
CN103092650A (en) * 2013-01-09 2013-05-08 华中科技大学 Virtual machine mirror image generating method and device based on software preinstallation in cloud environment
CN104463012A (en) * 2014-11-24 2015-03-25 东软集团股份有限公司 Virtual machine image file exporting and importing method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106911744A (en) * 2015-12-23 2017-06-30 北京神州泰岳软件股份有限公司 The management method and managing device of a kind of image file
CN106911744B (en) * 2015-12-23 2019-11-08 北京神州泰岳软件股份有限公司 A kind of management method and managing device of image file

Similar Documents

Publication Publication Date Title
KR101219857B1 (en) Systems and methods for securely booting a computer with a trusted processing module
AU2010340222B2 (en) Protected device management
JP3363379B2 (en) Method and apparatus for protecting the application data secure storage area
CN102792307B (en) Providing network access control in a virtual environment system and method
US7490245B2 (en) System and method for data processing system planar authentication
JP5021838B2 (en) Enforcing the use of chipset key management services for encrypted storage devices
JP4769608B2 (en) Information processing apparatus having start verification function
US9559842B2 (en) Trusted key management for virtualized platforms
KR101158184B1 (en) Protecting content on client platforms
US9405611B1 (en) Computing device with recovery mode
US8341404B2 (en) System and method for intelligence based security
US9455955B2 (en) Customizable storage controller with integrated F+ storage firewall protection
US7810153B2 (en) Controlling execution of computer applications
KR100996784B1 (en) Saving and retrieving data based on public key encryption
JP2016539567A (en) Data protection in storage systems using external secrets
CN101809540B (en) Network context triggers for activating virtualized computer applications
US20060005034A1 (en) System and method for protected operating system boot using state validation
US8352735B2 (en) Method and system for encrypted file access
EP1542112A1 (en) Open type general-purpose attack-resistant cpu, and application system thereof
CN102103673B (en) Providing integrity verification and attestation in a hidden execution environment
KR101487865B1 (en) Computer storage device having separate read-only space and read-write space, removable media component, system management interface, and network interface
JP5455318B2 (en) Dynamic trust management
CN100458807C (en) Verifying binding of an initial trusted device to a secured processing system
US8694763B2 (en) Method and system for secure software provisioning
US20110246785A1 (en) Hardware supported virtualized cryptographic service

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
RJ01 Rejection of invention patent application after publication