CN105912936A - Method for improving performance and safety of SDN switch - Google Patents
Method for improving performance and safety of SDN switch Download PDFInfo
- Publication number
- CN105912936A CN105912936A CN201610219740.3A CN201610219740A CN105912936A CN 105912936 A CN105912936 A CN 105912936A CN 201610219740 A CN201610219740 A CN 201610219740A CN 105912936 A CN105912936 A CN 105912936A
- Authority
- CN
- China
- Prior art keywords
- internal memory
- safety
- software
- sdn
- bios
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 230000015654 memory Effects 0.000 claims abstract description 132
- 238000002955 isolation Methods 0.000 claims abstract description 5
- 230000006870 function Effects 0.000 claims description 6
- 230000008569 process Effects 0.000 claims description 6
- 238000007689 inspection Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 2
- 238000007726 management method Methods 0.000 description 10
- 238000013475 authorization Methods 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 238000013461 design Methods 0.000 description 4
- 238000013507 mapping Methods 0.000 description 4
- 230000000875 corresponding effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
Abstract
The present invention discloses a method for improving performance and safety of an SDN switch. According to the method, when a BIOS or a firmware of an SDN switch master control processor is started, a special memory or storage space is individually reserved for SDN controller software and other safety application software, safety isolation between common software of an SDN switch operating system and the SDN controller software and other safety application software is achieved, and the SDN controller software and other safety application software can directly access the space or storage space without through the switch operating system. The method has high innovation, can be widely used in products such as an SDN switch, and has an important effect on protection of independent switch correlation technique intellectual property. The product also has a high practical value, and product competitiveness can be largely increased.
Description
Technical field
The present invention relates to SDN switch technical field, be specifically related to a kind of method improving SDN switch performance and safety.
Background technology
At present for the hardware resource commonly used unified resource method of salary distribution of distribution of infrastructure in computer network and cloud computing system, the i.e. hardware resource of whole system is transparent for should be used to say that above operating system and operating system, does not use the resource distribution mode adapted with it for application such as SDN.Such as in SDN switch, SDN controller software is to need to ensure safety and the performance that it runs when running, and some applies such as security monitoring etc. to network traffics etc., and safety and performance are had corresponding particular/special requirement.Need, from bottom, its running environment and resource acquisition mechanism are carried out special consideration for reaching this purpose.All distributed by operating system due to the resource of all application in general resource allocation mode, for the angle of operating system, the resource of all of application program is all sharable, and application program oneself also cannot obtain the exclusive resource outside operating system.
A kind of virtualization information processing system discloses for patent US2009248949A1, and specifically discloses virtual machine management program and can distribute the one or more regions in one or more processors and storage subsystem to each virtual machine.When operation, each client operating system can utilize one or more physical resources of the physical hardware being distributed to each self virtualizing machine by above-mentioned management program.Additionally, virtual machine and application can directly interact with physical hardware.(such as, being similar to the mode that operating system interacts with physical hardware).Although describe from its patent and its accompanying drawing it can be seen that its Hypervisor program described and be implemented in the application program on Hypervisor can be directly (not by OS) or system resource is conducted interviews by indirect (by OS or Hypervisor), but it especially stores resource (comprising internal memory) to the hardware resource distribution of whole system and does not carry out isolating in application layer from firmware layer to operating system layer, more different application is not carried out safety certification.Its " management program can dynamically distribute physical hardware resources to virtual machine, such that it is able to improve application performance " being previously mentioned is not most effective and safe method under operating system environment simultaneously.
Above-mentioned similar application uses by the method for the unified resource provided of operating system, it is impossible to avoid the operating system management to resource, increase owing to arriving the path of final resource, the reduction of efficiency and aspect of performance can be caused.Simultaneously because corresponding resource the most individually divides and manages, there is no relatively independent registration and authentication mechanism yet, easily cause the leak of secure context.Data cut-off protection aspect for related application is not illustrated yet.
Summary of the invention
The technical problem to be solved in the present invention is: for above not enough and demand, the invention provides a kind of method improving SDN switch performance and safety.
What resource that therefore patent US2009248949A1 is mentioned accessed and mentioned in distribution mechanism and the present invention be suitable for improving SDN switch performance and the internal memory through security isolation of safety or memory allocation access mechanism has fundamental difference.
The technical solution adopted in the present invention is:
A kind of method improving SDN switch performance and safety, described method is when the BIOS of SDN switch main control processor or firmware start, it is individually for SDN controller software and other safety applications software reserves special internal memory or memory space, divided by the independence carrying out internal memory or memory space in firmware aspect, realize SDN switch operating system common software and SDN controller software and the security isolation of other safety applications softwares, this internal memory or memory space directly can be accessed by SDN controller software and other safety applications software without switch operating system.
The special internal memory divided or memory space caching when SDN controller software runs, to accelerate the performance of software, or for preserving relevant daily record, network flow table and data, or be sightless for the special internal memory that track record and the inspection etc. of network security, BIOS or the firmware of network state are divided or memory space for the operating system of SDN switch.That is operating system obtains via BIOS on startup internal memory or memory space and special internal memory or memory space are entirely isolated.Operating system and run on the standard software on operating system cannot access these internal memories or storage resource.
For ensureing the safety of system, BIOS or firmware layer mask have by ID or other modes are registered or certification SDN controller software and the function of other safety applications softwares.Special internal memory or the memory space that only could be divided BIOS or firmware by SDN controller software and other safety applications software of certification are conducted interviews or use.
The authentication mode of SDN controller software and other safety applications softwares uses and includes but not limited to that specific authentication chip, BIOS reside at the modes such as the specific authentication/accreditation process in internal memory when starting.
BIOS or firmware layer face used by registration or the SDN controller software of certification and other safety applications software include but not limited to the modes such as internal memory lock, Memory Allocation table mapping for its access or.
Management BIOS for special internal memory can access for upper layer application to take to include but not limited to the modes such as internal memory lock, Memory Allocation table mapping or.Can also combine with relevant hardware designs, such as design relevant hardware logic and control to open or close relevant internal memory.
SDN controller software and other safety applications software are not only able to access the resource of operating system as other application in operating system, also are able to as required directly not accessed this internal memory or memory space by switch operating system after obtaining associated rights by certification simultaneously.So can be greatly shortened in terms of access path, thus reduce the access time, improve access performance.
The physical memory of described special internal memory uses internal memories such as including but not limited to common internal memory, NVDIMM internal memory.
Simultaneously after special internal memory is divided in above NVDIMM, owing to NVDIMM has power-down protection, such that it is able to related data to be carried out power down protection, ensure the reliability of data.
Described method is preferably used the memory bank address space of independent completion for the division of special internal memory, so can use the memory bar being different from Installed System Memory as required, and such as NVDIMM, to provide the unique functions such as power down protection.
Management program and the BIOS of described special internal memory are integrated, or the independent isolated operation when BIOS runs.
The management program of the most described special internal memory is the same with BIOS be may reside within internal memory, thus the software such as SDN controller can communicate with management program when operating system.
The invention have the benefit that
This internal memory or memory space directly can be accessed by SDN controller software of the present invention and other safety applications software without switch operating system, reduce access path, improve the performance of the application such as SDN, the safety of safeguards system.Simultaneously after special internal memory is divided in above NVDIMM, it is also possible to data are carried out power down protection, ensure the reliability of application data.
The method applied in the present invention has higher novelty; can be widely applied in the products such as SDN switch; have an important effect to the protection of master switch correlation technique intellectual property, this product also has higher practical value and can be greatly promoted product competitiveness simultaneously.
Accompanying drawing explanation
Fig. 1 is the system schematic that the inventive method relates to;
Fig. 2 is SDN controller of the present invention registration and browsing process figure.
Detailed description of the invention
Below by Figure of description, in conjunction with detailed description of the invention, the present invention is further described:
Embodiment 1:
A kind of method improving SDN switch performance and safety, described method is when the BIOS of SDN switch main control processor or firmware start, it is individually for SDN controller software and other safety applications software reserves special internal memory or memory space, divided by the independence carrying out internal memory or memory space in firmware aspect, realize SDN switch operating system common software and SDN controller software and the security isolation of other safety applications softwares, this internal memory or memory space directly can be accessed by SDN controller software and other safety applications software without switch operating system.
Embodiment 2:
On the basis of embodiment 1, special internal memory that the present embodiment is divided or the memory space caching when SDN controller software runs is to accelerate the performance of software, or for preserving relevant daily record, network flow table and data, or be sightless for the special internal memory that track record and the inspection etc. of network security, BIOS or the firmware of network state are divided or memory space for the operating system of SDN switch.That is operating system obtains via BIOS on startup internal memory or memory space and special internal memory or memory space are entirely isolated.Operating system and run on the standard software on operating system cannot access these internal memories or storage resource.
Embodiment 3:
On the basis of embodiment 1 or 2, the present embodiment is the safety of guarantee system, and BIOS or firmware layer mask have by ID or other modes are registered or certification SDN controller software and the function of other safety applications softwares.Special internal memory or the memory space that only could be divided BIOS or firmware by SDN controller software and other safety applications software of certification are conducted interviews or use.
Embodiment 4:
On the basis of embodiment 3, the authentication mode of the present embodiment SDN controller software and other safety applications softwares uses and includes but not limited to that specific authentication chip, BIOS reside at the modes such as the specific authentication/accreditation process in internal memory when starting.
Embodiment 5:
On the basis of embodiment 4, the present embodiment BIOS or firmware layer face used by registration or the SDN controller software of certification and other safety applications software include but not limited to the modes such as internal memory lock, Memory Allocation table mapping for its access or.
Management BIOS for special internal memory can access for upper layer application to take to include but not limited to the modes such as internal memory lock, Memory Allocation table mapping or.Can also combine with relevant hardware designs, such as design relevant hardware logic and control to open or close relevant internal memory.
Embodiment 6:
On the basis of embodiment 5, the present embodiment SDN controller software and other safety applications software are not only able to access the resource of operating system as other application in operating system, also are able to as required directly not accessed this internal memory or memory space by switch operating system after obtaining associated rights by certification simultaneously.So can be greatly shortened in terms of access path, thus reduce the access time, improve access performance.
Embodiment 7:
On the basis of embodiment 6, the physical memory of internal memory special described in the present embodiment uses internal memories such as including but not limited to common internal memory, NVDIMM internal memory.
Simultaneously after special internal memory is divided in above NVDIMM, owing to NVDIMM has power-down protection, such that it is able to related data to be carried out power down protection, ensure the reliability of data.
Embodiment 8:
On the basis of embodiment 7; method described in the present embodiment is preferably used the memory bank address space of independent completion for the division of special internal memory; so can use the memory bar being different from Installed System Memory as required, such as NVDIMM, to provide the unique functions such as power down protection.
Embodiment 9:
On the basis of embodiment 8, the management program of internal memory special described in the present embodiment and BIOS are integrated, or the independent isolated operation when BIOS runs.
Embodiment 10:
On the basis of embodiment 9, the management program of internal memory special described in the present embodiment is the same with BIOS be may reside within internal memory, thus the software such as SDN controller can communicate with management program when operating system.
Embodiment 11:
As it is shown in figure 1, the SDN switch that described method relates to mainly includes SDN switch OS(operating system) and SDN switch BIOS two parts, wherein:
SDN switch BIOS comprises distributes the Installed System Memory for operating system, for the application authorization/Registering modules of SDN controller certification, for the special internal memory of SDN controller etc.;
SDN switch OS includes special-purpose software: switch tradition is applied, SDN controller etc..
When being embodied as, SDN switch BIOS is divided into two main functional modules, and first carries out system initialization and for operating system distribution system internal memory as traditional B IOS;
The softwares such as SDN controller for the special internal memory of software distribution such as upper strata SDN controller and are authenticated or register by second;
Setting is implemented for second functional module and is different from the access rights of first function, such as by the way of use includes but not limited to password or password.
Its implementation of application authorization/Registering modules of BIOS can be to take the modes such as ID identification, digital certificate.It is embodied as aspect and can write the information such as digital certificate in BIOS, first it is carried out authentication when the upper layer software (applications)s such as SDN controller need to access special internal memory by digital certificate etc., authorize it to access special internal memory.Similar with special storage management, application authorization/Registering modules can be integrated with BIOS, can also the independent isolated operation when BIOS runs, preferentially application authorization/Registering modules is the same with BIOS may reside within internal memory, can communicate with management program with softwares such as SDN controllers when operating system.
The registration of SDN controller and browsing process figure are as shown in Figure 2, the softwares such as first SDN controller carry out authentication to application registration/certification module by relevant interface (physical interface can be made can also to make address addressing space) the transmission information such as digital certificate and obtain special internal memory and use authority, reside in the BIOS program in internal memory or special storage management by transmitting special memory address addressing space or being opened the modes such as associated internal memory control signal by logic control and allow the special internal memories of softward interview such as SDN controller.
If the most special internal memory is divided into NVDIMM, the most special internal memory has power-down protection, and relevant data can retain after unexpected power down.After re-powering, this internal memory can be checked after obtaining associated rights by the software such as SDN controller, to judge whether the data that there is a need to recover.BIOS program or special storage management can also arrange flag, to show that the improper handing-over of the control authority of special internal memory is surprisingly exited and inquired about for upper layer application.
The special internal memory that BIOS is distributed in the specific implementation and the internal memory distributing to operating system are completely self-contained, and the common unauthorized application in operating system cannot use.Security of system is further ensured that by the modes such as underground interface, agreement, hardware resource that may also take in addition to authentication mode.
Embodiment 12:
SDN switch application includes:
SDN switch OS(operating system) select (SuSE) Linux OS;
SDN switch hardware selects X86 platform;
SDN switch BIOS is selected commercial BIOS and transforms internal memory distribution portion;
The application authorization of certification/Registering modules uses digital certificate+PKI mode to be authenticated;
SDN controller is selected Opendaylight and carries out the transformation of registration interface;
The application of switch tradition comprises Openflow application.
It is as follows that described method realizes process:
The first step, BIOS complete the division of special internal memory;
Second step, SDN switch OS(operating system) start;BIOS certification and storage management terminate-and-stay-resident;
3rd step, SDN controller initiate to use special memory request to BIOS certification and storage management;
4th step, SDN controller obtain and use special internal memory authority, set up relevant handing-over mechanism with BIOS certification and storage management;
5th step, for NVDIMM internal memory, check when BIOS certification and storage management are again started up that correlated identities judges whether unexpected power-down conditions, the most then preserve associated internal memory parameter and mark in case relative program reuses;As otherwise associated internal memory is turned to can storage allocation, reuse for application program.
Embodiment of above is merely to illustrate the present invention; and not limitation of the present invention; those of ordinary skill about technical field; without departing from the spirit and scope of the present invention; can also make a variety of changes and modification; the technical scheme of the most all equivalents falls within scope of the invention, and the scope of patent protection of the present invention should be defined by the claims.
Claims (10)
1. the method improving SDN switch performance and safety, it is characterized in that: described method is when the BIOS of SDN switch main control processor or firmware start, it is individually for SDN controller software and other safety applications software reserves special internal memory or memory space, realizing SDN switch operating system common software and SDN controller software and the security isolation of other safety applications softwares, this internal memory or memory space directly can be accessed by SDN controller software and other safety applications software without switch operating system.
A kind of method improving SDN switch performance and safety the most according to claim 1, it is characterized in that: the special internal memory divided or memory space caching when SDN controller software runs, to accelerate the performance of software, or for preserving relevant daily record, network flow table and data, or for the track record of network state and the inspection of network security, special internal memory that described BIOS or firmware are divided or memory space are sightless for the operating system of SDN switch.
A kind of method improving SDN switch performance and safety the most according to claim 1 and 2, it is characterised in that: BIOS or firmware layer mask have by ID or other modes are registered or certification SDN controller software and the function of other safety applications softwares.
A kind of method improving SDN switch performance and safety the most according to claim 3, it is characterised in that: the authentication mode of SDN controller software and other safety applications softwares uses the specific authentication/accreditation process including that specific authentication chip or BIOS reside in internal memory when starting.
A kind of method improving SDN switch performance and safety the most according to claim 4, it is characterised in that: BIOS or firmware layer face use internal memory to lock by registration or the SDN controller software of certification and other safety applications software or Memory Allocation table maps for its access or.
A kind of method improving SDN switch performance and safety the most according to claim 5, it is characterized in that: SDN controller software and other safety applications software are not only able to access the resource of operating system as other application in operating system, also be able to as required by switch operating system, this internal memory or memory space directly not accessed after obtaining associated rights by certification simultaneously.
A kind of method improving SDN switch performance and safety the most according to claim 6, it is characterised in that: the physical memory of described special internal memory uses common internal memory or NVDIMM internal memory.
A kind of method improving SDN switch performance and safety the most according to claim 7, it is characterised in that: described method divides the memory bank address space using independent completion for special internal memory.
A kind of method improving SDN switch performance and safety the most according to claim 8, it is characterised in that: management program and the BIOS of described special internal memory are integrated, or the independent isolated operation when BIOS runs.
A kind of method improving SDN switch performance and safety the most according to claim 9, it is characterised in that: the management program of described special internal memory is the same with BIOS to be resided in internal memory.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610219740.3A CN105912936B (en) | 2016-04-11 | 2016-04-11 | A method of improving SDN switch performance and safety |
| PCT/CN2016/108478 WO2017177694A1 (en) | 2016-04-11 | 2016-12-05 | Method for improving performance and security of sdn switch |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610219740.3A CN105912936B (en) | 2016-04-11 | 2016-04-11 | A method of improving SDN switch performance and safety |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105912936A true CN105912936A (en) | 2016-08-31 |
| CN105912936B CN105912936B (en) | 2018-09-21 |
Family
ID=56744934
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610219740.3A Active CN105912936B (en) | 2016-04-11 | 2016-04-11 | A method of improving SDN switch performance and safety |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105912936B (en) |
| WO (1) | WO2017177694A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017177694A1 (en) * | 2016-04-11 | 2017-10-19 | 浪潮集团有限公司 | Method for improving performance and security of sdn switch |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109257204B (en) * | 2018-08-06 | 2021-06-04 | 浙江工商大学 | Network energy-saving device and method based on deep learning in software defined network |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102184373A (en) * | 2011-05-30 | 2011-09-14 | 南京大学 | Method for designing safety core of operation system based on protection mode and virtualization mechanism |
| CN102193816A (en) * | 2010-03-12 | 2011-09-21 | 中国长城计算机深圳股份有限公司 | Equipment distribution method and system |
| CN103136485A (en) * | 2011-11-28 | 2013-06-05 | 联想(北京)有限公司 | Method of realizing computer safety and computer |
| CN103746911A (en) * | 2014-01-20 | 2014-04-23 | 中国联合网络通信集团有限公司 | SDN (software defined networking) structure and communication method thereof |
| CN104008342A (en) * | 2014-06-06 | 2014-08-27 | 山东超越数控电子有限公司 | Method for achieving safe and trusted authentication through BIOS and kernel |
| CN104967615A (en) * | 2015-06-03 | 2015-10-07 | 浪潮集团有限公司 | Security SDN controller and network security method based on same |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102708330B (en) * | 2012-05-10 | 2015-07-08 | 深信服网络科技(深圳)有限公司 | Method for preventing system from being invaded, invasion defense system and computer |
| US9755901B2 (en) * | 2014-01-21 | 2017-09-05 | Huawei Technologies Co., Ltd. | System and method for a software defined protocol network node |
| CN105912936B (en) * | 2016-04-11 | 2018-09-21 | 浪潮集团有限公司 | A method of improving SDN switch performance and safety |
-
2016
- 2016-04-11 CN CN201610219740.3A patent/CN105912936B/en active Active
- 2016-12-05 WO PCT/CN2016/108478 patent/WO2017177694A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102193816A (en) * | 2010-03-12 | 2011-09-21 | 中国长城计算机深圳股份有限公司 | Equipment distribution method and system |
| CN102184373A (en) * | 2011-05-30 | 2011-09-14 | 南京大学 | Method for designing safety core of operation system based on protection mode and virtualization mechanism |
| CN103136485A (en) * | 2011-11-28 | 2013-06-05 | 联想(北京)有限公司 | Method of realizing computer safety and computer |
| CN103746911A (en) * | 2014-01-20 | 2014-04-23 | 中国联合网络通信集团有限公司 | SDN (software defined networking) structure and communication method thereof |
| CN104008342A (en) * | 2014-06-06 | 2014-08-27 | 山东超越数控电子有限公司 | Method for achieving safe and trusted authentication through BIOS and kernel |
| CN104967615A (en) * | 2015-06-03 | 2015-10-07 | 浪潮集团有限公司 | Security SDN controller and network security method based on same |
Non-Patent Citations (2)
| Title |
|---|
| ONFS BRIEF: "《OPEN NETWORKING FOUNDATION》", 8 September 2013 * |
| 薛聪 等: "一种安全SDN控制器架构设计", 《信息网络安全》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017177694A1 (en) * | 2016-04-11 | 2017-10-19 | 浪潮集团有限公司 | Method for improving performance and security of sdn switch |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105912936B (en) | 2018-09-21 |
| WO2017177694A1 (en) | 2017-10-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3629540B1 (en) | Apparatus and method for secure memory access using trust domains | |
| JP7428770B2 (en) | Computer programs, computer readable storage media and devices | |
| CN103139159B (en) | Secure communication between virtual machine in cloud computing framework | |
| US9047468B2 (en) | Migration of full-disk encrypted virtualized storage between blade servers | |
| CN103430185B (en) | For the method for switching between virtualization system operation and non-virtualized system operation | |
| US10372628B2 (en) | Cross-domain security in cryptographically partitioned cloud | |
| JP7379512B2 (en) | Storage sharing between secure domains and non-secure entities | |
| US10866909B2 (en) | Technologies for protecting virtual machine memory | |
| US11163597B2 (en) | Persistent guest and software-defined storage in computing fabric | |
| JP2022539969A (en) | Using secure memory enclaves from the context of the process container | |
| Sinha et al. | Towards an integrated vehicle management system in driveos | |
| US10713081B2 (en) | Secure and efficient memory sharing for guests | |
| JP2022522664A (en) | Secure paging with page change detection | |
| CN102096782B (en) | Internet banking safety authentication method based on removable medium of virtual machine | |
| CN105912936A (en) | Method for improving performance and safety of SDN switch | |
| JP2022523522A (en) | High-level page management for secure interface control | |
| CN117561699A (en) | Secure computing mechanism | |
| US10678577B2 (en) | Method for implementing virtual secure element | |
| CN110851885A (en) | Embedded system safety protection architecture system | |
| WO2016089411A9 (en) | Access to network-based storage resource based on hardware identifier | |
| CN112241309B (en) | Data security method and device, CPU, chip and computer equipment | |
| CN113239347B (en) | Starting method and device suitable for TEE security application example | |
| EP4202702A1 (en) | Method and apparatus to set guest physical address mapping attributes for trusted domain | |
| US20230098288A1 (en) | Apparatus and method for role-based register protection for tdx-io | |
| WO2023184291A1 (en) | Techniques to implement mutual authentication for confidential computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230419 Address after: 250000 building S02, No. 1036, Langchao Road, high tech Zone, Jinan City, Shandong Province Patentee after: Shandong Inspur Scientific Research Institute Co.,Ltd. Address before: No. 1036, Shandong high tech Zone wave road, Ji'nan, Shandong Patentee before: INSPUR GROUP Co.,Ltd. |
|
| TR01 | Transfer of patent right |