CN106445641A - Method for data migration between safety virtual platforms on discrete computing node - Google Patents
Method for data migration between safety virtual platforms on discrete computing node Download PDFInfo
- Publication number
- CN106445641A CN106445641A CN201610949375.1A CN201610949375A CN106445641A CN 106445641 A CN106445641 A CN 106445641A CN 201610949375 A CN201610949375 A CN 201610949375A CN 106445641 A CN106445641 A CN 106445641A
- Authority
- CN
- China
- Prior art keywords
- security
- virtual machine
- monitor
- safety
- high safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013508 migration Methods 0.000 title claims abstract description 37
- 230000005012 migration Effects 0.000 title claims abstract description 37
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000012544 monitoring process Methods 0.000 claims abstract description 60
- 238000004364 calculation method Methods 0.000 claims description 29
- 238000001514 detection method Methods 0.000 claims description 21
- 238000007726 management method Methods 0.000 claims description 16
- 230000036544 posture Effects 0.000 claims description 8
- 238000002372 labelling Methods 0.000 claims description 7
- 238000000638 solvent extraction Methods 0.000 claims description 7
- 230000006870 function Effects 0.000 claims description 5
- 230000008447 perception Effects 0.000 claims description 5
- 238000004458 analytical method Methods 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 claims description 2
- 238000011897 real-time detection Methods 0.000 claims description 2
- 238000000151 deposition Methods 0.000 claims 1
- 238000005192 partition Methods 0.000 claims 1
- 238000004891 communication Methods 0.000 abstract description 5
- 230000003014 reinforcing effect Effects 0.000 abstract 4
- 230000008569 process Effects 0.000 description 8
- 238000012546 transfer Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 206010001488 Aggression Diseases 0.000 description 1
- 230000016571 aggressive behavior Effects 0.000 description 1
- 208000012761 aggressive behavior Diseases 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 239000000686 essence Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 238000010223 real-time analysis Methods 0.000 description 1
- 230000000306 recurrent effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/4557—Distribution of virtual machine instances; Migration and load balancing
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a method for data migration between safety virtual platforms on a discrete computing node. The method comprises the following steps: establishing a safety reinforcing system for a virtual machine monitor on each discrete computing node; utilizing an independent hardware safety monitoring system to simulate a client software issuing function of a remote server under a network environment; utilizing a communication port of the computing node and the internet to connect the safety reinforcing system with the remote safety server; uniformly marking, managing, maintaining and upgrading the versions, compatibility and integrity of the virtual machine monitor, safety monitor, operation system, middleware and application program stored in the safety reinforcing system connected with each computing node by the safety server; completing the data migration by the safety reinforcing system and the safety server.
Description
Technical field
The present invention relates to information security field, especially for the number between the secure virtual platform on discrete calculation node
According to moving method and its security strategy.
Background technology
Under cloud computing environment, for load balancing and the needs giving full play to bottom hardware disposal ability, server set
Virtual machine (vm) migration data migration on group is recurrent situation.With constantly carrying of network communication bandwidth and transfer rate
Rise, discrete calculate node, especially PC and notebook computer are formed cluster, with the cloud computing of servers, like cluster
Mode, to give full play to the potentiality of these computing resources, is a tool direction with broad prospects for development.On discrete calculation node
Virtual machine (vm) migration data migration, be impact discrete calculation node work in coordination with operation efficiency a key factor, be also simultaneously
The key factor that impact network security controls.
As patent application 201310072657.4 discloses number between a kind of dependable virtual platform and its construction method, platform
According to moving method, this application builds trusted service domain TSD, TSD extension letter based on the virtualization vTPM technology of TPM safety chip
Chain is appointed to set up credible running environment for user domain.User domain completes its safety applications to trusted function by interacting with management domain
Call, management domain by with TSD interact transmission and the process completing trusted commands.Source platform migration engine and target platform move
Move engine interaction, will be migrated to target platform based on the migrating data that safety chip is generated with TSD, and recover on target platform
Data, completes the fast transferring of TSD and virtual machine.
However, in practical application scene, the calculate node of Discrete Distribution, the such as PC of different user and notebook computer,
The monitor of virtual machine installed has differences, and in the virtual machine being run, the operating system comprising and application program there is also difference
Different.Operating system and application that the virtual machine how monitor of virtual machine on discrete calculation node, needs being migrated is comprised
Program, field operational data carry out unified safety management, this patent application without reference to problem.VTPM technology only solves simultaneously
The Construction Problems of the static trusted context determined in calculate node, are not directed to the dynamic security inspection in calculate node running
The problems such as survey with running environment maintenance, the safety transfer of virtual machine and related data.
Content of the invention
It is an object of the invention to provide the data migration method between secure virtual platform on a kind of discrete calculation node, should
Method solves under high speed network environment, virtual machine (vm) migration and related data between the secure virtual platform on discrete calculation node
Migration problem, while giving full play to the process potentiality of computing resource, also enables the purpose that effective network security controls.
Further object is that providing the safety detection between secure virtual platform on a kind of discrete calculation node
And data migration method, the method
The purpose of the present invention is achieved through the following technical solutions.
Data migration method between secure virtual platform on a kind of discrete calculation node, the method is in each discrete calculation section
One security hardening system being directed to monitor of virtual machine is established on point, is simulated using independent hardware security monitoring system
The client software issuing function of far-end server under network environment, described security hardening system utilizes the communication terminal of calculate node
Mouth and interference networks are connected with the security server of far-end, and security server is to the security hardening system connecting in each calculate node
The monitor of virtual machine of storage in system, security monitor, the version of operating system, middleware and application program, compatible and complete
Whole property carries out unified labelling, management, safeguards and upgrade;Moving of data is completed by security hardening system and security server
Move.
Described security hardening system comprises a security monitor adding in monitor of virtual machine, adopts one simultaneously
Independent hardware security monitoring system to be connected with calculate node, by security hardening system to monitor of virtual machine, execution
The running status of the virtual machine of high safety application carries out real-time detection and management.
Further, the program generation of described hardware security monitoring system one side storage virtual machine watch-dog and security monitor
Code, be also used for storing simultaneously high safety application required simplify operating system, middleware and application program;Calculate node is not according to
With functional requirement and the demand for security of applied environment, specific security partitioning is configured by monitor of virtual machine, and from hardware peace
Full monitoring system upload high safety application required simplify operating system, middleware and application program to security partitioning, open in good time
Integrated virtual machine on dynamic subregion, completes the expected operation of high safety application, and cancels corresponding virtual machine after the completion of operation
And subregion.
Further, described monitor of virtual machine uploads the involved operating system of high safety application, middleware and application
Program, to specific security partitioning, is started and carried out high safety application;Apply the term of execution in high safety, operation system in this subregion
The integrity detection of system, middleware and application program, will obtain their snapshot by security monitor, and passes through hardware security
The background process of monitoring system is being verified;Apply the term of execution in high safety, if monitor of virtual machine is invaded, or
The subregion of person's safety applications is invaded, then hardware security monitoring system carries out system reset, cancels whole virtual machines and runs.
Further, the important intermediate data being related in described high safety application running and final result will preserve
To in hardware security monitoring system, effectively prevent leaking of data and information.
Described hardware security monitoring system utilizes the PORT COM of calculate node and the security service of interference networks and far-end
Device connect, security server in each calculate node connect hardware security monitoring system in storage monitor of virtual machine,
The version of what security monitor, high safety application were comprised simplify operating system, middleware and application program, compatibility and complete
Property carry out unified labelling, management, safeguard and upgrade.
When discrete calculation node carries out collaborative computing by network interconnection, security server is according in each calculate node
The safety detection information fed back of separate hardware security monitor, the requirement controlling according to network security and load balancing will
Ask, selectively stop and delete the high safety application of execution in part calculate node, by related secure virtual machine and scene
Data Migration continues executing with suitable calculate node.
Methods described, when discrete calculation node carries out collaborative computing by network interconnection, separate hardware security monitoring system
System collection and the monitor of virtual machine, the integrity of secure virtual machine executing high safety application and the peace that detect each calculate node
Quan Xing, and detection information is sent to security server.
Further, described security server is fed back according to the separate hardware safety monitoring system in each calculate node
Detection information forms security postures perception and the security postures analysis of the overall situation, according to the requirement of load balancing and security control, has
Selectively stop and delete the high safety application of execution in part calculate node.
Further, the described security server behaviour comprised to monitor of virtual machine, security monitor, high safety application
The version making system, middleware and application program is satisfied by the calculate node that secure virtual machine migration requires, by related safety
In the hardware security monitoring system that the field data of virtual machine is connected to these calculate nodes by cryptosecurity channel transfer,
And secure virtual machine is set up by monitor of virtual machine, proceed to execute corresponding high safety application.
The present invention compared with prior art has advantages below:
The accurate perception of security postures that the 1st, can be current to calculate node, is that the cooperated computing between discrete calculation node carries
Supply good safety guarantee.
2nd, come using independent hardware security monitoring system real-time to high safety application virtual machine and monitor of virtual machine
Memory map is detected, has effectively evaded the safety defect of calculate node bottom hardware system itself, hardware Trojan horse/logic is exploded
Bullet is it is ensured that detect independence and the effectiveness of operation.
3rd, in hardware security monitoring system, the safety detection operation of execution is the system operation executed in parallel with calculate node
, therefore, such process also reduces safety detection computing and executes brought performance loss in calculate node.
4th, monitor of virtual machine, security monitoring are kept using the secure storage areas in independent hardware security monitoring system
Device, high safety application comprised simplify operating system, middleware and application program it is ensured that code storage with detection not
Depend on the safety of calculate node hardware circuit, the unified management for these codes provides solid guarantee.
5th, hardware security monitoring system is using the security service of the PORT COM in calculate node and interference networks and far-end
Device connect, security server in different calculate nodes connect hardware security monitoring system in storage monitor of virtual machine,
The version of what security monitor, high safety application were comprised simplify operating system, middleware and application program, compatibility and complete
Property carry out unified labelling, management, safeguard and upgrade.
6th, when discrete calculation node carries out collaborative computing by network interconnection, security server is according to each calculate node
On the safety detection information fed back of separate hardware security monitor, the requirement controlling according to network security and load balancing
Require, selectively stopping and the high safety application deleting execution in part calculate node, by related secure virtual machine with now
Field data move to continue executing with suitable calculate node it is ensured that the effectiveness of Data Migration between secure virtual platform and
Safety.
Brief description
Fig. 1 is the system block diagram that the present invention is implemented.(accompanying drawing)
Fig. 2 is the separate hardware safety monitoring system block diagram that the present invention is implemented.
Specific embodiment
In order that the objects, technical solutions and advantages of the present invention become more apparent, below in conjunction with drawings and Examples, right
The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only in order to explain the present invention, and
It is not used in the restriction present invention.
As shown in figure 1, the system architecture diagram realized by the present invention, on the discrete calculation node that the present invention is realized
Virtual machine (vm) migration between secure virtual platform and related data migration scheme, are the calculating systems based on the security hardening shown in Fig. 1
System come to carry out.The core of the wherein present invention is addition security monitor in monitor of virtual machine, has been simultaneously connected with and has been used for pacifying
Full monitoring and the independent hardware security monitoring system of safety detection.
Being embodied as of the present invention is divided into the security hardening of calculate node, security server to separate hardware security monitoring system
Data Migration three part between the unified management of system, secure virtual platform.
Part 1:The security hardening of calculate node.
The security hardening of calculate node comprises both sides content below:
(1) function of monitor of virtual machine and security monitor merges.
Because monitor of virtual machine is located under operating system, on hardware system, its scheduling tool to software and hardware
There is highest priority, convenience, efficient safety monitoring mechanism just can be realized based on monitor of virtual machine.Shown in Fig. 1, this
Bright enforcement is to add a security monitor on the basis of monitor of virtual machine.
For the operation of the operating system in virtual machine and application software, due to the scheduling of executive process with to hardware
The access of resource is all to be realized by the management of monitor of virtual machine, and therefore security monitor just can adopt and virtual machine
Watch-dog identical granularity, to monitor process and the operation of correlation, gathers related process with the operational factor operating for supervising safely
Control system does real-time analysis, and takes corresponding countermeasure and protective treatment to the aggressive behavior finding.For virtual machine monitoring
For the integrity detection of device, detection to virtual machine running status, the effect of the current Situation Awareness of calculate node can be played,
This, for the test point targetedly selecting monitor of virtual machine, improves the efficiency of safety detection, has important effect.
(2) independent hardware security monitoring system.
Different from the widely used secure virtual machine watch-dog realized in a software form of current industry, our designs are simultaneously real
Show independent hardware security monitoring system.The composition of hardware security monitoring system is as shown in Fig. 2 it is by an interface and route
Chip and one group of security monitoring chip composition, these chips are all using the safety and Protection of highest ranking, these chips simultaneously
Between communication all using safety encryption in the form of carry out it is ensured that these encryption communication data safety.
The program code of monitor of virtual machine and security monitor is stored in security monitoring chip, electricity in calculate node
When by cryptosecurity passage by these code upload to calculate node platform it is ensured that the trusted root of system detectio is independent of
Safety in calculate node hardware circuit.
The startup of high-grade safety applications and execution.Situation about not attacked in native operating system and application program
Under, monitor of virtual machine by from security monitoring chip upload high safety application involved simplify operating system, middleware and should
With program to specific security partitioning, it is started and carried out high safety application.Apply the term of execution in high safety, operate in this subregion
The integrity detection of system, middleware and application program, will be obtained their snapshot by security monitor, and is pacified by hardware
The background process of full monitoring system is being verified.Apply the term of execution in high safety, if monitor of virtual machine is invaded,
Or the subregion of safety applications is invaded, then hardware security monitoring system carries out system reset, cancels whole virtual machine fortune
OK.If high safety application smoothly completes, monitor of virtual machine cancels corresponding virtual machine and security partitioning, scheduling the machine behaviour
Make system and application program proceeds to execution.
The important intermediate data being related in high safety application running and final result will be saved in hardware security prison
In control system, effectively prevent leaking of data and information.
Part 2:The unified management to separate hardware safety monitoring system for the security server.
Separate hardware safety monitoring system utilizes the PORT COM of calculate node and the security service of interference networks and far-end
Device connects, the virtual machine monitoring to storage in the security monitoring chip of each separate hardware safety monitoring system for the security server
Device, security monitor, high safety application comprised simplify operating system, middleware and application program version, compatibility and
Integrity carries out unified labelling, management, safeguards and upgrade.
The local security attack situation finding is reported safety clothes by the hardware security monitoring system in each calculate node
Business device.The security attack situation that the comprehensive special time period of security server is found, the related security monitoring strategy of adjustment
With security fault-tolerance strategy, and to monitor of virtual machine, security monitor, high safety application comprised simplify operating system, in
Between part and application program carry out safety upgrade.The above is encrypted by security server, by interference networks be sent to
Security monitoring chipset in the supporting hardware security monitoring system of calculate node, realizes the dynamic of calculate node security hardening system
State is safeguarded and is upgraded.
Third portion:Data Migration between secure virtual platform.
When discrete calculation node carries out collaborative computing by network interconnection, separate hardware safety monitoring system is concomitantly adopted
Collection and the monitor of virtual machine, the integrity of secure virtual machine executing high safety application and the safety that detect each calculate node
Property, and detection information is sent to security server.
The safety detection information that security server is fed back according to the separate hardware security monitor in each calculate node,
Form security postures perception and the security postures analysis of the overall situation.According to the requirement of load balancing and security control, selectively stop
The high safety application executing only and in deletion part calculate node, selects computing resource suitable simultaneously, and hardware security monitors
What on device, the monitor of virtual machine of storage, security monitor, high safety application were comprised simplifies operating system, middleware and application
The version of program is satisfied by the calculate node that secure virtual machine migration requires, and the field data of related secure virtual machine is passed through
In the hardware security monitoring system that cryptosecurity channel transfer is connected to these calculate nodes, and built by monitor of virtual machine
Vertical secure virtual machine, proceeds to execute corresponding high safety application.
Therefore, the accurate perception of compared with prior art current to the calculate node security postures of the present invention, is discrete meter
Cooperated computing between operator node provides good safety guarantee.And come to Gao An using independent hardware security monitoring system
The real-time storage image of full application virtual machine and monitor of virtual machine is detected, has effectively evaded calculate node bottom hardware system
The safety defect of system itself, hardware Trojan horse/logic bomb are it is ensured that detect independence and the effectiveness of operation.
Hardware security monitoring system is using the security server of the PORT COM in calculate node and interference networks and far-end
Connect, security server is to the monitor of virtual machine of storage, peace in the hardware security monitoring system connecting in different calculate nodes
What full watch-dog, high safety application were comprised simplifies version, compatibility and the integrity of operating system, middleware and application program
Carry out unified labelling, management, safeguard and upgrade.
When discrete calculation node carries out collaborative computing by network interconnection, security server is according in each calculate node
The safety detection information fed back of separate hardware security monitor, the requirement controlling according to network security and load balancing will
Ask, selectively stop and delete the high safety application of execution in part calculate node, by related secure virtual machine and scene
Data Migration continues executing with suitable calculate node it is ensured that the effectiveness of Data Migration between secure virtual platform and peace
Quan Xing.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all essences in the present invention
Any modification, equivalent and improvement made within god and principle etc., should be included within the scope of the present invention.
Claims (10)
1. on a kind of discrete calculation node the data migration method between secure virtual platform it is characterised in that the method each from
One security hardening system being directed to monitor of virtual machine is established on scattered calculate node, using independent hardware security monitoring system
System carrys out the client software issuing function of far-end server under analog network environment, and described security hardening system utilizes calculate node
PORT COM and interference networks be connected with the security server of far-end, security server in each calculate node connect peace
The monitor of virtual machine of storage in full hardened system, security monitor, the version of operating system, middleware and application program, and
Capacitive and integrity carry out unified labelling, management, safeguard and upgrade;Complete to count by security hardening system and security server
According to migration.
2. on discrete calculation node as claimed in claim 1 data migration method between secure virtual platform it is characterised in that
Described security hardening system comprises a security monitor adding in monitor of virtual machine, adopt simultaneously one independent hard
Part safety monitoring system to be connected with calculate node, by security hardening system, monitor of virtual machine, execution high safety is answered
With the running status of virtual machine carry out real-time detection and management.
3. on discrete calculation node as claimed in claim 2 data migration method between secure virtual platform it is characterised in that
Described hardware security monitoring system one side storage virtual machine watch-dog and the program code of security monitor, are also used for depositing simultaneously
The required operating system of storage high safety application, middleware and application program;Calculate node is according to the function need of different application environment
Summation demand for security, configures specific security partitioning by monitor of virtual machine, and uploads Gao An from hardware security monitoring system
, to security partitioning, in good time boot partition, integrated virtual machine, complete for the required operating system of full application, middleware and application program
Become the expected operation of high safety application, and cancel corresponding virtual machine and subregion after the completion of operation.
4. on discrete calculation node as claimed in claim 3 data migration method between secure virtual platform it is characterised in that
Described monitor of virtual machine uploads the involved operating system of high safety application, middleware and application program to specifically safety point
Area, is started and carried out high safety application;Apply the term of execution in high safety, operating system, middleware and application journey in this subregion
The integrity detection of sequence, will obtain their snapshot by security monitor, and by the backstage of hardware security monitoring system at
Manage and to be verified;Apply the term of execution in high safety, if monitor of virtual machine is invaded, or the subregion of safety applications
Invaded, then hardware security monitoring system carries out system reset, cancel whole virtual machines and run.
5. on discrete calculation node as claimed in claim 4 data migration method between secure virtual platform it is characterised in that
The important intermediate data being related in described high safety application running and final result will be saved in hardware security monitoring system
In system, effectively prevent leaking of data and information.
6. on discrete calculation node as claimed in claim 1 data migration method between secure virtual platform it is characterised in that
Described hardware security monitoring system utilizes the PORT COM of calculate node and interference networks to be connected with the security server of far-end, peace
Full server is to the monitor of virtual machine of storage, security monitoring in the hardware security monitoring system connecting in each calculate node
Device, high safety apply version, compatibility and the integrity of the simplifying operating system, middleware and application program that are comprised to be united
One labelling, management, maintenance and upgrading.
7. on discrete calculation node as claimed in claim 1 data migration method between secure virtual platform it is characterised in that
When discrete calculation node carries out collaborative computing by network interconnection, security server is according to independent hard in each calculate node
The safety detection information that part security monitor is fed back, the requirement controlling according to network security and the requirement of load balancing, have choosing
Stop and delete the high safety application of execution in part calculate node with selecting, by related secure virtual machine and field data migration
Continue executing with suitable calculate node.
8. on discrete calculation node as claimed in claim 1 data migration method between secure virtual platform it is characterised in that
When discrete calculation node carries out collaborative computing by network interconnection, separate hardware safety monitoring system gathers and detects each meter
The monitor of virtual machine of operator node, the integrity of secure virtual machine of execution high safety application and safety, and by detection information
It is sent to security server.
9. on discrete calculation node as claimed in claim 8 data migration method between secure virtual platform it is characterised in that
Described security server is formed according to the detection information that the separate hardware safety monitoring system in each calculate node is fed back entirely
The security postures perception of office and security postures analysis, according to the requirement of load balancing and security control, selectively stop and delete
High safety application except execution in part calculate node.
10. on discrete calculation node as claimed in claim 9 data migration method between secure virtual platform it is characterised in that
Described security server is to monitor of virtual machine, security monitor, high safety the comprised operating system of application, middleware and should
It is satisfied by, with the version of program, the calculate node that secure virtual machine migration requires, the field data of related secure virtual machine is led to
Cross password escape way to be transferred in the hardware security monitoring system that these calculate nodes are connected, and pass through monitor of virtual machine
Set up secure virtual machine, proceed to execute corresponding high safety application.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610949375.1A CN106445641B (en) | 2016-11-02 | 2016-11-02 | Data migration method between secure virtual platforms on discrete computing nodes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610949375.1A CN106445641B (en) | 2016-11-02 | 2016-11-02 | Data migration method between secure virtual platforms on discrete computing nodes |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106445641A true CN106445641A (en) | 2017-02-22 |
| CN106445641B CN106445641B (en) | 2020-11-06 |
Family
ID=58177899
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610949375.1A Active CN106445641B (en) | 2016-11-02 | 2016-11-02 | Data migration method between secure virtual platforms on discrete computing nodes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106445641B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018165965A1 (en) * | 2017-03-17 | 2018-09-20 | 深圳市秀趣品牌文化传播有限公司 | System and method for dynamic migration of intensive e-commerce data |
| CN109240712A (en) * | 2018-08-22 | 2019-01-18 | 深信服科技股份有限公司 | A kind of data migration method and terminal, storage medium in trouble free service space |
| CN109981412A (en) * | 2017-03-31 | 2019-07-05 | 杭州数梦工场科技有限公司 | Data migration method, device, computer equipment and storage medium in cluster |
| CN110008001A (en) * | 2019-03-29 | 2019-07-12 | 网御安全技术(深圳)有限公司 | Safety encryption, system and the hardware security monitor card of monitor of virtual machine |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102262557B (en) * | 2010-05-25 | 2015-01-21 | 运软网络科技(上海)有限公司 | Method for constructing virtual machine monitor by bus architecture and performance service framework |
| US9256734B2 (en) * | 2012-04-27 | 2016-02-09 | Broadcom Corporation | Security controlled multi-processor system |
| CN102930213A (en) * | 2012-10-25 | 2013-02-13 | 中国航天科工集团第二研究院七〇六所 | Security monitoring system and security monitoring method based on virtual machine |
| CN103139221B (en) * | 2013-03-07 | 2016-07-06 | 中国科学院软件研究所 | Data migration method between a kind of dependable virtual platform and construction method, platform |
-
2016
- 2016-11-02 CN CN201610949375.1A patent/CN106445641B/en active Active
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018165965A1 (en) * | 2017-03-17 | 2018-09-20 | 深圳市秀趣品牌文化传播有限公司 | System and method for dynamic migration of intensive e-commerce data |
| CN109981412A (en) * | 2017-03-31 | 2019-07-05 | 杭州数梦工场科技有限公司 | Data migration method, device, computer equipment and storage medium in cluster |
| CN109240712A (en) * | 2018-08-22 | 2019-01-18 | 深信服科技股份有限公司 | A kind of data migration method and terminal, storage medium in trouble free service space |
| CN109240712B (en) * | 2018-08-22 | 2022-03-22 | 深信服科技股份有限公司 | Data migration method of secure working space, terminal and storage medium |
| CN110008001A (en) * | 2019-03-29 | 2019-07-12 | 网御安全技术(深圳)有限公司 | Safety encryption, system and the hardware security monitor card of monitor of virtual machine |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106445641B (en) | 2020-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102053873B (en) | Method for ensuring fault isolation of virtual machines of cache-aware multi-core processor | |
| CN103902885B (en) | Towards multi-security level(MSL) virtual desktop system secure virtual machine shielding system and method | |
| US9129108B2 (en) | Systems, methods and computer programs providing impact mitigation of cyber-security failures | |
| CN102622536B (en) | Method for catching malicious codes | |
| Flores et al. | Evidence-aware mobile computational offloading | |
| CN104008329B (en) | Software privacy leak behavior detection method and system based on virtualization technology | |
| CN105589697B (en) | A kind of upgrade method and device of cloud platform | |
| CN106445641A (en) | Method for data migration between safety virtual platforms on discrete computing node | |
| CN109783192A (en) | A kind of secure virtual machine migratory system | |
| CN106487810A (en) | A kind of cloud platform security postures cognitive method | |
| US11126468B2 (en) | Agent driven cluster gating for service management | |
| Caglar et al. | Intelligent, performance interference-aware resource management for iot cloud backends | |
| Kim et al. | SCORE: a scalable concolic testing tool for reliable embedded software | |
| Asadi et al. | Analytical evaluation of resource allocation algorithms and process migration methods in virtualized systems | |
| Li et al. | Securing serverless computing: Challenges, solutions, and opportunities | |
| CN106529284B (en) | Virtual machine monitor security reinforcement method based on security chip | |
| Levitin et al. | Co-residence data theft attacks on N-Version programming-based cloud services with task cancelation | |
| CN106529342A (en) | Virtual machine monitor dynamic integrity detection method based on security chip | |
| US11546224B2 (en) | Virtual network layer for distributed systems | |
| Schmieders et al. | Architectural runtime models for privacy checks of cloud applications | |
| CN105120010A (en) | Anti-stealing method for virtual machine under cloud environment | |
| CN114363079A (en) | Distributed intelligent data supervision system of cloud platform | |
| Kankhare et al. | A cloud based system to sense security vulnerabilities of web application in open-source private cloud IAAS | |
| Tak et al. | Resource accounting of shared it resources in multi-tenant clouds | |
| Paduraru et al. | Testing multi-tenant applications using fuzzing and reinforcement learning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 518000 room 205, 2nd floor, new generation maker Park, Xinwei Road, Jiangwei community, Matian street, Guangming District, Shenzhen City, Guangdong Province Patentee after: Shenzhen Shuan Zhongyi Technology Co.,Ltd. Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Patentee before: SHENZHEN QIANHAI SHENGSHENG TECHNOLOGY Co.,Ltd. |
|
| CP03 | Change of name, title or address | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20231011 Address after: Building 205, Building 1, Shenzhen Software Industry Base, No. 81, 83, and 85, Gaoxin South 10th Road, Binhai Community, Yuehai Street, Nanshan District, Shenzhen, Guangdong Province, 518000 Patentee after: ZHONGYUN XIN'AN (SHENZHEN) TECHNOLOGY CO.,LTD. Address before: 518000 room 205, 2nd floor, new generation maker Park, Xinwei Road, Jiangwei community, Matian street, Guangming District, Shenzhen City, Guangdong Province Patentee before: Shenzhen Shuan Zhongyi Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right |