Data migration method between secure virtual platform on a kind of discrete calculation node
Technical field
The present invention relates to information security field, especially for the number between the secure virtual platform on discrete calculation node
According to moving method and its security strategy.
Background technology
Under cloud computing environment, for load balancing and the needs giving full play to bottom hardware disposal ability, server set
Virtual machine (vm) migration data migration on group is recurrent situation.With constantly carrying of network communication bandwidth and transfer rate
Rise, discrete calculate node, especially PC and notebook computer are formed cluster, with the cloud computing of servers, like cluster
Mode, to give full play to the potentiality of these computing resources, is a tool direction with broad prospects for development.On discrete calculation node
Virtual machine (vm) migration data migration, be impact discrete calculation node work in coordination with operation efficiency a key factor, be also simultaneously
The key factor that impact network security controls.
As patent application 201310072657.4 discloses number between a kind of dependable virtual platform and its construction method, platform
According to moving method, this application builds trusted service domain TSD, TSD extension letter based on the virtualization vTPM technology of TPM safety chip
Chain is appointed to set up credible running environment for user domain.User domain completes its safety applications to trusted function by interacting with management domain
Call, management domain by with TSD interact transmission and the process completing trusted commands.Source platform migration engine and target platform move
Move engine interaction, will be migrated to target platform based on the migrating data that safety chip is generated with TSD, and recover on target platform
Data, completes the fast transferring of TSD and virtual machine.
However, in practical application scene, the calculate node of Discrete Distribution, the such as PC of different user and notebook computer,
The monitor of virtual machine installed has differences, and in the virtual machine being run, the operating system comprising and application program there is also difference
Different.Operating system and application that the virtual machine how monitor of virtual machine on discrete calculation node, needs being migrated is comprised
Program, field operational data carry out unified safety management, this patent application without reference to problem.VTPM technology only solves simultaneously
The Construction Problems of the static trusted context determined in calculate node, are not directed to the dynamic security inspection in calculate node running
The problems such as survey with running environment maintenance, the safety transfer of virtual machine and related data.
Content of the invention
It is an object of the invention to provide the data migration method between secure virtual platform on a kind of discrete calculation node, should
Method solves under high speed network environment, virtual machine (vm) migration and related data between the secure virtual platform on discrete calculation node
Migration problem, while giving full play to the process potentiality of computing resource, also enables the purpose that effective network security controls.
Further object is that providing the safety detection between secure virtual platform on a kind of discrete calculation node
And data migration method, the method
The purpose of the present invention is achieved through the following technical solutions.
Data migration method between secure virtual platform on a kind of discrete calculation node, the method is in each discrete calculation section
One security hardening system being directed to monitor of virtual machine is established on point, is simulated using independent hardware security monitoring system
The client software issuing function of far-end server under network environment, described security hardening system utilizes the communication terminal of calculate node
Mouth and interference networks are connected with the security server of far-end, and security server is to the security hardening system connecting in each calculate node
The monitor of virtual machine of storage in system, security monitor, the version of operating system, middleware and application program, compatible and complete
Whole property carries out unified labelling, management, safeguards and upgrade;Moving of data is completed by security hardening system and security server
Move.
Described security hardening system comprises a security monitor adding in monitor of virtual machine, adopts one simultaneously
Independent hardware security monitoring system to be connected with calculate node, by security hardening system to monitor of virtual machine, execution
The running status of the virtual machine of high safety application carries out real-time detection and management.
Further, the program generation of described hardware security monitoring system one side storage virtual machine watch-dog and security monitor
Code, be also used for storing simultaneously high safety application required simplify operating system, middleware and application program;Calculate node is not according to
With functional requirement and the demand for security of applied environment, specific security partitioning is configured by monitor of virtual machine, and from hardware peace
Full monitoring system upload high safety application required simplify operating system, middleware and application program to security partitioning, open in good time
Integrated virtual machine on dynamic subregion, completes the expected operation of high safety application, and cancels corresponding virtual machine after the completion of operation
And subregion.
Further, described monitor of virtual machine uploads the involved operating system of high safety application, middleware and application
Program, to specific security partitioning, is started and carried out high safety application;Apply the term of execution in high safety, operation system in this subregion
The integrity detection of system, middleware and application program, will obtain their snapshot by security monitor, and passes through hardware security
The background process of monitoring system is being verified;Apply the term of execution in high safety, if monitor of virtual machine is invaded, or
The subregion of person's safety applications is invaded, then hardware security monitoring system carries out system reset, cancels whole virtual machines and runs.
Further, the important intermediate data being related in described high safety application running and final result will preserve
To in hardware security monitoring system, effectively prevent leaking of data and information.
Described hardware security monitoring system utilizes the PORT COM of calculate node and the security service of interference networks and far-end
Device connect, security server in each calculate node connect hardware security monitoring system in storage monitor of virtual machine,
The version of what security monitor, high safety application were comprised simplify operating system, middleware and application program, compatibility and complete
Property carry out unified labelling, management, safeguard and upgrade.
When discrete calculation node carries out collaborative computing by network interconnection, security server is according in each calculate node
The safety detection information fed back of separate hardware security monitor, the requirement controlling according to network security and load balancing will
Ask, selectively stop and delete the high safety application of execution in part calculate node, by related secure virtual machine and scene
Data Migration continues executing with suitable calculate node.
Methods described, when discrete calculation node carries out collaborative computing by network interconnection, separate hardware security monitoring system
System collection and the monitor of virtual machine, the integrity of secure virtual machine executing high safety application and the peace that detect each calculate node
Quan Xing, and detection information is sent to security server.
Further, described security server is fed back according to the separate hardware safety monitoring system in each calculate node
Detection information forms security postures perception and the security postures analysis of the overall situation, according to the requirement of load balancing and security control, has
Selectively stop and delete the high safety application of execution in part calculate node.
Further, the described security server behaviour comprised to monitor of virtual machine, security monitor, high safety application
The version making system, middleware and application program is satisfied by the calculate node that secure virtual machine migration requires, by related safety
In the hardware security monitoring system that the field data of virtual machine is connected to these calculate nodes by cryptosecurity channel transfer,
And secure virtual machine is set up by monitor of virtual machine, proceed to execute corresponding high safety application.
The present invention compared with prior art has advantages below:
The accurate perception of security postures that the 1st, can be current to calculate node, is that the cooperated computing between discrete calculation node carries
Supply good safety guarantee.
2nd, come using independent hardware security monitoring system real-time to high safety application virtual machine and monitor of virtual machine
Memory map is detected, has effectively evaded the safety defect of calculate node bottom hardware system itself, hardware Trojan horse/logic is exploded
Bullet is it is ensured that detect independence and the effectiveness of operation.
3rd, in hardware security monitoring system, the safety detection operation of execution is the system operation executed in parallel with calculate node
, therefore, such process also reduces safety detection computing and executes brought performance loss in calculate node.
4th, monitor of virtual machine, security monitoring are kept using the secure storage areas in independent hardware security monitoring system
Device, high safety application comprised simplify operating system, middleware and application program it is ensured that code storage with detection not
Depend on the safety of calculate node hardware circuit, the unified management for these codes provides solid guarantee.
5th, hardware security monitoring system is using the security service of the PORT COM in calculate node and interference networks and far-end
Device connect, security server in different calculate nodes connect hardware security monitoring system in storage monitor of virtual machine,
The version of what security monitor, high safety application were comprised simplify operating system, middleware and application program, compatibility and complete
Property carry out unified labelling, management, safeguard and upgrade.
6th, when discrete calculation node carries out collaborative computing by network interconnection, security server is according to each calculate node
On the safety detection information fed back of separate hardware security monitor, the requirement controlling according to network security and load balancing
Require, selectively stopping and the high safety application deleting execution in part calculate node, by related secure virtual machine with now
Field data move to continue executing with suitable calculate node it is ensured that the effectiveness of Data Migration between secure virtual platform and
Safety.
Brief description
Fig. 1 is the system block diagram that the present invention is implemented.(accompanying drawing)
Fig. 2 is the separate hardware safety monitoring system block diagram that the present invention is implemented.
Specific embodiment
In order that the objects, technical solutions and advantages of the present invention become more apparent, below in conjunction with drawings and Examples, right
The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only in order to explain the present invention, and
It is not used in the restriction present invention.
As shown in figure 1, the system architecture diagram realized by the present invention, on the discrete calculation node that the present invention is realized
Virtual machine (vm) migration between secure virtual platform and related data migration scheme, are the calculating systems based on the security hardening shown in Fig. 1
System come to carry out.The core of the wherein present invention is addition security monitor in monitor of virtual machine, has been simultaneously connected with and has been used for pacifying
Full monitoring and the independent hardware security monitoring system of safety detection.
Being embodied as of the present invention is divided into the security hardening of calculate node, security server to separate hardware security monitoring system
Data Migration three part between the unified management of system, secure virtual platform.
Part 1:The security hardening of calculate node.
The security hardening of calculate node comprises both sides content below:
(1) function of monitor of virtual machine and security monitor merges.
Because monitor of virtual machine is located under operating system, on hardware system, its scheduling tool to software and hardware
There is highest priority, convenience, efficient safety monitoring mechanism just can be realized based on monitor of virtual machine.Shown in Fig. 1, this
Bright enforcement is to add a security monitor on the basis of monitor of virtual machine.
For the operation of the operating system in virtual machine and application software, due to the scheduling of executive process with to hardware
The access of resource is all to be realized by the management of monitor of virtual machine, and therefore security monitor just can adopt and virtual machine
Watch-dog identical granularity, to monitor process and the operation of correlation, gathers related process with the operational factor operating for supervising safely
Control system does real-time analysis, and takes corresponding countermeasure and protective treatment to the aggressive behavior finding.For virtual machine monitoring
For the integrity detection of device, detection to virtual machine running status, the effect of the current Situation Awareness of calculate node can be played,
This, for the test point targetedly selecting monitor of virtual machine, improves the efficiency of safety detection, has important effect.
(2) independent hardware security monitoring system.
Different from the widely used secure virtual machine watch-dog realized in a software form of current industry, our designs are simultaneously real
Show independent hardware security monitoring system.The composition of hardware security monitoring system is as shown in Fig. 2 it is by an interface and route
Chip and one group of security monitoring chip composition, these chips are all using the safety and Protection of highest ranking, these chips simultaneously
Between communication all using safety encryption in the form of carry out it is ensured that these encryption communication data safety.
The program code of monitor of virtual machine and security monitor is stored in security monitoring chip, electricity in calculate node
When by cryptosecurity passage by these code upload to calculate node platform it is ensured that the trusted root of system detectio is independent of
Safety in calculate node hardware circuit.
The startup of high-grade safety applications and execution.Situation about not attacked in native operating system and application program
Under, monitor of virtual machine by from security monitoring chip upload high safety application involved simplify operating system, middleware and should
With program to specific security partitioning, it is started and carried out high safety application.Apply the term of execution in high safety, operate in this subregion
The integrity detection of system, middleware and application program, will be obtained their snapshot by security monitor, and is pacified by hardware
The background process of full monitoring system is being verified.Apply the term of execution in high safety, if monitor of virtual machine is invaded,
Or the subregion of safety applications is invaded, then hardware security monitoring system carries out system reset, cancels whole virtual machine fortune
OK.If high safety application smoothly completes, monitor of virtual machine cancels corresponding virtual machine and security partitioning, scheduling the machine behaviour
Make system and application program proceeds to execution.
The important intermediate data being related in high safety application running and final result will be saved in hardware security prison
In control system, effectively prevent leaking of data and information.
Part 2:The unified management to separate hardware safety monitoring system for the security server.
Separate hardware safety monitoring system utilizes the PORT COM of calculate node and the security service of interference networks and far-end
Device connects, the virtual machine monitoring to storage in the security monitoring chip of each separate hardware safety monitoring system for the security server
Device, security monitor, high safety application comprised simplify operating system, middleware and application program version, compatibility and
Integrity carries out unified labelling, management, safeguards and upgrade.
The local security attack situation finding is reported safety clothes by the hardware security monitoring system in each calculate node
Business device.The security attack situation that the comprehensive special time period of security server is found, the related security monitoring strategy of adjustment
With security fault-tolerance strategy, and to monitor of virtual machine, security monitor, high safety application comprised simplify operating system, in
Between part and application program carry out safety upgrade.The above is encrypted by security server, by interference networks be sent to
Security monitoring chipset in the supporting hardware security monitoring system of calculate node, realizes the dynamic of calculate node security hardening system
State is safeguarded and is upgraded.
Third portion:Data Migration between secure virtual platform.
When discrete calculation node carries out collaborative computing by network interconnection, separate hardware safety monitoring system is concomitantly adopted
Collection and the monitor of virtual machine, the integrity of secure virtual machine executing high safety application and the safety that detect each calculate node
Property, and detection information is sent to security server.
The safety detection information that security server is fed back according to the separate hardware security monitor in each calculate node,
Form security postures perception and the security postures analysis of the overall situation.According to the requirement of load balancing and security control, selectively stop
The high safety application executing only and in deletion part calculate node, selects computing resource suitable simultaneously, and hardware security monitors
What on device, the monitor of virtual machine of storage, security monitor, high safety application were comprised simplifies operating system, middleware and application
The version of program is satisfied by the calculate node that secure virtual machine migration requires, and the field data of related secure virtual machine is passed through
In the hardware security monitoring system that cryptosecurity channel transfer is connected to these calculate nodes, and built by monitor of virtual machine
Vertical secure virtual machine, proceeds to execute corresponding high safety application.
Therefore, the accurate perception of compared with prior art current to the calculate node security postures of the present invention, is discrete meter
Cooperated computing between operator node provides good safety guarantee.And come to Gao An using independent hardware security monitoring system
The real-time storage image of full application virtual machine and monitor of virtual machine is detected, has effectively evaded calculate node bottom hardware system
The safety defect of system itself, hardware Trojan horse/logic bomb are it is ensured that detect independence and the effectiveness of operation.
Hardware security monitoring system is using the security server of the PORT COM in calculate node and interference networks and far-end
Connect, security server is to the monitor of virtual machine of storage, peace in the hardware security monitoring system connecting in different calculate nodes
What full watch-dog, high safety application were comprised simplifies version, compatibility and the integrity of operating system, middleware and application program
Carry out unified labelling, management, safeguard and upgrade.
When discrete calculation node carries out collaborative computing by network interconnection, security server is according in each calculate node
The safety detection information fed back of separate hardware security monitor, the requirement controlling according to network security and load balancing will
Ask, selectively stop and delete the high safety application of execution in part calculate node, by related secure virtual machine and scene
Data Migration continues executing with suitable calculate node it is ensured that the effectiveness of Data Migration between secure virtual platform and peace
Quan Xing.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all essences in the present invention
Any modification, equivalent and improvement made within god and principle etc., should be included within the scope of the present invention.