CN106844003B - Virtual machine mirror image verification method and device - Google Patents
Virtual machine mirror image verification method and device Download PDFInfo
- Publication number
- CN106844003B CN106844003B CN201611216844.5A CN201611216844A CN106844003B CN 106844003 B CN106844003 B CN 106844003B CN 201611216844 A CN201611216844 A CN 201611216844A CN 106844003 B CN106844003 B CN 106844003B
- Authority
- CN
- China
- Prior art keywords
- sector
- check value
- virtual machine
- data
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45591—Monitoring or debugging support
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention relates to the field of virtualization systems, and provides a method and a device for verifying a virtual machine mirror image, aiming at the problems in the prior art. By adopting the thought of partition check, the virtual machine mirror image is read, written and checked at the same time, and the problem of long time for waiting for the completion of the mirror image check when the virtual machine is started is solved. The invention comprises the following steps: when the virtual machine writes data into the virtual machine image file, calculating a corresponding check value for a sector in which the data is written; forming a check value table according to the sector address and the check value corresponding to the sector address; step 2: when the virtual machine reads a file from a sector of a virtual machine image file, calculating a sector data check value according to data stored in the sector; and step 3: the virtual machine compares the sector data check value obtained in the step 2 with the check value corresponding to the same sector address in the check value table in the step 1, if the sector data check value is the same as the sector address in the check value table, the virtual machine passes the check and transmits the sector data to the virtual machine; otherwise, the check fails.
Description
Technical Field
The invention relates to the field of virtualization systems, in particular to a method and a device for verifying a virtual machine mirror image.
Background
In a cloud computing and virtualization system, in order to ensure the integrity of a virtual machine image, a mode of calculating a check value of the image and performing check detection before starting the virtual machine is generally adopted, and the mode needs to calculate the check value of the image in a centralized time and compare the check value with an original recorded check value, so that the time for waiting starting the virtual machine is greatly increased, and the user experience is low.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: aiming at the problems in the prior art, a virtual machine image verification method and device are provided. By adopting the thought of partition check, the virtual machine mirror image is read, written and checked at the same time, and the problem of long time for waiting for the completion of the mirror image check when the virtual machine is started is solved.
The technical scheme adopted by the invention is as follows:
a method for verifying a virtual machine image comprises the following steps:
step 1: when the virtual machine writes data into the virtual machine image file, calculating a corresponding check value for a sector in which the data is written; forming a check value table according to the sector address and the check value corresponding to the sector address;
step 2: when the virtual machine reads a file from a sector of a virtual machine image file, calculating a sector data check value according to data stored in the sector;
and step 3: the virtual machine compares the sector data check value obtained in the step 2 with the check value corresponding to the same sector address in the check value table in the step 1, if the sector data check value is the same as the sector address in the check value table, the virtual machine passes the check and transmits the sector data to the virtual machine; otherwise, the check fails.
Further, a method for checking a virtual machine image further includes step 4: and (5) repeating the step (3), finishing reading all sector data and transmitting corresponding data to the virtual machine.
Furthermore, a check value is calculated for the sector of the virtual image file written with the data, and a check value table is updated in real time. And finishing the functions of reading, writing and checking the virtual machine at the same time.
A virtual machine image verification apparatus includes:
the sector check value generating module is used for calculating a corresponding check value for a sector in which data is written when the virtual machine writes the data into the virtual machine image file; forming a check value table according to the sector address and the check value corresponding to the sector address;
the read data check value generation module is used for calculating a sector data check value according to data stored in a sector when a file is read from the sector of the virtual machine image file;
the verification module is used for comparing the sector data check value of the read data check value generation module with the check value corresponding to the same sector address in the check value table, if the sector data check value is the same as the check value, the verification is passed, and the sector data are transmitted to the virtual machine; otherwise, the check fails.
Furthermore, the virtual machine mirror image verification device further comprises a data reading module, which is used for repeatedly comparing the sector data verification value with the verification value corresponding to the same sector address in the verification value table through the verification module, completing the reading of all sector data, and transmitting the corresponding data to the virtual machine.
Furthermore, a check value is calculated for the sector of the virtual image file written with the data, and a check value table is updated in real time.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
when reading sector data from the virtual machine image file, the invention achieves the purpose of checking whether the whole image file is tampered by checking whether the sector is tampered, avoids the tampered dirty data from influencing the safety of the virtual machine, and can be used for safety enhancement of the virtual machine;
the invention can effectively reduce the time for checking the mirror image file before the virtual machine is started;
after the method and the device are adopted, the time for discovering the falsification of the mirror image file is delayed until the falsified sector is read, but the falsified data can still be effectively prevented from entering the virtual machine instead of before the virtual machine is started, so that the safety of the virtual machine is ensured.
Drawings
The invention will now be described, by way of example, with reference to the accompanying drawings, in which:
FIG. 1 is a schematic block diagram of a virtual machine image checking method.
Detailed Description
All of the features disclosed in this specification, or all of the steps in any method or process so disclosed, may be combined in any combination, except combinations of features and/or steps that are mutually exclusive.
Any feature disclosed in this specification may be replaced by alternative features serving equivalent or similar purposes, unless expressly stated otherwise. That is, unless expressly stated otherwise, each feature is only an example of a generic series of equivalent or similar features.
The design idea of the invention is as follows:
1. when data is written into the mirror image file, a check value is calculated for each sector of the data to be written, and a check value table is formed;
2. when reading data from the mirror image file, calculating a sector data check value for each read sector data;
3. the centralized checking of the whole image large file is changed into the checking of the scattered data according to the sector, and whether the sector is falsified or not is checked when the sector data is read, so that the purpose of checking whether the whole image file is falsified or not is achieved, and the condition that the falsified dirty data influences the safety of the virtual machine is avoided.
The sector data check value and the check value in the check value table are calculated by the same method.
The first embodiment is as follows: as shown in fig. 1, when writing data into a virtual machine image file, a virtual machine calculates a check value according to a sector and records the check value; the same action is performed when writing data for each sector. When the virtual machine reads data from the mirror image file, reading the data and verifying the data according to the sector, then calculating the verification value of the sector data to obtain a sector data verification value 1, comparing the sector data verification value 1 with the sector data verification value generated when the sector is written, if the sector data verification value is the same as the sector data verification value, passing the verification, transmitting the sector data to the virtual machine, and finishing the sector data reading action; the same action is repeated for each sector as data is read.
The invention is not limited to the foregoing embodiments. The invention extends to any novel feature or any novel combination of features disclosed in this specification and any novel method or process steps or any novel combination of features disclosed.
Claims (4)
1. A method for verifying a virtual machine image is characterized by comprising the following steps:
step 1: when the virtual machine writes data into the virtual machine image file, calculating a corresponding check value for a sector in which the data is written; forming a check value table according to the sector address and the check value corresponding to the sector address;
step 2: when the virtual machine reads a file from a sector of a virtual machine image file, calculating a sector data check value according to data stored in the sector;
and step 3: the virtual machine compares the sector data check value obtained in the step 2 with the check value corresponding to the same sector address in the check value table in the step 1, if the sector data check value is the same as the sector address in the check value table, the virtual machine passes the check and transmits the sector data to the virtual machine; otherwise, the verification fails;
and 4, step 4: and (5) repeating the step (3), finishing reading all sector data and transmitting corresponding data to the virtual machine.
2. The method according to claim 1, wherein the verification value is calculated for the sector of the virtual image file to which the data is written, and the verification value table is updated in real time.
3. A verification apparatus for virtual machine images, comprising:
the sector check value generating module is used for calculating a corresponding check value for a sector in which data is written when the virtual machine writes the data into the virtual machine image file; forming a check value table according to the sector address and the check value corresponding to the sector address;
the read data check value generation module is used for calculating a sector data check value according to data stored in a sector when a file is read from the sector of the virtual machine image file;
the verification module is used for comparing the sector data check value of the read data check value generation module with the check value corresponding to the same sector address in the check value table, if the sector data check value is the same as the check value, the verification is passed, and the sector data are transmitted to the virtual machine; otherwise, the verification fails;
and the data reading module is used for repeatedly comparing the sector data check value with the check value corresponding to the same sector address in the check value table through the verification module, completing the reading of all sector data and transmitting the corresponding data to the virtual machine.
4. A virtual machine image verification apparatus according to claim 3, wherein the verification value is calculated for the sector of the virtual image file to which data is written, and the verification value table is updated in real time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611216844.5A CN106844003B (en) | 2016-12-26 | 2016-12-26 | Virtual machine mirror image verification method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611216844.5A CN106844003B (en) | 2016-12-26 | 2016-12-26 | Virtual machine mirror image verification method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106844003A CN106844003A (en) | 2017-06-13 |
CN106844003B true CN106844003B (en) | 2020-05-08 |
Family
ID=59136238
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611216844.5A Active CN106844003B (en) | 2016-12-26 | 2016-12-26 | Virtual machine mirror image verification method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106844003B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108829492A (en) * | 2018-06-20 | 2018-11-16 | 郑州云海信息技术有限公司 | A kind of detection method and device of virtual machine image |
CN114296873B (en) * | 2021-12-24 | 2023-03-24 | 海光信息技术股份有限公司 | Virtual machine image protection method, related device, chip and electronic equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102521016A (en) * | 2011-12-08 | 2012-06-27 | 中兴通讯股份有限公司 | Method and system for operating multiple virtual machines |
CN103457919A (en) * | 2012-06-04 | 2013-12-18 | 中兴通讯股份有限公司 | Safety verification method and device for virtual machine mirror images |
CN103795759A (en) * | 2012-10-31 | 2014-05-14 | 北京搜狐新媒体信息技术有限公司 | Method and system for scheduling virtual machine mirror image file |
CN103810058A (en) * | 2012-11-12 | 2014-05-21 | 华为技术有限公司 | Backup method, equipment and system for virtual machine |
-
2016
- 2016-12-26 CN CN201611216844.5A patent/CN106844003B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102521016A (en) * | 2011-12-08 | 2012-06-27 | 中兴通讯股份有限公司 | Method and system for operating multiple virtual machines |
CN103457919A (en) * | 2012-06-04 | 2013-12-18 | 中兴通讯股份有限公司 | Safety verification method and device for virtual machine mirror images |
CN103795759A (en) * | 2012-10-31 | 2014-05-14 | 北京搜狐新媒体信息技术有限公司 | Method and system for scheduling virtual machine mirror image file |
CN103810058A (en) * | 2012-11-12 | 2014-05-21 | 华为技术有限公司 | Backup method, equipment and system for virtual machine |
Also Published As
Publication number | Publication date |
---|---|
CN106844003A (en) | 2017-06-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200294048A1 (en) | Blockchain-based data verification method and apparatus, and electronic device | |
CN106899567B (en) | User body checking method, device and system | |
US11144301B2 (en) | Over-the-air (OTA) update for firmware of a vehicle component | |
US11258612B2 (en) | Method, apparatus, and electronic device for blockchain-based recordkeeping | |
CN106326829B (en) | Method and apparatus for detecting false fingerprints and method and apparatus for recognizing fingerprints | |
EP3814946A1 (en) | Method, apparatus, and electronic device for blockchain-based recordkeeping | |
US20210049715A1 (en) | Blockchain-based data procesing method, apparatus, and electronic device | |
CN104461641B (en) | A kind of data programming method, system, burn writing equipment and target device | |
WO2016106605A1 (en) | Simulation verification method for fpga functional module and system thereof | |
CN110011800B (en) | Block chain data reading method and device | |
US20220189008A1 (en) | Method for detecting data defects and computing device utilizing method | |
CN113965359A (en) | Defense method and device for federal learning data virus attack | |
CN110334542B (en) | Network evidence preservation and network evidence preservation verification method and device | |
CN106844003B (en) | Virtual machine mirror image verification method and device | |
CN111984421B (en) | Data processing method, device and storage medium | |
US20180188805A1 (en) | Information processing method, information processing apparatus and user equipment | |
US20220067136A1 (en) | Verification method and apparatus, and computer readable storage medium | |
CN113032202B (en) | Chip verification method, system, device, computer equipment and storage medium | |
WO2015085247A1 (en) | System and method for providing client-side address translation in a memory management system | |
CN106250755A (en) | For generating the method and device of identifying code | |
CN106503541B (en) | A kind of installation method and system of installation kit | |
US9288161B2 (en) | Verifying the functionality of an integrated circuit | |
CN116048980A (en) | FPGA prototype verification method and device | |
CN114898155A (en) | Vehicle damage assessment method, device, equipment and storage medium | |
CN104216666A (en) | Method and device for managing writing of disk data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |