CN106844003B - Virtual machine mirror image verification method and device - Google Patents

Virtual machine mirror image verification method and device Download PDF

Info

Publication number
CN106844003B
CN106844003B CN201611216844.5A CN201611216844A CN106844003B CN 106844003 B CN106844003 B CN 106844003B CN 201611216844 A CN201611216844 A CN 201611216844A CN 106844003 B CN106844003 B CN 106844003B
Authority
CN
China
Prior art keywords
sector
check value
virtual machine
data
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611216844.5A
Other languages
Chinese (zh)
Other versions
CN106844003A (en
Inventor
雷波
王运兵
苗新亮
李林啸
唐中乾
周艳
籍帅
夏凡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Priority to CN201611216844.5A priority Critical patent/CN106844003B/en
Publication of CN106844003A publication Critical patent/CN106844003A/en
Application granted granted Critical
Publication of CN106844003B publication Critical patent/CN106844003B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45591Monitoring or debugging support

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention relates to the field of virtualization systems, and provides a method and a device for verifying a virtual machine mirror image, aiming at the problems in the prior art. By adopting the thought of partition check, the virtual machine mirror image is read, written and checked at the same time, and the problem of long time for waiting for the completion of the mirror image check when the virtual machine is started is solved. The invention comprises the following steps: when the virtual machine writes data into the virtual machine image file, calculating a corresponding check value for a sector in which the data is written; forming a check value table according to the sector address and the check value corresponding to the sector address; step 2: when the virtual machine reads a file from a sector of a virtual machine image file, calculating a sector data check value according to data stored in the sector; and step 3: the virtual machine compares the sector data check value obtained in the step 2 with the check value corresponding to the same sector address in the check value table in the step 1, if the sector data check value is the same as the sector address in the check value table, the virtual machine passes the check and transmits the sector data to the virtual machine; otherwise, the check fails.

Description

Virtual machine mirror image verification method and device
Technical Field
The invention relates to the field of virtualization systems, in particular to a method and a device for verifying a virtual machine mirror image.
Background
In a cloud computing and virtualization system, in order to ensure the integrity of a virtual machine image, a mode of calculating a check value of the image and performing check detection before starting the virtual machine is generally adopted, and the mode needs to calculate the check value of the image in a centralized time and compare the check value with an original recorded check value, so that the time for waiting starting the virtual machine is greatly increased, and the user experience is low.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: aiming at the problems in the prior art, a virtual machine image verification method and device are provided. By adopting the thought of partition check, the virtual machine mirror image is read, written and checked at the same time, and the problem of long time for waiting for the completion of the mirror image check when the virtual machine is started is solved.
The technical scheme adopted by the invention is as follows:
a method for verifying a virtual machine image comprises the following steps:
step 1: when the virtual machine writes data into the virtual machine image file, calculating a corresponding check value for a sector in which the data is written; forming a check value table according to the sector address and the check value corresponding to the sector address;
step 2: when the virtual machine reads a file from a sector of a virtual machine image file, calculating a sector data check value according to data stored in the sector;
and step 3: the virtual machine compares the sector data check value obtained in the step 2 with the check value corresponding to the same sector address in the check value table in the step 1, if the sector data check value is the same as the sector address in the check value table, the virtual machine passes the check and transmits the sector data to the virtual machine; otherwise, the check fails.
Further, a method for checking a virtual machine image further includes step 4: and (5) repeating the step (3), finishing reading all sector data and transmitting corresponding data to the virtual machine.
Furthermore, a check value is calculated for the sector of the virtual image file written with the data, and a check value table is updated in real time. And finishing the functions of reading, writing and checking the virtual machine at the same time.
A virtual machine image verification apparatus includes:
the sector check value generating module is used for calculating a corresponding check value for a sector in which data is written when the virtual machine writes the data into the virtual machine image file; forming a check value table according to the sector address and the check value corresponding to the sector address;
the read data check value generation module is used for calculating a sector data check value according to data stored in a sector when a file is read from the sector of the virtual machine image file;
the verification module is used for comparing the sector data check value of the read data check value generation module with the check value corresponding to the same sector address in the check value table, if the sector data check value is the same as the check value, the verification is passed, and the sector data are transmitted to the virtual machine; otherwise, the check fails.
Furthermore, the virtual machine mirror image verification device further comprises a data reading module, which is used for repeatedly comparing the sector data verification value with the verification value corresponding to the same sector address in the verification value table through the verification module, completing the reading of all sector data, and transmitting the corresponding data to the virtual machine.
Furthermore, a check value is calculated for the sector of the virtual image file written with the data, and a check value table is updated in real time.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
when reading sector data from the virtual machine image file, the invention achieves the purpose of checking whether the whole image file is tampered by checking whether the sector is tampered, avoids the tampered dirty data from influencing the safety of the virtual machine, and can be used for safety enhancement of the virtual machine;
the invention can effectively reduce the time for checking the mirror image file before the virtual machine is started;
after the method and the device are adopted, the time for discovering the falsification of the mirror image file is delayed until the falsified sector is read, but the falsified data can still be effectively prevented from entering the virtual machine instead of before the virtual machine is started, so that the safety of the virtual machine is ensured.
Drawings
The invention will now be described, by way of example, with reference to the accompanying drawings, in which:
FIG. 1 is a schematic block diagram of a virtual machine image checking method.
Detailed Description
All of the features disclosed in this specification, or all of the steps in any method or process so disclosed, may be combined in any combination, except combinations of features and/or steps that are mutually exclusive.
Any feature disclosed in this specification may be replaced by alternative features serving equivalent or similar purposes, unless expressly stated otherwise. That is, unless expressly stated otherwise, each feature is only an example of a generic series of equivalent or similar features.
The design idea of the invention is as follows:
1. when data is written into the mirror image file, a check value is calculated for each sector of the data to be written, and a check value table is formed;
2. when reading data from the mirror image file, calculating a sector data check value for each read sector data;
3. the centralized checking of the whole image large file is changed into the checking of the scattered data according to the sector, and whether the sector is falsified or not is checked when the sector data is read, so that the purpose of checking whether the whole image file is falsified or not is achieved, and the condition that the falsified dirty data influences the safety of the virtual machine is avoided.
The sector data check value and the check value in the check value table are calculated by the same method.
The first embodiment is as follows: as shown in fig. 1, when writing data into a virtual machine image file, a virtual machine calculates a check value according to a sector and records the check value; the same action is performed when writing data for each sector. When the virtual machine reads data from the mirror image file, reading the data and verifying the data according to the sector, then calculating the verification value of the sector data to obtain a sector data verification value 1, comparing the sector data verification value 1 with the sector data verification value generated when the sector is written, if the sector data verification value is the same as the sector data verification value, passing the verification, transmitting the sector data to the virtual machine, and finishing the sector data reading action; the same action is repeated for each sector as data is read.
The invention is not limited to the foregoing embodiments. The invention extends to any novel feature or any novel combination of features disclosed in this specification and any novel method or process steps or any novel combination of features disclosed.

Claims (4)

1. A method for verifying a virtual machine image is characterized by comprising the following steps:
step 1: when the virtual machine writes data into the virtual machine image file, calculating a corresponding check value for a sector in which the data is written; forming a check value table according to the sector address and the check value corresponding to the sector address;
step 2: when the virtual machine reads a file from a sector of a virtual machine image file, calculating a sector data check value according to data stored in the sector;
and step 3: the virtual machine compares the sector data check value obtained in the step 2 with the check value corresponding to the same sector address in the check value table in the step 1, if the sector data check value is the same as the sector address in the check value table, the virtual machine passes the check and transmits the sector data to the virtual machine; otherwise, the verification fails;
and 4, step 4: and (5) repeating the step (3), finishing reading all sector data and transmitting corresponding data to the virtual machine.
2. The method according to claim 1, wherein the verification value is calculated for the sector of the virtual image file to which the data is written, and the verification value table is updated in real time.
3. A verification apparatus for virtual machine images, comprising:
the sector check value generating module is used for calculating a corresponding check value for a sector in which data is written when the virtual machine writes the data into the virtual machine image file; forming a check value table according to the sector address and the check value corresponding to the sector address;
the read data check value generation module is used for calculating a sector data check value according to data stored in a sector when a file is read from the sector of the virtual machine image file;
the verification module is used for comparing the sector data check value of the read data check value generation module with the check value corresponding to the same sector address in the check value table, if the sector data check value is the same as the check value, the verification is passed, and the sector data are transmitted to the virtual machine; otherwise, the verification fails;
and the data reading module is used for repeatedly comparing the sector data check value with the check value corresponding to the same sector address in the check value table through the verification module, completing the reading of all sector data and transmitting the corresponding data to the virtual machine.
4. A virtual machine image verification apparatus according to claim 3, wherein the verification value is calculated for the sector of the virtual image file to which data is written, and the verification value table is updated in real time.
CN201611216844.5A 2016-12-26 2016-12-26 Virtual machine mirror image verification method and device Active CN106844003B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611216844.5A CN106844003B (en) 2016-12-26 2016-12-26 Virtual machine mirror image verification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611216844.5A CN106844003B (en) 2016-12-26 2016-12-26 Virtual machine mirror image verification method and device

Publications (2)

Publication Number Publication Date
CN106844003A CN106844003A (en) 2017-06-13
CN106844003B true CN106844003B (en) 2020-05-08

Family

ID=59136238

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611216844.5A Active CN106844003B (en) 2016-12-26 2016-12-26 Virtual machine mirror image verification method and device

Country Status (1)

Country Link
CN (1) CN106844003B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108829492A (en) * 2018-06-20 2018-11-16 郑州云海信息技术有限公司 A kind of detection method and device of virtual machine image
CN114296873B (en) * 2021-12-24 2023-03-24 海光信息技术股份有限公司 Virtual machine image protection method, related device, chip and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102521016A (en) * 2011-12-08 2012-06-27 中兴通讯股份有限公司 Method and system for operating multiple virtual machines
CN103457919A (en) * 2012-06-04 2013-12-18 中兴通讯股份有限公司 Safety verification method and device for virtual machine mirror images
CN103795759A (en) * 2012-10-31 2014-05-14 北京搜狐新媒体信息技术有限公司 Method and system for scheduling virtual machine mirror image file
CN103810058A (en) * 2012-11-12 2014-05-21 华为技术有限公司 Backup method, equipment and system for virtual machine

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102521016A (en) * 2011-12-08 2012-06-27 中兴通讯股份有限公司 Method and system for operating multiple virtual machines
CN103457919A (en) * 2012-06-04 2013-12-18 中兴通讯股份有限公司 Safety verification method and device for virtual machine mirror images
CN103795759A (en) * 2012-10-31 2014-05-14 北京搜狐新媒体信息技术有限公司 Method and system for scheduling virtual machine mirror image file
CN103810058A (en) * 2012-11-12 2014-05-21 华为技术有限公司 Backup method, equipment and system for virtual machine

Also Published As

Publication number Publication date
CN106844003A (en) 2017-06-13

Similar Documents

Publication Publication Date Title
US20200294048A1 (en) Blockchain-based data verification method and apparatus, and electronic device
CN106899567B (en) User body checking method, device and system
US11144301B2 (en) Over-the-air (OTA) update for firmware of a vehicle component
US11258612B2 (en) Method, apparatus, and electronic device for blockchain-based recordkeeping
CN106326829B (en) Method and apparatus for detecting false fingerprints and method and apparatus for recognizing fingerprints
EP3814946A1 (en) Method, apparatus, and electronic device for blockchain-based recordkeeping
US20210049715A1 (en) Blockchain-based data procesing method, apparatus, and electronic device
CN104461641B (en) A kind of data programming method, system, burn writing equipment and target device
WO2016106605A1 (en) Simulation verification method for fpga functional module and system thereof
CN110011800B (en) Block chain data reading method and device
US20220189008A1 (en) Method for detecting data defects and computing device utilizing method
CN113965359A (en) Defense method and device for federal learning data virus attack
CN110334542B (en) Network evidence preservation and network evidence preservation verification method and device
CN106844003B (en) Virtual machine mirror image verification method and device
CN111984421B (en) Data processing method, device and storage medium
US20180188805A1 (en) Information processing method, information processing apparatus and user equipment
US20220067136A1 (en) Verification method and apparatus, and computer readable storage medium
CN113032202B (en) Chip verification method, system, device, computer equipment and storage medium
WO2015085247A1 (en) System and method for providing client-side address translation in a memory management system
CN106250755A (en) For generating the method and device of identifying code
CN106503541B (en) A kind of installation method and system of installation kit
US9288161B2 (en) Verifying the functionality of an integrated circuit
CN116048980A (en) FPGA prototype verification method and device
CN114898155A (en) Vehicle damage assessment method, device, equipment and storage medium
CN104216666A (en) Method and device for managing writing of disk data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant