CN107342963A - A kind of secure virtual machine control method, system and the network equipment - Google Patents
A kind of secure virtual machine control method, system and the network equipment Download PDFInfo
- Publication number
- CN107342963A CN107342963A CN201610273226.8A CN201610273226A CN107342963A CN 107342963 A CN107342963 A CN 107342963A CN 201610273226 A CN201610273226 A CN 201610273226A CN 107342963 A CN107342963 A CN 107342963A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- target virtual
- escape way
- checking
- carried out
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The invention discloses a kind of secure virtual machine control method, system and the network equipment, wherein, methods described includes:Escape way is established with target virtual machine;Based on the escape way, the data of the target virtual machine are got;Progress Viral diagnosis is performed for the data of the target virtual machine, obtains testing result;Security control is carried out to the target virtual machine based on the testing result.
Description
Technical field
The present invention relates to the administrative skill of the communications field, more particularly to a kind of secure virtual machine control method, it is
System and the network equipment.
Background technology
Infrastructure cloud (IAAS) has provided the user virtual computing resource, storage resource and Internet resources.
This mode can it is more efficient, reasonably use resource.At the same time, the security protection of virtual resource also into
The focus being concerned about for a people.The security protection of existing platform class has fire wall, secure group.Fire prevention
Wall is used to limit the flow of outside access, and secure group then stresses between cloud platform internal virtual machine
Flow controls.Part fire wall provide protection to ddos attack, to Brute Force virtual machine user name/
Password protected, is provided and the software in TCP/IP in application layer is carried out using protection etc..For virtual
Security protection inside machine, then typically ensured by user oneself, user can install anti-virus software,
Vulnerability scanning software.For linux virtual machines, user typically can regularly do security of system inspection, periodically
Assess risk.For windows virtual machines, periodically may be killed virus using antivirus software.There is part
Scheme establishes the passage between host and virtual machine, and virtual machine is controlled by passage, and to virtual machine
Control instruction is sent, for example obtains current all processes, and obtains the internal memory shared by process and cpu resources
Situation.By analyzing the resource situation shared by process, then note abnormalities process, and kills it,
But the data generally in passage are all plaintext and can not form a complete secure virtual machine protection system.
But in above-mentioned existing scheme, the security protection that cloud platform provides is mainly to prevent illegally entering for the external world
Invade, prevent from invading very much mutually between internal virtual machine.But for existing software vulnerability in virtual machine,
Existing wooden horse file, user installation and the software with back door used, this mode can not just work.
For above the problem of, general virtual machine needs user voluntarily to carry out security protection.The safety of virtual machine
It is directly related with the security protection consciousness and level of user.Usual user can select to install various version manufacturers
Antivirus software solve these problems.This mode adds burden, the substantial amounts of meter of consumption that user uses
Calculate resource, be not easy to the unified management of whole cloud platform.
The content of the invention
In view of this, it is an object of the invention to provide a kind of secure virtual machine control method, system and network
Equipment, can at least solve the above mentioned problem of prior art.
To reach above-mentioned purpose, the technical proposal of the invention is realized in this way:
The embodiments of the invention provide a kind of secure virtual machine control method, methods described includes:
Escape way is established with target virtual machine;
Based on the escape way, the data of the target virtual machine are got;
Progress Viral diagnosis is performed for the data of the target virtual machine, obtains testing result;
Security control is carried out to the target virtual machine based on the testing result.
The embodiments of the invention provide a kind of secure virtual machine control method, applied to the network equipment, wherein,
The network equipment is the equipment at least supporting to establish and control virtual machine;Methods described includes:
Control virtual machine establishes escape way with cloud platform;
Based on the escape way, get to the cloud platform and upload data, to cause the cloud platform
Progress Viral diagnosis is performed for the data of the target virtual machine, obtains testing result;
Security control is carried out to the virtual machine based on the testing result of the cloud platform.
The embodiments of the invention provide a kind of secure virtual machine control system, including:
Control module, for establishing escape way with target virtual machine;Based on the escape way, obtain
To the data of the target virtual machine;Safe control is carried out to the target virtual machine based on the testing result
System;
Antivirus module, Viral diagnosis is carried out for being performed for the data of the target virtual machine, is examined
Survey result.
The embodiments of the invention provide a kind of network equipment, the network equipment includes:Virtual Machine Manager mould
Block, at least establishing and controlling virtual machine;The network equipment also includes:
Path setup module, for controlling virtual machine and cloud platform to establish escape way;
Virtual machine proxy module, it is additionally operable to be based on the escape way, gets to the cloud platform and upload
Data;Security control is carried out to the virtual machine based on the testing result of the cloud platform.
Secure virtual machine control method, system and the network equipment provided by the present invention, can pass through escape way
The data in virtual machine are got, and then virus investigation is carried out using the data in the virtual machine got.So as to
The unshielded problem of virtual machine internal is can solve the problem that, and does not consume the computing resource of virtual machine internal.
Brief description of the drawings
Fig. 1 is secure virtual machine control method of embodiment of the present invention schematic flow sheet one;
Fig. 2 is the schematic flow sheet that the embodiment of the present invention establishes escape way;
Fig. 3 is secure virtual machine control method of embodiment of the present invention schematic flow sheet two;
Fig. 4 is that virtual secure of embodiment of the present invention control system forms structural representation;
Fig. 5 is that the network equipment of the embodiment of the present invention forms structural representation;
Fig. 6 is schematic diagram of a scenario of the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawings and specific embodiment the present invention is further described in more detail.
Embodiment one,
The embodiments of the invention provide a kind of secure virtual machine control method, as shown in figure 1, including:
Step 101:Escape way is established with target virtual machine;
Step 102:Based on the escape way, the data of the target virtual machine are got;
Step 103:Progress Viral diagnosis is performed for the data of the target virtual machine, obtains detection knot
Fruit;
Step 104:Security control is carried out to the target virtual machine based on the testing result.
Here, it is described that security control is carried out to the target virtual machine based on the testing result, it can wrap
Include:There is Virus when the testing result is characterized in the target virtual machine, then led to based on the safety
Road carries out checking and killing virus operation for the target virtual machine;When the testing result characterizes the target void
There is no Virus in plan machine, then terminate handling process.
Wherein, the Virus can be wooden horse, virus etc..That is, if it find that wooden horse,
It is viral then again by escape way, perform the instruction for deleting wooden horse, virus.Solve and currently cloud is put down
Platform installs antivirus software, the present invention to the unguarded blank of virtual machine internal compared in virtual machine internal
Virtual machine internal cpu computing resources are not consumed.
Preferably, the method that the present embodiment provides can also include:Based on the escape way to the mesh
Mark virtual machine issues the patch of renewal, to enable the target virtual machine not stop to perform based on renewal
The reparation operation of security strategy, high-risk leak.
In addition, the present embodiment additionally provides the method for establishing escape way, specifically include:With the target
Virtual machine carries out communication key negotiation, to obtain the communication key between the target virtual machine;Receive
The logging request based on the communication key sent to the target virtual machine, based on the logging request
Checking is carried out to the target virtual machine and is verified result;If it is empty that the result characterizes the target
Plan machine is legal virtual machine, then the safety established based on the communication key between the target virtual machine
Passage.
Preferably, after escape way is established, methods described also includes:By the escape way,
Capability negotiation, which is carried out, with the target virtual machine obtains capability negotiation result.
It is its corresponding, it is described that checking and killing virus is carried out for the target virtual machine based on the escape way
Operation also includes:Based on the capability negotiation result, it is determined that the checking and killing virus for the target virtual machine
Strategy, killing operation is carried out to the target virtual machine according to the checking and killing virus strategy;Wherein, it is described
Checking and killing virus strategy is directed to the target including at least the ability determination having based on the target virtual machine
The checking and killing virus instruction set of virtual machine.
Escape way is the communication port established between the host where virtual machine and virtual machine, this
Patent is based on KVM virtualization technology.The unix channel that passage KVM is provided, in virtual machine
Increase in configuration file:
A passage can be added, can be with virtual machine by the passage host controlled module
Agent modules are communicated, and the former sends order at latter, and the latter performs order, and holding order
Row result returns to the former.
Introduced with reference to Fig. 2 and escape way is established in the present embodiment, that is, connect the process of initialization:
A. key is consulted:
Control terminal sends unix socket connection requests to agent first, after agent receives request,
First 64 random code agent_random, public key agent_public_key are sent to control terminal.
After control terminal receives, agent random codes, public key are preserved.The random code of control terminal is produced simultaneously
Controller_random, using controller_random and agent_random as parameter, calculate
Rc4 key key.The Message Authentication Code (MAC) of 40 key is calculated simultaneously
Value mackey.Then controller_random is encrypted by public key agent_public_key, will encrypted
Crypto_controller_random afterwards is sent to agent.
Agent decrypts cryptio_controller_random by private key, obtains controller_random,
And using controller_random and agent_random as parameter, also calculate rc4 key:
key.The MAC of 40 key assignments mackey is calculated simultaneously.From there on, both communication datas
It is required for being encrypted/being decrypted by rc4.
B. cipher authentication:
When virtual machine is created, cloud platform control terminal can inject agent identifying code password, when
After the foundation for completing encrypted tunnel, cloud platform control terminal sends password (rc4 encryptions) to agent,
Agent is decrypted, and obtains password, compared with the identifying code injected before, if identical, is recognized
To be legal login, otherwise refuse the connection.
C. capability negotiation:
Control terminal sends it to agent and supports instruction type, after agent is received, by the finger of itself support
Make the instruction supported with control terminal do to occur simultaneously, and return to control terminal.Data during this are all to pass through rc4
Encryption.
Connection is kept:
After initialization connection is completed, enter between control terminal and agent according to the communications protocol format of agreement
Row communication, it is assumed that control terminal to the data that agent is sent be data.
These data will be encrypted by rc4 AESs first, obtain encrypt_data.
Encrypt_data=rc4 (data, key)
Secondly, SHA is carried out to the value of the character strings formed plus data data of the mackey of 40
Encryption, obtains one 64 effect for being code check.
Check=SHA (mackey+data)
Check and data are finally sent to the other end.
After agent receives data, in addition to:
It is to decrypt data parts with rc4 first, obtains original text data,
Then call SHA (mackey+data) to obtain check code, this check code and send over
Check code check_code is compared, if it is different, explanation data are tampered with, the connection occurs
It is abnormal, disconnecting, exit.Otherwise these data are received.
Pass through above-mentioned steps, it is ensured that the transmission of each order is all that nothing is distorted, legal.
The specific form of channel transmission data:
A. control terminal sends the form of order:
{"execute":"command","arguments":{"arg":
"param1",”arg2”:" param2 " ..., " id ":“uuid”}
Such as:
{"execute":"check_filesystem","arguments":{"device":"C:\"},“id”:
“7d8b2e7e-888a-44cd-bd4e-4a114131ba17”}
The form of b.agent command responses:
{"return":{“arg”:“param1”,“arg2”:" param2 " ... }, " id ":“uuid”}
Such as:
{"return":{“result”:“0”},“id”:
“7d8b2e7e-888a-44cd-bd4e-4a114131ba17”}。
Compared with prior art, such scheme can be interior by escape way by the critical file of virtual machine
Deposit dump file and upload to cloud platform and uniformly kill virus module, killed virus.If it find that wooden horse, virus
Then again by escape way, the instruction for deleting wooden horse, virus is performed.Solve currently to cloud platform pair
The unguarded blank of virtual machine internal, antivirus software is installed compared in virtual machine internal, the present invention does not disappear
Consume virtual machine internal cpu computing resources.
Embodiment two,
The embodiments of the invention provide a kind of secure virtual machine control method, applied to the network equipment, wherein,
The network equipment is the equipment at least supporting to establish and control virtual machine;As shown in figure 3, the side
Method includes:
Step 301:Control virtual machine establishes escape way with cloud platform;
Step 302:Based on the escape way, get to the cloud platform and upload data, to cause
The cloud platform performs for the data of the target virtual machine and carries out Viral diagnosis, obtains testing result;
Step 303:Security control is carried out to the virtual machine based on the testing result of the cloud platform.
The method for establishing escape way in the present embodiment with the cloud platform is identical with embodiment one, here not
Repeated again.
Compared with prior art, such scheme can be interior by escape way by the critical file of virtual machine
Deposit dump file and upload to cloud platform and uniformly kill virus module, killed virus.If it find that wooden horse, virus
Then again by escape way, the instruction for deleting wooden horse, virus is performed.Solve currently to cloud platform pair
The unguarded blank of virtual machine internal, antivirus software is installed compared in virtual machine internal, the present invention does not disappear
Consume virtual machine internal cpu computing resources.
Embodiment three,
The embodiments of the invention provide a kind of secure virtual machine control system, as shown in figure 4, including:
Control module 41, for establishing escape way with target virtual machine;Based on the escape way,
Get the data of the target virtual machine;The target virtual machine is pacified based on the testing result
Full control;
Antivirus module 42, Viral diagnosis is carried out for being performed for the data of the target virtual machine, is obtained
To testing result.
The control module, for having viral journey when the testing result is characterized in the target virtual machine
Sequence, then checking and killing virus operation is carried out for the target virtual machine based on the escape way.
The control module, for carrying out communication key negotiation with the target virtual machine, to obtain and institute
State the communication key between target virtual machine;Receive that the target virtual machine sends based on the communication
The logging request of key, checking is carried out to the target virtual machine based on the logging request and is verified knot
Fruit;It is close based on the communication if it is legal virtual machine that the result, which characterizes the target virtual machine,
The escape way that key is established between the target virtual machine.
The control module, for by the escape way, ability association to be carried out with the target virtual machine
Business obtains capability negotiation result;And based on the capability negotiation result, it is determined that being directed to the destination virtual
The checking and killing virus strategy of machine, killing behaviour is carried out to the target virtual machine according to the checking and killing virus strategy
Make;Wherein, the checking and killing virus strategy, which comprises at least, what the ability based on the target virtual machine determined
For the checking and killing virus instruction set of the target virtual machine.
Example IV,
The embodiments of the invention provide a kind of network equipment, as shown in figure 5, the network equipment includes:
Virtual Machine Manager module 51, at least establishing and controlling virtual machine;Characterized in that, the network
Equipment also includes:
Path setup module 52, for controlling virtual machine and cloud platform to establish escape way;
Virtual machine proxy module 53, it is additionally operable to be based on the escape way, gets to the cloud platform
Upload data;Security control is carried out to the virtual machine based on the testing result of the cloud platform.
The system can be the system for being carried on cloud platform, and above-mentioned two module can be in cloud platform
The module set in different equipment, or the module set in cloud platform in identical equipment.
Embodiment five,
Subsequently illustrated so that secure virtual machine set-up of control system is in cloud platform as an example below.Such as Fig. 6 institutes
Show, it is assumed that the host of cloud platform and target virtual machine, which is established, to be connected and carry out security control, and its medium cloud is put down
By being interacted with lower module between platform and host:Antivirus module, control module, virtual machine pipe
Manage module, the path setup module for establishing escape way, the virtual machine agency in virtual machine
Module.
Antivirus module, specifically for collecting easy infection file, core dump file in each virtual machine, according to
The type (windows/linux) of each virtual machine recorded in cloud platform, version (windows xp/7/8),
Information, the appropriate arrangements cloud platform control modules such as the record of all previous checking and killing virus, virtual machine operations behavior are taken out
The data of virtual machine internal are taken, and uploads to cloud platform and unifies in killing module, the number as Scan for Viruses
According to source.Formulate corresponding killing plan and perform.Cloud platform unify killing module be it is open,
As long as meeting cloud platform interface specification, the safety antivirus product of each manufacturer can use, and ensure unification
On the basis of, there is provided personalized antivirus experience.
Control module, specifically, be the interface for being operated, being controlled to cloud platform, it is all to cloud platform
Operation all accessed by the module.It receives user or the control data of other modules, and will request
It is sent in host controlled module and specifically performs, and the result of return is returned into user or other moulds
Block.
Control module unifies killing module to cloud platform and provides interface, can perform transmitting file in killing module
With the request of core dump file.After asking to arrive, host where to virtual machine sends the request.
The killing plan issued of killing module can be unified according to cloud platform simultaneously, to the host where virtual machine
Machine send need the patch that updates, it is necessary to perform security strategy, the reparation of high-risk leak etc..
The server virtual machine technology that Virtual Machine Manager module uses is Kernel Virtual Machine
(KVM), host controlled module finally call one of KVM to encapsulate storehouse libvirt (libvirt is
The C function storehouse of main flow virtualization instrument under a set of free, support Linux for increasing income) virtual machine is carried out
Control.Including the control to virtual machine whole life cycle, create, delete, shutting down, restarting, starting,
Hang up, recover, making the operation such as snapshot, backup.
For the safety of guarantee channel, embodiment provides a kind of safe and reliable communication protocol, passage association
View is hereinafter discussed in detail again.
Virtual machine proxy module, the instruction that host controlled module is issued by escape way can be received,
And execute instruction, the result that return instruction performs.These instructions include:
Perform the order that cloud platform control module issues:
Offline antivirus, uploads to cloud platform by escape way by internal files of virtual machine and unifies killing module
It is middle carry out deeper into antivirus, this antivirus need not consume the resource of virtual machine internal, efficiency high;
Virtual machine internal security strategy adjusts;
Secure virtual machine leak reparation;
The backup of core-log;
Agent communication protocols in agreement used in escape way, i.e. host controlled module and virtual machine
View, hereinafter abbreviation host controlled module is control terminal, and agent modules in virtual machine are referred to as into agent.
Compared with prior art, such scheme can be interior by escape way by the critical file of virtual machine
Deposit dump file and upload to cloud platform and uniformly kill virus module, killed virus.If it find that wooden horse, virus
Then again by escape way, the instruction for deleting wooden horse, virus is performed.Solve currently to cloud platform pair
The unguarded blank of virtual machine internal, antivirus software is installed compared in virtual machine internal, the present invention does not disappear
Consume virtual machine internal cpu computing resources.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the protection of the present invention
Scope.
Claims (10)
1. a kind of secure virtual machine control method, it is characterised in that methods described includes:
Escape way is established with target virtual machine;
Based on the escape way, the data of the target virtual machine are got;
Progress Viral diagnosis is performed for the data of the target virtual machine, obtains testing result;
Security control is carried out to the target virtual machine based on the testing result.
2. according to the method for claim 1, it is characterised in that described to be based on the testing result
Security control is carried out to the target virtual machine, including:
There is Virus when the testing result is characterized in the target virtual machine, then led to based on the safety
Road carries out checking and killing virus operation for the target virtual machine.
3. according to the method for claim 2, it is characterised in that described to be established with target virtual machine
Escape way, including:
Communication key negotiation is carried out with the target virtual machine, to obtain between the target virtual machine
Communication key;Receive the logging request based on the communication key that the target virtual machine is sent, base
Checking is carried out to the target virtual machine in the logging request and is verified result;If the result
It is legal virtual machine to characterize the target virtual machine, then is established based on the communication key empty with the target
Escape way between plan machine.
4. according to the method for claim 3, it is characterised in that methods described also includes:Pass through
The escape way, carry out capability negotiation with the target virtual machine and obtain capability negotiation result;
Accordingly, it is described that checking and killing virus behaviour is carried out for the target virtual machine based on the escape way
Make, including:
Based on the capability negotiation result, it is determined that for the checking and killing virus strategy of the target virtual machine, root
Killing operation is carried out to the target virtual machine according to the checking and killing virus strategy;Wherein, the checking and killing virus
Strategy comprise at least there is ability based on the target virtual machine to determine for the target virtual machine
Checking and killing virus instruction set.
5. a kind of secure virtual machine control method, applied to the network equipment, wherein, the network equipment
It is the equipment at least supported to establish and control virtual machine;Characterized in that, methods described includes:
Control virtual machine establishes escape way with cloud platform;
Based on the escape way, get to the cloud platform and upload data, to cause the cloud platform
Progress Viral diagnosis is performed for the data of the target virtual machine, obtains testing result;
Security control is carried out to the virtual machine based on the testing result of the cloud platform.
A kind of 6. secure virtual machine control system, it is characterised in that including:
Control module, for establishing escape way with target virtual machine;Based on the escape way, obtain
To the data of the target virtual machine;Safe control is carried out to the target virtual machine based on the testing result
System;
Antivirus module, Viral diagnosis is carried out for being performed for the data of the target virtual machine, is examined
Survey result.
7. system according to claim 6, it is characterised in that the control module, for working as
The testing result, which is characterized in the target virtual machine, Virus, then is directed to based on the escape way
The target virtual machine carries out checking and killing virus operation.
8. system according to claim 7, it is characterised in that the control module, for
The target virtual machine carries out communication key negotiation, close to obtain the communication between the target virtual machine
Key;The logging request based on the communication key that the target virtual machine is sent is received, based on described
Logging request carries out checking to the target virtual machine and is verified result;If the result characterizes institute
It is legal virtual machine to state target virtual machine, then based on the communication key establish with the target virtual machine it
Between escape way.
9. system according to claim 8, it is characterised in that the control module, for leading to
The escape way is crossed, carrying out capability negotiation with the target virtual machine obtains capability negotiation result;And
Based on the capability negotiation result, it is determined that for the checking and killing virus strategy of the target virtual machine, according to institute
State checking and killing virus strategy and killing operation is carried out to the target virtual machine;Wherein, the checking and killing virus strategy
The virus for the target virtual machine determined including at least the ability having based on the target virtual machine
Killing instruction set.
10. a kind of network equipment, the network equipment includes:Virtual Machine Manager module, at least building
Stand and control virtual machine;Characterized in that, the network equipment also includes:
Path setup module, for controlling virtual machine and cloud platform to establish escape way;
Virtual machine proxy module, it is additionally operable to be based on the escape way, gets to the cloud platform and upload
Data;Security control is carried out to the virtual machine based on the testing result of the cloud platform.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610273226.8A CN107342963A (en) | 2016-04-28 | 2016-04-28 | A kind of secure virtual machine control method, system and the network equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610273226.8A CN107342963A (en) | 2016-04-28 | 2016-04-28 | A kind of secure virtual machine control method, system and the network equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107342963A true CN107342963A (en) | 2017-11-10 |
Family
ID=60221817
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610273226.8A Pending CN107342963A (en) | 2016-04-28 | 2016-04-28 | A kind of secure virtual machine control method, system and the network equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107342963A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110874473A (en) * | 2018-09-04 | 2020-03-10 | 成都华为技术有限公司 | Virus detection method, device and system, cloud service system and storage medium |
| CN111221628A (en) * | 2020-01-09 | 2020-06-02 | 奇安信科技集团股份有限公司 | Method and device for detecting safety of virtual machine file on virtualization platform |
| CN111459609A (en) * | 2020-03-10 | 2020-07-28 | 奇安信科技集团股份有限公司 | Virtual machine safety protection method and device and electronic equipment |
| CN113127853A (en) * | 2019-12-31 | 2021-07-16 | 奇安信科技集团股份有限公司 | Method and device for safely processing virtual machine file |
| CN111459609B (en) * | 2020-03-10 | 2024-04-19 | 奇安信科技集团股份有限公司 | Virtual machine safety protection method and device and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102419803A (en) * | 2011-11-01 | 2012-04-18 | 成都市华为赛门铁克科技有限公司 | Method, system and device for searching and killing computer virus |
| CN102708325A (en) * | 2012-05-17 | 2012-10-03 | 中国科学院计算技术研究所 | Method and system for killing viruses of virtual desktop environment file |
| CN103810429A (en) * | 2014-02-28 | 2014-05-21 | 成都长天信息技术有限公司 | Computer virus searching and killing method based on desktop cloud virtualization technology |
| CN103888429A (en) * | 2012-12-21 | 2014-06-25 | 华为技术有限公司 | Virtual machine starting method, correlation devices and systems |
| EP2853064A1 (en) * | 2012-06-27 | 2015-04-01 | Qatar Foundation | An arrangement configured to allocate network interface resources to a virtual machine |
-
2016
- 2016-04-28 CN CN201610273226.8A patent/CN107342963A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102419803A (en) * | 2011-11-01 | 2012-04-18 | 成都市华为赛门铁克科技有限公司 | Method, system and device for searching and killing computer virus |
| CN102708325A (en) * | 2012-05-17 | 2012-10-03 | 中国科学院计算技术研究所 | Method and system for killing viruses of virtual desktop environment file |
| EP2853064A1 (en) * | 2012-06-27 | 2015-04-01 | Qatar Foundation | An arrangement configured to allocate network interface resources to a virtual machine |
| CN103888429A (en) * | 2012-12-21 | 2014-06-25 | 华为技术有限公司 | Virtual machine starting method, correlation devices and systems |
| CN103810429A (en) * | 2014-02-28 | 2014-05-21 | 成都长天信息技术有限公司 | Computer virus searching and killing method based on desktop cloud virtualization technology |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110874473A (en) * | 2018-09-04 | 2020-03-10 | 成都华为技术有限公司 | Virus detection method, device and system, cloud service system and storage medium |
| CN113127853A (en) * | 2019-12-31 | 2021-07-16 | 奇安信科技集团股份有限公司 | Method and device for safely processing virtual machine file |
| CN111221628A (en) * | 2020-01-09 | 2020-06-02 | 奇安信科技集团股份有限公司 | Method and device for detecting safety of virtual machine file on virtualization platform |
| CN111221628B (en) * | 2020-01-09 | 2023-09-19 | 奇安信科技集团股份有限公司 | Method and device for detecting security of virtual machine files on virtualization platform |
| CN111459609A (en) * | 2020-03-10 | 2020-07-28 | 奇安信科技集团股份有限公司 | Virtual machine safety protection method and device and electronic equipment |
| CN111459609B (en) * | 2020-03-10 | 2024-04-19 | 奇安信科技集团股份有限公司 | Virtual machine safety protection method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11483143B2 (en) | Enhanced monitoring and protection of enterprise data | |
| CN105027493B (en) | Safety moving application connection bus | |
| US10027650B2 (en) | Systems and methods for implementing security | |
| US9003525B2 (en) | System and method for limiting exploitable or potentially exploitable sub-components in software components | |
| CN102804677B (en) | Discovery of secure network enclaves | |
| US9124640B2 (en) | Systems and methods for implementing computer security | |
| US20050120203A1 (en) | Methods, systems and computer program products for automatic rekeying in an authentication environment | |
| CN109600226A (en) | TLS protocol session key recovery method based on random number implicit negotiation | |
| KR101838973B1 (en) | Agent based security threat monitoring system using white list | |
| KR101992976B1 (en) | A remote access system using the SSH protocol and managing SSH authentication key securely | |
| CN109472130A (en) | Linux cipher management method, middle control machine, readable storage medium storing program for executing | |
| US9524394B2 (en) | Method and apparatus for providing provably secure user input/output | |
| CN113014539A (en) | Internet of things equipment safety protection system and method | |
| CN107342963A (en) | A kind of secure virtual machine control method, system and the network equipment | |
| CN112016073B (en) | Construction method of server zero trust connection architecture | |
| CN113992328A (en) | Zero trust transport layer flow authentication method, device and storage medium | |
| CN113922974B (en) | Information processing method and system, front end, server side and storage medium | |
| KR101040543B1 (en) | Detection system and detecting method for the cryptographic data in SSH | |
| CN111147252B (en) | Trusted connection method for cloud environment | |
| CN115623013A (en) | Strategy information synchronization method, system and related product | |
| CN117424742B (en) | Session key restoring method of non-perception transmission layer security protocol | |
| CN115189973B (en) | Method and system for software security and encryption | |
| CN114244569B (en) | SSL VPN remote access method, system and computer equipment | |
| CN111970281B (en) | Routing equipment remote control method and system based on verification server and electronic equipment | |
| CN117938479A (en) | Remote operation and maintenance method, system, equipment and medium for edge terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171110 |