CN108446161B - Method and device for running application program in virtual machine environment - Google Patents
Method and device for running application program in virtual machine environment Download PDFInfo
- Publication number
- CN108446161B CN108446161B CN201810126882.4A CN201810126882A CN108446161B CN 108446161 B CN108446161 B CN 108446161B CN 201810126882 A CN201810126882 A CN 201810126882A CN 108446161 B CN108446161 B CN 108446161B
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- fingerprint password
- application program
- fingerprint
- encryption lock
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000005516 engineering process Methods 0.000 description 4
- 238000007726 management method Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012356 Product development Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010367 cloning Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Abstract
The application discloses a method and a device for running an application program in a virtual machine environment, wherein the method comprises the following steps: in a time period T from the start of an operating system of a virtual machine to the running of an application program under the virtual machine, enabling the virtual machine to randomly generate a first fingerprint password at a first moment; enabling the virtual machine to write the first fingerprint password into the encryption lock, and locally storing the first fingerprint password; enabling the virtual machine to read out a second fingerprint password from the encryption lock at least one second moment in time within the time period T, wherein the second moment is after the first moment; and if the second fingerprint password is not matched with the first locally stored fingerprint password, the application program under the virtual machine is forbidden to run. By the method, the application programs under the multiple virtual machines can be prevented from being authenticated and operated simultaneously.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for running an application program in a virtual machine environment.
Background
With the increasing use of virtual machines in the industry, virtualization deployment is an advanced technology for application delivery on personal computers, which can deploy various servers in a virtual environment and form an image file before delivering server-class applications to clients. The client can directly use the image file only by loading the image file on the computer of the client without carrying out complicated installation and configuration processes.
While virtualization provides convenience, it also fails to address the manner in which developers of certain applications attempt to leverage hardware differences for authorization management, since virtualization "erases" the underlying differences in hardware. Because a user can install virtualized containers on multiple different personal computers, the actual application cannot detect differences in external hardware at runtime. At present, most server application programs are protected by hardware encryption locks, and one encryption lock can only correspond to one set of application program authorization.
However, the inventor of the present application found in a long-term development process that a virtualized container can run multiple images on one real machine, and the images can obtain the authentication of the encryption lock in the same method and run simultaneously. Therefore, the developed application program is easy to clone and cannot protect the true value of the application program.
Disclosure of Invention
The technical problem mainly solved by the application is to provide a method and a device for running an application program in a virtual machine environment, which can prevent the application programs in a plurality of virtual machines from being authenticated and run simultaneously.
In order to solve the technical problem, the application adopts a technical scheme that: there is provided a method of running an application in a virtual machine environment, the method comprising: in a time period T from the start of an operating system of a virtual machine to the running of an application program under the virtual machine, enabling the virtual machine to randomly generate a first fingerprint password at a first moment; enabling the virtual machine to write the first fingerprint password into an encryption lock, and locally storing the first fingerprint password; at least one second time within the time period T, enabling the virtual machine to read out a second fingerprint password from the encryption lock, wherein the second time is after the first time; if the second fingerprint password is matched with the first fingerprint password stored locally, the application program under the virtual machine is allowed to run, and if the second fingerprint password is not matched with the first fingerprint password stored locally, the application program under the virtual machine is forbidden to run.
In order to solve the above technical problem, another technical solution adopted by the present application is: there is provided an apparatus for running an application in a virtual machine environment, the apparatus comprising: a processor and a memory, the processor coupled with the memory, wherein the memory is to store a program; when the program is run, the processor is used for enabling the virtual machine to randomly generate a first fingerprint password at a first moment in a time period T from the start of an operating system of the virtual machine to the running of an application program under the virtual machine; enabling the virtual machine to write the first fingerprint password into an encryption lock, and locally storing the first fingerprint password; at least one second time within the time period T, enabling the virtual machine to read out a second fingerprint password from the encryption lock, wherein the second time is after the first time; if the second fingerprint password is matched with the first fingerprint password stored locally, the application program under the virtual machine is allowed to run, and if the second fingerprint password is not matched with the first fingerprint password stored locally, the application program under the virtual machine is forbidden to run.
The beneficial effect of this application is: different from the situation of the prior art, in the time period T from the start of an operating system of a virtual machine to the running of an application program under the virtual machine, the method enables the virtual machine to randomly generate a first fingerprint password at a first moment; enabling the virtual machine to write the first fingerprint password into an encryption lock, and locally storing the first fingerprint password; at least one second time within the time period T, enabling the virtual machine to read out a second fingerprint password from the encryption lock, wherein the second time is after the first time; if the second fingerprint password is matched with the first fingerprint password stored locally, the application program under the virtual machine is allowed to run, and if the second fingerprint password is not matched with the first fingerprint password stored locally, the application program under the virtual machine is forbidden to run. Because the virtual machine randomly generates a first fingerprint password at a first moment in a time period T from the start of an operating system of the virtual machine to the running of an application program under the virtual machine, the virtual machine reads a second fingerprint password from the encryption lock at least once, if a plurality of virtual machines access the same encryption lock, a plurality of first fingerprint passwords randomly generated by the plurality of virtual machines are different definitely, if the same written first fingerprint password is not consistent with the read second fingerprint password, at least the existence of other virtual machines can be judged, so that the running of the application program under the virtual machine is allowed only when the second fingerprint password is matched with the first fingerprint password, and if the second fingerprint password is not matched with the first fingerprint password, the first fingerprint password in the encryption lock is indicated to be changed by other virtual machines, and the running of the application program under the virtual machine is forbidden at this moment, in this way, applications under multiple virtual machines can be prevented from authenticating and running simultaneously.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts. Wherein:
FIG. 1 is a flow chart illustrating an embodiment of a method for running an application in a virtual machine environment according to the present application;
FIG. 2 is a flow chart illustrating another embodiment of a method for running an application in a virtual machine environment according to the present application;
fig. 3 is a schematic structural diagram of an embodiment of an apparatus for running an application in a virtual machine environment according to the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a schematic flowchart of an embodiment of a method for running an application program in a virtual machine environment according to the present application, and it should be noted that the method of the present embodiment needs to be implemented in combination with an encryption lock, and the encryption lock can be used for writing and reading operations. Specifically, the method comprises:
step S101: in a time period T from the start of an operating system of the virtual machine to the running of an application program under the virtual machine, the virtual machine randomly generates a first fingerprint password at a first moment.
Step S102: and enabling the virtual machine to write the first fingerprint password into the encryption lock, and locally storing the first fingerprint password.
Step S103: and enabling the virtual machine to read out the second fingerprint password from the encryption lock at least one second moment in time within the time period T, wherein the second moment is after the first moment.
Step S104: and if the second fingerprint password is not matched with the first locally stored fingerprint password, the application program under the virtual machine is forbidden to run.
In this embodiment, a Virtual Machine (Virtual Machine) refers to a complete computer system having complete hardware system functions and operating in a completely isolated environment, which is simulated by software. For a hardware machine, only one operating system can be run on one machine at a time. The virtual machine can simulate the complete hardware system function through software and run in a completely isolated environment. A machine (e.g., a server) may have multiple virtual machines running, each running the same or a different operating system, and each virtual machine may have a relatively large capacity.
The application program under the virtual machine needs to be run, firstly, the operating system of the virtual machine needs to be started, and the application program under the virtual machine can be run after the operating system of the virtual machine is started. In a time period T from the start of an operating system of a virtual machine to the running of an application program under the virtual machine, enabling the virtual machine to randomly generate a first fingerprint password at a first moment; for example: when an operating system of the virtual machine is started, the virtual machine is enabled to randomly generate a first fingerprint password, or the virtual machine is enabled to randomly generate the first fingerprint password at a certain time when an application program under the virtual machine runs, and the like. In one embodiment, the application is a server application.
After the virtual machine randomly generates the first fingerprint password, the virtual machine writes the first fingerprint password into the encryption lock, and the first fingerprint password is stored locally. Subsequently, the virtual machine is caused to read the second fingerprint password from the dongle at least once (i.e., after the first time) for a time period T. If a plurality of virtual machines access the same encryption lock, a plurality of first fingerprint passwords randomly generated by the plurality of virtual machines are different, and if the first fingerprint password written by the same virtual machine is inconsistent with the second fingerprint password read out by the same virtual machine, the existence of other virtual machines can be judged at least. If the second fingerprint password is matched with the first fingerprint password stored locally, it indicates that only the virtual machine exists at present, the application program under the virtual machine is allowed to run at this time, and if the second fingerprint password is not matched with the first fingerprint password stored locally, it indicates that other virtual machines exist at present, the other virtual machines also access the encryption lock, and the first fingerprint password has been modified, the second fingerprint password at this time is not the first fingerprint password written by the current virtual machine, but the first fingerprint passwords randomly generated and written by the other virtual machines, at this time, the application program under the current virtual machine is prohibited from running, and the other virtual machines can also run before judging whether the respective first fingerprint password and the second fingerprint password are matched, so that by this means, the application programs under a plurality of virtual machines can be prevented from being authenticated and run at the same time, the application program is prevented from being cloned without being authorized, and the value of the application program can be really protected.
In an embodiment, during the running process of the application program under the virtual machine, the virtual machine can periodically read out the second fingerprint password from the encryption lock at fixed time intervals, and periodically detect whether the second fingerprint password is matched with the first fingerprint password, so that whether other virtual machines exist can be monitored during the whole running process of the application program under the virtual machine, thereby more carefully preventing the application programs under a plurality of virtual machines from being authenticated and running simultaneously, further preventing the application program from being cloned without being authorized, and further protecting the value of the application program really.
In an application scenario, the embodiments of the present application may be applied in a virtualized environment of an operating system, i.e. containers (containers), for example: docker, Container, provides a way to isolate the running environments (operating systems) on a server. The container is located above the hardware and operating system, which may be Linux or Windows. Each container shares the kernel of the host operating system and typically also includes a library of files. In short, the container can be regarded as a virtual machine which is provided with a group of specific applications, the kernel of the host machine is directly utilized, the number of abstract layers is less than that of the virtual machine, the container is lighter in weight, and the starting speed is extremely high. In the application scene, the method can prevent the application programs under a plurality of virtual machines from being authenticated and operated simultaneously, prevent the application programs from being cloned under the condition of no authorization, and further can really protect the value of the application programs.
In the method, a first fingerprint password is randomly generated by a virtual machine at a first moment in a time period T from the start of an operating system of the virtual machine to the running of an application program under the virtual machine; enabling the virtual machine to write the first fingerprint password into an encryption lock, and locally storing the first fingerprint password; at least one second time within the time period T, enabling the virtual machine to read out a second fingerprint password from the encryption lock, wherein the second time is after the first time; if the second fingerprint password is matched with the first fingerprint password stored locally, the application program under the virtual machine is allowed to run, and if the second fingerprint password is not matched with the first fingerprint password stored locally, the application program under the virtual machine is forbidden to run. Because the virtual machine randomly generates a first fingerprint password at a first moment in a time period T from the start of an operating system of the virtual machine to the running of an application program under the virtual machine, the virtual machine reads a second fingerprint password from the encryption lock at least once, if a plurality of virtual machines access the same encryption lock, a plurality of first fingerprint passwords randomly generated by the plurality of virtual machines are different definitely, if the same written first fingerprint password is not consistent with the read second fingerprint password, at least the existence of other virtual machines can be judged, so that the running of the application program under the virtual machine is allowed only when the second fingerprint password is matched with the first fingerprint password, and if the second fingerprint password is not matched with the first fingerprint password, the first fingerprint password in the encryption lock is indicated to be changed by other virtual machines, and the running of the application program under the virtual machine is forbidden at this moment, in this way, applications under multiple virtual machines can be prevented from authenticating and running simultaneously.
In an embodiment, in step S101, in a time period T from the start of an operating system of the virtual machine to the operation of an application program in the virtual machine, randomly generating a first fingerprint password by the virtual machine at a first time may specifically include: when an operating system of the virtual machine is started, the virtual machine is enabled to randomly generate a first fingerprint password.
That is, in the present embodiment, the first fingerprint password of the virtual machine is randomly generated when the operating system of the virtual machine is started. The operating system of the virtual machine is started, namely the virtual machine starts to run, the first fingerprint password is generated at the moment, the first fingerprint password can be written into the encryption lock, and the first fingerprint password is stored locally, so that other currently running virtual machines can be stopped running quickly, and the application programs under a plurality of virtual machines can be prevented from being authenticated and running simultaneously when the virtual machines are started.
In an embodiment, in step S102, at least one second time within the time period T, the reading out, by the virtual machine, the second fingerprint password from the dongle may specifically include: periodically causing the virtual machine to read the second fingerprint password from the dongle at a plurality of second times within the time period T.
In the present embodiment, the time intervals between the plurality of second time points may be the same or different. The virtual machine is enabled to periodically read out the second fingerprint password from the encryption lock, whether the second fingerprint password is matched with the first fingerprint password can be periodically detected, whether other virtual machines exist can be monitored in the whole operation process of the application program under the virtual machine, and therefore the application programs under a plurality of virtual machines are more carefully prevented from being authenticated and operated at the same time, the application programs are further prevented from being cloned under the condition that the application programs are not authorized, and the value of the application programs can be really protected.
Further, in step S103, at least one second time within the time period T, the reading out the second fingerprint password from the dongle by the virtual machine may specifically include: and when the application program under the virtual machine runs, enabling the virtual machine to read out the second fingerprint password from the encryption lock.
When the second fingerprint password is not matched with the first fingerprint password stored locally, the operation of the application program under the virtual machine is mainly prohibited, because the application program is developed by a developer with a large investment cost, the application program is naturally not expected to be cloned by a client at any time for use without compensation, other virtual machines exist, but the problem that the application program cannot be operated too much is solved, if the virtual machine operates the application program, the application program cannot be really protected, therefore, when the application program under the virtual machine operates, the virtual machine reads the second fingerprint password from the encryption lock, the operation of the virtual machine can be processed in a targeted manner, and the corresponding operation prohibition processing on the operation of the meaningless virtual machine is avoided.
In an embodiment, the virtual machine may be further caused to read the second fingerprint password from the dongle at a predetermined period when the application program in the virtual machine runs, so that monitoring may be continuously performed when the application program in the virtual machine runs, and the application programs in a plurality of virtual machines are prevented from being authenticated and running at the same time.
In step S104, if the second fingerprint password is matched with the locally stored first fingerprint password, allowing the application program under the virtual machine to run, and if the second fingerprint password is not matched with the locally stored first fingerprint password, prohibiting the application program under the virtual machine to run may specifically include:
and if the second fingerprint password is not matched with the first locally stored fingerprint password, the application program under the virtual machine is allowed to continue to run, and if the second fingerprint password is not matched with the first locally stored fingerprint password, the running of the application program under the virtual machine is terminated. That is to say, when the application program in the virtual machine runs, if the second fingerprint password is found to be matched with the first locally-stored fingerprint password, the application program in the virtual machine continues to run, and if the second fingerprint password is not matched with the first locally-stored fingerprint password, the application program in the virtual machine is terminated to run.
In a practical application, when a management system of smart MDM (intelligent mobile device management system) which is a new product of a multi-mode terminal is deployed to a certain public security bureau and a certain traffic police team in a certain city, because the government system is also a used virtual server, virtual container deployment support is needed, and the scheme of the application is adopted for application, so that a rapid virtual container deployment technology is realized, the unique use condition of the new product is ensured, and the condition that a client clones the system for multiple times is prevented.
In another practical application, a customer in overseas needs a set of new product DEM (electronic evidence system), the customer is also a virtualization server and needs virtual container deployment support, and the scheme of the application is adopted, so that the rapid virtual container deployment technology is realized, the unique use condition of the new product is ensured, and the condition that the customer clones the system for multiple use is prevented.
In a practical application, for example, a certain central office in a certain city purchases a set of new product devices and deploys the new product devices in a virtualized container (such as a VMware/Docker container), before the scheme of the application is adopted, the central office clones a set of new product devices for each branch office, so that each branch office can buy a set of new system-side software without paying, and the possibility that the branch offices clone multiple sets of new product devices can be achieved by purchasing one set of new system-side software through the central office without paying, and for a product market, originally, the situation that each branch office actually needs one set of system becomes a set of requirement, and more actual potential customer values are lost. Therefore, by using the technical scheme of the application, the actual use value of a newly developed product can be fully and completely ensured particularly in the application scene of a virtualized container (such as a VMware/Docker container) by a new developed product and customers. Conversely, if the technical scheme of virtual machine anti-cloning protection is not used, the method can be used for providing convenience for customers, and the possibility of buying one set of system and using a plurality of sets of systems exists, so that the original larger actual market product value requirement can be reduced, a larger product value space is lost easily, and the enthusiasm of new product development is met.
Referring to fig. 2, in an embodiment, the method further comprises:
step S201: if the virtual machine accesses the encryption lock for the first time, the virtual machine reads out the current counting parameter n in the encryption lock, and modifies the current counting parameter in the encryption lock to n +1, the initial value of the counting parameter in the encryption lock is zero, and n is a natural number.
Step S202: and determining the clone number of the virtual machine as n through the current counting parameter n +1 in the encryption lock.
In this embodiment, a count parameter is preset in the dongle, and the initial value of the count parameter is zero at the time of factory shipment. If the virtual machine is initialized to be connected with the encryption lock, namely the encryption lock is accessed for the first time, the virtual machine is enabled to read the current counting parameter n in the encryption lock, wherein n is a natural number, and the number of the current n is a number which represents how many virtual machines which have accessed the encryption lock for the first time before, namely how many virtual machines exist before. And then the virtual machine accumulates 1 on the basis of n, and writes n +1 into the current counting parameter in the encryption lock, so that the clone number of the virtual machine can be determined to be n through the current counting parameter n +1 in the encryption lock.
If the virtual machine continues to access the encryption lock subsequently after accessing the encryption lock for the first time, the step S201 does not need to be executed, and the step S201 is executed only when the encryption lock is accessed for the first time.
Referring to fig. 3, fig. 3 is a schematic structural diagram of an embodiment of the apparatus for running an application program in a virtual machine environment according to the present invention, it should be noted that the apparatus of the present embodiment may perform the steps in the above method, and for a detailed description of related contents, refer to the above method section, which is not described in detail herein.
The device includes: a processor 1 and a memory 2, the processor 1 being coupled to the memory 2.
The memory 2 is used for storing programs; when running a program, the processor 1 is used for enabling the virtual machine to randomly generate a first fingerprint password at a first moment in a time period T from the start of an operating system of the virtual machine to the running of an application program under the virtual machine; enabling the virtual machine to write the first fingerprint password into the encryption lock, and locally storing the first fingerprint password; enabling the virtual machine to read out a second fingerprint password from the encryption lock at least one second moment in time within the time period T, wherein the second moment is after the first moment; and if the second fingerprint password is not matched with the first locally stored fingerprint password, the application program under the virtual machine is forbidden to run.
When the processor 2 runs a program and an operating system of the virtual machine is started, the virtual machine randomly generates a first fingerprint password; the processor 2, when running the program, periodically causes the virtual machine to read the second fingerprint password from the dongle at a plurality of second times within the time period T.
When the processor 2 runs the program, the virtual machine reads out the second fingerprint password from the encryption lock when the application program under the virtual machine runs.
When the program is run, if the second fingerprint password is matched with the first locally stored fingerprint password, the processor 2 allows the application program under the virtual machine to continue running, and if the second fingerprint password is not matched with the first locally stored fingerprint password, the running of the application program under the virtual machine is terminated.
When the processor 2 runs the program, if the virtual machine accesses the encryption lock for the first time, the virtual machine reads out a current counting parameter n in the encryption lock, and modifies the current counting parameter in the encryption lock to n +1, wherein an initial value of the counting parameter in the encryption lock is zero, and n is a natural number; and determining the clone number of the virtual machine as n through the current counting parameter n +1 in the encryption lock.
In the method, a first fingerprint password is randomly generated by a virtual machine at a first moment in a time period T from the start of an operating system of the virtual machine to the running of an application program under the virtual machine; enabling the virtual machine to write the first fingerprint password into an encryption lock, and locally storing the first fingerprint password; at least one second time within the time period T, enabling the virtual machine to read out a second fingerprint password from the encryption lock, wherein the second time is after the first time; if the second fingerprint password is matched with the first fingerprint password stored locally, the application program under the virtual machine is allowed to run, and if the second fingerprint password is not matched with the first fingerprint password stored locally, the application program under the virtual machine is forbidden to run. Because the virtual machine randomly generates a first fingerprint password at a first moment in a time period T from the start of an operating system of the virtual machine to the running of an application program under the virtual machine, the virtual machine reads a second fingerprint password from the encryption lock at least once, if a plurality of virtual machines access the same encryption lock, a plurality of first fingerprint passwords randomly generated by the plurality of virtual machines are different definitely, if the same written first fingerprint password is not consistent with the read second fingerprint password, at least the existence of other virtual machines can be judged, so that the running of the application program under the virtual machine is allowed only when the second fingerprint password is matched with the first fingerprint password, and if the second fingerprint password is not matched with the first fingerprint password, the first fingerprint password in the encryption lock is indicated to be changed by other virtual machines, and the running of the application program under the virtual machine is forbidden at this moment, in this way, applications under multiple virtual machines can be prevented from authenticating and running simultaneously.
The above description is only for the purpose of illustrating embodiments of the present application and is not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application or are directly or indirectly applied to other related technical fields, are also included in the scope of the present application.
Claims (10)
1. A method for running an application in a virtual machine environment, the method comprising:
in a time period T from the start of an operating system of a virtual machine to the running of an application program under the virtual machine, enabling the virtual machine to randomly generate a first fingerprint password at a first moment;
enabling the virtual machine to write the first fingerprint password into an encryption lock, and locally storing the first fingerprint password;
at least one second time within the time period T, enabling the virtual machine to read out a second fingerprint password from the encryption lock, wherein the second time is after the first time;
if the second fingerprint password is matched with the first fingerprint password stored locally, the application program under the virtual machine is allowed to run, and if the second fingerprint password is not matched with the first fingerprint password stored locally, the application program under the virtual machine is forbidden to run.
2. The method of claim 1, wherein randomly generating a first fingerprint password by the virtual machine at a first time within a time period T from the start of an operating system of the virtual machine to the running of an application program under the virtual machine comprises:
when an operating system of the virtual machine is started, enabling the virtual machine to randomly generate a first fingerprint password;
the causing the virtual machine to read out a second fingerprint password from the dongle at least one second time within the time period T includes:
periodically causing the virtual machine to read out a second fingerprint password from the dongle at a plurality of second times within the time period T.
3. The method of claim 2, wherein causing the virtual machine to read out a second fingerprint password from the dongle at least a second time within the time period T comprises:
and when an application program under the virtual machine runs, enabling the virtual machine to read out the second fingerprint password from the encryption lock.
4. The method of claim 3, wherein the allowing the application program running in the virtual machine if the second fingerprint password matches the first fingerprint password stored locally, and the prohibiting the application program running in the virtual machine if the second fingerprint password does not match the first fingerprint password stored locally comprises:
if the second fingerprint password is matched with the first fingerprint password stored locally, allowing the application program under the virtual machine to continue to operate, and if the second fingerprint password is not matched with the first fingerprint password stored locally, terminating the operation of the application program under the virtual machine.
5. The method of claim 1, further comprising:
if the virtual machine accesses the encryption lock for the first time, the virtual machine reads a current counting parameter n in the encryption lock, and modifies the current counting parameter in the encryption lock into n +1, wherein an initial value of the counting parameter in the encryption lock is zero, and n is a natural number;
and determining the clone number of the virtual machine as n according to the current counting parameter n +1 in the encryption lock.
6. An apparatus for running an application in a virtual machine environment, the apparatus comprising: a processor and a memory, the processor coupled with the memory, wherein,
the memory is used for storing programs;
when the program is run, the processor is used for enabling the virtual machine to randomly generate a first fingerprint password at a first moment in a time period T from the start of an operating system of the virtual machine to the running of an application program under the virtual machine; enabling the virtual machine to write the first fingerprint password into an encryption lock, and locally storing the first fingerprint password; at least one second time within the time period T, enabling the virtual machine to read out a second fingerprint password from the encryption lock, wherein the second time is after the first time; if the second fingerprint password is matched with the first fingerprint password stored locally, the application program under the virtual machine is allowed to run, and if the second fingerprint password is not matched with the first fingerprint password stored locally, the application program under the virtual machine is forbidden to run.
7. The apparatus of claim 6, wherein the processor, when executing the program, causes the virtual machine to randomly generate a first fingerprint password upon an operating system boot of the virtual machine;
the processor, when executing the program, periodically causes the virtual machine to read a second fingerprint password from the dongle at a plurality of second times within the time period T.
8. The apparatus of claim 7, wherein the processor, when executing the program, causes the virtual machine to read a second fingerprint password from the dongle when an application program under the virtual machine is running.
9. The apparatus of claim 8, wherein the processor, when executing the program, allows the application program to continue to run in the virtual machine if the second fingerprint password matches the first locally stored fingerprint password, and terminates the application program running in the virtual machine if the second fingerprint password does not match the first locally stored fingerprint password.
10. The apparatus according to claim 6, wherein when the processor executes the program, if the virtual machine accesses the dongle for the first time, the virtual machine reads out a current count parameter n in the dongle, and modifies the current count parameter in the dongle to n +1, where an initial value of the count parameter in the dongle is zero, and n is a natural number; and determining the clone number of the virtual machine as n according to the current counting parameter n +1 in the encryption lock.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810126882.4A CN108446161B (en) | 2018-02-06 | 2018-02-06 | Method and device for running application program in virtual machine environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810126882.4A CN108446161B (en) | 2018-02-06 | 2018-02-06 | Method and device for running application program in virtual machine environment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108446161A CN108446161A (en) | 2018-08-24 |
CN108446161B true CN108446161B (en) | 2022-03-18 |
Family
ID=63191893
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810126882.4A Active CN108446161B (en) | 2018-02-06 | 2018-02-06 | Method and device for running application program in virtual machine environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108446161B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112115451B (en) * | 2020-09-28 | 2024-04-12 | 天地伟业技术有限公司 | Method for identifying hot plug hardware USB dongle in Docker container of ARM architecture |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101661545A (en) * | 2009-09-22 | 2010-03-03 | 江汉大学 | Anti-pirate method and device for software capable of unloading and reinstalling |
CN103235906A (en) * | 2013-03-27 | 2013-08-07 | 广东欧珀移动通信有限公司 | Method and device for encrypting and decrypting application program |
US8875266B2 (en) * | 2007-05-16 | 2014-10-28 | Vmware, Inc. | System and methods for enforcing software license compliance with virtual machines |
CN104484629A (en) * | 2014-12-03 | 2015-04-01 | 合肥联宝信息技术有限公司 | Computer starting method and device |
CN104866759A (en) * | 2014-02-20 | 2015-08-26 | 鸿富锦精密工业(深圳)有限公司 | System and method for dynamically setting supervisor password |
EP2955651A1 (en) * | 2014-06-10 | 2015-12-16 | Services Petroliers Schlumberger | Methods and systems for managing license distribution for software |
CA2780393C (en) * | 2011-06-21 | 2016-06-07 | Dls Technology Corporation | Key based secure operating system with secure dongle and method, and cryptographic method |
-
2018
- 2018-02-06 CN CN201810126882.4A patent/CN108446161B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8875266B2 (en) * | 2007-05-16 | 2014-10-28 | Vmware, Inc. | System and methods for enforcing software license compliance with virtual machines |
CN101661545A (en) * | 2009-09-22 | 2010-03-03 | 江汉大学 | Anti-pirate method and device for software capable of unloading and reinstalling |
CA2780393C (en) * | 2011-06-21 | 2016-06-07 | Dls Technology Corporation | Key based secure operating system with secure dongle and method, and cryptographic method |
CN103235906A (en) * | 2013-03-27 | 2013-08-07 | 广东欧珀移动通信有限公司 | Method and device for encrypting and decrypting application program |
CN104866759A (en) * | 2014-02-20 | 2015-08-26 | 鸿富锦精密工业(深圳)有限公司 | System and method for dynamically setting supervisor password |
EP2955651A1 (en) * | 2014-06-10 | 2015-12-16 | Services Petroliers Schlumberger | Methods and systems for managing license distribution for software |
CN104484629A (en) * | 2014-12-03 | 2015-04-01 | 合肥联宝信息技术有限公司 | Computer starting method and device |
Non-Patent Citations (1)
Title |
---|
NFV可靠性探讨;杨旭等;《电信科学》;20170720;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN108446161A (en) | 2018-08-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11762986B2 (en) | System for securing software containers with embedded agent | |
US9729579B1 (en) | Systems and methods for increasing security on computing systems that launch application containers | |
US8904552B2 (en) | System and method for protecting data information stored in storage | |
US6223284B1 (en) | Method and apparatus for remote ROM flashing and security management for a computer system | |
EP2795829B1 (en) | Cryptographic system and methodology for securing software cryptography | |
US11693952B2 (en) | System and method for providing secure execution environments using virtualization technology | |
WO2019104988A1 (en) | Plc security processing unit and bus arbitration method thereof | |
CN103827881A (en) | Method and system for dynamic platform security in a device operating system | |
CN110383277A (en) | Virtual machine monitor measurement agent | |
US20160275019A1 (en) | Method and apparatus for protecting dynamic libraries | |
CN103858113A (en) | Protecting memory of a virtual guest | |
US9262631B2 (en) | Embedded device and control method thereof | |
US20170255775A1 (en) | Software verification systems with multiple verification paths | |
US10810137B2 (en) | Physical address randomization for secure encrypted memory | |
CN112069506B (en) | Safe starting method and device | |
CN105308610A (en) | Method and system for platform and user application security on a device | |
CN108985096B (en) | Security enhancement and security operation method and device for Android SQLite database | |
CN109190335B (en) | Software copyright protection method and system | |
CN108446161B (en) | Method and device for running application program in virtual machine environment | |
US8972745B2 (en) | Secure data handling in a computer system | |
US20210342092A1 (en) | Apparatus and method for providing one time programmable memory features in a hypervisor of a computing device | |
WO2003100583A1 (en) | Tamper evident removable media storing executable code | |
CN115244535A (en) | System and method for protecting folders from unauthorized file modification | |
CN113868691B (en) | Authorized operation method and device of block chain based on cloud-native technology | |
CN113448682B (en) | Virtual machine monitor loading method and device and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |