CN108713194A - 使用虚拟资源视图的数据保护 - Google Patents

使用虚拟资源视图的数据保护 Download PDF

Info

Publication number
CN108713194A
CN108713194A CN201780016506.3A CN201780016506A CN108713194A CN 108713194 A CN108713194 A CN 108713194A CN 201780016506 A CN201780016506 A CN 201780016506A CN 108713194 A CN108713194 A CN 108713194A
Authority
CN
China
Prior art keywords
computing device
resource
requesting entity
owner
virtual
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201780016506.3A
Other languages
English (en)
Chinese (zh)
Inventor
M·克里斯托铎雷斯古
D·杜尔亚蒂
N·伊斯兰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Inc
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Publication of CN108713194A publication Critical patent/CN108713194A/zh
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1433Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a module or a part of a module
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • G06F12/1483Protection against unauthorised use of memory or access to memory by checking the subject access rights using an access-table, e.g. matrix or list
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45591Monitoring or debugging support

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Mathematical Physics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
CN201780016506.3A 2016-03-22 2017-02-24 使用虚拟资源视图的数据保护 Pending CN108713194A (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/076,936 2016-03-22
US15/076,936 US20170277903A1 (en) 2016-03-22 2016-03-22 Data Protection Using Virtual Resource Views
PCT/US2017/019396 WO2017165073A1 (en) 2016-03-22 2017-02-24 Data protection using virtual resource views

Publications (1)

Publication Number Publication Date
CN108713194A true CN108713194A (zh) 2018-10-26

Family

ID=58264630

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201780016506.3A Pending CN108713194A (zh) 2016-03-22 2017-02-24 使用虚拟资源视图的数据保护

Country Status (9)

Country Link
US (1) US20170277903A1 (enExample)
EP (1) EP3433748A1 (enExample)
JP (1) JP6903682B2 (enExample)
KR (1) KR20180124048A (enExample)
CN (1) CN108713194A (enExample)
BR (1) BR112018069030A2 (enExample)
CA (1) CA3014917A1 (enExample)
TW (1) TW201737059A (enExample)
WO (1) WO2017165073A1 (enExample)

Families Citing this family (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3140734B1 (en) 2014-05-09 2020-04-08 Nutanix, Inc. Mechanism for providing external access to a secured networked virtualization environment
CN105184154B (zh) * 2015-09-15 2017-06-20 中国科学院信息工程研究所 一种在虚拟化环境中提供密码运算服务的系统和方法
US11550558B2 (en) 2016-02-12 2023-01-10 Nutanix, Inc. Virtualized file server deployment
US11218418B2 (en) 2016-05-20 2022-01-04 Nutanix, Inc. Scalable leadership election in a multi-processing computing environment
US11568073B2 (en) 2016-12-02 2023-01-31 Nutanix, Inc. Handling permissions for virtualized file servers
US10824455B2 (en) * 2016-12-02 2020-11-03 Nutanix, Inc. Virtualized server systems and methods including load balancing for virtualized file servers
US10728090B2 (en) 2016-12-02 2020-07-28 Nutanix, Inc. Configuring network segmentation for a virtualization environment
US11562034B2 (en) 2016-12-02 2023-01-24 Nutanix, Inc. Transparent referrals for distributed file servers
US11294777B2 (en) 2016-12-05 2022-04-05 Nutanix, Inc. Disaster recovery for distributed file servers, including metadata fixers
US11281484B2 (en) 2016-12-06 2022-03-22 Nutanix, Inc. Virtualized server systems and methods including scaling of file system virtual machines
US11288239B2 (en) 2016-12-06 2022-03-29 Nutanix, Inc. Cloning virtualized file servers
US10558250B2 (en) * 2016-12-23 2020-02-11 Oracle International Corporation System and method for coordinated link up handling following switch reset in a high performance computing network
GB2563885B (en) * 2017-06-28 2019-10-23 Advanced Risc Mach Ltd Interrupting export of memory regions
CN111611618B (zh) 2017-10-31 2023-08-04 创新先进技术有限公司 一种数据统计方法和装置
CN110019475B (zh) * 2017-12-21 2021-07-20 华为技术有限公司 数据持久化处理方法、装置及系统
US11086826B2 (en) 2018-04-30 2021-08-10 Nutanix, Inc. Virtualized server systems and methods including domain joining techniques
US11194680B2 (en) 2018-07-20 2021-12-07 Nutanix, Inc. Two node clusters recovery on a failure
US11770447B2 (en) 2018-10-31 2023-09-26 Nutanix, Inc. Managing high-availability file servers
US11768809B2 (en) 2020-05-08 2023-09-26 Nutanix, Inc. Managing incremental snapshots for fast leader node bring-up
US12248435B2 (en) 2021-03-31 2025-03-11 Nutanix, Inc. File analytics systems and methods
US12131192B2 (en) 2021-03-18 2024-10-29 Nutanix, Inc. Scope-based distributed lock infrastructure for virtualized file server
US12197398B2 (en) 2021-03-31 2025-01-14 Nutanix, Inc. Virtualized file servers and methods to persistently store file system event data
US12248434B2 (en) 2021-03-31 2025-03-11 Nutanix, Inc. File analytics systems including examples providing metrics adjusted for application operation
US12242455B2 (en) 2021-03-31 2025-03-04 Nutanix, Inc. File analytics systems and methods including receiving and processing file system event data in order
US12367108B2 (en) 2021-03-31 2025-07-22 Nutanix, Inc. File analytics systems and methods including retrieving metadata from file system snapshots
US12164383B2 (en) 2021-08-19 2024-12-10 Nutanix, Inc. Failover and failback of distributed file servers
US12117972B2 (en) 2021-08-19 2024-10-15 Nutanix, Inc. File server managers and systems for managing virtualized file servers
CN113992425B (zh) * 2021-11-12 2022-09-23 北京天融信网络安全技术有限公司 一种收发网络数据包的方法、网络设备以及通信系统
US12153690B2 (en) 2022-01-24 2024-11-26 Nutanix, Inc. Consistent access control lists across file servers for local users in a distributed file server environment
US12182264B2 (en) 2022-03-11 2024-12-31 Nutanix, Inc. Malicious activity detection, validation, and remediation in virtualized file servers
US12184791B2 (en) * 2022-06-02 2024-12-31 Sap Se Client secure connections for database host
US12189499B2 (en) 2022-07-29 2025-01-07 Nutanix, Inc. Self-service restore (SSR) snapshot replication with share-level file system disaster recovery on virtualized file servers
US12461832B2 (en) 2023-09-27 2025-11-04 Nutanix, Inc. Durable handle management for failover in distributed file servers

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080271015A1 (en) * 2007-04-26 2008-10-30 Ibrahim Wael M Virtual machine control
CN101520753A (zh) * 2008-02-29 2009-09-02 Arm有限公司 数据处理设备和控制虚拟机对安全存储器的访问的方法
CN102763098A (zh) * 2009-12-14 2012-10-31 思杰系统有限公司 用于在可信和不可信虚拟机之间通信的方法和系统
CN102971706A (zh) * 2010-05-10 2013-03-13 思杰系统有限公司 将信息从安全虚拟机重定向到不安全虚拟机
US20130097417A1 (en) * 2011-10-13 2013-04-18 Microsoft Corporation Secure private computation services
CN104106051A (zh) * 2012-02-09 2014-10-15 西里克斯系统公司 标记云计算环境中的物理资源
CN104303154A (zh) * 2012-06-20 2015-01-21 英特尔公司 监视由虚拟机的资源使用
US20150248357A1 (en) * 2014-02-28 2015-09-03 Advanced Micro Devices, Inc. Cryptographic protection of information in a processing system
JP2015532499A (ja) * 2012-10-19 2015-11-09 マカフィー, インコーポレイテッド リアルタイムモジュールプロテクション

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6772350B1 (en) * 1998-05-15 2004-08-03 E.Piphany, Inc. System and method for controlling access to resources in a distributed environment
US8819676B2 (en) * 2007-10-30 2014-08-26 Vmware, Inc. Transparent memory-mapped emulation of I/O calls
US8856504B2 (en) * 2010-06-07 2014-10-07 Cisco Technology, Inc. Secure virtual machine bootstrap in untrusted cloud infrastructures
US9503268B2 (en) * 2013-01-22 2016-11-22 Amazon Technologies, Inc. Securing results of privileged computing operations
US9396011B2 (en) * 2013-03-12 2016-07-19 Qualcomm Incorporated Algorithm and apparatus to deploy virtual machine monitor on demand

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080271015A1 (en) * 2007-04-26 2008-10-30 Ibrahim Wael M Virtual machine control
CN101520753A (zh) * 2008-02-29 2009-09-02 Arm有限公司 数据处理设备和控制虚拟机对安全存储器的访问的方法
CN102763098A (zh) * 2009-12-14 2012-10-31 思杰系统有限公司 用于在可信和不可信虚拟机之间通信的方法和系统
CN102971706A (zh) * 2010-05-10 2013-03-13 思杰系统有限公司 将信息从安全虚拟机重定向到不安全虚拟机
US20130097417A1 (en) * 2011-10-13 2013-04-18 Microsoft Corporation Secure private computation services
CN104106051A (zh) * 2012-02-09 2014-10-15 西里克斯系统公司 标记云计算环境中的物理资源
CN104303154A (zh) * 2012-06-20 2015-01-21 英特尔公司 监视由虚拟机的资源使用
JP2015532499A (ja) * 2012-10-19 2015-11-09 マカフィー, インコーポレイテッド リアルタイムモジュールプロテクション
US20150248357A1 (en) * 2014-02-28 2015-09-03 Advanced Micro Devices, Inc. Cryptographic protection of information in a processing system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
黄琛: ""存储虚拟化系统安全设计和实现"", 《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》 *

Also Published As

Publication number Publication date
EP3433748A1 (en) 2019-01-30
US20170277903A1 (en) 2017-09-28
BR112018069030A2 (pt) 2019-01-29
KR20180124048A (ko) 2018-11-20
JP6903682B2 (ja) 2021-07-14
WO2017165073A1 (en) 2017-09-28
CA3014917A1 (en) 2017-09-28
JP2019512811A (ja) 2019-05-16
TW201737059A (zh) 2017-10-16

Similar Documents

Publication Publication Date Title
JP6903682B2 (ja) 仮想リソースビューを使用するデータ保護
US10013554B2 (en) Time varying address space layout randomization
KR101378639B1 (ko) 프로세서 메인 메모리의 메모리 콘텐츠를 위한 보안 보호
US11847225B2 (en) Blocking access to firmware by units of system on chip
US20160253497A1 (en) Return Oriented Programming Attack Detection Via Memory Monitoring
KR20170033891A (ko) 보호 영역에서의 메모리 초기화
CN110383240B (zh) 用于容器化的安全计算资源的方法和装置
CN103890852A (zh) 对包括机密信息的存储器区域的访问
US9529805B2 (en) Systems and methods for providing dynamic file system awareness on storage devices
JP7201686B2 (ja) 間接アクセスメモリコントローラ向けの保護機能を追加するための機器
TW201633203A (zh) 裝置與安全處理環境之間的介面
US20150227755A1 (en) Encryption and decryption methods of a mobile storage on a file-by-file basis
US10019574B2 (en) Systems and methods for providing dynamic file system awareness on storage devices
CN116964564A (zh) 通过页重映射和旋转增加地址空间布局随机化熵
KR20140127124A (ko) 시스템 자원에 대한 접근을 관리하는 전자 장치
US20160103612A1 (en) Approximation of Execution Events Using Memory Hierarchy Monitoring
TWI907233B (zh) 用於容許安全通訊之積體電路、方法及電腦系統
TWI906632B (zh) 用於容許安全通訊之積體電路、方法及電腦系統
CN121002501A (zh) 有效保护硬件管理的集成密码引擎密钥的同时防止静态数据攻击的新颖方法
CN120813926A (zh) 检测意外存储器读取
TW202418133A (zh) 用於容許安全通訊之積體電路、方法及電腦系統

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20181026

WD01 Invention patent application deemed withdrawn after publication