CN108809935A - A kind of cloud environment or the safety access control method under virtual environment and device - Google Patents
A kind of cloud environment or the safety access control method under virtual environment and device Download PDFInfo
- Publication number
- CN108809935A CN108809935A CN201810358762.7A CN201810358762A CN108809935A CN 108809935 A CN108809935 A CN 108809935A CN 201810358762 A CN201810358762 A CN 201810358762A CN 108809935 A CN108809935 A CN 108809935A
- Authority
- CN
- China
- Prior art keywords
- virtual
- access control
- virtual environment
- technology
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000005516 engineering process Methods 0.000 claims abstract description 58
- 238000002955 isolation Methods 0.000 claims abstract description 29
- 238000012550 audit Methods 0.000 claims abstract description 25
- 238000012827 research and development Methods 0.000 claims abstract description 12
- 230000008569 process Effects 0.000 claims abstract description 8
- 230000000694 effects Effects 0.000 claims abstract description 7
- 238000011160 research Methods 0.000 claims description 24
- 238000013500 data storage Methods 0.000 claims description 7
- 238000005192 partition Methods 0.000 claims description 6
- 239000011800 void material Substances 0.000 claims 1
- 238000007726 management method Methods 0.000 description 9
- 230000006399 behavior Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000013439 planning Methods 0.000 description 2
- 241000209202 Bromus secalinus Species 0.000 description 1
- 230000002567 autonomic effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 206010022000 influenza Diseases 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 230000000116 mitigating effect Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Abstract
The invention discloses the safety access control methods under a kind of cloud environment or virtual environment, including:Study the secure authentication technology based on disposal password agreement;Study data isolation and access control technology under secure virtual machine guard technology, virtual network isolation technology, virtual environment;Study virtual environment security application audit technique;Study virtual environment access control technology and safety equipment virtualization research and development.The present invention is directed to the user under cloud and virtual environment and accesses complete audit technology, carries out complete audit from login, using up to the overall process published to user using no agent skill group, it is ensured that the compliance of user access activity.
Description
Technical field
The present invention relates to technical field of network security, the secure access control under a kind of cloud environment or virtual environment is particularly related to
Method and apparatus processed.
Background technology
Cloud environment and virtual environment propose 3 demands to network security:1) ensureing between different user or different business
Flow access control;2) network security policy can support member in computing cluster and flexibly be added, leaves or migrate;3) network
Security strategy can follow virtual machine Autonomic Migration Framework.In above three demand, first demand is to existing network security strategy
Enhancing.Criteria for planning that latter two demand then needs some new or technology realize that this brings to current network security strategy
Challenge.
Invention content
In view of this, it is an object of the invention to propose that the safety under a kind of cloud environment being simple and efficient or virtual environment is visited
Ask control method and device.
Based on above-mentioned purpose, the present invention provides the safety access control method under a kind of cloud environment or virtual environment, packets
It includes:
Study the secure authentication technology based on disposal password agreement;
Study data isolation and access control under secure virtual machine guard technology, virtual network isolation technology, virtual environment
Technology;
Study virtual environment security application audit technique;
Study virtual environment access control technology and safety equipment virtualization research and development.
In some embodiments, the secure authentication technology of the research based on disposal password agreement includes:Research is suitable
For the dynamic password token external member of mainstream cell phone platform, it is made of, effectively improves handset token APP and server-side application program
The safety of cloud and virtual system authentication, protection account number safety.
In some embodiments, the research secure virtual machine guard technology, virtual network isolation technology, virtual environment
Lower data isolation and access control technology include:The security isolation and access control of research virtual machine, are virtually prevented virtual switch
Wall with flues, virtual image file encryption storage, the load balancing of memory space, redundancy protecting, virtual machine Backup and Restore etc.;It grinds
Study carefully virtual network safe practice, including the protection of partition security domain, security boundary etc.;Data safe practice is realized to important
Data information upload, storage before be encrypted ensure data storage safety.
In some embodiments, the research virtual environment security application audit technique includes:It studies under virtual environment
User access complete audit technology, based on no agent skill group to user from log in, using until the overall process published carries out entirely
It audits in face, it is ensured that the compliance of user access activity.
In some embodiments, the research virtual environment access control technology and safety equipment virtualization research and development packet
It includes:Role-Based Access Control and the safety equipment virtualization of virtual environment are ground based on user role by research virtual environment system
Hair.
On the other hand, the present invention also provides the safe access control devices under a kind of cloud environment or virtual environment, including:
First execution module, for studying the secure authentication technology based on disposal password agreement;
Second execution module, for studying number under secure virtual machine guard technology, virtual network isolation technology, virtual environment
According to isolation and access control technology;
Third execution module, for studying virtual environment security application audit technique;
4th execution module, for studying virtual environment access control technology and safety equipment virtualization research and development.
In some embodiments, first execution module is specifically used for:Research is suitable for the dynamic of mainstream cell phone platform
State password token external member, is made of handset token APP and server-side application program, effectively improves cloud and virtual system authentication
Safety, protection account number safety.
In some embodiments, second execution module is specifically used for:Study security isolation and the access of virtual machine
Control, virtual switch, virtual firewall, the encryption storage of virtual image file, the load balancing of memory space, redundancy are protected
The Backup and Restore etc. of shield, virtual machine;Study virtual network safe practice, including the protection of partition security domain, security boundary etc.;Research
Technology On Data Encryption is realized and ensures the peace of data storage uploading, being encrypted before storage to important data information
Entirely.
In some embodiments, the third execution module is specifically used for:The user studied under virtual environment accesses entirely
Face audit technique carries out complete audit, it is ensured that use to user based on no agent skill group from login, using up to the overall process published
Family accesses the compliance of behavior.
In some embodiments, the 4th execution module is specifically used for:It studies virtual environment system and is based on user role
Role-Based Access Control to virtual environment and safety equipment virtualization research and development.
From the above it can be seen that safety access control method under cloud environment provided by the invention or virtual environment and
Device, under cloud and virtual environment user access complete audit technology, using no agent skill group to user from log in, use
Until the overall process published carries out complete audit, it is ensured that the compliance of user access activity.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
Obtain other attached drawings according to these attached drawings.
The cloud environment or the safety access control method flow chart under virtual environment that Fig. 1 is the embodiment of the present invention;
The cloud environment or the safe access control schematic device under virtual environment that Fig. 2 is the embodiment of the present invention.
Specific implementation mode
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with specific embodiment, and reference
Attached drawing, the present invention is described in more detail.
An embodiment of the present invention provides the safety access control methods under a kind of cloud environment or virtual environment.With reference to figure 1, it is
The cloud environment of the embodiment of the present invention or the safety access control method flow chart under virtual environment.
Safety access control method under the cloud environment or virtual environment, includes the following steps:
Step 101, secure authentication technology of the research based on disposal password agreement.
In this step, dynamic password token external member of the research suitable for mainstream cell phone platform, by handset token APP and service
Application program composition is held, the safety of cloud and virtual system authentication, protection account number safety are effectively improved.
Under step 102, research secure virtual machine guard technology, virtual network isolation technology, virtual environment data isolation and
Access control technology.
In this step, the security isolation and access control, virtual switch, virtual firewall, virtual mirror of virtual machine are studied
As file encryption storage, the load balancing of memory space, redundancy protecting, virtual machine Backup and Restore etc.;Study virtual network
Safe practice, including the protection of partition security domain, security boundary etc.;Data safe practice is realized to important data information
The safety of data storage is ensured uploading, being encrypted before storage.
Step 103, research virtual environment security application audit technique.
In this step, the security isolation and access control, virtual switch, virtual firewall, virtual mirror of virtual machine are studied
As file encryption storage, the load balancing of memory space, redundancy protecting, virtual machine Backup and Restore etc.;Study virtual network
Safe practice, including the protection of partition security domain, security boundary etc.;Data safe practice is realized to important data information
The safety of data storage is ensured uploading, being encrypted before storage.
Step 104, research virtual environment access control technology and safety equipment virtualization research and development.
In this step, research virtual environment system is based on user role to the Role-Based Access Control and safety of virtual environment
Device virtualization is researched and developed.
The present invention can not ensure safely the certification under cloud and virtual environment, the isolation not yet in effect of virtual secure domain, virtual net
Network can not effective monitoring and access control, data sharing storage resource by the safety problem of unauthorized access, carry out cloud and virtual ring
The theory and practice of border safety protection technique research, research is as described below according to emphasis:
The functional characteristic that resource pool dynamically distributes physical resource needs network to provide an open environment for facilitating exchange,
VLAN dividing modes in traditional network can influence resource dynamic dispatching, replace physics VLAN to draw in such a way that virtual region is isolated
It is a feasible solution to divide.
Area of isolation is divided by logical boundary of application packet, reduces the interregional transmission packet of virtual machine, it is logical in network
It interrogates layer to be formed with the control of application oriented base access, prevents the Sniffing Attack across application group.Even if in a virtual machine region
There is safety failure, it can also be in such a way that logical boundary controls safety failure not by network communication to other virtual machine areas
It spreads in domain.
Host on the different network segments keeps different virtual machine regions.If each virtual machine zone isolation is at oneself
Network segment, the leaking data risk across virtual machine region can be substantially reduced.The security capabilities of this kind of zone isolation relies on cloud
With itself function of virtual platform product, whens some platforms, can prevent a variety of threats, including address resolution protocol
(ARP) it cheats, attacker operates ARP table with MAC and the IP address of remapping, to obtain the network flow from a host
With.Attacker generates people at middle attack (MITM) using ARP deceptions, carries out refusal service (DoS) attack, kidnaps target system
System, and otherwise destroy virtual network.
It should be noted that problem in deployment and configuration:
Virtual machine logical boundary control need according to concrete application composition and feature, multiple network of making rational planning for technology with
The coordination of safe practice, including:Stateful fire wall (Firewall), network address translation (NAT), dynamic address allocation
(DHCP), point-to-point VPN (IPsec), remotely access VPN (SSL), TCP load balances etc..
On the basis of not influencing application availability and efficiency, fine-grained virtual firewall rule is provided as far as possible and is matched
It sets, focus on the application needs application layer detected rule to protect, and when virtual firewall can not provide, it can attempt to reset by flow
It is realized to using physics fire wall.
Traffic mirroring to IDS detectors port should be carried out network behavior audit protection by key area.
The safety requirements of different virtual resources is possible to have very big difference under cloud and virtual environment, it may be considered that using not
The quarantine measures of ad eundem realize zone isolation.
At least three regions have to be strictly separated management, virtual machine application region, storage region under normal circumstances
With system administration region.The safety program of wherein management region is particularly important.By taking VMware platforms as an example, it should be noted that asking below
Topic:
Virtual machine directly accesses (access request that vmkernel Microsoft Loopback Adapters are sent out) or dereference (management equipment
With application) it all must be by stringent control to any access of Hypervisor by network connection.Because of acquirement pair
The access control right of Hypervisor, which can bring about, takes any information in VMware ESX hosts or VMware ESXi hosts
Obtain the risk of access control right.
Risk is also brought along to any access of VMotion networks:Since memory information currently in use is with plaintext side
Formula is transmitted on the line, and the certificate and identity data in virtual machine are easy to expose.
By virtual machine, a backup server, or indirectly by Hypervisor and management tool to depositing
The access control for storing up network must be by stringent control.It is right due to can in clear text manner access the storage network information
The access of virtual memory network may bring the risk of content on virtual hard disk in exposed virtual machine.
Weak link in switching fabric is in practice likely to be physical network, because virtual gateway can prevent from working as to come
From the second layer attacks of VLAN, although attack is not from third layer.But nor all physical gateway can prevent to come
From the attack of second layer VLAN.
Equally by taking VMware platforms as an example, also there are the differentiation of security strategy level, usual VMware inside management region
The data of ESXi Host Administration equipment and the data mixing of VMotion are from the same line road, because they think the two
Should be that there is same degree of risk as other any networks.VMotion is the network for having highest risk, however such as
If fruit has malicious user that can break through VMware ESXi Host Administration equipment, so that it may to obtain the visit to all data in magnetic disk
It asks control authority, but is not necessarily VMotion data.As soon as if the two is transmitted on logical circuit, risk is relatively high
?.
Currently without the absolute good method for mitigating this problem, it is suitable that VMware ESXi not exclusively support that IPsec is used
Public key cryptography system come in converged network all data complete strong encryption, ciphering process be based on different data source use
Different key code systems.The management program of different administrative purposes uses different key code systems, can largely reduce
Overall risk, but also deployment realizes that difficulty is very big at present.
Storage region there is a problem of same:Other data often mixed are storage data and virtual-machine data.Change sentence
It talks about, same memory space can be accessed in virtual machine with ESX hosts.If virtual machine be not a storage management node or
The management node of person's form, it is also possible to lead to the high risk that security breaches occur in virtual environment.Therefore, data are applied in storage
Region and the regions of storage virtual machine data should be separate management.
The angle of different serve logs, granularity are different under cloud and virtual platform, to the whole audit strategy of combing, permission plan
Slightly carry out very big difficulty.
Rely on manually found from the various types daily record of magnanimity administrator the problem of should paying close attention to be it is highly difficult, therefore
It must be directed to the management characteristic of cloud platform and virtual machine, using mobile APP technologies, realize that OTP strong authentications ensure access safety, build
The automation tools that vertical daily record summarizes, retrieves, are improved by break-in, meet the needs of daily O&M.
On the other hand, the embodiment of the present invention has also carried the safe access control device under a kind of cloud environment or virtual environment.
With reference to figure 2, the cloud environment for being the embodiment of the present invention or the safe access control schematic device under virtual environment.
Safe access control device under the cloud environment or virtual environment, including:
First execution module 201, for studying the secure authentication technology based on disposal password agreement;
Second execution module 202, for studying secure virtual machine guard technology, virtual network isolation technology, virtual environment
Lower data isolation and access control technology;
Third execution module 203, for studying virtual environment security application audit technique;
4th execution module 204, for studying virtual environment access control technology and safety equipment virtualization research and development.
Wherein, first execution module 201 is specifically used for:Dynamic password token of the research suitable for mainstream cell phone platform
External member is made of handset token APP and server-side application program, effectively improves the safety of cloud and virtual system authentication,
Protect account number safety.
Wherein, second execution module 202 is specifically used for:Study the security isolation of virtual machine and access control, virtual
Interchanger, virtual firewall, the encryption storage of virtual image file, the load balancing of memory space, redundancy protecting, virtual machine
Backup and Restore etc.;Study virtual network safe practice, including the protection of partition security domain, security boundary etc.;The safe skill of data
Art is realized and ensures the safety of data storage uploading, being encrypted before storage to important data information.
Wherein, the third execution module 203 is specifically used for:The user studied under virtual environment accesses complete audit skill
Art carries out complete audit, it is ensured that user accesses row to user based on no agent skill group from login, using up to the overall process published
For compliance.
Wherein, the 4th execution module 204 is specifically used for:It studies virtual environment system and is based on user role to virtual environment
Role-Based Access Control and safety equipment virtualization research and development.
The device of above-described embodiment is implemented for realizing corresponding method in previous embodiment with corresponding method
The advantageous effect of example, details are not described herein.
Those of ordinary skills in the art should understand that:The discussion of any of the above embodiment is exemplary only, not
It is intended to imply that the scope of the present disclosure (including claim) is limited to these examples;Under the thinking of the present invention, above example
Or can also be combined between the technical characteristic in different embodiments, step can be realized with random order, and be existed such as
Many other variations of the different aspect of the upper present invention, for simplicity, they are not provided in details.
The embodiment of the present invention be intended to cover fall within the broad range of appended claims it is all it is such replace,
Modifications and variations.Therefore, all within the spirits and principles of the present invention, any omission, modification, equivalent replacement, the improvement made
Deng should all be included in the protection scope of the present invention.
Claims (10)
1. the safety access control method under a kind of cloud environment or virtual environment, which is characterized in that including:
Study the secure authentication technology based on disposal password agreement;
Study data isolation and access control technology under secure virtual machine guard technology, virtual network isolation technology, virtual environment;
Study virtual environment security application audit technique;
Study virtual environment access control technology and safety equipment virtualization research and development.
2. the safety access control method under cloud environment according to claim 1 or virtual environment, which is characterized in that described
Studying the secure authentication technology based on disposal password agreement includes:Dynamic password token of the research suitable for mainstream cell phone platform
External member is made of handset token APP and server-side application program, effectively improves the safety of cloud and virtual system authentication,
Protect account number safety.
3. the safety access control method under cloud environment according to claim 1 or virtual environment, which is characterized in that described
Data isolation and access control technology include under research secure virtual machine guard technology, virtual network isolation technology, virtual environment:
Study virtual machine security isolation and access control, virtual switch, virtual firewall, virtual image file encryption storage,
The load balancing of memory space, the Backup and Restore etc. of redundancy protecting, virtual machine;Study virtual network safe practice, including safety
Domain divides, security boundary protects etc.;Data safe practice is realized and important data information is being uploaded, carried out before storage
Encryption come ensure data storage safety.
4. the safety access control method under cloud environment according to claim 1 or virtual environment, which is characterized in that described
Studying virtual environment security application audit technique includes:The user studied under virtual environment accesses complete audit technology, is based on nothing
Agent skill group carries out complete audit to user from login, using up to the overall process published, it is ensured that the conjunction of user access activity is advised
Property.
5. the safety access control method under cloud environment according to claim 1 or virtual environment, which is characterized in that described
Research virtual environment access control technology and safety equipment virtualization research and development include:It studies virtual environment system and is based on user role pair
Role-Based Access Control and safety equipment the virtualization research and development of virtual environment.
6. the safe access control device under a kind of cloud environment or virtual environment, which is characterized in that including:
First execution module, for studying the secure authentication technology based on disposal password agreement;
Second execution module, for study under secure virtual machine guard technology, virtual network isolation technology, virtual environment data every
From and access control technology;
Third execution module, for studying virtual environment security application audit technique;
4th execution module, for studying virtual environment access control technology and safety equipment virtualization research and development.
7. the safe access control device under cloud environment according to claim 6 or virtual environment, which is characterized in that described
First execution module is specifically used for:Dynamic password token external member of the research suitable for mainstream cell phone platform, by handset token APP and
Server-side application program forms, and effectively improves the safety of cloud and virtual system authentication, protection account number safety.
8. the safe access control device under cloud environment according to claim 6 or virtual environment, which is characterized in that described
Second execution module is specifically used for:Study the security isolation and access control, virtual switch, virtual firewall, void of virtual machine
The encryption storage of quasi- image file, the Backup and Restore etc. of the load balancing of memory space, redundancy protecting, virtual machine;Research is virtual
Network security technology, including the protection of partition security domain, security boundary etc.;Data safe practice is realized to important data
Information ensures the safety of data storage uploading, being encrypted before storage.
9. the safe access control device under cloud environment according to claim 6 or virtual environment, which is characterized in that described
Third execution module is specifically used for:Study virtual environment under user access complete audit technology, based on no agent skill group to
Family carries out complete audit from login, using up to the overall process published, it is ensured that the compliance of user access activity.
10. the safe access control device under cloud environment according to claim 6 or virtual environment, which is characterized in that institute
The 4th execution module is stated to be specifically used for:Virtual environment system is studied based on user role to the Role-Based Access Control of virtual environment
It virtualizes and researches and develops with safety equipment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810358762.7A CN108809935A (en) | 2018-04-20 | 2018-04-20 | A kind of cloud environment or the safety access control method under virtual environment and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810358762.7A CN108809935A (en) | 2018-04-20 | 2018-04-20 | A kind of cloud environment or the safety access control method under virtual environment and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108809935A true CN108809935A (en) | 2018-11-13 |
Family
ID=64093375
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810358762.7A Pending CN108809935A (en) | 2018-04-20 | 2018-04-20 | A kind of cloud environment or the safety access control method under virtual environment and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108809935A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111966458A (en) * | 2020-08-10 | 2020-11-20 | 国网四川省电力公司信息通信公司 | Safety management method of virtual cloud desktop |
CN113596009A (en) * | 2021-07-23 | 2021-11-02 | 中国联合网络通信集团有限公司 | Zero trust access method, system, zero trust security proxy, terminal and medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1731723A (en) * | 2005-08-19 | 2006-02-08 | 上海林果科技有限公司 | Electron/handset token dynamic password identification system |
US20130067469A1 (en) * | 2011-09-14 | 2013-03-14 | Microsoft Corporation | Load Balancing By Endpoints |
CN103368973A (en) * | 2013-07-25 | 2013-10-23 | 浪潮(北京)电子信息产业有限公司 | Safety system for cloud operating system |
CN104104513A (en) * | 2014-07-22 | 2014-10-15 | 浪潮电子信息产业股份有限公司 | Safety isolation method for cloud side multi-tenant data storage |
CN105282178A (en) * | 2015-11-29 | 2016-01-27 | 国网江西省电力公司信息通信分公司 | Cloud computing security technology platform |
-
2018
- 2018-04-20 CN CN201810358762.7A patent/CN108809935A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1731723A (en) * | 2005-08-19 | 2006-02-08 | 上海林果科技有限公司 | Electron/handset token dynamic password identification system |
US20130067469A1 (en) * | 2011-09-14 | 2013-03-14 | Microsoft Corporation | Load Balancing By Endpoints |
CN103368973A (en) * | 2013-07-25 | 2013-10-23 | 浪潮(北京)电子信息产业有限公司 | Safety system for cloud operating system |
CN104104513A (en) * | 2014-07-22 | 2014-10-15 | 浪潮电子信息产业股份有限公司 | Safety isolation method for cloud side multi-tenant data storage |
CN105282178A (en) * | 2015-11-29 | 2016-01-27 | 国网江西省电力公司信息通信分公司 | Cloud computing security technology platform |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111966458A (en) * | 2020-08-10 | 2020-11-20 | 国网四川省电力公司信息通信公司 | Safety management method of virtual cloud desktop |
CN113596009A (en) * | 2021-07-23 | 2021-11-02 | 中国联合网络通信集团有限公司 | Zero trust access method, system, zero trust security proxy, terminal and medium |
CN113596009B (en) * | 2021-07-23 | 2023-03-24 | 中国联合网络通信集团有限公司 | Zero trust access method, system, zero trust security proxy, terminal and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11575712B2 (en) | Automated enforcement of security policies in cloud and hybrid infrastructure environments | |
Sabahi | Secure virtualization for cloud environment using hypervisor-based technology | |
Sabahi | Virtualization-level security in cloud computing | |
Oberheide et al. | Empirical exploitation of live virtual machine migration | |
US11601434B1 (en) | System and method for providing a dynamically reconfigurable integrated virtual environment | |
Wen et al. | The study on data security in Cloud Computing based on Virtualization | |
Ristov et al. | Security evaluation of open source clouds | |
KR101480443B1 (en) | Hybrid network partition system and method thereof | |
Bamiah et al. | Cloud implementation security challenges | |
CN108809935A (en) | A kind of cloud environment or the safety access control method under virtual environment and device | |
Djenna et al. | Security problems in cloud infrastructure | |
Toosarvandani et al. | The risk assessment and treatment approach in order to provide LAN security based on ISMS standard | |
Manavi et al. | Secure model for virtualization layer in cloud infrastructure | |
Owens | Securing virtual compute infrastructure in the cloud | |
CN109818908A (en) | A kind of method of controlling security under cloud and virtual environment | |
Bose et al. | A secure hypervisor-based technology create a secure cloud environment | |
He et al. | Dynamic secure interconnection for security enhancement in cloud computing | |
Narang et al. | A review on different security issues and challenges in cloud computing | |
Prasad et al. | A survey on user awareness of cloud security | |
Naidu et al. | Addressing Cloud Computing Security Issues with Solutions | |
Dinesh | Cloud Computing and its Variable Techniques in Obtaining Data Security Parameter | |
Nan | Virtualization safety problem analysis | |
Babu et al. | A secure virtualized cloud environment with pseudo-hypervisor IP based technology | |
Raza et al. | A review on security issues and their impact on hybrid cloud computing environment | |
Su et al. | Study of Cloud Computing Security Service Model |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20181113 |