CN109255236A - A kind of the booting method of inspection and device of virtual machine - Google Patents
A kind of the booting method of inspection and device of virtual machine Download PDFInfo
- Publication number
- CN109255236A CN109255236A CN201811141843.8A CN201811141843A CN109255236A CN 109255236 A CN109255236 A CN 109255236A CN 201811141843 A CN201811141843 A CN 201811141843A CN 109255236 A CN109255236 A CN 109255236A
- Authority
- CN
- China
- Prior art keywords
- component
- virtual machine
- cipher
- text information
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses the booting methods of inspection and device of virtual machine, can effectively monitor whether virtual machine is illegally distorted.The described method includes: carrying out computations when the virtual machine shuts down using multiple components of the complex encryption mode to the virtual machine, obtaining respective first cipher-text information of the multiple component;When the virtual machine is switched on, respective second cipher-text information of the multiple component is obtained using with the complex encryption mode;In the multiple component, when the first cipher-text information and the second cipher-text information of each component are identical, the virtual machine is allowed to be switched on.Using the embodiment of the present invention, using the embodiment of the present invention, use cipher mode of the same race, the component in virtual machine system is encrypted in shutdown and booting, and it carries out cipher-text information and compares, it can effectively monitor whether virtual machine is illegally distorted, to improve the safety of virtualization system entirety.
Description
Technical field
The present invention relates to computer technology, the booting method of inspection and device of espespecially a kind of virtual machine.
Background technique
Server virtualization technology promotes the development of entire office's networking, is widely applied in various fields.But it is following
Security threat also become emphasis concerned by people.Virtual machine component is illegally distorted after virtual machine shutdown to happen occasionally, existing
Have in technology, this illegally distort can not add survey.
Summary of the invention
In order to solve the above-mentioned technical problems, the present invention provides the booting methods of inspection and device of a kind of virtual machine, can
Whether effectively monitoring virtual machine is illegally distorted.
In order to reach the object of the invention, the present invention provides a kind of booting methods of inspection of virtual machine, which comprises
When the virtual machine shuts down, computations are carried out using multiple components of the complex encryption mode to the virtual machine,
Obtain respective first cipher-text information of the multiple component;
When the virtual machine is switched on, respective second ciphertext of the multiple component is obtained using with the complex encryption mode
Information;In the multiple component, when the first cipher-text information and the second cipher-text information of each component are identical, described in permission
Virtual machine booting;
Wherein, the complex encryption mode refers to: for each of scheduled members in the multiple component
Part proceeds as follows respectively: using the first cipher-text information of one or more components corresponding with the component and the component as
One entirety is encrypted;Each of remaining component in the multiple component part is proceeded as follows respectively: right
The component itself is encrypted.
Further, scheduled members refer in the multiple component: described according to scheduled component encryption order
Component in multiple components other than the component for being ordered as first;Remaining component refers in the multiple component: according to institute
Scheduled component encryption order is stated, first component is ordered as.
Further, using the first cipher-text information of the corresponding one or more components of the component and the component as one
Entirety is encrypted, comprising:
According to scheduled component encryption order, the first cipher-text information by sequence in the previous component of the component is put into this
In component, then the component is encrypted.
Further, described obtain after multiple first cipher-text informations can also include: by the multiple component respective the
One cipher-text information is stored in the different location where with the component.
Further, when the method can also include: virtual machine shutdown, using complex encryption mode to the void
Before multiple components of quasi- machine carry out computations, can also include:
The complex encryption mode is configured.
To solve the above-mentioned problems, the present invention also provides the booting verifying attachment of virtual machine, may include: memory and
Processor;
The memory, for saving the program for being used for performance test;
The processor executes the program for being used for performance test for reading, performs the following operations:
When virtual machine shutdown, encryption meter is carried out using multiple components of the complex encryption mode to the virtual machine
It calculates, obtains respective first cipher-text information of the multiple component;
It is close using the multiple component respective second is obtained with the complex encryption mode when virtual machine booting
Literary information;In the multiple component, when the first cipher-text information and the second cipher-text information of each component are identical, allow institute
State virtual machine booting;
Wherein, the complex encryption mode refers to: for each of scheduled members in the multiple component
Part proceeds as follows respectively: using the first cipher-text information of one or more components corresponding with the component and the component as
One entirety is encrypted;Each of remaining component in the multiple component part is proceeded as follows respectively: right
The component itself is encrypted.
Further, scheduled members refer in the multiple component: described according to scheduled component encryption order
Component in multiple components other than the component for being ordered as first;Remaining component refers in the multiple component: according to institute
Scheduled component encryption order is stated, first component is ordered as.
Further, using the first cipher-text information of the corresponding one or more components of the component and the component as one
Entirety is encrypted, and may include:
According to scheduled component encryption order, the first cipher-text information by sequence in the previous component of the component is put into this
In component, then the component is encrypted.
Further, the processor, which is read, executes the program for being used for performance test, also performs the following operations:
It is described obtain multiple first cipher-text informations after, by respective first cipher-text information of the multiple component be stored in
Different location where the component.
Further, the processor, which is read, executes the program for being used for performance test, also performs the following operations:: when
When the virtual machine shuts down, before carrying out computations using multiple components of the complex encryption mode to the virtual machine, also
May include:
The complex encryption mode is configured.
Compared with prior art, when the present invention includes virtual machine shutdown, using complex encryption mode to described virtual
Multiple components of machine carry out computations, obtain respective first cipher-text information of the multiple component;When the virtual machine is switched on,
Respective second cipher-text information of the multiple component is obtained using with the complex encryption mode;In the multiple component, often
When the first cipher-text information and the second cipher-text information of a component are identical, the virtual machine is allowed to be switched on;Wherein, described compound
Cipher mode refers to: each of scheduled members in the multiple component part being proceeded as follows respectively: will
First cipher-text information of one or more components corresponding with the component and the component are encrypted as a whole;For
Each of remaining component part proceeds as follows respectively in the multiple component: encrypting to the component itself.Make
With cipher mode of the same race, the component in virtual machine system is encrypted in shutdown and booting, and carry out cipher-text information into
Row comparison, can effectively monitor whether virtual machine is illegally distorted, to improve the safety of virtualization system entirety.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by specification, right
Specifically noted structure is achieved and obtained in claim and attached drawing.
Detailed description of the invention
Attached drawing is used to provide to further understand technical solution of the present invention, and constitutes part of specification, with this
The embodiment of application technical solution for explaining the present invention together, does not constitute the limitation to technical solution of the present invention.
Fig. 1 is the flow chart of the booting method of inspection of the virtual machine of the embodiment of the present invention one;
Fig. 2 is the process of the virtual machine component ciphering process of the booting method of inspection of the virtual machine of the embodiment of the present invention two
Figure;
Fig. 3 is the structural schematic diagram of the booting verifying attachment of the virtual machine of the embodiment of the present invention three.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention
Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application
Feature can mutual any combination.
Step shown in the flowchart of the accompanying drawings can be in a computer system such as a set of computer executable instructions
It executes.Also, although logical order is shown in flow charts, and it in some cases, can be to be different from herein suitable
Sequence executes shown or described step.
Embodiment one
The booting method of inspection for present embodiments providing a kind of virtual machine, as shown in Figure 1, this method includes S11-S12:
When S11, virtual machine shutdown, computations are carried out using multiple components of the complex encryption mode to virtual machine, are obtained
Multiple respective first cipher-text informations of component;
When S12, virtual machine booting, respective second cipher-text information of multiple components is obtained using with complex encryption mode;When
In multiple components, when the first cipher-text information and the second cipher-text information of each component are identical, virtual machine is allowed to be switched on;
Wherein, complex encryption mode refers to: for each of scheduled members in multiple components part respectively into
The following operation of row: as a whole by the first cipher-text information of one or more components corresponding with the component and the component
It is encrypted;Each of remaining component in multiple components part is proceeded as follows respectively: to the component itself into
Row encryption.
Using the embodiment of the present invention, virtual machine shuts down, after referring to that virtualization system receives the shutdown command that administrator assigns,
It shuts down to virtual machine, after the completion of shutdown, carries out computations.Virtual machine booting, refers to that virtualization system receives administrator and assigns
Power-on instruction after, first progress cipher-text information comparison, after comparing successfully, then carry out the power-on operation of virtual machine.It is described virtual
The component of machine is stored in virtual machine system.Using cipher mode of the same race, in shutdown and booting in virtual machine system
Component encrypted, and carry out cipher-text information and compare, can effectively monitor whether virtual machine is illegally distorted, to mention
The safety of virtualization system entirety is risen.
In one alternate embodiment, the component in the virtual machine may include A, B, C, D, E, F;Only to A, B therein,
C, D, E component are encrypted, and F component is without encryption, then the multiple component may include A, B, C, D, E;I.e.;To A, B,
C, when D, E are encrypted, A, B component only encrypt itself, when each of C, D, E component part encrypts, need it
The cipher-text information of its component and component itself are encrypted as a whole, for example, needing when encrypting to component D
The cipher-text information of component A is put into component D, the cipher-text information of component A and component D are encrypted together, obtains the close of component D
Literary information.The corresponding one or more components component of D component.In multiple A, B, C, D, E, the scheduled members refer to group
Part C, D, E, remaining described component are finger assembly A, B.
In the present embodiment, scheduled members can refer in multiple components: according to scheduled component encryption order,
Component in multiple components other than the component for being ordered as first;Remaining component refers in multiple components: according to scheduled
Component encryption order is ordered as first component.
In the present embodiment, using the first cipher-text information of the corresponding one or more components of the component and the component as
One entirety is encrypted, and may include:
According to scheduled component encryption order, the first cipher-text information by sequence in the previous component of the component is put into this
In component, then the component is encrypted.
In one alternate embodiment, the first cipher-text information of the one or more components before the component can be put into
In the component, then the component is encrypted.
In one alternate embodiment, the sequence of remaining component can be preset in the multiple component, can be by
Random order is encrypted, and can only be included scheduled members in the multiple component in front assembly, can only be included
Remaining component in the multiple component can not only include scheduled members in the multiple component, but also including described more
Remaining component in a component.
For example assume to include component A, B, C, D, E, F in virtual machine;Wherein a components more to component A, B, C, D, E add
Close, component F is without encryption;Scheduled members may include tri- components of C, D, E in multiple components, and encryption order is successively
For C, D, E;Remaining component may include two components of A, B, and the encryption order of A, B component can be before C, D, E, can also be with
After C, D, E or encryption order is interspersed between C, D, E, be can according to need and is set, and specific limit is not done
It is fixed.When the encryption order of multiple components is A, B, C, D, E, when being encrypted to scheduled members in the multiple component
May include following three kinds of situations:
When encrypting to E, C, D component have obtained respective first cipher-text information, can by one in C, D or
Multiple first cipher-text informations are put into component E component, then are encrypted to E, and the first cipher-text information of E is obtained, described at this time
It only include scheduled members in front assembly;
When encrypting to C component, A, B component have obtained respective first cipher-text information, can be by one in component A, B
A or multiple first cipher-text informations are put into component C, then are encrypted to C, and the first cipher-text information of C is obtained, described at this time
Only including in front assembly only includes remaining component;
When encrypting to component E, A, B, C, D component have obtained respective first cipher-text information;It can will be in component A, B
The first cipher-text information of one or more and the first cipher-text information of one or more of C, D be put into component E, then to E into
Row encryption, obtains the first cipher-text information of E, and described at this time in front assembly includes simultaneously scheduled members and remaining group
Part.Such as when the cipher-text information of component B is put into component C, can be raw content in most start or end and component C it
Between with predetermined symbol (such as FFFFFFFF) separation, then after predetermined symbol content be component B cipher-text information.
It in the present embodiment, can also include: that multiple components respective first are close after multiple first cipher-text informations of acquisition
Literary information is stored in and the different location where component.
In the present embodiment, when the booting method of inspection of the virtual machine can also include: virtual machine shutdown, use is compound
Before cipher mode carries out computations to multiple components of virtual machine, can also include:
Complex encryption mode is configured.
In one alternate embodiment, be configured may include one or more of setting:
Determine the multiple components encrypted;
Set the sequencing of the scheduled members encryption;
It is set in in the encryption of rear component, corresponding includes the cipher-text information in the component of preceding encryption.
In the embodiment of the present invention, when the virtual machine shuts down, using complex encryption mode to multiple groups of the virtual machine
Part carries out computations, obtains respective first cipher-text information of the multiple component;The virtual machine be switched on when, using with it is described
Complex encryption mode obtains respective second cipher-text information of the multiple component;In the multiple component, the of each component
When one cipher-text information and the second cipher-text information are identical, the virtual machine is allowed to be switched on;Wherein, the complex encryption mode is
Refer to: each of scheduled members in the multiple component part being proceeded as follows respectively: will be with the component pair
First cipher-text information of the one or more components answered and the component are encrypted as a whole;For the multiple group
Each of remaining component part proceeds as follows respectively in part: encrypting to the component itself, using of the invention real
Example is applied, using cipher mode of the same race, the component in virtual machine system is encrypted in shutdown and booting, and carry out ciphertext
Information compares, and can effectively monitor whether virtual machine is illegally distorted, to improve the safety of virtualization system entirety
Property.
Embodiment two
Above-described embodiment method is specifically described in the present embodiment, the work of virtual machine component encryption device in the present embodiment
Make process, as shown in Fig. 2.
(1) when virtual machine shuts down, the respective cipher-text information of the multiple component is obtained;
Virtual machine component includes: database file, virtual machine configuration, virtual machine system disk and virtual machine in this implementation
Data disks.Database file is for recording the information such as virtual machine owner, operation log;, virtual machine configuration is for recording
The configuration informations such as virtual machine CPU, memory, network interface card;Virtual machine system disk is used to be stored in virtualization system with document form, is empty
Quasi- machine data disks are stored in virtualization system with document form, may there is muti-piece.
The sequencing of each component encryption is database file, virtual machine configuration, virtual machine system in the present embodiment
Disk and virtual-machine data disk, the component that database file is first when remaining component encrypts, need to include in addition to first component
First in the cipher-text information of preceding encrypted component, may include:
Firstly, component, that is, virtual-machine data library file to first encrypts, the close of virtual-machine data library file is obtained
Literary information;Then, database file ciphertext and virtual machine configuration are encrypted as a whole, obtains virtual machine configuration text
The cipher-text information of part;Third encrypts the cipher-text information of virtual machine configuration and system disk data file as a whole,
Obtain the cipher-text information of system disk data file;Finally, using the cipher-text information of system disk data file and data disks file as
Entirety is encrypted, and the cipher-text information of data disks file is obtained.If there is multi-block data disk then continues to encrypt according to the above rule.
The above encryption policy is referred to as " chain type encryption " herein, by " chain type encryption ", even if virtual machine one or more components with
Ciphertext is illegally distorted, and the comparison with subsequent ciphertext can all fail.
(2) dispersion storage is carried out to multiple cipher-text informations;
After completing " chain type encryption " to virtual machine, cipher-text information will be deposited by virtual machine component ciphertext storage device
Storage.The cipher-text information of virtual-machine data library file is stored in virtual machine configuration by virtual machine component ciphertext storage device;
Different location where respective first cipher-text information of the multiple component is stored in the component.This implementation
In example, the cipher-text information of virtual machine configuration is stored in system disk file;The cipher-text information of virtual machine system disk is deposited
Storage is in virtual-machine data disk file;Virtual-machine data disk cipher-text information is stored in virtualization system database.Pass through this
Kind dispersion storage, improves the difficulty that ciphertext is obtained illegally.
(3) when the virtual machine is switched on, the comparison of cipher-text information is carried out;
When virtual machine is switched on again, virtualization system can call virtual machine component encryption device to use same side again
Formula carries out computations to virtual machine component, then the ciphertext being calculated and will be stored in virtual machine component ciphertext storage device
Ciphertext be compared, if compare failure if think that virtual machine component is illegally distorted.
When the configuration information of virtual machine and database information are by legal modifications, virtualization system can be again to virtual robot arm
Part carries out " chain type encryption ", then updates ciphertext into virtual machine component ciphertext storage device.
The present embodiment can be applied to comprising virtual machine component encryption device, virtual machine component ciphertext storage device and ciphertext pair
Than in the system of device.The virtual machine component encryption device to component is each to encrypt;The virtual machine component is close
Literary storage device is to store each cipher-text information;The ciphertext comparison device is produced to compare in shutdown process and start process
Raw cipher-text information.
Virtual machine key component chain type is encrypted by encryption device when virtual machine closed state, before virtual machine starting,
Each component daisy chaining formula is encrypted again, is compared by ciphertext and determines whether virtual machine is tampered during shutdown.The present invention is except suitable
Outside for server virtualization system, also it is suitable for other IaaS softwares, such as cloud computing manages platform.
Embodiment three
A kind of booting verifying attachment of virtual machine is present embodiments provided, description is also applied for this in above method embodiment
In embodiment, as shown in figure 3, the device includes: memory 31 and processor 32;
Memory 31, for saving the program for being used for performance test;
Processor 32 executes the program for being used for performance test for reading, performs the following operations:
When virtual machine shutdown, computations are carried out using multiple components of the complex encryption mode to virtual machine, are obtained more
A respective first cipher-text information of component;
When virtual machine booting, respective second cipher-text information of multiple components is obtained using with complex encryption mode;When more
In a component, when the first cipher-text information and the second cipher-text information of each component are identical, virtual machine is allowed to be switched on;Wherein,
Complex encryption mode refers to: each of scheduled members in multiple components part being proceeded as follows respectively: will
First cipher-text information of one or more components corresponding with the component and the component are encrypted as a whole;For
Each of remaining component part proceeds as follows respectively in multiple components: encrypting to the component itself.
In the present embodiment, scheduled members refer in multiple components: multiple according to scheduled component encryption order
Component in component other than the component for being ordered as first;Remaining component refers in multiple components: according to scheduled component
Encryption order is ordered as first component.
In the present embodiment, using the first cipher-text information of the corresponding one or more components of the component and the component as
One entirety is encrypted, and may include:
According to scheduled component encryption order, the first cipher-text information by sequence in the previous component of the component is put into this
In component, then the component is encrypted.
In the present embodiment, the processor, which is read, executes the program for being used for performance test, also performs the following operations:
After obtaining multiple first cipher-text informations also, respective first cipher-text information of multiple components is stored in and component institute
Different location.
In the present embodiment, the processor, which is read, executes the program for being used for performance test, also performs the following operations:
When virtual machine shutdown, before carrying out computations using multiple components of the complex encryption mode to virtual machine,
Can also include:
Complex encryption mode is configured.
It will appreciated by the skilled person that whole or certain steps, system, dress in method disclosed hereinabove
Functional module/unit in setting may be implemented as software, firmware, hardware and its combination appropriate.In hardware embodiment,
Division between the functional module/unit referred in the above description not necessarily corresponds to the division of physical assemblies;For example, one
Physical assemblies can have multiple functions or a function or step and can be executed by several physical assemblies cooperations.Certain groups
Part or all components may be implemented as by processor, such as the software that digital signal processor or microprocessor execute, or by
It is embodied as hardware, or is implemented as integrated circuit, such as specific integrated circuit.Such software can be distributed in computer-readable
On medium, computer-readable medium may include computer storage medium (or non-transitory medium) and communication media (or temporarily
Property medium).As known to a person of ordinary skill in the art, term computer storage medium is included in for storing information (such as
Computer readable instructions, data structure, program module or other data) any method or technique in the volatibility implemented and non-
Volatibility, removable and nonremovable medium.Computer storage medium include but is not limited to RAM, ROM, EEPROM, flash memory or its
His memory technology, CD-ROM, digital versatile disc (DVD) or other optical disc storages, magnetic holder, tape, disk storage or other
Magnetic memory apparatus or any other medium that can be used for storing desired information and can be accessed by a computer.This
Outside, known to a person of ordinary skill in the art to be, communication media generally comprises computer readable instructions, data structure, program mould
Other data in the modulated data signal of block or such as carrier wave or other transmission mechanisms etc, and may include any information
Delivery media.
Although disclosed herein embodiment it is as above, the content only for ease of understanding the present invention and use
Embodiment is not intended to limit the invention.Technical staff in any fields of the present invention is taken off not departing from the present invention
Under the premise of the spirit and scope of dew, any modification and variation, but the present invention can be carried out in the form and details of implementation
Scope of patent protection, still should be subject to the scope of the claims as defined in the appended claims.
Claims (10)
1. a kind of booting method of inspection of virtual machine, which is characterized in that the described method includes:
When the virtual machine shuts down, computations are carried out using multiple components of the complex encryption mode to the virtual machine, are obtained
The multiple respective first cipher-text information of component;
When the virtual machine is switched on, believed using respective second ciphertext of the multiple component is obtained with the complex encryption mode
Breath;In the multiple component, when the first cipher-text information and the second cipher-text information of each component are identical, allow the void
Quasi- machine booting;
Wherein, the complex encryption mode refers to: for each of scheduled members in the multiple component part point
It does not proceed as follows: using the first cipher-text information of one or more components corresponding with the component and the component as one
Entirety is encrypted;Each of remaining component in the multiple component part is proceeded as follows respectively: to the group
Part itself is encrypted.
2. the method according to claim 1, wherein
Scheduled members refer in the multiple component: according to scheduled component encryption order, removing in the multiple component
The component being ordered as other than first component;
Remaining component refers in the multiple component: according to the scheduled component encryption order, being ordered as first component.
3. the method according to claim 1, wherein close by the first of the corresponding one or more components of the component
Literary information and the component are encrypted as a whole, comprising:
According to scheduled component encryption order, the first cipher-text information by sequence in the previous component of the component is put into the component
In, then the component is encrypted.
4. the method according to claim 1, wherein after multiple first cipher-text informations of acquisition further include: will
The multiple respective first cipher-text information of component is stored in the different location where with the component.
5. the method according to claim 1, wherein being used when shutting down the method also includes: the virtual machine
Complex encryption mode carries out multiple components of the virtual machine before computations, further includes:
The complex encryption mode is configured.
6. a kind of booting verifying attachment of virtual machine, comprising: memory and processor;It is characterized by:
The memory, for saving the program for being used for performance test;
The processor executes the program for being used for performance test for reading, performs the following operations:
When virtual machine shutdown, computations are carried out using multiple components of the complex encryption mode to the virtual machine, are obtained
Obtain the multiple respective first cipher-text information of component;
When virtual machine booting, believed using respective second ciphertext of the multiple component is obtained with the complex encryption mode
Breath;In the multiple component, when the first cipher-text information and the second cipher-text information of each component are identical, allow the void
Quasi- machine booting;
Wherein, the complex encryption mode refers to: for each of scheduled members in the multiple component part point
It does not proceed as follows: using the first cipher-text information of one or more components corresponding with the component and the component as one
Entirety is encrypted;Each of remaining component in the multiple component part is proceeded as follows respectively: to the group
Part itself is encrypted.
7. device according to claim 6, which is characterized in that
Scheduled members refer in the multiple component: according to scheduled component encryption order, removing in the multiple component
The component being ordered as other than first component;
Remaining component refers in the multiple component: according to the scheduled component encryption order, being ordered as first component.
8. device according to claim 6, which is characterized in that close by the first of the corresponding one or more components of the component
Literary information and the component are encrypted as a whole, comprising:
According to scheduled component encryption order, the first cipher-text information by sequence in the previous component of the component is put into the component
In, then the component is encrypted.
9. device according to claim 6, which is characterized in that the processor is read described in execution for performance test
Program also performs the following operations:
After obtaining multiple first cipher-text informations, respective first cipher-text information of the multiple component is stored in and the component
The different location at place.
10. device according to claim 6, which is characterized in that it is described for performance test that the processor reads execution
Program, also perform the following operations:
When virtual machine shutdown, using complex encryption mode to multiple components of the virtual machine carry out computations it
Before, the complex encryption mode is configured.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811141843.8A CN109255236A (en) | 2018-09-28 | 2018-09-28 | A kind of the booting method of inspection and device of virtual machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811141843.8A CN109255236A (en) | 2018-09-28 | 2018-09-28 | A kind of the booting method of inspection and device of virtual machine |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109255236A true CN109255236A (en) | 2019-01-22 |
Family
ID=65048225
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811141843.8A Pending CN109255236A (en) | 2018-09-28 | 2018-09-28 | A kind of the booting method of inspection and device of virtual machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109255236A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110087874A1 (en) * | 2009-10-12 | 2011-04-14 | Veeam Software International Ltd. | Item-level restoration and verification of image level backups |
| CN102968595A (en) * | 2012-12-20 | 2013-03-13 | 曙光云计算技术有限公司 | Method and device for protecting virtual machine system |
| CN105912953A (en) * | 2016-05-11 | 2016-08-31 | 北京北信源软件股份有限公司 | Trusted booting based data protecting method of virtual machine |
| CN107169373A (en) * | 2017-05-11 | 2017-09-15 | 山东超越数控电子有限公司 | A kind of virtual machine image file guard method and system |
| CN108155993A (en) * | 2017-12-29 | 2018-06-12 | 北京树米网络科技有限公司 | The data ciphering method and device of VSIM cards |
-
2018
- 2018-09-28 CN CN201811141843.8A patent/CN109255236A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110087874A1 (en) * | 2009-10-12 | 2011-04-14 | Veeam Software International Ltd. | Item-level restoration and verification of image level backups |
| CN102968595A (en) * | 2012-12-20 | 2013-03-13 | 曙光云计算技术有限公司 | Method and device for protecting virtual machine system |
| CN105912953A (en) * | 2016-05-11 | 2016-08-31 | 北京北信源软件股份有限公司 | Trusted booting based data protecting method of virtual machine |
| CN107169373A (en) * | 2017-05-11 | 2017-09-15 | 山东超越数控电子有限公司 | A kind of virtual machine image file guard method and system |
| CN108155993A (en) * | 2017-12-29 | 2018-06-12 | 北京树米网络科技有限公司 | The data ciphering method and device of VSIM cards |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110414268B (en) | Access control method, device, equipment and storage medium | |
| CN106133743B (en) | System and method for optimizing the scanning of pre-installation application program | |
| US9594921B2 (en) | System and method to provide server control for access to mobile client data | |
| US9576147B1 (en) | Security policy application through data tagging | |
| EP2681689B1 (en) | Protecting operating system configuration values | |
| US9021546B1 (en) | Systems and methods for workload security in virtual data centers | |
| US9477833B2 (en) | Systems and methods for updating possession factor credentials | |
| US9270467B1 (en) | Systems and methods for trust propagation of signed files across devices | |
| US11757850B2 (en) | Distributed logging for securing non-repudiable multi-party transactions | |
| CN107003866A (en) | The safety establishment of encrypted virtual machine from encrypted template | |
| US20170123925A1 (en) | Methods and Apparatus for Mobile Computing Device Security in Testing Facilities | |
| US10432622B2 (en) | Securing biometric data through template distribution | |
| US11601281B2 (en) | Managing user profiles securely in a user environment | |
| US9740920B1 (en) | Systems and methods for securely authenticating users via facial recognition | |
| CN112104627B (en) | Block chain-based data transmission method and device, electronic equipment and storage medium | |
| CN109614203B (en) | Android application cloud data evidence obtaining and analyzing system and method based on application data simulation | |
| CN109657492A (en) | Data base management method, medium and electronic equipment | |
| US10318272B1 (en) | Systems and methods for managing application updates | |
| CN109889477A (en) | Server based on trusted cryptography's engine starts method and device | |
| CN108229190B (en) | Transparent encryption and decryption control method, device, program, storage medium and electronic equipment | |
| US11245679B1 (en) | Securing external access to runtime services in appliances | |
| CN109583214A (en) | A kind of method of controlling security | |
| CN110543775B (en) | Data security protection method and system based on super-fusion concept | |
| CN114020403B (en) | Chain code management method and device of alliance chain and terminal equipment | |
| CN115244535A (en) | System and method for protecting folders from unauthorized file modification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190122 |