CN109783192A - A kind of secure virtual machine migratory system - Google Patents
A kind of secure virtual machine migratory system Download PDFInfo
- Publication number
- CN109783192A CN109783192A CN201811548224.0A CN201811548224A CN109783192A CN 109783192 A CN109783192 A CN 109783192A CN 201811548224 A CN201811548224 A CN 201811548224A CN 109783192 A CN109783192 A CN 109783192A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- tpcm
- virtual
- module
- secure
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The present invention relates to a kind of secure virtual machine migratory systems; including Cloud Server hardware environment, host machine system, virtual machine monitor and one or more virtual machine instances; it wherein include local security migration engine in host machine system; the local security migration engine includes key negotiation module, remote proving module, Confidentiality protection module, integrity protection module and virtual TPCM life cycle management module, through the invention in secure virtual machine migratory system safety transfer of the virtual machine between source node and target may be implemented.
Description
Technical field
The present invention relates to virtual cloud security fields, and in particular to a kind of secure virtual machine migratory system.
Background technique
Cloud computing technology is grown rapidly now, has become the research hotspot of domestic and international internet industry.As a kind of new
Type calculates mode, it is using resource rental, application hosting, service outsourcing as core, using IT resource, data, using logical as service
It crosses internet and is supplied to cloud tenant.
Most worthy is dynamic migration of virtual machine technology in cloud computing.Dynamic migration of virtual machine technology can keep empty
While quasi- machine operation, it is moved to purpose physical machine from a source physical machine, and resume operation in purpose physical machine, from
And guaranteeing transition process is transparent to user.Moreover, the dynamic load of server may be implemented in dynamic migration of virtual machine technology
Balanced and on-line maintenance, and provide a kind of perspective fault-tolerant networks.Currently, the research for dynamic migration of virtual machine technology is big
Mostly it is the research to transport efficiency, such as shortens transit time, fast transferring, reduces the amount of migration, to exists in transition process
Study on Safety Problem is less.And in actual cloud computing environment, often there is a large amount of security threat and needs to further investigate simultaneously
It is proposed reasonable solution.Its problem specifically includes that the fragility of data transmission channel, i.e., migrating data is in no any guarantor
In the case where shield, the attack of passive listening and active control may be subjected to;For the attack of VMM, attacker may be used
The attack patterns such as network cheating and Replay Attack, when lacking access control, attacker can kidnap the control of VMM, arbitrarily
It initiates virtual machine (vm) migration and controls Client OS;For the attack of transferring module, moving for virtual machine (vm) migration is realized in VMM
Loophole in shifting formwork block will lead to VMM and client computer OS by the destruction of attacker.
Summary of the invention
For the above-mentioned problems in the prior art, the invention proposes a kind of secure virtual machine migratory systems, meet
Platform authentication, data transmission protection, the protection of virtual credible root atomicity and VM- virtual TPCM security association four safety need
It asks.
The invention proposes a kind of secure virtual machine migratory systems characterized by comprising
Cloud Server hardware environment, the Cloud Server hardware environment include hardware TPCM chip;
Host machine system includes local security migration engine in the host machine system;
Virtual machine monitor includes virtual TPCM backend driver in the virtual machine monitor, loads virtual TPCM
Example executes actively monitoring to virtual machine and actively measures;
One or more virtual machine instances, one or more of virtual machine instances are managed by the virtual machine monitor is unified
It manages, includes a trusted software base in each virtual machine instance, measurement, control are executed to virtual machine by the trusted software base
And decision.
Preferably, the system also includes:
The hardware TPCM chip and host machine system constitute dual system architecture, preferentially power on before system operation
Starting carries out active safety measurement to system.
Preferably, the local security migration engine includes:
Key negotiation module, remote proving module, Confidentiality protection module, integrity protection module and virtual TPCM life
Cycle management module.
Preferably, the system also includes:
The key negotiation module uses friendship by tls handshake protocol in the handshake procedure of source node and destination node
Change information and calculate separately and obtain two symmetric keys --- Kenc and Kmac.
Preferably, the system also includes:
The remote proving module proves the integrality of target platform.
Preferably, the system also includes:
Kenc that the Confidentiality protection module and the integrity protection module call key negotiation module to obtain and
Kmac key carries out encryption and decryption and completeness check to the data flow of transmission.
Preferably, the system also includes:
If completeness check success, the completeness check module of target platform can return to ATT_SUCCESS notice, failure
ATT_FAILED is then returned, session is interrupted.
Preferably, the system also includes:
For the virtual machine TPCM life cycle management module during virtual machine (vm) migration, the TPCM deleted in source node is real
Example creates the TPCM example of duplicate plate according to the TPCM example in source node in destination node.
Preferably, the system also includes:
The virtual machine TPCM life cycle management module is packaged the virtual TPCM example in source node;
Destination node is sent by the virtual TPCM example after encapsulation;
The destination node regenerates new virtual TPCM example according to the virtual TPCM example.
The invention proposes a kind of secure virtual machine migratory systems, guarantee virtual machine in source node by quadruple security mechanism
Safety transfer between destination node: first, key agreement and remote proving module realize the flat of virtual machine (vm) migration process
It is authenticated between platform;Second, the session key that Confidentiality protection module and integrity protection module are obtained using key negotiation module,
Transmission data are carried out adding solution and completeness check, ensure that and construct safe communication channel between source platform and target platform;
Third, virtual TPCM life cycle management module learn virtual machine (vm) migration to target platform, the starting of schedule virtual TPCM manager
Virtual TPCM example carries out actively monitoring to virtual machine and actively measures, and completes the bindings of the virtual TPCM of VM-, ensure that
The security association of the virtual TPCM of VM-;4th, the virtual virtual TPCM manager of TPCM life cycle management module schedules is completed virtual
The operation such as creation, deletion of TPCM example, ensure that in transition process will not lose virtual TPCM example because of migration failure,
It will not be completed because of migration, occur old not deleted virtual TPCM example copy in source platform, virtually may be used to ensure that
Believe the atomicity of root.
Detailed description of the invention
Present invention will be further explained below with reference to the attached drawings and examples, in attached drawing:
Fig. 1 is XEN virtual machine (vm) migration system architecture diagram in the prior art;
Fig. 2 is one of the embodiment of the present invention one secure virtual machine migratory system architecture diagram;
Fig. 3 is the local security migration engine comprising modules figure in the embodiment of the present invention two;
Fig. 4 is one of the embodiment of the present invention three secure virtual machine moving method flow chart.
Specific embodiment
Now in conjunction with attached drawing, elaborate to presently preferred embodiments of the present invention.
XEN dynamic migration of virtual machine system is as shown in Figure 1, it includes four basic modules in the prior art: migration is monitored
Module runs transferring module, freezes module and target platform wake-up module.The major functions of each module are as follows:
Monitor transferring module: monitor transferring module major function be determination to carry out virtual machine (vm) migration virtual machine it is real
The problems such as example, transit time, the target platform moved to.
Operation transferring module: operation transferring module mainly monitors and the entire virtual machine (vm) migration process of control.The module is whole
The key of a virtual machine (vm) migration will have a direct impact on migration elapsed time and downtime.It receives the signal from transferring module,
If necessary to migrate, collects source platform and relevant operation information and package information is labeled as domain.Then and freeze module progress
Communication, and then source platform execution is freezed to instruct, freeze source platform.When target platform obtains the shape of virtual machine operation in source platform
After state information, which initiates wake-up signal, the virtual machine instance of wake up target server.
Freeze module: freezing module for the virtual machine to source platform and target platform and execute freeze operation, i.e. virtual machine
It shuts down.Integrality, consistency and the continuity of service, downtime in order to guarantee data is very of short duration.
Wake-up module: target platform obtains in source platform after the status information of virtual machine operation, so that it may by source platform
On virtual machine delete, while the virtual machine instance on wake up target platform guarantees the integrality of migration.
Embodiment one
Existing virtual machine (vm) migration system does not have the platform authentication of virtual machine (vm) migration, it cannot be guaranteed that the source of virtual machine (vm) migration is flat
The status safety of platform and target platform is credible.Lack data transmission protection simultaneously, appearance during virtual machine (vm) migration can not be handled
Man-in-the-middle attack etc. threaten.
For defect existing for existing virtual machine (vm) migration system, present embodiment discloses a kind of migrations of secure virtual machine to be
System, system framework figure is as shown in Fig. 2, include that Cloud Server hardware environment, host machine system, virtual machine monitor and virtual machine are real
Example:
Wherein, the hardware TPCM chip of bottom hardware environment provides the cryptographic service of trust computing for system, and
TPCM and host machine system constitute the credible 3.0 dual system architectures proposed, provide actively monitoring for system and actively measure
Mechanism is powered up starting, supervisory control system running environment, the safety of safeguards system prior to system.
Wherein, host machine system includes trusted software base (TSB).It is all local to placed offer management in trusted software base
Core --- the local security migration engine of virtual the TPCM manager and secure virtual machine shift function of virtual TPCM example, two
Person can call the trust computing resource of bottom TPCM to complete corresponding migration or virtual credible root management function.Virtual TPCM
Manager manages access of the upper layer to virtual TPCM example, the access according to upper layer to virtual TPCM as a service routine
Situation dispatches the trust computing resource of the TPCM of bottom hardware environment, manages importing and exporting for virtual TPCM context, and provide
New virtual TPCM example creation and virtual TPCM shift function.
Wherein, the upper layer of host machine system is virtual machine monitor VMM, includes virtual TPCM backend driver in VMM,
The virtual TPCM context instance provided for loading virtual TPCM manager, to corresponding virtual machine offer active monitoring and actively
The functions such as measurement.
Wherein, the top layer of system is the virtual machine instance being managed collectively by VMM, includes one in each virtual machine instance
The trusted software base of a virtual machine, provides tolerance mechanism, controlling mechanism and decision mechanism of virtual machine etc..
Embodiment two
The local security migration engine in above-mentioned secure virtual machine migratory system will be described in detail in the present embodiment,
As shown in figure 3, the safety transfer engine includes key agreement, remote proving, Confidentiality protection, integrity protection and virtual
Five modules of TPCM life cycle management, are described in detail below the function of each module:
(1) key negotiation module
Key negotiation module is used for source platform and target platform mutual identity authentication, and negotiates for protecting subsequent number
According to the key of the confidentiality and integrity of exchange, that is, provide the Confidentiality protection module and integrity protection mould of local migration engine
The key of block.Key negotiation module generates two symmetric keys --- Kenc and Kmac, the two keys by tls handshake protocol
It is to calculate separately out using the information of exchange during the handshake process by source and target platform.
(2) remote proving module
Remote proving module is used to verify the integrity certification of target platform.Remote proving module uses key negotiation module
Obtained encryption key Kenc and integrity check key Kmac.
Remote proving module main working process is as follows:
A) source platform generates random number N s, is sent to target platform together with remote proving request ATT_REQ
B) target platform carries out completeness check to information, and calls the authentication key A IK of bottom TPCM to PCR value
It signs with the Ns received, information after signature is sent to source platform together with metrics logs SML
C) contents such as integrality of source platform verifying target platform determine that migration continues or issue to interrupt session
Instruction.
(3) Confidentiality protection module and integrity protection module
Confidentiality protection module and integrity protection module are used to the safety of transmission data during virtual machine (vm) migration
Protection, protection data include two parts: the relevant information of source platform virtual machine information and corresponding virtual TPCM example.Confidentiality
Kenc the and Kmac key that protective module and integrity protection module can call key negotiation module to obtain, to the data flow of transmission
Carry out encryption and decryption and completeness check work.Completeness check success, then the completeness check module of target platform can return
ATT_SUCCESS notice, failure then return to ATT_FAILED, interrupt session.
(4) virtual TPCM life cycle management module
Virtual TPCM life cycle management module is for initiating the virtual TPCM example of source platform during virtual machine (vm) migration
The creation of delete operation and the virtual TPCM example of target platform operates, and guarantees the atom of virtual TPCM example in transition process
Property.
Once initiating migration operation, need transportable key being sent to target platform, by the virtual TPCM of target platform
The creation that life cycle management module calls virtual TPCM manager to carry out virtual TPCM example operates.Complete virtual TPCM example
Creation after, it is real that the virtual TPCM manager of virtual TPCM life cycle management module invocation target platform starts virtual TPCM
Example.When virtual machine (vm) migration to target platform, active monitoring and active are carried out to virtual machine by the virtual TPCM example of target platform
Measurement, measurement results are correct, and virtual TPCM and virtual machine are bound, and guarantee the security association of virtual TPCM-VM, and notify void
Quasi- TPCM life cycle management module deletes the virtual TPCM example of source platform.
If migration failure, virtual TPCM life cycle management module are called on virtual TPCM manager delete target platform
Virtual TPCM.Guarantee the fault recovery of virtual TPCM and prevents to repeat to copy.
A kind of secure virtual machine migratory system proposed in through this embodiment guarantees virtual machine by quadruple security mechanism
Safety transfer between source node and destination node: first, key agreement and remote proving module realize virtual machine (vm) migration
It is authenticated between the platform of process;Second, what Confidentiality protection module and integrity protection module were obtained using key negotiation module
Session key, to transmission data carry out plus solution and completeness check, ensure that constructed between source platform and target platform it is safe
Communication channel;Third, virtual TPCM life cycle management module learn virtual machine (vm) migration to target platform, schedule virtual TPCM pipe
The virtual TPCM example of device starting is managed to virtual machine progress active monitoring and active measurement, and the binding for completing the virtual TPCM of VM- is grasped
Make, ensure that the security association of the virtual TPCM of VM-;4th, the virtual virtual TPCM management of TPCM life cycle management module schedules
Device completes the operation such as creation, deletion of virtual TPCM example, and ensure that in transition process will not lose empty because of migration failure
Quasi- TPCM example will not be completed because of migration, occur old not deleted virtual TPCM example copy in source platform, to protect
The atomicity of virtual credible root is demonstrate,proved.
Embodiment three
Based on the secure virtual machine migratory system in above-mentioned two embodiment, the present embodiment proposes a kind of secure virtual machine
Moving method, as shown in figure 4, it migrates process are as follows:
(1) after source platform receives migration signal, target platform address is determined, source platform and target platform are held using TLS
Handball Association's view carries out key agreement, obtains two symmetric keys --- Kenc and Kmac.
(2) source platform and target platform verify mesh using the session key that key agreement obtains by remote proving module
Mark the integrality of platform.
(3) the virtual TPCM life cycle management module of source platform calls virtual TPCM manager to carry out virtual TPCM example
Data encapsulation, virtual TPCM manager call the trust computing resource of bottom TPCM to the virtual TPCM example of virtual machine to be migrated
Data complete encapsulation.
(4) source platform sends the virtual TPCM instance data after encapsulation to target platform.
(5) the virtual TPCM life cycle management module of target platform calls virtual TPCM manager to unseal data
Dress, and virtual TPCM example is regenerated in target platform using the data, complete the migration of virtual credible root.
(6) target platform, which is sent, confirms signal that virtual TPCM creation is completed to source platform.
(7) source platform receives the signal that virtual TPCM migration is completed, and virtual TPCM life cycle management module notice is virtual
TPCM manager deletes local virtual TPCM example copy, and starts virtual machine (vm) migration.
(8) target platform carries out actively monitoring to virtual machine (vm) migration process and actively measures.
(9) when virtual machine (vm) migration is completed and source platform sends virtual TPCM example and deletes notice, virtual TPCM Life Cycle
Period management module notifies virtual TPCM manager to enable local vTCPM example, carries out active measurement to virtual machine, if measurement knot
Fruit is correct, completes the virtual TPCM binding of VM-, and entire transition process terminates.
One of through this embodiment secure virtual machine moving method, it can be achieved that virtual machine in source node and destination node
Between safety transfer, wherein key agreement and remote proving module realize and recognize between the platform of virtual machine (vm) migration process
Card;The session key that Confidentiality protection module and integrity protection module are obtained using key negotiation module, to transmission data into
Row plus solution and completeness check, ensure that and construct safe communication channel between source platform and target platform;Virtual TPCM life
Cycle management module learns virtual machine (vm) migration to target platform, and the virtual TPCM example of schedule virtual TPCM manager starting is to virtual
Machine carries out actively monitoring and actively measures, and completes the bindings of the virtual TPCM of VM-, ensure that the safety of the virtual TPCM of VM-
Association;The virtual virtual TPCM manager of TPCM life cycle management module schedules completes creation, the deletion etc. of virtual TPCM example
Operation, ensure that in transition process will not lose virtual TPCM example because of migration failure, will not complete because of migration,
There is old not deleted virtual TPCM example copy in source platform, to ensure that the atomicity and safety of virtual credible root.
In several embodiments provided by the present invention, it should be understood that disclosed method and terminal can pass through it
Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the module, only
Only a kind of logical function partition, there may be another division manner in actual implementation.
In addition, the technical solution in above-mentioned several embodiments can be combined with each other and replace in the case where not conflicting
It changes.
The module as illustrated by the separation member may or may not be physically separated, aobvious as module
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.Some or all of the modules therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
It, can also be in addition, each functional module in each embodiment of the present invention can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds software function module.
It is obvious to a person skilled in the art that invention is not limited to the details of the above exemplary embodiments, Er Qie
In the case where without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the present invention is by appended power
Benefit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent elements of the claims
Variation is included in the present invention.Any attached associated diagram label in claim should not be considered as right involved in limitation to want
It asks.Furthermore, it is to be understood that one word of " comprising " does not exclude other units or steps, odd number is not excluded for plural number.It is stated in system claims
Multiple modules or device can also be implemented through software or hardware by a module or device.The first, the second equal words
It is used to indicate names, and does not indicate any particular order.
Finally it should be noted that the above examples are only used to illustrate the technical scheme of the present invention and are not limiting, although reference
Preferred embodiment describes the invention in detail, those skilled in the art should understand that, it can be to of the invention
Technical solution is modified or equivalent replacement, without departing from the spirit and scope of the technical solution of the present invention.
Claims (9)
1. a kind of secure virtual machine migratory system characterized by comprising
Cloud Server hardware environment, the Cloud Server hardware environment include hardware TPCM chip;
Host machine system includes local security migration engine in the host machine system;
Virtual machine monitor includes virtual TPCM backend driver in the virtual machine monitor, loads virtual TPCM example
Actively monitoring is executed to virtual machine and is actively measured;
One or more virtual machine instances, one or more of virtual machine instances are managed collectively by the virtual machine monitor,
In each virtual machine instance include a trusted software base, by the trusted software base to virtual machine executes measurement, control and
Decision.
2. secure virtual machine migratory system according to claim 1, which is characterized in that the system also includes:
The hardware TPCM chip and host machine system constitute dual system architecture, preferentially power on and open before system operation
It is dynamic, active safety measurement is carried out to system.
3. secure virtual machine migratory system according to claim 1, which is characterized in that the local security migration engine
Include:
Key negotiation module, remote proving module, Confidentiality protection module, integrity protection module and virtual TPCM life cycle
Management module.
4. secure virtual machine migratory system according to claim 3, which is characterized in that further include:
The key negotiation module uses exchange letter by tls handshake protocol in the handshake procedure of source node and destination node
Breath, which calculates separately, obtains two symmetric keys --- Kenc and Kmac.
5. secure virtual machine migratory system according to claim 4, which is characterized in that further include:
The remote proving module proves the integrality of target platform.
6. according to the secure virtual machine migratory system in claim 4, which is characterized in that further include:
The Kenc and Kmac that the Confidentiality protection module and the integrity protection module call key negotiation module to obtain are close
Key carries out encryption and decryption and completeness check to the data flow of transmission.
7. secure virtual machine migratory system according to claim 6, which is characterized in that further include:
If completeness check success, the completeness check module of target platform can return to ATT_SUCCESS notice, and failure is then returned
ATT_FAILED is returned, session is interrupted.
8. secure virtual machine migratory system according to claim 4, which is characterized in that further include:
The virtual machine TPCM life cycle management module deletes the TPCM example in source node during virtual machine (vm) migration,
The TPCM example of duplicate plate is created in destination node according to the TPCM example in source node.
9. secure virtual machine migratory system according to claim 8, which is characterized in that further include:
The virtual machine TPCM life cycle management module is packaged the virtual TPCM example in source node;
Destination node is sent by the virtual TPCM example after encapsulation;
The destination node regenerates new virtual TPCM example according to the virtual TPCM example.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811548224.0A CN109783192A (en) | 2018-12-18 | 2018-12-18 | A kind of secure virtual machine migratory system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811548224.0A CN109783192A (en) | 2018-12-18 | 2018-12-18 | A kind of secure virtual machine migratory system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109783192A true CN109783192A (en) | 2019-05-21 |
Family
ID=66497220
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811548224.0A Pending CN109783192A (en) | 2018-12-18 | 2018-12-18 | A kind of secure virtual machine migratory system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109783192A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111158906A (en) * | 2019-12-19 | 2020-05-15 | 北京可信华泰信息技术有限公司 | Credible cloud system for active immunization |
| CN111158854A (en) * | 2019-12-19 | 2020-05-15 | 北京可信华泰信息技术有限公司 | Method for recovering trust chain during migration of cloud environment virtual machine |
| CN111600775A (en) * | 2020-05-15 | 2020-08-28 | 苏州浪潮智能科技有限公司 | Security testing method, device, equipment and medium for cluster encryption migration |
| CN112328358A (en) * | 2020-10-28 | 2021-02-05 | 惠州华阳通用电子有限公司 | Dual-system starting method based on virtual machine and storage medium |
| CN112860380A (en) * | 2021-03-04 | 2021-05-28 | 中国科学院信息工程研究所 | Virtual machine trusted migration method based on built-in security chip |
| CN112882799A (en) * | 2021-03-04 | 2021-06-01 | 中国科学院信息工程研究所 | Virtual machine trusted migration system based on built-in security chip |
| CN112883369A (en) * | 2021-03-25 | 2021-06-01 | 中国科学院信息工程研究所 | Credible virtualization system |
| US11354207B2 (en) | 2020-03-18 | 2022-06-07 | Red Hat, Inc. | Live process migration in response to real-time performance-based metrics |
| US11411969B2 (en) | 2019-11-25 | 2022-08-09 | Red Hat, Inc. | Live process migration in conjunction with electronic security attacks |
| CN114938275A (en) * | 2022-07-21 | 2022-08-23 | 国开启科量子技术(北京)有限公司 | Method, apparatus, medium, and device for migrating virtual machine using quantum key |
| CN115189928A (en) * | 2022-06-25 | 2022-10-14 | 中国人民解放军战略支援部队信息工程大学 | Dynamic safe migration method and system for password service virtual machine |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090204964A1 (en) * | 2007-10-12 | 2009-08-13 | Foley Peter F | Distributed trusted virtualization platform |
| CN101515316A (en) * | 2008-02-19 | 2009-08-26 | 北京工业大学 | Trusted computing terminal and trusted computing method |
| CN102136043A (en) * | 2010-01-22 | 2011-07-27 | 中国长城计算机深圳股份有限公司 | Computer system and measuring method thereof |
| CN103812862A (en) * | 2014-01-23 | 2014-05-21 | 厦门密安信息技术有限责任公司 | Dependable security cloud computing composition method |
| CN107301082A (en) * | 2016-04-15 | 2017-10-27 | 中兴通讯股份有限公司 | A kind of method and apparatus for realizing operating system integrity protection |
-
2018
- 2018-12-18 CN CN201811548224.0A patent/CN109783192A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090204964A1 (en) * | 2007-10-12 | 2009-08-13 | Foley Peter F | Distributed trusted virtualization platform |
| CN101515316A (en) * | 2008-02-19 | 2009-08-26 | 北京工业大学 | Trusted computing terminal and trusted computing method |
| CN102136043A (en) * | 2010-01-22 | 2011-07-27 | 中国长城计算机深圳股份有限公司 | Computer system and measuring method thereof |
| CN103812862A (en) * | 2014-01-23 | 2014-05-21 | 厦门密安信息技术有限责任公司 | Dependable security cloud computing composition method |
| CN107301082A (en) * | 2016-04-15 | 2017-10-27 | 中兴通讯股份有限公司 | A kind of method and apparatus for realizing operating system integrity protection |
Non-Patent Citations (4)
| Title |
|---|
| 于颖超等: ""一种安全VM-vTPM迁移协议的设计与实现"", 《电子科技应用》 * |
| 刘凯: ""面向云安全的虚拟域可信根的设计与实现"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 张建标等: ""面向云环境的虚拟机可信迁移方案"", 《网络与信息安全学报》 * |
| 张建标等: ""面向云计算环境的vTPCM可信管理方案"", 《信息网络安全》 * |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11411969B2 (en) | 2019-11-25 | 2022-08-09 | Red Hat, Inc. | Live process migration in conjunction with electronic security attacks |
| CN111158854A (en) * | 2019-12-19 | 2020-05-15 | 北京可信华泰信息技术有限公司 | Method for recovering trust chain during migration of cloud environment virtual machine |
| CN111158906A (en) * | 2019-12-19 | 2020-05-15 | 北京可信华泰信息技术有限公司 | Credible cloud system for active immunization |
| CN111158906B (en) * | 2019-12-19 | 2023-04-28 | 北京可信华泰信息技术有限公司 | Active immunity credible cloud system |
| US11354207B2 (en) | 2020-03-18 | 2022-06-07 | Red Hat, Inc. | Live process migration in response to real-time performance-based metrics |
| CN111600775A (en) * | 2020-05-15 | 2020-08-28 | 苏州浪潮智能科技有限公司 | Security testing method, device, equipment and medium for cluster encryption migration |
| CN111600775B (en) * | 2020-05-15 | 2022-02-22 | 苏州浪潮智能科技有限公司 | Security testing method, device, equipment and medium for cluster encryption migration |
| CN112328358A (en) * | 2020-10-28 | 2021-02-05 | 惠州华阳通用电子有限公司 | Dual-system starting method based on virtual machine and storage medium |
| CN112860380A (en) * | 2021-03-04 | 2021-05-28 | 中国科学院信息工程研究所 | Virtual machine trusted migration method based on built-in security chip |
| CN112882799A (en) * | 2021-03-04 | 2021-06-01 | 中国科学院信息工程研究所 | Virtual machine trusted migration system based on built-in security chip |
| CN112883369A (en) * | 2021-03-25 | 2021-06-01 | 中国科学院信息工程研究所 | Credible virtualization system |
| CN112883369B (en) * | 2021-03-25 | 2024-08-20 | 中国科学院信息工程研究所 | Trusted virtualization system |
| CN115189928A (en) * | 2022-06-25 | 2022-10-14 | 中国人民解放军战略支援部队信息工程大学 | Dynamic safe migration method and system for password service virtual machine |
| CN115189928B (en) * | 2022-06-25 | 2023-10-17 | 中国人民解放军战略支援部队信息工程大学 | Dynamic security migration method and system for password service virtual machine |
| CN114938275A (en) * | 2022-07-21 | 2022-08-23 | 国开启科量子技术(北京)有限公司 | Method, apparatus, medium, and device for migrating virtual machine using quantum key |
| CN114938275B (en) * | 2022-07-21 | 2022-10-14 | 国开启科量子技术(北京)有限公司 | Method, apparatus, medium, and device for migrating virtual machine using quantum key |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109783192A (en) | A kind of secure virtual machine migratory system | |
| CN109684037A (en) | A kind of secure virtual machine moving method | |
| Bouchenak et al. | Verifying cloud services: present and future | |
| CN101937357B (en) | Virtual machine migration decision-making method, device and system | |
| Badger et al. | Cloud computing synopsis and recommendations | |
| CN105095768B (en) | Virtualization-based trusted server trust chain construction method | |
| CN111158906B (en) | Active immunity credible cloud system | |
| CN103139221B (en) | Data migration method between a kind of dependable virtual platform and construction method, platform | |
| CN104715183B (en) | A kind of trust authentication method and apparatus during virtual machine operation | |
| Khan et al. | Design and deployment of a trusted eucalyptus cloud | |
| CN101739282B (en) | Method, device and system for managing virtual machine | |
| WO2014022604A1 (en) | Trusted execution environment virtual machine cloning | |
| CN104320391A (en) | Cloud authentication method and system | |
| WO2016058318A1 (en) | Elastic virtual machine (vm) resource scaling method, apparatus and system | |
| CN108733453A (en) | The operating method and system of credible cloud platform virtual credible root example | |
| NL2031835B1 (en) | License management for software defined silicon | |
| CN107704308B (en) | Virtual platform vTPM management system, trust chain construction method and device, and storage medium | |
| CN116305136A (en) | Source audit trail for micro-service architecture | |
| CN108255579A (en) | A kind of virtual machine management method and device based on KVM platforms | |
| Munodawafa et al. | Security risk assessment within hybrid data centers: A case study of delay sensitive applications | |
| CN111143030B (en) | Migration method of cloud environment trusted virtual machine | |
| CN113297133B (en) | Service migration quality guarantee method and system | |
| CN106445641A (en) | Method for data migration between safety virtual platforms on discrete computing node | |
| Debes et al. | Blindtrust: Oblivious remote attestation for secure service function chains | |
| de Aguiar Monteiro et al. | A Survey on Microservice Security–Trends in Architecture Privacy and Standardization on Cloud Computing Environments |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190521 |
|
| RJ01 | Rejection of invention patent application after publication |