CN110622138A - 一种数据迁移方法及装置 - Google Patents
一种数据迁移方法及装置 Download PDFInfo
- Publication number
- CN110622138A CN110622138A CN201780087318.XA CN201780087318A CN110622138A CN 110622138 A CN110622138 A CN 110622138A CN 201780087318 A CN201780087318 A CN 201780087318A CN 110622138 A CN110622138 A CN 110622138A
- Authority
- CN
- China
- Prior art keywords
- target
- host
- source host
- enclave
- migration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
- G06F9/485—Task life-cycle, e.g. stopping, restarting, resuming execution
- G06F9/4856—Task life-cycle, e.g. stopping, restarting, resuming execution resumption being on a different machine, e.g. task migration, virtual machine migration
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/4557—Distribution of virtual machine instances; Migration and load balancing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
一种数据迁移方法及装置,涉及通信技术领域,可实现EPC内的数据迁移,以提高应用程序迁移前后的数据一致性。该方法包括:源主机获取迁移指令,所述迁移指令用于指示将创建有Enclave的目标应用迁移至目的主机;所述源主机调用所述目标应用的Enclave内预置的迁移控制线程,以将EPC内所述目标应用的运行状态数据写入所述源主机的目标内存,所述目标内存为所述源主机的内存中除所述EPC之外的区域;所述源主机向目的主机发送所述目标应用在所述目标内存中的运行状态数据。
Description
PCT国内申请,说明书已公开。
Claims (18)
- PCT国内申请,权利要求书已公开。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710100246X | 2017-02-23 | ||
CN201710100246.XA CN108469986B (zh) | 2017-02-23 | 2017-02-23 | 一种数据迁移方法及装置 |
PCT/CN2017/095829 WO2018153027A1 (zh) | 2017-02-23 | 2017-08-03 | 一种数据迁移方法及装置 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110622138A true CN110622138A (zh) | 2019-12-27 |
CN110622138B CN110622138B (zh) | 2022-12-30 |
Family
ID=63252304
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710100246.XA Active CN108469986B (zh) | 2017-02-23 | 2017-02-23 | 一种数据迁移方法及装置 |
CN201780087318.XA Active CN110622138B (zh) | 2017-02-23 | 2017-08-03 | 一种数据迁移方法及装置 |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710100246.XA Active CN108469986B (zh) | 2017-02-23 | 2017-02-23 | 一种数据迁移方法及装置 |
Country Status (4)
Country | Link |
---|---|
US (1) | US11347542B2 (zh) |
EP (1) | EP3572938A4 (zh) |
CN (2) | CN108469986B (zh) |
WO (1) | WO2018153027A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112636916A (zh) * | 2020-11-30 | 2021-04-09 | 捷德(中国)科技有限公司 | 数据处理方法、装置、存储介质及电子设备 |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP7193732B2 (ja) * | 2019-04-08 | 2022-12-21 | 富士通株式会社 | 管理装置、情報処理システムおよび管理プログラム |
CN112035272A (zh) * | 2019-06-03 | 2020-12-04 | 华为技术有限公司 | 进程间通信的方法、装置以及计算机设备 |
CN112749397A (zh) * | 2019-10-29 | 2021-05-04 | 阿里巴巴集团控股有限公司 | 一种系统和方法 |
CN114174990A (zh) * | 2020-07-09 | 2022-03-11 | 深圳市汇顶科技股份有限公司 | 一种数据管理方法、装置、电子元件以及终端设备 |
CN114417362A (zh) * | 2020-10-10 | 2022-04-29 | 华为技术有限公司 | 数据管理方法、装置及系统、存储介质 |
US11836514B2 (en) * | 2021-01-19 | 2023-12-05 | Dell Products L.P. | System and method of utilizing memory medium fault resiliency with secure memory medium portions |
WO2022233394A1 (en) * | 2021-05-04 | 2022-11-10 | Huawei Technologies Co., Ltd. | Device, method and system for asynchronous messaging |
CN113467884A (zh) * | 2021-05-25 | 2021-10-01 | 阿里巴巴新加坡控股有限公司 | 资源配置方法和装置、电子设备及计算机可读存储介质 |
CN113472876B (zh) * | 2021-06-29 | 2024-02-13 | 招商局金融科技有限公司 | 应用迁移的控制方法、装置、设备及存储介质 |
EP4167086A1 (en) * | 2021-10-13 | 2023-04-19 | Microsoft Technology Licensing, LLC | Enclave cloning |
US11775360B2 (en) * | 2021-12-01 | 2023-10-03 | Nec Corporation | Cache-based communication for trusted execution environments |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102473224A (zh) * | 2009-12-22 | 2012-05-23 | 英特尔公司 | 提供安全应用执行的方法和装置 |
US20120159184A1 (en) * | 2010-12-17 | 2012-06-21 | Johnson Simon P | Technique for Supporting Multiple Secure Enclaves |
CN103249114A (zh) * | 2013-04-03 | 2013-08-14 | 大唐移动通信设备有限公司 | 集团内网异地接入方法和系统 |
US20130312117A1 (en) * | 2012-05-16 | 2013-11-21 | Spydrsafe Mobile Security, Inc. | Systems and Methods for Providing and Managing Distributed Enclaves |
CN104283853A (zh) * | 2013-07-08 | 2015-01-14 | 华为技术有限公司 | 一种提高信息安全性的方法、终端设备及网络设备 |
CN104484284A (zh) * | 2013-03-31 | 2015-04-01 | 英特尔公司 | 用于为安全飞地页面高速缓存提供高级分页能力的指令和逻辑 |
CN105022658A (zh) * | 2014-04-30 | 2015-11-04 | 中国移动通信集团公司 | 一种虚拟机迁移方法、系统及相关装置 |
US20160149912A1 (en) * | 2014-11-26 | 2016-05-26 | Intel Corporation | Trusted Computing Base Evidence Binding for a Migratable Virtual Machine |
CN105678191A (zh) * | 2016-03-02 | 2016-06-15 | 上海瓶钵信息科技有限公司 | 利用SoC内部存储提高系统安全性的方法、终端与系统 |
US20160188889A1 (en) * | 2014-12-24 | 2016-06-30 | Alpa Narendra Trivedi | Creating secure channels between a protected execution environment and fixed-function endpoints |
CN105791175A (zh) * | 2014-12-26 | 2016-07-20 | 电信科学技术研究院 | 软件定义网络中控制传输资源的方法及设备 |
CN106161076A (zh) * | 2015-04-22 | 2016-11-23 | 华为技术有限公司 | 虚拟网络功能扩展方法和装置 |
CN106169994A (zh) * | 2016-06-29 | 2016-11-30 | 中国联合网络通信集团有限公司 | 容器间通信的安全控制方法及装置 |
US20160378688A1 (en) * | 2015-06-26 | 2016-12-29 | Intel Corporation | Processors, methods, systems, and instructions to support live migration of protected containers |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9087200B2 (en) * | 2009-12-22 | 2015-07-21 | Intel Corporation | Method and apparatus to provide secure application execution |
CN103885719B (zh) * | 2012-12-21 | 2017-02-08 | 中国电信股份有限公司 | 虚拟机系统在线存储迁移的方法、系统与装置 |
CN103399778B (zh) * | 2013-07-01 | 2016-12-28 | 华为技术有限公司 | 一种虚拟机在线整体迁移方法和设备 |
WO2015015473A1 (en) * | 2013-08-02 | 2015-02-05 | Ologn Technologies Ag | A secure server on a system with virtual machines |
US20150205542A1 (en) * | 2014-01-22 | 2015-07-23 | Vmware, Inc. | Virtual machine migration in shared storage environment |
US9652631B2 (en) | 2014-05-05 | 2017-05-16 | Microsoft Technology Licensing, Llc | Secure transport of encrypted virtual machines with continuous owner access |
US10558584B2 (en) * | 2014-06-23 | 2020-02-11 | Intel Corporation | Employing intermediary structures for facilitating access to secure memory |
CN104346575B (zh) * | 2014-10-24 | 2017-09-19 | 重庆邮电大学 | 一种软件定义安全体系结构 |
US9942035B2 (en) * | 2015-08-18 | 2018-04-10 | Intel Corporation | Platform migration of secure enclaves |
US10048977B2 (en) * | 2015-12-22 | 2018-08-14 | Intel Corporation | Methods and apparatus for multi-stage VM virtual network function and virtual service function chain acceleration for NFV and needs-based hardware acceleration |
CN105700945B (zh) * | 2016-01-12 | 2019-01-11 | 中南大学 | 一种基于净室环境的虚拟机安全迁移方法 |
CN105955809B (zh) * | 2016-04-25 | 2020-06-26 | 深圳市万普拉斯科技有限公司 | 线程调度方法和系统 |
CN105956465A (zh) * | 2016-05-04 | 2016-09-21 | 浪潮电子信息产业股份有限公司 | 一种基于vtpm构建虚拟可信平台的方法 |
CN106095576A (zh) * | 2016-06-14 | 2016-11-09 | 上海交通大学 | 虚拟化多核环境下非一致性i/o访问虚拟机资源迁移方法 |
US10338957B2 (en) * | 2016-12-27 | 2019-07-02 | Intel Corporation | Provisioning keys for virtual machine secure enclaves |
-
2017
- 2017-02-23 CN CN201710100246.XA patent/CN108469986B/zh active Active
- 2017-08-03 EP EP17897879.7A patent/EP3572938A4/en active Pending
- 2017-08-03 CN CN201780087318.XA patent/CN110622138B/zh active Active
- 2017-08-03 WO PCT/CN2017/095829 patent/WO2018153027A1/zh unknown
-
2019
- 2019-08-23 US US16/549,861 patent/US11347542B2/en active Active
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102473224A (zh) * | 2009-12-22 | 2012-05-23 | 英特尔公司 | 提供安全应用执行的方法和装置 |
US20120159184A1 (en) * | 2010-12-17 | 2012-06-21 | Johnson Simon P | Technique for Supporting Multiple Secure Enclaves |
US20130312117A1 (en) * | 2012-05-16 | 2013-11-21 | Spydrsafe Mobile Security, Inc. | Systems and Methods for Providing and Managing Distributed Enclaves |
CN104484284A (zh) * | 2013-03-31 | 2015-04-01 | 英特尔公司 | 用于为安全飞地页面高速缓存提供高级分页能力的指令和逻辑 |
CN103249114A (zh) * | 2013-04-03 | 2013-08-14 | 大唐移动通信设备有限公司 | 集团内网异地接入方法和系统 |
CN104283853A (zh) * | 2013-07-08 | 2015-01-14 | 华为技术有限公司 | 一种提高信息安全性的方法、终端设备及网络设备 |
CN105022658A (zh) * | 2014-04-30 | 2015-11-04 | 中国移动通信集团公司 | 一种虚拟机迁移方法、系统及相关装置 |
US20160149912A1 (en) * | 2014-11-26 | 2016-05-26 | Intel Corporation | Trusted Computing Base Evidence Binding for a Migratable Virtual Machine |
US20160188889A1 (en) * | 2014-12-24 | 2016-06-30 | Alpa Narendra Trivedi | Creating secure channels between a protected execution environment and fixed-function endpoints |
CN105791175A (zh) * | 2014-12-26 | 2016-07-20 | 电信科学技术研究院 | 软件定义网络中控制传输资源的方法及设备 |
CN106161076A (zh) * | 2015-04-22 | 2016-11-23 | 华为技术有限公司 | 虚拟网络功能扩展方法和装置 |
US20160378688A1 (en) * | 2015-06-26 | 2016-12-29 | Intel Corporation | Processors, methods, systems, and instructions to support live migration of protected containers |
CN105678191A (zh) * | 2016-03-02 | 2016-06-15 | 上海瓶钵信息科技有限公司 | 利用SoC内部存储提高系统安全性的方法、终端与系统 |
CN106169994A (zh) * | 2016-06-29 | 2016-11-30 | 中国联合网络通信集团有限公司 | 容器间通信的安全控制方法及装置 |
Non-Patent Citations (3)
Title |
---|
JAEMIN PARK等: "Toward Live Migration of SGX-Enabled Virtual Machines", 《2016 IEEE WORLD CONGRESS ON SERVICES (SERVICES)》 * |
石源等: "基于SGX的虚拟机动态迁移安全增强方法", 《通信学报》 * |
董春涛等: "SGX应用支持技术研究进展", 《软件学报》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112636916A (zh) * | 2020-11-30 | 2021-04-09 | 捷德(中国)科技有限公司 | 数据处理方法、装置、存储介质及电子设备 |
Also Published As
Publication number | Publication date |
---|---|
US20190377598A1 (en) | 2019-12-12 |
US11347542B2 (en) | 2022-05-31 |
CN108469986B (zh) | 2021-04-09 |
EP3572938A1 (en) | 2019-11-27 |
WO2018153027A1 (zh) | 2018-08-30 |
CN108469986A (zh) | 2018-08-31 |
CN110622138B (zh) | 2022-12-30 |
EP3572938A4 (en) | 2020-01-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110622138B (zh) | 一种数据迁移方法及装置 | |
JP6761476B2 (ja) | 仮想マシンを監査するためのシステムおよび方法 | |
JP5861228B2 (ja) | 仮想パーティションを監視するためのシステム、装置、プログラムおよび方法 | |
JP6186374B2 (ja) | 仮想化されたプラットフォームへ安全に移行するためのシステム及び方法 | |
RU2397537C2 (ru) | Управление безопасностью компьютера, например, в виртуальной машине или реальной операционной системе | |
EP2840495B1 (en) | Container-based processing method and apparatus | |
US10127068B2 (en) | Performance variability reduction using an opportunistic hypervisor | |
US8495750B2 (en) | Filesystem management and security system | |
US9354907B1 (en) | Optimized restore of virtual machine and virtual disk data | |
US9449169B2 (en) | Block storage virtualization on commodity secure digital cards | |
US10169577B1 (en) | Systems and methods for detecting modification attacks on shared physical memory | |
CN111858004A (zh) | 基于tee扩展的计算机安全世界实时应用动态加载方法及系统 | |
US20150160950A1 (en) | Operating System Recovery Method and Apparatus, and Terminal Device | |
US20180060588A1 (en) | Operating system | |
WO2017172190A1 (en) | Trusted execution of called function | |
EP3079057B1 (en) | Method and device for realizing virtual machine introspection | |
US11442770B2 (en) | Formally verified trusted computing base with active security and policy enforcement | |
US10528736B1 (en) | Systems and methods for detecting preparatory-stages of rowhammer attacks | |
JP2020520037A (ja) | 孤立したユーザーコンピューティング部を有するコンピュータ | |
JP5966466B2 (ja) | バックアップ制御方法、および情報処理装置 | |
US11513825B2 (en) | System and method for implementing trusted execution environment on PCI device | |
US11288361B1 (en) | Systems and methods for restoring applications | |
US20210141656A1 (en) | Online disk encryption using mirror driver | |
US11188367B2 (en) | Guest operating system physical memory page protection using hypervisor | |
US9830090B1 (en) | Metadata caches in a reliable distributed computing system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |