CN110622138A - 一种数据迁移方法及装置 - Google Patents

一种数据迁移方法及装置 Download PDF

Info

Publication number
CN110622138A
CN110622138A CN201780087318.XA CN201780087318A CN110622138A CN 110622138 A CN110622138 A CN 110622138A CN 201780087318 A CN201780087318 A CN 201780087318A CN 110622138 A CN110622138 A CN 110622138A
Authority
CN
China
Prior art keywords
target
host
source host
enclave
migration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201780087318.XA
Other languages
English (en)
Other versions
CN110622138B (zh
Inventor
夏虞斌
申宇
陈海波
翟征德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN110622138A publication Critical patent/CN110622138A/zh
Application granted granted Critical
Publication of CN110622138B publication Critical patent/CN110622138B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • G06F9/485Task life-cycle, e.g. stopping, restarting, resuming execution
    • G06F9/4856Task life-cycle, e.g. stopping, restarting, resuming execution resumption being on a different machine, e.g. task migration, virtual machine migration
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/4557Distribution of virtual machine instances; Migration and load balancing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

一种数据迁移方法及装置,涉及通信技术领域,可实现EPC内的数据迁移,以提高应用程序迁移前后的数据一致性。该方法包括:源主机获取迁移指令,所述迁移指令用于指示将创建有Enclave的目标应用迁移至目的主机;所述源主机调用所述目标应用的Enclave内预置的迁移控制线程,以将EPC内所述目标应用的运行状态数据写入所述源主机的目标内存,所述目标内存为所述源主机的内存中除所述EPC之外的区域;所述源主机向目的主机发送所述目标应用在所述目标内存中的运行状态数据。

Description

PCT国内申请,说明书已公开。

Claims (18)

  1. PCT国内申请,权利要求书已公开。
CN201780087318.XA 2017-02-23 2017-08-03 一种数据迁移方法及装置 Active CN110622138B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201710100246X 2017-02-23
CN201710100246.XA CN108469986B (zh) 2017-02-23 2017-02-23 一种数据迁移方法及装置
PCT/CN2017/095829 WO2018153027A1 (zh) 2017-02-23 2017-08-03 一种数据迁移方法及装置

Publications (2)

Publication Number Publication Date
CN110622138A true CN110622138A (zh) 2019-12-27
CN110622138B CN110622138B (zh) 2022-12-30

Family

ID=63252304

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201710100246.XA Active CN108469986B (zh) 2017-02-23 2017-02-23 一种数据迁移方法及装置
CN201780087318.XA Active CN110622138B (zh) 2017-02-23 2017-08-03 一种数据迁移方法及装置

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN201710100246.XA Active CN108469986B (zh) 2017-02-23 2017-02-23 一种数据迁移方法及装置

Country Status (4)

Country Link
US (1) US11347542B2 (zh)
EP (1) EP3572938A4 (zh)
CN (2) CN108469986B (zh)
WO (1) WO2018153027A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112636916A (zh) * 2020-11-30 2021-04-09 捷德(中国)科技有限公司 数据处理方法、装置、存储介质及电子设备

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7193732B2 (ja) * 2019-04-08 2022-12-21 富士通株式会社 管理装置、情報処理システムおよび管理プログラム
CN112035272A (zh) * 2019-06-03 2020-12-04 华为技术有限公司 进程间通信的方法、装置以及计算机设备
CN112749397A (zh) * 2019-10-29 2021-05-04 阿里巴巴集团控股有限公司 一种系统和方法
CN114174990A (zh) * 2020-07-09 2022-03-11 深圳市汇顶科技股份有限公司 一种数据管理方法、装置、电子元件以及终端设备
CN114417362A (zh) * 2020-10-10 2022-04-29 华为技术有限公司 数据管理方法、装置及系统、存储介质
US11836514B2 (en) * 2021-01-19 2023-12-05 Dell Products L.P. System and method of utilizing memory medium fault resiliency with secure memory medium portions
WO2022233394A1 (en) * 2021-05-04 2022-11-10 Huawei Technologies Co., Ltd. Device, method and system for asynchronous messaging
CN113467884A (zh) * 2021-05-25 2021-10-01 阿里巴巴新加坡控股有限公司 资源配置方法和装置、电子设备及计算机可读存储介质
CN113472876B (zh) * 2021-06-29 2024-02-13 招商局金融科技有限公司 应用迁移的控制方法、装置、设备及存储介质
EP4167086A1 (en) * 2021-10-13 2023-04-19 Microsoft Technology Licensing, LLC Enclave cloning
US11775360B2 (en) * 2021-12-01 2023-10-03 Nec Corporation Cache-based communication for trusted execution environments

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102473224A (zh) * 2009-12-22 2012-05-23 英特尔公司 提供安全应用执行的方法和装置
US20120159184A1 (en) * 2010-12-17 2012-06-21 Johnson Simon P Technique for Supporting Multiple Secure Enclaves
CN103249114A (zh) * 2013-04-03 2013-08-14 大唐移动通信设备有限公司 集团内网异地接入方法和系统
US20130312117A1 (en) * 2012-05-16 2013-11-21 Spydrsafe Mobile Security, Inc. Systems and Methods for Providing and Managing Distributed Enclaves
CN104283853A (zh) * 2013-07-08 2015-01-14 华为技术有限公司 一种提高信息安全性的方法、终端设备及网络设备
CN104484284A (zh) * 2013-03-31 2015-04-01 英特尔公司 用于为安全飞地页面高速缓存提供高级分页能力的指令和逻辑
CN105022658A (zh) * 2014-04-30 2015-11-04 中国移动通信集团公司 一种虚拟机迁移方法、系统及相关装置
US20160149912A1 (en) * 2014-11-26 2016-05-26 Intel Corporation Trusted Computing Base Evidence Binding for a Migratable Virtual Machine
CN105678191A (zh) * 2016-03-02 2016-06-15 上海瓶钵信息科技有限公司 利用SoC内部存储提高系统安全性的方法、终端与系统
US20160188889A1 (en) * 2014-12-24 2016-06-30 Alpa Narendra Trivedi Creating secure channels between a protected execution environment and fixed-function endpoints
CN105791175A (zh) * 2014-12-26 2016-07-20 电信科学技术研究院 软件定义网络中控制传输资源的方法及设备
CN106161076A (zh) * 2015-04-22 2016-11-23 华为技术有限公司 虚拟网络功能扩展方法和装置
CN106169994A (zh) * 2016-06-29 2016-11-30 中国联合网络通信集团有限公司 容器间通信的安全控制方法及装置
US20160378688A1 (en) * 2015-06-26 2016-12-29 Intel Corporation Processors, methods, systems, and instructions to support live migration of protected containers

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9087200B2 (en) * 2009-12-22 2015-07-21 Intel Corporation Method and apparatus to provide secure application execution
CN103885719B (zh) * 2012-12-21 2017-02-08 中国电信股份有限公司 虚拟机系统在线存储迁移的方法、系统与装置
CN103399778B (zh) * 2013-07-01 2016-12-28 华为技术有限公司 一种虚拟机在线整体迁移方法和设备
WO2015015473A1 (en) * 2013-08-02 2015-02-05 Ologn Technologies Ag A secure server on a system with virtual machines
US20150205542A1 (en) * 2014-01-22 2015-07-23 Vmware, Inc. Virtual machine migration in shared storage environment
US9652631B2 (en) 2014-05-05 2017-05-16 Microsoft Technology Licensing, Llc Secure transport of encrypted virtual machines with continuous owner access
US10558584B2 (en) * 2014-06-23 2020-02-11 Intel Corporation Employing intermediary structures for facilitating access to secure memory
CN104346575B (zh) * 2014-10-24 2017-09-19 重庆邮电大学 一种软件定义安全体系结构
US9942035B2 (en) * 2015-08-18 2018-04-10 Intel Corporation Platform migration of secure enclaves
US10048977B2 (en) * 2015-12-22 2018-08-14 Intel Corporation Methods and apparatus for multi-stage VM virtual network function and virtual service function chain acceleration for NFV and needs-based hardware acceleration
CN105700945B (zh) * 2016-01-12 2019-01-11 中南大学 一种基于净室环境的虚拟机安全迁移方法
CN105955809B (zh) * 2016-04-25 2020-06-26 深圳市万普拉斯科技有限公司 线程调度方法和系统
CN105956465A (zh) * 2016-05-04 2016-09-21 浪潮电子信息产业股份有限公司 一种基于vtpm构建虚拟可信平台的方法
CN106095576A (zh) * 2016-06-14 2016-11-09 上海交通大学 虚拟化多核环境下非一致性i/o访问虚拟机资源迁移方法
US10338957B2 (en) * 2016-12-27 2019-07-02 Intel Corporation Provisioning keys for virtual machine secure enclaves

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102473224A (zh) * 2009-12-22 2012-05-23 英特尔公司 提供安全应用执行的方法和装置
US20120159184A1 (en) * 2010-12-17 2012-06-21 Johnson Simon P Technique for Supporting Multiple Secure Enclaves
US20130312117A1 (en) * 2012-05-16 2013-11-21 Spydrsafe Mobile Security, Inc. Systems and Methods for Providing and Managing Distributed Enclaves
CN104484284A (zh) * 2013-03-31 2015-04-01 英特尔公司 用于为安全飞地页面高速缓存提供高级分页能力的指令和逻辑
CN103249114A (zh) * 2013-04-03 2013-08-14 大唐移动通信设备有限公司 集团内网异地接入方法和系统
CN104283853A (zh) * 2013-07-08 2015-01-14 华为技术有限公司 一种提高信息安全性的方法、终端设备及网络设备
CN105022658A (zh) * 2014-04-30 2015-11-04 中国移动通信集团公司 一种虚拟机迁移方法、系统及相关装置
US20160149912A1 (en) * 2014-11-26 2016-05-26 Intel Corporation Trusted Computing Base Evidence Binding for a Migratable Virtual Machine
US20160188889A1 (en) * 2014-12-24 2016-06-30 Alpa Narendra Trivedi Creating secure channels between a protected execution environment and fixed-function endpoints
CN105791175A (zh) * 2014-12-26 2016-07-20 电信科学技术研究院 软件定义网络中控制传输资源的方法及设备
CN106161076A (zh) * 2015-04-22 2016-11-23 华为技术有限公司 虚拟网络功能扩展方法和装置
US20160378688A1 (en) * 2015-06-26 2016-12-29 Intel Corporation Processors, methods, systems, and instructions to support live migration of protected containers
CN105678191A (zh) * 2016-03-02 2016-06-15 上海瓶钵信息科技有限公司 利用SoC内部存储提高系统安全性的方法、终端与系统
CN106169994A (zh) * 2016-06-29 2016-11-30 中国联合网络通信集团有限公司 容器间通信的安全控制方法及装置

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
JAEMIN PARK等: "Toward Live Migration of SGX-Enabled Virtual Machines", 《2016 IEEE WORLD CONGRESS ON SERVICES (SERVICES)》 *
石源等: "基于SGX的虚拟机动态迁移安全增强方法", 《通信学报》 *
董春涛等: "SGX应用支持技术研究进展", 《软件学报》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112636916A (zh) * 2020-11-30 2021-04-09 捷德(中国)科技有限公司 数据处理方法、装置、存储介质及电子设备

Also Published As

Publication number Publication date
US20190377598A1 (en) 2019-12-12
US11347542B2 (en) 2022-05-31
CN108469986B (zh) 2021-04-09
EP3572938A1 (en) 2019-11-27
WO2018153027A1 (zh) 2018-08-30
CN108469986A (zh) 2018-08-31
CN110622138B (zh) 2022-12-30
EP3572938A4 (en) 2020-01-15

Similar Documents

Publication Publication Date Title
CN110622138B (zh) 一种数据迁移方法及装置
JP6761476B2 (ja) 仮想マシンを監査するためのシステムおよび方法
JP5861228B2 (ja) 仮想パーティションを監視するためのシステム、装置、プログラムおよび方法
JP6186374B2 (ja) 仮想化されたプラットフォームへ安全に移行するためのシステム及び方法
RU2397537C2 (ru) Управление безопасностью компьютера, например, в виртуальной машине или реальной операционной системе
EP2840495B1 (en) Container-based processing method and apparatus
US10127068B2 (en) Performance variability reduction using an opportunistic hypervisor
US8495750B2 (en) Filesystem management and security system
US9354907B1 (en) Optimized restore of virtual machine and virtual disk data
US9449169B2 (en) Block storage virtualization on commodity secure digital cards
US10169577B1 (en) Systems and methods for detecting modification attacks on shared physical memory
CN111858004A (zh) 基于tee扩展的计算机安全世界实时应用动态加载方法及系统
US20150160950A1 (en) Operating System Recovery Method and Apparatus, and Terminal Device
US20180060588A1 (en) Operating system
WO2017172190A1 (en) Trusted execution of called function
EP3079057B1 (en) Method and device for realizing virtual machine introspection
US11442770B2 (en) Formally verified trusted computing base with active security and policy enforcement
US10528736B1 (en) Systems and methods for detecting preparatory-stages of rowhammer attacks
JP2020520037A (ja) 孤立したユーザーコンピューティング部を有するコンピュータ
JP5966466B2 (ja) バックアップ制御方法、および情報処理装置
US11513825B2 (en) System and method for implementing trusted execution environment on PCI device
US11288361B1 (en) Systems and methods for restoring applications
US20210141656A1 (en) Online disk encryption using mirror driver
US11188367B2 (en) Guest operating system physical memory page protection using hypervisor
US9830090B1 (en) Metadata caches in a reliable distributed computing system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant