CN111966458A - Safety management method of virtual cloud desktop - Google Patents
Safety management method of virtual cloud desktop Download PDFInfo
- Publication number
- CN111966458A CN111966458A CN202010796665.3A CN202010796665A CN111966458A CN 111966458 A CN111966458 A CN 111966458A CN 202010796665 A CN202010796665 A CN 202010796665A CN 111966458 A CN111966458 A CN 111966458A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- virtual
- security
- management
- cloud desktop
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 50
- 238000002955 isolation Methods 0.000 claims abstract description 36
- 238000012544 monitoring process Methods 0.000 claims abstract description 16
- 238000004891 communication Methods 0.000 claims abstract description 8
- 230000005540 biological transmission Effects 0.000 claims abstract description 4
- 238000013508 migration Methods 0.000 claims description 17
- 230000005012 migration Effects 0.000 claims description 17
- 238000000034 method Methods 0.000 claims description 11
- 238000012550 audit Methods 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 6
- 101150007742 RING1 gene Proteins 0.000 claims description 5
- 208000035217 Ring chromosome 1 syndrome Diseases 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 238000011217 control strategy Methods 0.000 description 2
- 238000003379 elimination reaction Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 101150093240 Brd2 gene Proteins 0.000 description 1
- 208000032825 Ring chromosome 2 syndrome Diseases 0.000 description 1
- 208000032826 Ring chromosome 3 syndrome Diseases 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5027—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45562—Creating, deleting, cloning virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/4557—Distribution of virtual machine instances; Migration and load balancing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Abstract
The invention discloses a security management method of a virtual cloud desktop, which comprises one or more of the following security management methods; and (3) safety management of a virtual machine manager: acquiring monitoring and auditing log information of preset types in a virtual desktop management server, and generating anti-tampering auditing information according to the monitoring and auditing log information; the virtual machine is safely isolated: respectively carrying out security isolation on the virtual machine, the storage equipment and the network; protecting residual data of the virtual machine: respectively clearing residual data of a virtual machine memory and a virtual machine disk; virtual machine security communication management: encrypting data transmission among subsystems of a virtualization platform system; the virtual machine resists denial of service attacks: and allocating an independent virtual switch for each virtual machine, wherein each virtual machine switch is bound with one physical network port. The invention improves the safety performance of the virtual cloud desktop.
Description
Technical Field
The invention relates to a security management method of a virtual cloud desktop.
Background
In the field of computer applications, desktop PCs are the most common and important office equipment. In actual operation, the security and management disadvantages of the system are increasingly revealed, which mainly appear as follows: 1) the safety boundaries are difficult to protect; 2) data leakage is difficult to prevent; 3) security vulnerabilities emerge endlessly; 4) the total cost of ownership is high; 5) the resource utilization efficiency is low.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a safety management method of a virtual cloud desktop.
The purpose of the invention is realized by the following technical scheme: a safety management method of a virtual cloud desktop comprises one or more of virtual machine manager safety management, virtual machine safety isolation, virtual machine residual data protection, virtual machine safety communication management and virtual machine rejection service attack;
and (3) safety management of a virtual machine manager: acquiring monitoring and auditing log information of preset types in a virtual desktop management server, and generating anti-tampering auditing information according to the monitoring and auditing log information;
the virtual machine is safely isolated: respectively carrying out security isolation on the virtual machine, the storage equipment and the network;
protecting residual data of the virtual machine: respectively clearing residual data of a virtual machine memory and a virtual machine disk;
virtual machine security communication management: encrypting data transmission among subsystems of a virtualization platform system;
the virtual machine resists denial of service attacks: and allocating an independent virtual switch for each virtual machine, wherein each virtual machine switch is bound with one physical network port.
Preferably, the virtual machine manager security management includes:
after reading the log file of the mandatory access control, extracting the override information of the mandatory access control;
reading a log file of system user login to form an audit log;
calling an interface of a virtual machine monitor to acquire operation monitoring data;
and calling an interface of the virtual machine monitor to acquire the version and the characteristic value information of the virtual machine monitor, and then generating the anti-tampering audit information.
Preferably, the virtual machine security isolation includes:
virtual machine operation isolation: for a plurality of virtual machines established on the same physical host, respectively allocating independent physical resources for each virtual machine;
isolating a virtual machine CPU: the virtualization platform system enables a virtual machine operating system to run on Ring1 of the CPU, and the execution and the context switching of virtual processor instructions are uniformly scheduled by the virtualization platform system;
isolating the memory of the virtual machine; the virtualization platform system is set to only use the exclusive memory mode;
virtual machine network isolation: performing network isolation between different virtual machines on the same physical host;
virtual machine storage isolation: the virtual machine is set to only access the storage space allocated to the virtual machine, and one virtual machine disk can only be mounted by one virtual machine at the same time.
Preferably, the protection of the virtual machine residual data includes:
clearing residual data in the memory: after one virtual machine stops or migrates and before the memory space of the virtual machine is released or redistributed to other virtual machines, resetting and clearing the memory space of the virtual machine;
and (3) clearing residual data of the disk: after a virtual machine is deleted, the disk storage space of the virtual machine is subjected to zero writing clearing before the disk storage space of the virtual machine is released or redistributed to other virtual machines.
Preferably, the security management method of the virtual cloud desktop further includes the following steps:
when the host server is registered to the virtualization platform system, the virtualization platform system calls an authentication system according to the information of the host server to generate an equipment signature digital certificate of the host server from the root certificate, and sends the equipment signature digital certificate to the host server;
during virtual machine migration operation, a source server generating the migration operation initiates a connection request, and an encrypted connection channel is established between the source server and a target server;
after receiving the connection request sent by the source server, the target server verifies the equipment signature digital certificate of the source server: if the verification is passed, the source server executes virtual machine migration operation by using the encrypted connection channel; and if the verification is not passed, the target server refuses the connection request and interrupts the virtual machine migration operation.
Preferably, the security management method of the virtual cloud desktop further includes the following steps: and performing virtual machine anti-escape and virtual machine escape monitoring by using mandatory access control and multi-class safety.
The invention has the beneficial effects that:
(1) the invention provides various security management methods such as virtual machine manager security management, virtual machine security isolation, virtual machine residual data protection, virtual machine security communication management, virtual machine denial of service attack resistance and the like, and the security performance of the virtual cloud desktop is improved;
(2) in the invention, each virtual machine can obtain relatively independent physical resources, and the crash of a certain virtual machine does not affect the virtual machine manager and other virtual machines;
(3) the virtualization platform system of the invention enables the virtual machine operating system to run on Ring1 of the CPU, and the execution and context switching of the virtual processor instruction are uniformly scheduled by the virtualization platform system, thereby effectively preventing the virtual machine from directly executing the CPU privilege instruction, and ensuring the isolation of the virtual processor instruction and the processing performance among different virtual machines;
(4) the invention provides the protection function for the memory and the residual information storage of the virtual machine, and the useful information can not be detected in the newly started virtual machine, thereby effectively ensuring the residual information safety of a user;
(5) in the invention, an independent virtual switch is distributed for each virtual machine, and each virtual machine switch is bound with one physical network port, so that the network data of the virtual machine can be monitored by using safety protection mechanisms such as a hardware firewall and the like in the existing physical network environment, and the occurrence of denial of service attack resistance is avoided.
Drawings
FIG. 1 is a schematic diagram illustrating a security management method for a virtual cloud desktop;
FIG. 2 is a diagram illustrating security management of a virtual machine manager;
FIG. 3 is a schematic diagram of virtual machine security isolation logic;
FIG. 4 is a schematic diagram of virtual machine network isolation;
FIG. 5 is a diagram illustrating a process of eliminating remaining memory information;
FIG. 6 is a schematic diagram of a disk residual information elimination process;
FIG. 7 is a diagram illustrating denial of service attack resistance of a virtual machine;
FIG. 8 is a schematic diagram of virtual machine migration.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive effort based on the embodiments of the present invention, are within the scope of the present invention.
Referring to fig. 1 to 8, the present invention provides a security management method for a virtual cloud desktop, comprising:
as shown in fig. 1, a security management method for a virtual cloud desktop includes one or more of security management of a virtual machine manager, security isolation of a virtual machine, protection of residual data of the virtual machine, security communication management of the virtual machine, and denial of service attack of the virtual machine.
The virtual machine manager security management comprises: and acquiring monitoring and auditing log information of preset types in the virtual desktop management server, and generating anti-tampering auditing information according to the monitoring and auditing log information. As shown in fig. 2, each host server needs to install an Agent program of the VSIP, the Agent program regularly acquires various monitoring and auditing log information and sends the information to the VSIP main control server, and the main control server stores data in a database.
Specifically, the virtual machine manager security management includes:
extracting Mandatory Access Control (MAC) override information after reading a log file of the MAC;
reading a log file of system user login to form an audit log;
calling an interface of a virtual machine monitor (Hypervisor) to acquire operation monitoring data (the operation monitoring data comprises CPU information, memory information and the like);
and calling an interface of the virtual machine monitor to acquire the version and the characteristic value information of the virtual machine monitor, and then generating the anti-tampering audit information.
The virtual machine security isolation comprises: and respectively carrying out safety isolation on the virtual machine, the storage equipment and the network, wherein the safety isolation comprises virtual machine operation isolation, virtual machine CPU isolation, virtual machine memory isolation, virtual machine network isolation and virtual machine storage isolation. The schematic diagram of the virtual machine security isolation logic is shown in fig. 3.
Virtual machine operation isolation: for a plurality of virtual machines created on the same physical host, independent physical resources are respectively allocated to each virtual machine, so that a virtual machine manager and other virtual machines are not affected after a certain virtual machine crashes.
Isolating a virtual machine CPU: the virtualization platform system enables the virtual machine operating system to run on Ring1 of the CPU, and the execution and context switching of the virtual processor (vCPU) instruction are uniformly scheduled by the virtualization platform system, so that the virtual machine is effectively prevented from directly executing the CPU privileged instruction, and the isolation of the virtual processor instruction and the processing performance among different virtual machines is ensured.
In the X86 architecture, to better support virtualization and protect the execution of instructions in a virtualized environment, the CPU provides 4 different privilege levels of instructions, termed Ring, with priority from high to low being Ring0 (for running the operating system kernel), Ring1 (for operating system services), Ring2 (for operating system services), Ring3 (for applications).
Isolating the memory of the virtual machine; the virtualization platform system is set to only use the exclusive memory mode, so that the memory isolation among different virtual machines is realized, and when the memory space of the physical host is completely allocated, the virtual machines can not be newly built.
Virtual machine network isolation: network isolation is carried out between different virtual machines on the same physical host, so that the virtual machines cannot receive non-broadcast messages of which the destination addresses are not self, and the non-broadcast messages comprise non-broadcast messages of protocols such as ICMP, TCP, UDP and the like. The virtual machine network isolation diagram is shown in fig. 4.
Virtual machine storage isolation: the virtual machine is set to only access the storage space allocated to the virtual machine, and one virtual machine disk can only be mounted by one virtual machine at the same time.
The virtual machine residual data protection comprises the following steps: and respectively clearing residual data of the virtual machine memory and the virtual machine disk.
Clearing residual data in the memory: after a virtual machine stops or migrates and before the memory space of the virtual machine is released or redistributed to other virtual machines, the memory space of the virtual machine is reset and cleared, such as the memory is emptied or random irrelevant information is written.
In the prior art, after the application system uses the information in the memory, the used memory cannot be cleaned, the memory storing the information is still stored in the memory after the program exits, and the information stored in the memory can be obtained if an attacker scans the memory. The dynamic allocation of the memory in the cloud computing environment is a great threat to the security, many high-level attacks are likely to utilize the residual information to obtain the sensitive information of other users through a very complex technology, and aiming at the security threat caused by the residual information of the memory, in a virtualization platform system, after a user closes a virtual machine or migrates the virtual machine, the memory resource of the corresponding virtual machine is recycled, and the released memory is subjected to write '0' processing, so that the situation that useful information cannot be detected in a newly started virtual machine is guaranteed. Fig. 5 is a schematic diagram illustrating a memory remaining information elimination process.
And (3) clearing residual data of the disk: after a virtual machine is deleted, the disk storage space of the virtual machine is subjected to zero writing clearing before the disk storage space of the virtual machine is released or redistributed to other virtual machines.
As shown in fig. 6, when deleting a virtual machine, the system first confirms physical disk volume information corresponding to a virtual disk, performs bitwise random data writing, bitwise full "0" and bitwise full "1" data writing operations successively on each disk related to the virtual machine, and completes a "clearing" operation of the virtual machine disk through at least seven rounds of forced operations of the random data, the full "0" and the full "1" data, thereby implementing protection of the remaining data of the virtual machine disk. After the disk residual information is destroyed through protective 'clearing', the system deletes the virtual machine disk and completes deletion of the virtual machine object data. When other users are allocated to use the block of storage space, a 'emptied' safe disk volume can be obtained, any 'residual information' cannot be obtained through a technical means, and the residual information safety of the users is effectively guaranteed.
Virtual machine security communication management: data transmission between subsystems of the virtualized platform system is encrypted.
The virtual machine resists denial of service attacks: an independent virtual switch is allocated to each virtual machine, each virtual machine switch is bound with a physical network port, so that all network data packets entering the virtual machine and sent out from the virtual machine need to be subjected to data exchange through the physical switch, and internal data exchange does not need to be carried out between the virtual machines on the same host server through the virtual switch, so that the network data of the virtual machines can be monitored by using security protection mechanisms such as a hardware firewall and the like in the existing physical network environment, and the occurrence of denial of service attack resistance is avoided, as shown in fig. 7. In addition, the virtualization platform system can limit the uplink and downlink network flow of the designated virtual machine, and can also alarm the virtual machine with abnormal flow to remind an administrator to notice whether the denial of service attack exists.
In some embodiments, the method for secure management of virtual cloud desktops further comprises virtual machine secure migration management.
The virtual machine safe migration management comprises the following steps:
when the host server is registered to the virtualization platform system, the virtualization platform system calls an authentication system according to the information of the host server to generate an equipment signature digital certificate of the host server from the root certificate, and sends the equipment signature digital certificate (public and private keys) to the host server; for example, the virtualization platform system issues a device-signing digital certificate for a host server by the existing PKI/CA certification system, and items that must be included in a template of the device-signing digital certificate are "computer name of device and security level of device";
during virtual machine migration operation, a source server generating the migration operation initiates a connection request, and an encrypted connection channel is established between the source server and a target server;
as shown in fig. 8, after receiving the connection request from the source server, the target server verifies the device-signed digital certificate of the source server: if the verification is passed, the source server executes virtual machine migration operation by using the encrypted connection channel; and if the verification is not passed, the target server refuses the connection request and interrupts the virtual machine migration operation. In the whole migration process, the migration data of the virtual machine are transmitted by the encryption channel.
In some embodiments, the security management method of the virtual cloud desktop further includes the following steps: and utilizing a Mandatory Access Control (MAC) and multi-class security (MCS) to perform virtual machine anti-escape and virtual machine escape monitoring. The method comprises the following steps that a traditional Access Control List (ACL) is subjected to security enhancement by mandatory access control, and a security context mark is added to each object in a mandatory access control mode, so that a process has the authority of the traditional access control list and can access system resources only by obtaining the authorization of a mandatory access control strategy; the multi-class security is a function enhancement for mandatory access control, and the multi-class security expands a sensitive level mark and a data classification mark on the basis of a security context mark of the mandatory access control, so as to realize the mandatory access control strategy with finer granularity.
When the virtualization platform system allocates resources of the virtual machine, a random mandatory access control and a multi-class security label are respectively allocated to resources such as a virtual machine process, a memory space owned by the virtual machine, a disk image, network equipment and the like, under the constraint of the mandatory access control system, the virtual machine can only access the resources and peripherals such as the memory space, the disk image, the network equipment and the like used by the virtualization platform system, cannot jump out of the limit and does not have any authority on other resources, and meanwhile, other virtual machines are also forcibly limited in the virtual machine, so that the virtual machine is effectively controlled to escape.
The foregoing is illustrative of the preferred embodiments of this invention, and it is to be understood that the invention is not limited to the precise form disclosed herein and that various other combinations, modifications, and environments may be resorted to, falling within the scope of the concept as disclosed herein, either as described above or as apparent to those skilled in the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (6)
1. The safety management method of the virtual cloud desktop is characterized by comprising one or more of virtual machine manager safety management, virtual machine safety isolation, virtual machine residual data protection, virtual machine safety communication management and virtual machine rejection service attack;
and (3) safety management of a virtual machine manager: acquiring monitoring and auditing log information of preset types in a virtual desktop management server, and generating anti-tampering auditing information according to the monitoring and auditing log information;
the virtual machine is safely isolated: respectively carrying out security isolation on the virtual machine, the storage equipment and the network;
protecting residual data of the virtual machine: respectively clearing residual data of a virtual machine memory and a virtual machine disk;
virtual machine security communication management: encrypting data transmission among subsystems of a virtualization platform system;
the virtual machine resists denial of service attacks: and allocating an independent virtual switch for each virtual machine, wherein each virtual machine switch is bound with one physical network port.
2. The method for security management of the virtual cloud desktop according to claim 1, wherein the security management of the virtual machine manager comprises:
after reading the log file of the mandatory access control, extracting the override information of the mandatory access control;
reading a log file of system user login to form an audit log;
calling an interface of a virtual machine monitor to acquire operation monitoring data;
and calling an interface of the virtual machine monitor to acquire the version and the characteristic value information of the virtual machine monitor, and then generating the anti-tampering audit information.
3. The method for security management of the virtual cloud desktop according to claim 1, wherein the virtual machine security isolation comprises:
virtual machine operation isolation: for a plurality of virtual machines established on the same physical host, respectively allocating independent physical resources for each virtual machine;
isolating a virtual machine CPU: the virtualization platform system enables a virtual machine operating system to run on Ring1 of the CPU, and the execution and the context switching of virtual processor instructions are uniformly scheduled by the virtualization platform system;
isolating the memory of the virtual machine; the virtualization platform system is set to only use the exclusive memory mode;
virtual machine network isolation: performing network isolation between different virtual machines on the same physical host;
virtual machine storage isolation: the virtual machine is set to only access the storage space allocated to the virtual machine, and one virtual machine disk can only be mounted by one virtual machine at the same time.
4. The method for security management of the virtual cloud desktop according to claim 1, wherein the virtual machine residual data protection comprises:
clearing residual data in the memory: after one virtual machine stops or migrates and before the memory space of the virtual machine is released or redistributed to other virtual machines, resetting and clearing the memory space of the virtual machine;
and (3) clearing residual data of the disk: after a virtual machine is deleted, the disk storage space of the virtual machine is subjected to zero writing clearing before the disk storage space of the virtual machine is released or redistributed to other virtual machines.
5. The method for security management of the virtual cloud desktop according to claim 1, wherein the method for security management of the virtual cloud desktop further comprises the following steps:
when the host server is registered to the virtualization platform system, the virtualization platform system calls an authentication system according to the information of the host server to generate an equipment signature digital certificate of the host server from the root certificate, and sends the equipment signature digital certificate to the host server;
during virtual machine migration operation, a source server generating the migration operation initiates a connection request, and an encrypted connection channel is established between the source server and a target server;
after receiving the connection request sent by the source server, the target server verifies the equipment signature digital certificate of the source server: if the verification is passed, the source server executes virtual machine migration operation by using the encrypted connection channel; and if the verification is not passed, the target server refuses the connection request and interrupts the virtual machine migration operation.
6. The security management method for the virtual cloud desktop according to claim 1, wherein the security management method for the virtual cloud desktop further comprises the following steps: and performing virtual machine anti-escape and virtual machine escape monitoring by using mandatory access control and multi-class safety.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010796665.3A CN111966458A (en) | 2020-08-10 | 2020-08-10 | Safety management method of virtual cloud desktop |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010796665.3A CN111966458A (en) | 2020-08-10 | 2020-08-10 | Safety management method of virtual cloud desktop |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111966458A true CN111966458A (en) | 2020-11-20 |
Family
ID=73364210
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010796665.3A Pending CN111966458A (en) | 2020-08-10 | 2020-08-10 | Safety management method of virtual cloud desktop |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111966458A (en) |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102726007A (en) * | 2009-04-01 | 2012-10-10 | Nicira网络公司 | Method and apparatus for implementing and managing virtual switches |
| CN103281306A (en) * | 2013-05-03 | 2013-09-04 | 四川省电力公司信息通信公司 | Virtualized infrastructure platform for cloud data centers |
| CN105184164A (en) * | 2015-09-08 | 2015-12-23 | 成都博元科技有限公司 | Data processing method |
| CN105224867A (en) * | 2015-10-27 | 2016-01-06 | 成都卫士通信息产业股份有限公司 | A kind of based on the Host Security reinforcement means under virtualized environment |
| CN105429987A (en) * | 2015-11-25 | 2016-03-23 | 西安科技大学 | Security system for computer network |
| CN105487916A (en) * | 2015-11-24 | 2016-04-13 | 上海君是信息科技有限公司 | Security reinforcement method for virtual machine in desktop cloud environment |
| CN106610863A (en) * | 2015-10-21 | 2017-05-03 | 华为技术有限公司 | Virtual machine trusted migration method and apparatus |
| CN107169347A (en) * | 2017-05-08 | 2017-09-15 | 中国科学院信息工程研究所 | A kind of enhancing ARM platform virtual machines are examined oneself safe method and device |
| CN108388793A (en) * | 2018-01-09 | 2018-08-10 | 南瑞集团有限公司 | A kind of virtual machine escape means of defence based on Initiative Defense |
| CN108809935A (en) * | 2018-04-20 | 2018-11-13 | 国网江西省电力有限公司信息通信分公司 | A kind of cloud environment or the safety access control method under virtual environment and device |
| CN109472136A (en) * | 2018-10-26 | 2019-03-15 | 山东钢铁集团日照有限公司 | Virtualization cloud desktop security access method based on defense-in-depth |
| CN109818908A (en) * | 2017-11-21 | 2019-05-28 | 国网江西省电力有限公司信息通信分公司 | A kind of method of controlling security under cloud and virtual environment |
| CN110138855A (en) * | 2019-05-13 | 2019-08-16 | 武汉数字化设计与制造创新中心有限公司 | Development resources cloud platform and resource share method |
| CN111190694A (en) * | 2019-12-27 | 2020-05-22 | 山东乾云启创信息科技股份有限公司 | Virtualization security reinforcement method and device based on Roc platform |
| CN111399988A (en) * | 2020-04-08 | 2020-07-10 | 公安部第三研究所 | Memory security detection system and method of cloud platform |
-
2020
- 2020-08-10 CN CN202010796665.3A patent/CN111966458A/en active Pending
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102726007A (en) * | 2009-04-01 | 2012-10-10 | Nicira网络公司 | Method and apparatus for implementing and managing virtual switches |
| CN103281306A (en) * | 2013-05-03 | 2013-09-04 | 四川省电力公司信息通信公司 | Virtualized infrastructure platform for cloud data centers |
| CN105184164A (en) * | 2015-09-08 | 2015-12-23 | 成都博元科技有限公司 | Data processing method |
| CN106610863A (en) * | 2015-10-21 | 2017-05-03 | 华为技术有限公司 | Virtual machine trusted migration method and apparatus |
| CN105224867A (en) * | 2015-10-27 | 2016-01-06 | 成都卫士通信息产业股份有限公司 | A kind of based on the Host Security reinforcement means under virtualized environment |
| CN105487916A (en) * | 2015-11-24 | 2016-04-13 | 上海君是信息科技有限公司 | Security reinforcement method for virtual machine in desktop cloud environment |
| CN105429987A (en) * | 2015-11-25 | 2016-03-23 | 西安科技大学 | Security system for computer network |
| CN107169347A (en) * | 2017-05-08 | 2017-09-15 | 中国科学院信息工程研究所 | A kind of enhancing ARM platform virtual machines are examined oneself safe method and device |
| CN109818908A (en) * | 2017-11-21 | 2019-05-28 | 国网江西省电力有限公司信息通信分公司 | A kind of method of controlling security under cloud and virtual environment |
| CN108388793A (en) * | 2018-01-09 | 2018-08-10 | 南瑞集团有限公司 | A kind of virtual machine escape means of defence based on Initiative Defense |
| CN108809935A (en) * | 2018-04-20 | 2018-11-13 | 国网江西省电力有限公司信息通信分公司 | A kind of cloud environment or the safety access control method under virtual environment and device |
| CN109472136A (en) * | 2018-10-26 | 2019-03-15 | 山东钢铁集团日照有限公司 | Virtualization cloud desktop security access method based on defense-in-depth |
| CN110138855A (en) * | 2019-05-13 | 2019-08-16 | 武汉数字化设计与制造创新中心有限公司 | Development resources cloud platform and resource share method |
| CN111190694A (en) * | 2019-12-27 | 2020-05-22 | 山东乾云启创信息科技股份有限公司 | Virtualization security reinforcement method and device based on Roc platform |
| CN111399988A (en) * | 2020-04-08 | 2020-07-10 | 公安部第三研究所 | Memory security detection system and method of cloud platform |
Non-Patent Citations (1)
| Title |
|---|
| 周小芬;阳春福;沈宏杰;吴琪;: "硬件资源池身份识别关键技术", 电力信息与通信技术, no. 01, 15 January 2017 (2017-01-15), pages 56 - 59 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10528726B1 (en) | Microvisor-based malware detection appliance architecture | |
| RU2714607C2 (en) | Double self-test of memory for protection of multiple network endpoints | |
| US10216927B1 (en) | System and method for protecting memory pages associated with a process using a virtualization layer | |
| US10642753B1 (en) | System and method for protecting a software component running in virtual machine using a virtualization layer | |
| US9507935B2 (en) | Exploit detection system with threat-aware microvisor | |
| US10726127B1 (en) | System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer | |
| US9424430B2 (en) | Method and system for defending security application in a user's computer | |
| US9141812B2 (en) | Stateful reference monitor | |
| US8910238B2 (en) | Hypervisor-based enterprise endpoint protection | |
| WO2016109042A1 (en) | Microvisor-based malware detection endpoint architecture | |
| US20090125974A1 (en) | Method and system for enforcing trusted computing policies in a hypervisor security module architecture | |
| CN109446799B (en) | Memory data protection method, security component, computer equipment and storage medium | |
| Price | The paradox of security in virtual environments | |
| RU2460133C1 (en) | System and method of protecting computer applications | |
| Sun et al. | Cloud armor: Protecting cloud commands from compromised cloud services | |
| CN108241801B (en) | Method and device for processing system call | |
| CN111966458A (en) | Safety management method of virtual cloud desktop | |
| Zhang | Detection and mitigation of security threats in cloud computing | |
| EP1944676B1 (en) | Stateful reference monitor | |
| Srivastava et al. | Secure observation of kernel behavior | |
| US20230297687A1 (en) | Opportunistic hardening of files to remediate security threats posed by malicious applications | |
| Cullum | A Survey Of The Host Hypervisor Security Issues Presented In Public IAAS Environments And Their Solutions | |
| Pereira et al. | Virtualization and Security Aspects: An Overview | |
| US20230289204A1 (en) | Zero Trust Endpoint Device | |
| Kumar et al. | Virtualization Backbone of Cloud Computing-Analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |