CN113407941A - Edge cloud node and terminal user security management method - Google Patents
Edge cloud node and terminal user security management method Download PDFInfo
- Publication number
- CN113407941A CN113407941A CN202110696506.0A CN202110696506A CN113407941A CN 113407941 A CN113407941 A CN 113407941A CN 202110696506 A CN202110696506 A CN 202110696506A CN 113407941 A CN113407941 A CN 113407941A
- Authority
- CN
- China
- Prior art keywords
- edge cloud
- cloud node
- user
- node
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Virology (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for managing the safety of an edge cloud node and a terminal user, which comprises the following steps: the edge node system based on the edge cloud computing provides isolation based on user grouping so as to manage common edge nodes and monitor malicious software; the method comprises the steps that access based on a rule base is conducted on a physical host of an edge node, a malicious manager is prevented from threatening privacy data of a user from a management domain, viruses and malicious codes are prevented from spreading from one user to other users, and safety rule conflict between privacy of the user and a fog calculation provider is relieved; a special trusted environment edge cloud node is created based on a trusted computing technology, functions such as authorization, access rule configuration, trust level certification and monitoring are moved from a management domain to the trusted environment edge cloud node, and interference of the management domain on safety functions is avoided. The invention can prevent the manager of the edge cloud computing network from tampering or stealing the privacy of the user, and flexibly control and manage the resource sharing of the edge cloud node and the terminal user.
Description
Technical Field
The invention relates to the technical field of trusted computing in an edge cloud computing environment, in particular to a security management method for an edge cloud node and a terminal user.
Background
The edge cloud computing platform may allow users to access a dynamically configurable pool of shared computing resources, including network devices, servers, storage devices, and services, through ubiquitous, convenient and fast acquisition networks. The edge cloud computing platform can realize the rapid distribution and release of the configurable computing resources by means of the edge cloud nodes with lower management cost or lower interaction complexity between the user and the service provider.
However, while edge cloud computing offers people convenience, it also faces a significant security challenge. On one hand, in a mode of sharing computing resources by multiple users, the resources of the end users can be threatened by other malicious users; on the other hand, users worry about the threat of the management of the edge cloud nodes on own resources. The prior art is completed under the condition that the whole edge cloud node monitor is considered to be credible, and actually, the edge cloud node monitor can also become an attacked target. The edge cloud node monitor also provides a memory sharing method among the edge cloud nodes, which may be utilized by malicious edge cloud nodes, and may also cause sharing of violating security rules by inexperienced managers or users due to misconfiguration, or malicious obtained user privacy.
Disclosure of Invention
The invention provides a management method of an edge cloud node and a terminal user, which can prevent an edge cloud computing network manager from tampering or stealing user privacy and flexibly control and manage resource sharing of the edge cloud node and the terminal user.
The invention discloses a method for managing the safety of an edge cloud node and a terminal user, which comprises the following steps:
controlling the authority of the management domain, and dividing the authority of the management domain into system management, safety management and log management; the system management is used for managing virtual resources and completing the operation of creating and distributing edge cloud node resources; the security management is used for completing authorization and edge cloud node security access rule configuration; the log management records the running state of an upper layer edge cloud node from an edge cloud node monitor layer;
performing role grouping on user domains, and performing logic isolation on a plurality of terminal users; marking edge cloud nodes of all users and resources related to the user domains by using unique user domain security labels; according to the user isolation rule of the access rule base, resource sharing between edge cloud nodes and communication between the edge cloud nodes are monitored, so that logic isolation based on the user domain is achieved, and a manager is limited to check private data of the user domain.
Further, establishing a trusted environment edge cloud node based on an edge cloud node monitor, wherein the trusted environment edge cloud node comprises authorization, access rule configuration, trust level certification and monitoring; the method has the authority of configuring the security rules in the edge cloud node monitor, and meanwhile, the edge cloud nodes in other domains are prohibited from modifying the security rules in the edge cloud node monitor; and isolating the memory and the file system, and limiting the access of other edge cloud nodes to the edge cloud nodes of the trusted environment.
Further, controlling the right to manage the domain includes the steps of:
(1) when a management domain or a user domain requests to access other domains, the edge cloud node security control module intercepts the requests and analyzes the subjects, objects and operation types of the requests;
(2) the edge cloud node security control module transmits the requests to the execution module, and the execution module returns a judgment result according to the access edge cloud node rule base;
(3) the execution module returns the judgment result of permission/rejection to the edge cloud node security control module;
(4) and according to the judgment result, if the access request is allowed, the edge cloud node security control module allows the subject to access the object, otherwise, the access request is not allowed.
Further, the trust level certification is used as a basis for mutual trust of a platform provider and a user; on the basis of the existing trusted chain, a trusted root of the edge cloud node of the trusted environment is provided for the edge cloud node, and the trusted chain is transmitted to the inside of the edge cloud node of the trusted environment from the bottom physical trusted platform module, so that the internal integrity measurement of the edge cloud node of the trusted environment is realized.
Further, the edge cloud node comprises a monitoring agent, the monitoring agent is installed in a drive of the edge cloud node when the edge cloud node is created, the monitoring agent is used for monitoring module loading in the edge cloud node and obtaining an internal view, whether malicious software exists in the edge cloud node is monitored through multi-view comparison, and when the malicious software needs to be repaired, a manager sends an operation instruction to the edge cloud node in the trusted environment, so that actions of attacking other users in the edge cloud node are prevented.
Has the advantages that: compared with the prior art, the security service is separated from the management domain, the edge cloud computing network manager is prevented from tampering or stealing the user privacy, and the resource sharing of the edge cloud node and the terminal user is flexibly controlled and managed. Therefore, the technical scheme provided by the invention is more flexible and open, can be suitable for the edge cloud computing environment with the edge cloud node as the core, and has wider application scenes.
Drawings
Fig. 1 is a schematic diagram of an edge node and a terminal user security management method according to the present invention.
Detailed Description
The technical scheme of the invention is further explained by the specific implementation mode in combination with the attached drawings. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the steps as a sequential process, many of the steps can be performed in parallel, concurrently or simultaneously. In addition, the order of the steps may be rearranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
The invention provides a security management method for an edge cloud node and a terminal user in edge cloud computing. Fig. 1 is a flowchart of a security management method for an edge cloud node and an end user according to the present invention.
The edge cloud node system based on the edge cloud computing provides isolation based on user grouping and a trusted environment edge cloud node so as to manage common edge cloud nodes and monitor malicious software, access based on a rule base is implemented on a physical host of the edge cloud node, a malicious manager is prevented from threatening privacy data of users from a management domain, viruses and malicious codes are prevented from spreading from one user to other users, and safety rule conflict between the privacy of the users and an edge cloud computing provider is relieved.
1) In order to reduce the leakage of privacy information of the edge cloud nodes from users, the invention firstly eliminates the authority of the existing edge cloud node manager, prevents the manager from accessing the internal data of the edge cloud nodes of the users through technical means, and limits the operation of the manager on the edge cloud nodes of the users. Decomposing the original management mode through an access rule based on an edge cloud node rule base, and providing 3 new management interfaces: system management, security management and log management.
2) By adding an access rule base to the terminal user, the logic isolation based on user role grouping is realized, and viruses and malicious codes are prevented from spreading to other users.
3) According to the invention, a special trusted environment edge cloud node is created, functions such as authorization, access rule configuration, trust degree certification and monitoring are moved from the management domain to the trusted environment edge cloud node, and the interference of the management domain on the safety function is avoided.
Restricting the privileged operation of the administrator is one of the key points of the edge cloud node system of the present invention. In addition, a plurality of management roles need to be created in the management domain, so that a management mode of separating the authority of the management domain is realized, and a management interface with enhanced security is provided for the edge cloud node management platform. The invention separates the management authority of the management domain by dividing the management domain into a system management interface, a safety management interface and a log management interface. The system management is mainly designed for managing virtual resources, and completing operations such as creating and distributing edge cloud node resources; the security management is used for completing authorization and edge cloud node security access rule configuration, and the security management is moved to a special trusted environment edge cloud node from an original management domain; the log management records the running state of the upper edge cloud node from the edge cloud node monitor layer, including the user name of the execution operation, the ID of the target server, the action state, whether the operation is authorized, error codes of the edge cloud node operation system and the like, and not only provides a similar query interface, but also can prevent the log from being tampered.
In the multi-user mode, safety services meeting different safety rules, logic isolation and operation supervision need to be provided according to application scenarios of different users. In order to simplify the security management, the invention constructs a logic isolation method based on the user domain, and a security manager does not monitor a single edge cloud node and a single virtual resource any more, but manages the operation of the whole user domain based on the user role. The isolation rule of the invention is based on each user, and by using a unique user domain security label, the edge cloud nodes of all users and the resources related to the user domain can be marked. The arbitration monitor is mainly used for arbitrating, and monitoring resource sharing among the edge cloud nodes and communication among the edge cloud nodes according to the user isolation rule of the access rule base, so that logic isolation based on the user domain is realized, and a manager is limited to check the privacy data of the user domain.
In the framework of the invention, the monitoring agent in the edge cloud node does not acquire the privacy data of the user, meets the security rule of the access rule base, and is installed in the drive of the edge cloud node after the agreement between the user and the provider when the edge cloud node is created. The agent mainly has the functions of monitoring module loading in the edge cloud node and obtaining an internal view, and monitoring whether the malicious software exists in the edge cloud node or not through a multi-view comparison method. When the operation needs to be repaired, the manager can send an operation instruction to the edge cloud node in the trusted environment edge cloud node, so that the action of attacking other users in the edge cloud node is prevented. Based on the operation interception of the edge cloud node monitor to the upper layer edge cloud node, other kernel integrity monitoring modules such as the edge cloud node can be deployed in the trusted environment edge cloud node, and the access of the security component and the monitoring agent in the trusted environment edge cloud node to the internal resources of the edge cloud node both conform to the access rule in the rule base.
The invention realizes the function of controlling the authority of the management domain in the edge cloud node monitor. The present invention utilizes a security control module provided in the edge cloud node monitor. The module provides a universal access mechanism and a flexible secure hook function interface, and operates after the edge cloud node monitor is started. After a hook function is added in the security control module, when relevant operations such as event channels, authorization tables, memory mapping and the like occur between domains, the security control module intercepts calls and analyzes call parameters, a subject, an object and operation attributes are obtained from the call parameters, the access execution module judges, and the operation can be executed only if the access rules in the rule base are met. And for the protection of the key safety control module and the edge cloud node monitor, integrity measurement is carried out by using an integrity measurement mechanism based on the trusted platform module.
In the entitlement control rules of the present invention, an administrator in the administrative domain is prohibited from initiating security-related operations with the user domain, and no administrator is permitted to have the right to create an administrative account. And if the management user is other management users, enforcing access to the management user according to the role control and access list rules. The system management utilizes the original system management software to complete the resource allocation related operation of the user domain, but cannot check the memory page information allocated to the user domain. The security management provides the authority of the user for authorizing other users to access the shared memory of the user, and the access rules in the rule base can be configured through a tool located in the edge cloud node of the trusted environment. The log management is realized by modifying an event hook in the edge cloud node monitor, adding a log and an inquiry interface, and the access authority is protected by a security rule in a rule base, so that the authority separation management mode is realized.
In the execution module of the invention, the role control is a role-based module which is used for defining the roles of a manager and a user, distributing the authority based on the security label and defining the authority separation of the roles of system, security and log management. The access list rules define inter-domain access rules so as to implement user role-based management on the user domain, provide user domain-based packet isolation rules, and divide edge cloud nodes with the same user label into the same domain for system and security management. The access process of the invention to the authority is mainly divided into 4 steps:
(1) when a management domain or a user domain requests to access other domains, the edge cloud node security control module intercepts the requests and analyzes the subjects, objects and operation types of the requests;
(2) the edge cloud node security control module transmits the requests to the execution module, and the execution module returns a judgment result according to the access edge cloud node rule base;
(3) the execution module returns the judgment result of permission/rejection to the edge cloud node security control module;
(4) and according to the judgment result, if the access request is allowed, the edge cloud node security control module allows the subject to access the object, otherwise, the access request is not allowed.
The design of the edge cloud node monitor realizes the isolation of virtual resources (such as local area networks, disks, memories or CPUs) and can access information flow between edge cloud nodes. The invention improves the existing virtual resource isolation method, on one hand, limits and segments the authority of the administrator by using the arbitration of the security control module, and realizes the management mode of authority separation. And on the other hand, the edge cloud nodes and resources corresponding to different user groups are marked, so that the edge cloud nodes and resources corresponding to each user have unique IDs and the same type, and the marks are uniformly managed by an edge cloud node monitor. The security control module uses these tags to match against the access rules library, allowing communication or sharing of resources if the subject and object are of the same type and the access rules are satisfied.
In the user domain, the invention provides a lightweight memory isolation method on the edge cloud node monitor layer by utilizing memory address space switching and the execution prohibition flag bit of a CPU (Central processing Unit), when a module is executed, a client kernel stack is protected, an expanded kernel module is executed in the own address space, the switching operation of the address space is monitored by the edge cloud node monitor, whether the edge cloud node has the operation of destroying the kernel integrity can be checked on the edge cloud node monitor layer, and the execution environment of an untrusted module is isolated.
In consideration of privacy protection of users, besides adding access rules based on user role grouping in the edge cloud node rule base, support of security rules for privacy protection of specific users is also needed. Therefore, in the execution module of the edge cloud node system, a series of user-customized security rules are further implemented through the access list, so that which data of a user cannot be accessed by other edge cloud nodes or even management domains can be specified.
In the edge cloud node system, the security management and service functions are transplanted to the special trusted environment edge cloud nodes. The addition of the new edge cloud node type of the edge cloud node of the trusted environment is realized by modifying the source code of the edge cloud node monitor, the authority of the edge cloud node of the trusted environment for configuring the security rules in the edge cloud node monitor is provided, the edge cloud nodes of other domains are forbidden to modify the security rules in the edge cloud node monitor, and the access of the edge cloud nodes of the trusted environment by other edge cloud nodes can be limited by the isolation of the memory and the file system.
By using the virtual trusted platform module technology, on the basis of the existing trusted chain, the virtual trusted platform module is provided for the edge cloud node to serve as a trusted root of the trusted environment edge cloud node, and the trusted chain is transmitted to the inside of the trusted environment edge cloud node from the bottom physical trusted platform module, so that the internal integrity measurement of the trusted environment edge cloud node is realized. And the platform provider and the user can use the certification result as the mutual trust basis by using the trust certification result provided after deployment.
In the current security service function of the edge cloud node of the trusted environment, besides the platform trust level certification function, the malicious software monitoring and processing function based on cross view comparison is also provided. The following describes implementation of a system architecture after a security function is migrated from a management domain to a trusted environment edge cloud node, taking a monitoring function as an example.
The monitoring module of the trusted environment edge cloud node mainly comprises a control unit, a monitoring unit and a malicious software processing unit.
1) A control unit: the control unit is located in an application layer of the edge cloud node of the trusted environment, and interacts with the edge cloud node monitor and the user domain by utilizing a function library provided by the edge cloud node monitor. The functions mainly comprise: the method comprises the steps of displaying a safety linked list of each user domain, displaying the current attack condition of each user domain by the malicious software, and sending an instruction to a malicious software processing unit to process the corresponding malicious software. The safety chain table is used for storing the module information of the edge cloud node corresponding to the user, and the safety chain table located on the edge cloud node monitor layer has higher reliability, so that the module view information of the edge cloud node layer of the user can be prevented from being damaged.
2) A monitoring unit: the monitoring unit is deployed in an edge cloud node monitor layer and comprises hidden code monitoring and privacy information monitoring. The hidden code monitoring method comprises the steps that hidden codes existing in edge cloud nodes are monitored by the hidden codes; the privacy information monitoring unit monitors tampering of the system kernel privacy information by malicious software and timely recovers the system kernel privacy information when monitoring that the system kernel privacy information is attacked.
3) A malware processing unit: the malicious software processing unit is deployed in a kernel space of a user domain and is used as a functional unit to be embedded into the monitoring agent in the edge cloud node system, so that interaction with the control unit is realized, and a command of the control unit is received to provide information for the monitored malicious software to recover and unload the module.
Claims (5)
1. An edge cloud node and end user security management method is characterized by comprising the following steps:
controlling the authority of the management domain, and dividing the authority of the management domain into system management, safety management and log management; the system management is used for managing virtual resources and completing the operation of creating and distributing edge cloud node resources; the security management is used for completing authorization and edge cloud node security access rule configuration; the log management records the running state of an upper layer edge cloud node from an edge cloud node monitor layer;
performing role grouping on user domains, and performing logic isolation on a plurality of terminal users; marking edge cloud nodes of all users and resources related to the user domains by using unique user domain security labels; according to the user isolation rule of the access rule base, resource sharing between edge cloud nodes and communication between the edge cloud nodes are monitored, so that logic isolation based on the user domain is achieved, and a manager is limited to check private data of the user domain.
2. The edge cloud node and end-user security management method of claim 1, wherein a trusted environment edge cloud node is established based on an edge cloud node monitor, the trusted environment edge cloud node comprising authorization, access rule configuration, trust level attestation, and monitoring; the method has the authority of configuring the security rules in the edge cloud node monitor, and meanwhile, the edge cloud nodes in other domains are prohibited from modifying the security rules in the edge cloud node monitor; and isolating the memory and the file system, and limiting the access of other edge cloud nodes to the edge cloud nodes of the trusted environment.
3. The edge cloud node and end user security management method of claim 2, wherein controlling the authority of the management domain comprises the steps of:
(1) when a management domain or a user domain requests to access other domains, the edge cloud node security control module intercepts the requests and analyzes the subjects, objects and operation types of the requests;
(2) the edge cloud node security control module transmits the requests to the execution module, and the execution module returns a judgment result according to the access edge cloud node rule base;
(3) the execution module returns the judgment result of permission/rejection to the edge cloud node security control module;
(4) and according to the judgment result, if the access request is allowed, the edge cloud node security control module allows the subject to access the object, otherwise, the access request is not allowed.
4. The edge cloud node and end user security management method according to claim 2, wherein the trust level certification is used as a basis for mutual trust between a platform provider and a user; on the basis of the existing trusted chain, a trusted root of the edge cloud node of the trusted environment is provided for the edge cloud node, and the trusted chain is transmitted to the inside of the edge cloud node of the trusted environment from the bottom physical trusted platform module, so that the internal integrity measurement of the edge cloud node of the trusted environment is realized.
5. The edge cloud node and end user security management method according to claim 1, wherein the edge cloud node includes a monitoring agent, and is installed in a driver of the edge cloud node when the edge cloud node is created, and is used for monitoring module loading in the edge cloud node and obtaining an internal view, and comparing and monitoring whether malicious software exists inside the edge cloud node through multiple views, and when the malicious software needs to be repaired, a manager sends an operation instruction to the edge cloud node in a trusted environment, so as to prevent actions of attacking other users from occurring inside the edge cloud node.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110696506.0A CN113407941A (en) | 2021-06-23 | 2021-06-23 | Edge cloud node and terminal user security management method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110696506.0A CN113407941A (en) | 2021-06-23 | 2021-06-23 | Edge cloud node and terminal user security management method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113407941A true CN113407941A (en) | 2021-09-17 |
Family
ID=77682504
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110696506.0A Pending CN113407941A (en) | 2021-06-23 | 2021-06-23 | Edge cloud node and terminal user security management method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113407941A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113992362A (en) * | 2021-10-09 | 2022-01-28 | 南京理工大学 | Service data protection method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103281306A (en) * | 2013-05-03 | 2013-09-04 | 四川省电力公司信息通信公司 | Virtualized infrastructure platform for cloud data centers |
CN105184147A (en) * | 2015-09-08 | 2015-12-23 | 成都博元科技有限公司 | User security management method for cloud computing platform |
CN105184164A (en) * | 2015-09-08 | 2015-12-23 | 成都博元科技有限公司 | Data processing method |
CN110300104A (en) * | 2019-06-21 | 2019-10-01 | 山东超越数控电子股份有限公司 | User right control and transfer method and system under a kind of edge cloud scene |
-
2021
- 2021-06-23 CN CN202110696506.0A patent/CN113407941A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103281306A (en) * | 2013-05-03 | 2013-09-04 | 四川省电力公司信息通信公司 | Virtualized infrastructure platform for cloud data centers |
CN105184147A (en) * | 2015-09-08 | 2015-12-23 | 成都博元科技有限公司 | User security management method for cloud computing platform |
CN105184164A (en) * | 2015-09-08 | 2015-12-23 | 成都博元科技有限公司 | Data processing method |
CN110300104A (en) * | 2019-06-21 | 2019-10-01 | 山东超越数控电子股份有限公司 | User right control and transfer method and system under a kind of edge cloud scene |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113992362A (en) * | 2021-10-09 | 2022-01-28 | 南京理工大学 | Service data protection method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11962622B2 (en) | Automated enforcement of security policies in cloud and hybrid infrastructure environments | |
US11991051B2 (en) | Providing mobile device management functionalities | |
CN105184164B (en) | A kind of data processing method | |
CN105184147B (en) | User safety management method in cloud computing platform | |
RU2679721C2 (en) | Attestation of host containing trusted execution environment | |
CN107820604B (en) | Para-virtualized security threat protection for computer driven systems with networked devices | |
Sabahi | Virtualization-level security in cloud computing | |
US8588422B2 (en) | Key management to protect encrypted data of an endpoint computing device | |
US8819767B2 (en) | Method for securing data and/or applications in a cloud computing architecture | |
US7076655B2 (en) | Multiple trusted computing environments with verifiable environment identities | |
US20090282457A1 (en) | Common representation for different protection architectures (crpa) | |
CN102394894A (en) | Network virtual disk file safety management method based on cloud computing | |
US8713640B2 (en) | System and method for logical separation of a server by using client virtualization | |
EP3090338A2 (en) | Providing mobile device management functionalities | |
Wen et al. | The study on data security in Cloud Computing based on Virtualization | |
Bokhari et al. | Security and privacy issues in cloud computing | |
Mustyala et al. | Advanced Security Mechanisms in Kubernetes: Isolation and Access Control Strategies | |
CN111083088B (en) | Cloud platform hierarchical management method and device based on multiple security domains | |
US11122079B1 (en) | Obfuscation for high-performance computing systems | |
CN113407941A (en) | Edge cloud node and terminal user security management method | |
CN106254442A (en) | A kind of cloud disk data transmission method based on virtual encryption disk and device | |
Loui et al. | Digital Flight Plans for Server Access Control: Restricting anomalous activity with path-based declarations of intentions | |
Kumar et al. | Ensuring security for virtualization in cloud services | |
CN112104638A (en) | Network equipment safety management method | |
KR102214162B1 (en) | A user-based object access control system using server's hooking |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210917 |
|
RJ01 | Rejection of invention patent application after publication |