CN117407864B - Trusted domain expansion method, system, device, equipment and computer medium - Google Patents
Trusted domain expansion method, system, device, equipment and computer medium Download PDFInfo
- Publication number
- CN117407864B CN117407864B CN202311707492.3A CN202311707492A CN117407864B CN 117407864 B CN117407864 B CN 117407864B CN 202311707492 A CN202311707492 A CN 202311707492A CN 117407864 B CN117407864 B CN 117407864B
- Authority
- CN
- China
- Prior art keywords
- key
- target
- keys
- result
- trusted domain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 144
- 238000012545 processing Methods 0.000 claims abstract description 226
- 230000008569 process Effects 0.000 claims abstract description 33
- 238000012163 sequencing technique Methods 0.000 claims description 38
- 238000012216 screening Methods 0.000 claims description 30
- 238000001914 filtration Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 10
- 238000003672 processing method Methods 0.000 claims 1
- 238000002955 isolation Methods 0.000 abstract description 6
- 230000000875 corresponding effect Effects 0.000 description 28
- 238000004891 communication Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 7
- 230000009286 beneficial effect Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 102100035263 Anion exchange transporter Human genes 0.000 description 2
- 101001094042 Homo sapiens Anion exchange transporter Proteins 0.000 description 2
- 108091006631 SLC13A4 Proteins 0.000 description 2
- 101150053912 SUT3 gene Proteins 0.000 description 2
- 102100035209 Solute carrier family 13 member 4 Human genes 0.000 description 2
- 101100204310 Arabidopsis thaliana SUC4 gene Proteins 0.000 description 1
- 101150093887 SUT4 gene Proteins 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention discloses a trusted domain expansion method, a system, a device, equipment and a computer medium, which relate to the technical field of cloud computing and are applied to a target server in a cloud computing platform to acquire target data and target processing requirements sent by a virtual machine manager; according to the target processing requirement, processing the target data by using a built-in trusted domain method to obtain a target processing result; sending the target processing result to the virtual machine manager so that the virtual machine manager sends the target processing result to the user server through the target virtual machine; wherein the target data comprises data generated by a user server. The target data generated by the user server is sent to the target server through the virtual machine and the virtual machine manager, the target server processes the target data by using a built-in trusted domain method to obtain a target processing result and then returns the target processing result to the user server, so that data isolation protection is provided for the user server in the cloud computing platform, and the data security is improved.
Description
Technical Field
The present invention relates to the field of cloud computing technologies, and in particular, to a trusted domain expansion method, a trusted domain expansion system, a trusted domain expansion device, an electronic device, and a computer readable storage medium.
Background
With the rise of cloud computing, the stable and reliable operation of servers in a cloud computing platform becomes the basis of all cloud services, and if the safety of the servers cannot be ensured in the process that users use the servers provided by cloud service manufacturers, the safety of user data cannot be ensured.
The data are stored in a large amount in the cloud disk of the cloud service manufacturer server, the data stored in the virtual machine used by different users by the cloud service manufacturer server are not completely isolated and safe, so that the data security among different users is difficult to ensure, and if the virtual machine data of one user is broken by a hacker, the data of other users are completely exposed in the management of the virtual machine, so that a large amount of data are invalid and lost.
In summary, how to improve the data security of the cloud computing platform is a problem to be solved by those skilled in the art.
Disclosure of Invention
The invention aims to provide a trusted domain expansion method which can solve the technical problem of how to improve the data security of a cloud computing platform to a certain extent. The invention also provides a trusted domain expansion system, a trusted domain expansion device, electronic equipment and a computer readable storage medium.
In order to achieve the above object, the present invention provides the following technical solutions:
a trusted domain expansion method is applied to a target server in a cloud computing platform and comprises the following steps:
acquiring target data and target processing requirements sent by a virtual machine manager;
according to the target processing requirement, processing the target data by using a built-in trusted domain method to obtain a target processing result;
the target processing result is sent to the virtual machine manager, so that the virtual machine manager sends the target processing result to a user server through a target virtual machine;
wherein the target data comprises data generated by the user server.
In an exemplary embodiment, the processing, according to the target processing requirement, the target data by using a built-in trusted domain method to obtain a target processing result includes:
determining a first key provided by the built-in trusted domain method;
filtering out the keys which are already applied in the first keys, and taking the keys which remain in the first keys as second keys;
judging whether the second secret key is empty or not;
if the second key is not null, screening a third key from the second key;
If the second key is empty, combining the first key to obtain a third key which is not applied;
and according to the target processing requirement, processing the target data by using the trusted domain method and the third key to obtain the target processing result.
In an exemplary embodiment, the screening the third key from the second keys includes:
according to the target processing requirements, estimating time consumption and power consumption for processing the target data by applying each second key;
sequencing the second secret keys according to the sequence from short time to high time consumption to obtain a first sequencing result;
sequencing the second keys according to the sequence from low power consumption to high power consumption to obtain a second sequencing result;
and screening the third key from the second key according to the first ordering result and the second ordering result.
In an exemplary embodiment, the screening the third key from the second key according to the first ordering result and the second ordering result includes:
for each second key, adding the sorting numbers of the second key in the first sorting result and the second sorting result to obtain a first sorting number;
And taking the second key corresponding to the smallest first sorting number as the third key.
In an exemplary embodiment, the screening the third key from the second key according to the first ordering result and the second ordering result includes:
determining respective weight values of the first sorting result and the second sorting result;
for each second key, according to the weight value, carrying out weighted summation on the sorting numbers of the second keys in the first sorting result and the second sorting result to obtain a first sorting number;
and taking the second key corresponding to the smallest first sorting number as the third key.
In an exemplary embodiment, the combining the first keys to obtain a third key that is not applied includes:
determining a first key number that constitutes the first key used by the key that has been applied;
adding one to the first key number to obtain a second key number;
according to the target processing requirements, estimating time consumption and power consumption for processing the target data by applying each first key;
and selecting the first keys of the second key number according to the time consumption and the power consumption of each first key, and combining to obtain the third key.
In an exemplary embodiment, said selecting said first key of said second key number to be combined according to said time consumption and said power consumption of each said first key to obtain said third key comprises:
sequencing the first keys according to the sequence from short time to high time consumption to obtain a third sequencing result;
sequencing the first keys according to the sequence from low power consumption to high power consumption to obtain a fourth sequencing result;
for each first key, determining a second sequence number of the first key according to the sequence numbers of the first key in the third sequence result and the fourth sequence result;
and selecting the first keys of the second key number according to the second sequence number, and combining the first keys to obtain the third key.
In an exemplary embodiment, the combining the first keys to obtain a third key that is not applied includes:
determining a first key number that constitutes the first key used by the key that has been applied;
randomly combining the first keys of the first key number to obtain a fourth key;
filtering out the keys which are already applied in the fourth keys, and taking the keys which remain in the fourth keys as fifth keys;
And screening the third key from the fifth keys.
In an exemplary embodiment, after the target data is processed by applying the trusted domain method and the third key according to the target processing requirement to obtain the target processing result, the method further includes:
establishing a binding relationship between the third key and the user server;
and storing the binding relation.
In an exemplary embodiment, the storing the binding relationship includes:
taking the identification of the user server as a key;
taking the third key corresponding to the user server as a value;
and storing the binding relation by applying a key value pair.
In an exemplary embodiment, before determining the first key provided by the built-in trusted domain method, the method further includes:
judging whether the binding relation corresponding to the user server is stored or not;
if the binding relation is stored, reading the binding relation by taking the identifier of the user server as a key to obtain the third key, and processing the target data by applying the trusted domain method and the third key according to the target processing requirement to obtain the target processing result;
And if the binding relation is not stored, executing the step of determining the first key provided by the built-in trusted domain method.
A trusted domain expansion system, applied to a target server in a cloud computing platform, comprising:
the first acquisition module is used for acquiring target data and target processing requirements sent by the virtual machine manager;
the first processing module is used for processing the target data by applying a built-in trusted domain method according to the target processing requirement to obtain a target processing result;
the first sending module is used for sending the target processing result to the virtual machine manager so that the virtual machine manager sends the target processing result to a user server through a target virtual machine;
wherein the target data comprises data generated by the user server.
A trusted domain expansion device applied to a cloud computing platform, comprising:
a target number of user servers for generating target data and target processing requirements; processing a target processing result of the target data;
the virtual machines are in one-to-one correspondence with each user server and are used for sending the target data and the target processing requirements to a virtual machine manager; the target processing result is sent to the corresponding user server;
The virtual machine manager is connected with the virtual machine and is used for sending the target data and the target processing requirements to a target server; sending the target processing result to the corresponding virtual machine;
the target server is connected with the virtual machine manager and is used for acquiring the target data and the target processing requirement sent by the virtual machine manager, processing the target data by using a built-in trusted domain method according to the target processing requirement to obtain a target processing result, and sending the target processing result to the virtual machine manager.
An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the trusted domain expansion method as described in any one of the above when executing said computer program.
A computer readable storage medium having stored therein a computer program which when executed by a processor performs the steps of the trusted domain expansion method as claimed in any one of the preceding claims.
The trusted domain expansion method provided by the invention is applied to a target server in a cloud computing platform, and is used for acquiring target data and target processing requirements sent by a virtual machine manager; according to the target processing requirement, processing the target data by using a built-in trusted domain method to obtain a target processing result; sending the target processing result to the virtual machine manager so that the virtual machine manager sends the target processing result to the user server through the target virtual machine; wherein the target data comprises data generated by a user server. The beneficial effects of the invention are as follows: the target data generated by the user server is sent to the target server through the virtual machine and the virtual machine manager, the target server processes the target data by using a built-in trusted domain method to obtain a target processing result and then returns the target processing result to the user server, so that the user server in the cloud computing platform can conduct data isolation protection by means of the trusted domain method of the target server, the data security of the cloud computing platform is improved, and the data protection can be conducted on a plurality of user servers only by means of the built-in trusted domain method on the target server, so that the cloud computing platform is good in expandability. The invention also solves the corresponding technical problems.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a first flowchart of a trusted domain expansion method according to an embodiment of the present invention;
FIG. 2 is a second flowchart of a trusted domain expansion method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a trusted domain expansion system according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a trusted domain expansion device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention;
fig. 6 is another schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, fig. 1 is a first flowchart of a trusted domain expansion method according to an embodiment of the present invention.
The trusted domain expansion method provided by the embodiment of the invention is applied to the target server in the cloud computing platform and can comprise the following steps:
step S101: target data and target processing requirements sent by a virtual machine manager are obtained, wherein the target data comprises data generated by a user server.
In practical application, the target server may first obtain the target data and the target processing requirement sent by the virtual machine manager, so as to process the target data according to the target processing requirement, where the target processing requirement may be an encryption requirement or a decryption requirement.
It should be noted that, the cloud computing platform includes a target server, a virtual machine manager, a virtual machine and a user server, and the target data is generated by the user server and sent to the target server for processing via the virtual machine and the virtual machine manager, where the target server may be a cloud service manufacturer server or the like.
Step S102: and processing the target data by using a built-in trusted domain method according to the target processing requirement to obtain a target processing result.
In practical application, the trusted domain (TDX, trust Domain Extensions) method is already preset in the target server, so that after the target server receives the target data and the target processing requirement, the target server can process the target data by using the built-in trusted domain method according to the target processing requirement to obtain a target processing result.
Step S103: sending the target processing result to the virtual machine manager so that the virtual machine manager sends the target processing result to the user server through the target virtual machine; wherein the target data comprises data generated by a user server.
In practical application, after obtaining the target processing result, the target server needs to return the target processing result to the user server, that is, the target server needs to send the target processing result to the user server through the virtual machine manager and the virtual machine, so that the user server can store or apply the target processing result.
In the cloud computing platform, a single virtual machine manager is connected with a plurality of virtual machines, and each virtual machine can be connected with one user server, so that data isolation protection can be provided for a plurality of user servers only by deploying a trusted domain method on a target server, the trusted domain expansion efficiency of the cloud computing platform is improved, and the trusted domain expansion consumption of the cloud computing platform is reduced.
The trusted domain expansion method provided by the invention is applied to a target server in a cloud computing platform, and is used for acquiring target data and target processing requirements sent by a virtual machine manager; according to the target processing requirement, processing the target data by using a built-in trusted domain method to obtain a target processing result; sending the target processing result to the virtual machine manager so that the virtual machine manager sends the target processing result to the user server through the target virtual machine; wherein the target data comprises data generated by a user server. The beneficial effects of the invention are as follows: the target data generated by the user server is sent to the target server through the virtual machine and the virtual machine manager, the target server processes the target data by using a built-in trusted domain method to obtain a target processing result and then returns the target processing result to the user server, so that the user server in the cloud computing platform can conduct data isolation protection by means of the trusted domain method of the target server, the data security of the cloud computing platform is improved, and the data protection can be conducted on a plurality of user servers only by means of the built-in trusted domain method on the target server, so that the cloud computing platform is good in expandability.
Referring to fig. 2, fig. 2 is a second flowchart of a trusted domain expansion method according to an embodiment of the present invention.
The trusted domain expansion method provided by the embodiment of the invention is applied to the target server in the cloud computing platform and can comprise the following steps:
step S201: and acquiring target data and target processing requirements sent by the virtual machine manager.
Step S202: a first key provided by a built-in trusted domain method is determined.
Step S203: filtering out the keys which are already applied in the first keys, and taking the keys which are remained in the first keys as second keys.
Step S204: judging whether the second secret key is empty or not; if the second key is not null, step S205 is performed; if the second key is empty, step S206 is performed.
Step S205: and screening the third key from the second key.
Step S206: the first keys are combined to obtain a third key which is not applied.
Step S207: and processing the target data by applying the trusted domain method and the third key according to the target processing requirement to obtain a target processing result.
In practical applications, considering that the trusted domain method performs isolated protection on data through the full memory encryption-multiple key technology, and the key applied by a single user server needs to be different from other servers, even if the key of the single user server is cracked, the keys of other user servers cannot be cracked, so that independent keys need to be allocated to each user server. Therefore, the target server can firstly determine the first secret key provided by the built-in trusted domain method, namely, firstly determine all secret keys provided by the trusted domain method in the process of processing target data by using the built-in trusted domain method according to target processing requirements to obtain target processing results; since the key cannot be used again after being used, the applied key in the first key needs to be filtered, and the remaining key in the first key is used as a second key; considering that the first key is used, whether the second key is empty or not is judged; if the second secret key is not null, screening a third secret key from the second secret key; if the second key is empty, the first keys are required to be combined to obtain a third key which is not applied, namely, a plurality of first keys are required to be selected to process the target data at the moment; and processing the target data by applying the trusted domain method and the third key according to the target processing requirement to obtain a target processing result.
In practical application, in the process of screening the third key from the second key, considering that the application key is time-consuming and consumes the power consumption of the target server when the data required to be processed by the target server is more, the power consumption is increased, and the total power consumption of the target server has an upper limit, so that the power consumption of single data can influence the upper limit of the processing of the target server, and in order to enable the target server to flexibly process the data of the user server, the target server can estimate the time-consuming and the power consumption of processing the target data by applying each second key according to the target processing requirement; sequencing the second secret keys according to the sequence from short time to high time to obtain a first sequencing result; sequencing the second secret keys according to the sequence from low power consumption to high power consumption to obtain a second sequencing result; and screening a third key from the second keys according to the first sorting result and the second sorting result. That is, the target server may choose the third key based on a combination of time and power consumption of the key.
In a specific application scene, in the process of screening a third key from the second keys according to the first sorting result and the second sorting result, for each second key, the target server can add the sorting numbers of the second key in the first sorting result and the second sorting result to obtain a first sorting number; and taking the second key corresponding to the smallest first sorting number as a third key.
In a specific application scene, the target server can determine the weight value of each of the first ordering result and the second ordering result in the process of screening the third key from the second key according to the first ordering result and the second ordering result; for each second key, carrying out weighted summation on the ordering numbers of the second keys in the first ordering result and the second ordering result according to the weight value to obtain a first ordering number; and taking the second key corresponding to the smallest first sorting number as a third key.
In practical application, the target server can determine the first key number of the first keys used for forming the applied keys in the process of combining the first keys to obtain the third keys which are not applied; adding one to the first key number to obtain a second key number; according to the target processing requirement, estimating the time consumption and the power consumption for processing the target data by applying each first key; according to the time consumption and the power consumption of each first key, the first keys with the second key numbers are selected and combined to obtain the third key, and the third key combined by the first keys with the first key numbers with the second key numbers is not used necessarily because the second key numbers are 1 larger than the first key numbers, so that the determination efficiency of the third key can be improved.
In a specific application scene, in the process of combining the first keys of the second key number according to the time consumption and the power consumption of each first key, the target server can flexibly select the first keys to be combined according to the time consumption and the power consumption, namely, the first keys are sequenced according to the sequence from short time consumption to high time consumption, so as to obtain a third sequencing result; sequencing the first keys according to the sequence from low power consumption to high power consumption to obtain a fourth sequencing result; for each first key, determining a second sequence number of the first key according to the sequence numbers of the first key in the third sequence result and the fourth sequence result; and selecting the first keys of the second key number according to the second sequence number, and combining to obtain a third key.
In practical application, in the process of combining the first keys to obtain the third keys which are not applied, in order to apply the first keys as little as possible to obtain the third keys, the target server can determine the first key number of the first keys used for forming the applied keys; randomly combining the first keys of the first key number to obtain a fourth key; filtering out the keys which are already applied in the fourth key, and taking the remaining keys in the fourth key as fifth keys; and screening the third key from the fifth keys.
In practical application, after the target server processes the target data by applying the trusted domain method and the third key according to the target processing requirement to obtain a target processing result, the data in a single user server can share one key for processing, namely the user servers can be in one-to-one correspondence with the keys, so that a binding relationship between the third key and the user servers can be established; and storing the binding relationship so that the key corresponding to the user server can be directly determined by the subsequent application of the binding relationship.
In a specific application scene, the target server can quickly save the binding relationship by means of key value pairs in the process of storing the binding relationship, namely, the identification of the user server can be used as a key; taking a third key corresponding to the user server as a value; the binding relationship is saved by applying the key value pairs.
In a specific application scene, under the condition of binding relationship, the target server can also judge whether the binding relationship corresponding to the user server is stored or not before determining the first key provided by the built-in trusted domain method; if the binding relation is stored, reading the binding relation by taking the identifier of the user server as a key to obtain a third key, and processing target data by applying a trusted domain method and the third key according to target processing requirements to obtain a target processing result; and if the binding relation is not stored, executing the step of determining the first key provided by the built-in trusted domain method to determine the key corresponding to the user server in real time.
Step S208: sending the target processing result to the virtual machine manager so that the virtual machine manager sends the target processing result to the user server through the target virtual machine; wherein the target data comprises data generated by a user server.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a trusted domain expansion system according to an embodiment of the present invention.
The trusted domain expansion system provided by the embodiment of the invention is applied to a target server in a cloud computing platform and can comprise the following components:
a first obtaining module 101, configured to obtain target data and a target processing requirement sent by a virtual machine manager;
the first processing module 102 is configured to process the target data by applying a built-in trusted domain method according to the target processing requirement, so as to obtain a target processing result;
a first sending module 103, configured to send the target processing result to the virtual machine manager, so that the virtual machine manager sends the target processing result to the user server through the target virtual machine;
wherein the target data comprises data generated by a user server.
The invention provides a trusted domain expansion system, which is applied to a target server in a cloud computing platform and comprises the following components: the first acquisition module is used for acquiring target data and target processing requirements sent by the virtual machine manager; the first processing module is used for processing the target data by using a built-in trusted domain method according to the target processing requirement to obtain a target processing result; the first sending module is used for sending the target processing result to the virtual machine manager so that the virtual machine manager can send the target processing result to the user server through the target virtual machine; wherein the target data comprises data generated by a user server. The beneficial effects of the invention are as follows: the target data generated by the user server is sent to the target server through the virtual machine and the virtual machine manager, the target server processes the target data by using a built-in trusted domain method to obtain a target processing result and then returns the target processing result to the user server, so that the user server in the cloud computing platform can conduct data isolation protection by means of the trusted domain method of the target server, the data security of the cloud computing platform is improved, and the data protection can be conducted on a plurality of user servers only by means of the built-in trusted domain method on the target server, so that the cloud computing platform is good in expandability.
The trusted domain expansion system provided by the embodiment of the invention is applied to a target server in a cloud computing platform, and the first processing module can comprise:
a first determining unit, configured to determine a first key provided by a built-in trusted domain method;
the first filtering unit is used for filtering out the applied keys in the first keys, and taking the remaining keys in the first keys as second keys;
a first judging unit for judging whether the second key is empty; if the second secret key is not null, screening a third secret key from the second secret key; if the second key is empty, combining the first key to obtain a third key which is not applied;
and the first processing unit is used for processing the target data by applying the trusted domain method and the third key according to the target processing requirement to obtain a target processing result.
The trusted domain expansion system provided by the embodiment of the invention is applied to a target server in a cloud computing platform, and the first judging unit can be specifically used for: according to the target processing requirement, estimating the time consumption and the power consumption for processing the target data by applying each second key; sequencing the second secret keys according to the sequence from short time to high time to obtain a first sequencing result; sequencing the second secret keys according to the sequence from low power consumption to high power consumption to obtain a second sequencing result; and screening a third key from the second keys according to the first sorting result and the second sorting result.
The trusted domain expansion system provided by the embodiment of the invention is applied to a target server in a cloud computing platform, and the first judging unit can be specifically used for: for each second key, adding the ordering numbers of the second keys in the first ordering result and the second ordering result to obtain a first ordering number; and taking the second key corresponding to the smallest first sorting number as a third key.
The trusted domain expansion system provided by the embodiment of the invention is applied to a target server in a cloud computing platform, and the first judging unit can be specifically used for: determining the weight value of each of the first sorting result and the second sorting result; for each second key, carrying out weighted summation on the ordering numbers of the second keys in the first ordering result and the second ordering result according to the weight value to obtain a first ordering number; and taking the second key corresponding to the smallest first sorting number as a third key.
The trusted domain expansion system provided by the embodiment of the invention is applied to a target server in a cloud computing platform, and the first judging unit can be specifically used for: determining a first key number that constitutes a first key for the keys that have been applied; adding one to the first key number to obtain a second key number; according to the target processing requirement, estimating the time consumption and the power consumption for processing the target data by applying each first key; and selecting the first keys of the second key number according to the time consumption and the power consumption of each first key, and combining to obtain a third key.
The trusted domain expansion system provided by the embodiment of the invention is applied to a target server in a cloud computing platform, and the first judging unit can be specifically used for: sequencing the first secret keys according to the sequence from short time to high time consumption to obtain a third sequencing result; sequencing the first keys according to the sequence from low power consumption to high power consumption to obtain a fourth sequencing result; for each first key, determining a second sequence number of the first key according to the sequence numbers of the first key in the third sequence result and the fourth sequence result; and selecting the first keys of the second key number according to the second sequence number, and combining to obtain a third key.
The trusted domain expansion system provided by the embodiment of the invention is applied to a target server in a cloud computing platform, and the first judging unit can be specifically used for: determining a first key number that constitutes a first key for the keys that have been applied; randomly combining the first keys of the first key number to obtain a fourth key; filtering out the keys which are already applied in the fourth key, and taking the remaining keys in the fourth key as fifth keys; and screening the third key from the fifth keys.
The trusted domain expansion system provided by the embodiment of the invention is applied to a target server in a cloud computing platform and can further comprise:
The first storage unit is used for processing the target data by applying the trusted domain method and the third key according to the target processing requirement, and establishing a binding relation between the third key and the user server after a target processing result is obtained; and storing the binding relation.
The trusted domain expansion system provided by the embodiment of the invention is applied to a target server in a cloud computing platform, and the first storage unit can be specifically used for: taking the identification of the user server as a key; taking a third key corresponding to the user server as a value; the binding relationship is saved by applying the key value pairs.
The trusted domain expansion system provided by the embodiment of the invention is applied to a target server in a cloud computing platform and can further comprise:
the second judging unit is used for judging whether the binding relation corresponding to the user server is stored or not before the first determining unit determines the first key provided by the built-in trusted domain method; if the binding relation is stored, reading the binding relation by taking the identifier of the user server as a key to obtain a third key, and processing target data by applying a trusted domain method and the third key according to target processing requirements to obtain a target processing result; and prompting the first determining unit to execute the step of determining the first key provided by the built-in trusted domain method if the binding relation is not stored.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a trusted domain expansion device according to an embodiment of the present invention.
The trusted domain expansion device provided by the embodiment of the invention is applied to a cloud computing platform and can comprise:
a target number of user servers for generating target data and target processing requirements; processing a target processing result of the target data;
the virtual machines are in one-to-one correspondence with each user server and are used for sending target data and target processing requirements to a virtual machine manager; the target processing result is sent to a corresponding user server;
the virtual machine manager is connected with the virtual machine and is used for sending the target data and the target processing requirements to the target server; sending the target processing result to the corresponding virtual machine;
the target server is connected with the virtual machine manager and is used for acquiring target data and target processing requirements sent by the virtual machine manager, processing the target data by applying a built-in trusted domain method according to the target processing requirements to obtain target processing results, and sending the target processing results to the virtual machine manager.
The invention provides a trusted domain expansion device, which is applied to a cloud computing platform and comprises: a target number of user servers for generating target data and target processing requirements; processing a target processing result of the target data; the virtual machines are in one-to-one correspondence with each user server and are used for sending target data and target processing requirements to a virtual machine manager; the target processing result is sent to a corresponding user server; the virtual machine manager is connected with the virtual machine and is used for sending the target data and the target processing requirements to the target server; sending the target processing result to the corresponding virtual machine; the target server is connected with the virtual machine manager and is used for acquiring target data and target processing requirements sent by the virtual machine manager, processing the target data by applying a built-in trusted domain method according to the target processing requirements to obtain target processing results, and sending the target processing results to the virtual machine manager. The beneficial effects of the invention are as follows: the target data generated by the user server is sent to the target server through the virtual machine and the virtual machine manager, the target server processes the target data by using a built-in trusted domain method to obtain a target processing result and then returns the target processing result to the user server, so that the user server in the cloud computing platform can conduct data isolation protection by means of the trusted domain method of the target server, the data security of the cloud computing platform is improved, and the data protection can be conducted on a plurality of user servers only by means of the built-in trusted domain method on the target server, so that the cloud computing platform is good in expandability.
The trusted domain expansion device provided by the embodiment of the invention is applied to a cloud computing platform, and a target server can determine a first key provided by a built-in trusted domain method in the process of processing target data by applying the built-in trusted domain method according to target processing requirements to obtain a target processing result; filtering out the keys which are already applied in the first key, and taking the remaining keys in the first key as second keys; judging whether the second secret key is empty or not; if the second secret key is not null, screening a third secret key from the second secret key; if the second key is empty, combining the first key to obtain a third key which is not applied; and processing the target data by applying the trusted domain method and the third key according to the target processing requirement to obtain a target processing result.
The trusted domain expansion device provided by the embodiment of the invention is applied to a cloud computing platform, and in the process of screening the third key from the second keys, the target server can estimate the time consumption and the power consumption for processing target data by applying each second key according to the target processing requirement; sequencing the second secret keys according to the sequence from short time to high time to obtain a first sequencing result; sequencing the second secret keys according to the sequence from low power consumption to high power consumption to obtain a second sequencing result; and screening a third key from the second keys according to the first sorting result and the second sorting result.
The trusted domain expansion device provided by the embodiment of the invention is applied to a cloud computing platform, and a target server can add the ordering numbers of the second keys in the first ordering result and the second ordering result to obtain a first ordering number for each second key in the process of screening the third keys in the second keys according to the first ordering result and the second ordering result; and taking the second key corresponding to the smallest first sorting number as a third key.
The trusted domain expansion device provided by the embodiment of the invention is applied to a cloud computing platform, and a target server can determine the respective weight values of a first ordering result and a second ordering result in the process of screening a third key from the second key according to the first ordering result and the second ordering result; for each second key, carrying out weighted summation on the ordering numbers of the second keys in the first ordering result and the second ordering result according to the weight value to obtain a first ordering number; and taking the second key corresponding to the smallest first sorting number as a third key.
The trusted domain expansion device provided by the embodiment of the invention is applied to a cloud computing platform, and a target server combines first keys to obtain a third key which is not applied, and can determine the first key number of the first keys used for forming the applied keys; adding one to the first key number to obtain a second key number; according to the target processing requirement, estimating the time consumption and the power consumption for processing the target data by applying each first key; and selecting the first keys of the second key number according to the time consumption and the power consumption of each first key, and combining to obtain a third key.
The trusted domain expansion device provided by the embodiment of the invention is applied to a cloud computing platform, and a target server selects and combines first keys with second keys according to the time consumption and the power consumption of each first key, and can sequence the first keys according to the sequence from short time consumption to high time consumption in the process of obtaining a third key to obtain a third sequencing result; sequencing the first keys according to the sequence from low power consumption to high power consumption to obtain a fourth sequencing result; for each first key, determining a second sequence number of the first key according to the sequence numbers of the first key in the third sequence result and the fourth sequence result; and selecting the first keys of the second key number according to the second sequence number, and combining to obtain a third key.
The trusted domain expansion device provided by the embodiment of the invention is applied to a cloud computing platform, and a target server combines first keys to obtain a third key which is not applied, and can determine the first key number of the first keys used for forming the applied keys; randomly combining the first keys of the first key number to obtain a fourth key; filtering out the keys which are already applied in the fourth key, and taking the remaining keys in the fourth key as fifth keys; and screening the third key from the fifth keys.
The trusted domain expansion device provided by the embodiment of the invention is applied to a cloud computing platform, and a target server processes target data by applying a trusted domain method and a third key according to target processing requirements, so that after a target processing result is obtained, a binding relationship between the third key and a user server can be established; and storing the binding relation.
The trusted domain expansion device provided by the embodiment of the invention is applied to a cloud computing platform, and a target server can take the identification of a user server as a key in the process of storing a binding relationship; taking a third key corresponding to the user server as a value; the binding relationship is saved by applying the key value pairs.
The trusted domain expansion device provided by the embodiment of the invention is applied to a cloud computing platform, and a target server can also judge whether a binding relation corresponding to a user server is stored or not before determining a first key provided by a built-in trusted domain method; if the binding relation is stored, reading the binding relation by taking the identifier of the user server as a key to obtain a third key, and processing target data by applying a trusted domain method and the third key according to target processing requirements to obtain a target processing result; and if the binding relation is not stored, executing the step of determining the first key provided by the built-in trusted domain method.
In practical application, the process of deploying the trusted domain expansion device of the invention can comprise the following steps:
step1: the target server hosting the TDX is deployed, enabling the TDX function. Namely, a target server SUT0 based on a TDX function is deployed, a latest version of CentOS system is installed, grub.cfg starting items are modified, the TDX function is enabled, a TDX installation package is compiled, a TDX.Repo is installed and created, an operating system is restarted, and the success of enabling the TDX function is confirmed.
Step2: and setting a virtual machine on the target server to complete the management function of the virtual machine. I.e., install dependency package, define and launch Guest Virtual Machine (VM, virtual machine), restart the operating system, confirm the connection VM and see that TDX function enablement was successful.
Step3: setting a virtual machine website and configuring a virtual machine network. That is, a virtual machine virsh is created, the MAC (Media Access Control Address ) address of the starting VM is checked, the DHCP (Dynamic Host Configuration Protocol ) address of all VMs started in the SUT0 is checked, and the DHCP address is mapped to the IP (Internet Protocol ) address of all VMs according to the MAC address, so as to realize the data communication network of all VMs.
Step4: and deploying a controlled user server and configuring a network. Namely, the user servers SUT1, SUT2 and SUT3 … are deployed, the latest version of the CenteOS system is installed, the network address IP in the user server is set, and the successful networking of the user server is ensured.
Step5: and the network is communicated, and the interconnection between the target server and the user server is realized. That is, using technologies such as TCP (Transmission Control Protocol )/IP, rdam (Remote Direct Memory Access, remote direct data access), etc., SUT1 is successfully connected to VM1, SUT2 is successfully connected to VM2, SUT3 is successfully connected to VM3, SUT4 is successfully connected to VM4 …, so that user servers used by all users are correspondingly connected to virtual machines in the target server.
The invention also provides electronic equipment and a computer readable storage medium, which have the corresponding effects of the trusted domain expansion method provided by the embodiment of the invention. Referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the invention.
An electronic device provided in an embodiment of the present invention includes a memory 201 and a processor 202, where the memory 201 stores a computer program, and the processor 202 implements the steps of the trusted domain expansion method described in any of the above embodiments when executing the computer program.
Referring to fig. 6, another electronic device provided in an embodiment of the present invention may further include: an input port 203 connected to the processor 202 for transmitting an externally input command to the processor 202; a display unit 204 connected to the processor 202, for displaying the processing result of the processor 202 to the outside; and the communication module 205 is connected with the processor 202 and is used for realizing communication between the electronic device and the outside. The display unit 204 may be a display panel, a laser scanning display, or the like; the communication means adopted by the communication module 205 include, but are not limited to, mobile High-Definition Link (MHL), universal serial bus (Universal Serial Bus, USB), high-Definition multimedia interface (High-Definition Multimedia Interface, HDMI), wireless connection: wireless fidelity technology (WIreless Fidelity, wiFi), bluetooth communication technology, bluetooth low energy communication technology, ieee802.11s based communication technology.
The embodiment of the invention provides a computer readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the steps of the trusted domain expansion method described in any embodiment above are implemented.
The computer readable storage medium to which the present invention relates includes random access Memory (Random Access Memory, RAM), memory, read-Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM (Compact Disc Read-Only Memory), or any other form of storage medium known in the art.
The description of the relevant parts in the trusted domain expansion system, the device, the electronic equipment and the computer readable storage medium provided by the embodiment of the invention is referred to in detail of the corresponding parts in the trusted domain expansion method provided by the embodiment of the invention, and is not repeated here. In addition, the parts of the above technical solutions provided in the embodiments of the present invention, which are consistent with the implementation principles of the corresponding technical solutions in the prior art, are not described in detail, so that redundant descriptions are avoided.
It is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (14)
1. The trusted domain expansion method is characterized by being applied to a target server in a cloud computing platform and comprising the following steps of:
acquiring target data and target processing requirements sent by a virtual machine manager;
according to the target processing requirement, processing the target data by using a built-in trusted domain method to obtain a target processing result;
the target processing result is sent to the virtual machine manager, so that the virtual machine manager sends the target processing result to a user server through a target virtual machine;
wherein the target data comprises data generated by the user server;
the method for processing the target data by using a built-in trusted domain method according to the target processing requirement to obtain a target processing result comprises the following steps:
Determining a first key provided by the built-in trusted domain method;
filtering out the keys which are already applied in the first keys, and taking the keys which remain in the first keys as second keys;
judging whether the second secret key is empty or not;
if the second key is not null, screening a third key from the second key;
if the second key is empty, combining the first key to obtain a third key which is not applied;
and according to the target processing requirement, processing the target data by using the trusted domain method and the third key to obtain the target processing result.
2. The method of claim 1, wherein the screening the third key from the second keys comprises:
according to the target processing requirements, estimating time consumption and power consumption for processing the target data by applying each second key;
sequencing the second secret keys according to the sequence from short time to high time consumption to obtain a first sequencing result;
sequencing the second keys according to the sequence from low power consumption to high power consumption to obtain a second sequencing result;
and screening the third key from the second key according to the first ordering result and the second ordering result.
3. The method of claim 2, wherein the screening the third key from the second key based on the first ordering result and the second ordering result comprises:
for each second key, adding the sorting numbers of the second key in the first sorting result and the second sorting result to obtain a first sorting number;
and taking the second key corresponding to the smallest first sorting number as the third key.
4. The method of claim 2, wherein the screening the third key from the second key based on the first ordering result and the second ordering result comprises:
determining respective weight values of the first sorting result and the second sorting result;
for each second key, according to the weight value, carrying out weighted summation on the sorting numbers of the second keys in the first sorting result and the second sorting result to obtain a first sorting number;
and taking the second key corresponding to the smallest first sorting number as the third key.
5. The method of claim 1, wherein combining the first keys to obtain a third key that is not applied comprises:
Determining a first key number that constitutes the first key used by the key that has been applied;
adding one to the first key number to obtain a second key number;
according to the target processing requirements, estimating time consumption and power consumption for processing the target data by applying each first key;
and selecting the first keys of the second key number according to the time consumption and the power consumption of each first key, and combining to obtain the third key.
6. The method of claim 5, wherein said selecting said first keys of said second key number for combining based on said time consumption and said power consumption of each of said first keys to obtain said third key comprises:
sequencing the first keys according to the sequence from short time to high time consumption to obtain a third sequencing result;
sequencing the first keys according to the sequence from low power consumption to high power consumption to obtain a fourth sequencing result;
for each first key, determining a second sequence number of the first key according to the sequence numbers of the first key in the third sequence result and the fourth sequence result;
And selecting the first keys of the second key number according to the second sequence number, and combining the first keys to obtain the third key.
7. The method of claim 1, wherein combining the first keys to obtain a third key that is not applied comprises:
determining a first key number that constitutes the first key used by the key that has been applied;
randomly combining the first keys of the first key number to obtain a fourth key;
filtering out the keys which are already applied in the fourth keys, and taking the keys which remain in the fourth keys as fifth keys;
and screening the third key from the fifth keys.
8. The method according to claim 1, wherein the applying the trusted domain method and the third key to process the target data according to the target processing requirement, after obtaining the target processing result, further comprises:
establishing a binding relationship between the third key and the user server;
and storing the binding relation.
9. The method of claim 8, wherein storing the binding relationship comprises:
Taking the identification of the user server as a key;
taking the third key corresponding to the user server as a value;
and storing the binding relation by applying a key value pair.
10. The method of claim 9, wherein prior to determining the first key provided by the built-in trusted domain method, further comprising:
judging whether the binding relation corresponding to the user server is stored or not;
if the binding relation is stored, reading the binding relation by taking the identifier of the user server as a key to obtain the third key, and processing the target data by applying the trusted domain method and the third key according to the target processing requirement to obtain the target processing result;
and if the binding relation is not stored, executing the step of determining the first key provided by the built-in trusted domain method.
11. A trusted domain expansion system, for application to a target server in a cloud computing platform, comprising:
the first acquisition module is used for acquiring target data and target processing requirements sent by the virtual machine manager;
the first processing module is used for processing the target data by applying a built-in trusted domain method according to the target processing requirement to obtain a target processing result;
The first sending module is used for sending the target processing result to the virtual machine manager so that the virtual machine manager sends the target processing result to a user server through a target virtual machine;
wherein the target data comprises data generated by the user server;
wherein the first processing module comprises:
a first determining unit, configured to determine a first key provided by the built-in trusted domain method;
the first filtering unit is used for filtering out the keys which are applied in the first keys, and taking the keys remained in the first keys as second keys;
a first judging unit, configured to judge whether the second key is null; if the second key is not null, screening a third key from the second key; if the second key is empty, combining the first key to obtain a third key which is not applied;
and the first processing unit is used for processing the target data by applying the trusted domain method and the third key according to the target processing requirement to obtain the target processing result.
12. A trusted domain expansion device, for use with a cloud computing platform, comprising:
A target number of user servers for generating target data and target processing requirements; processing a target processing result of the target data;
the virtual machines are in one-to-one correspondence with each user server and are used for sending the target data and the target processing requirements to a virtual machine manager; the target processing result is sent to the corresponding user server;
the virtual machine manager is connected with the virtual machine and is used for sending the target data and the target processing requirements to a target server; sending the target processing result to the corresponding virtual machine;
the target server is connected with the virtual machine manager and is used for acquiring the target data and the target processing requirement sent by the virtual machine manager, processing the target data by using a built-in trusted domain method according to the target processing requirement to obtain a target processing result, and sending the target processing result to the virtual machine manager;
the target server processes the target data by using a built-in trusted domain method according to the target processing requirement to obtain a target processing result, and the target processing method comprises the following steps: determining a first key provided by the built-in trusted domain method; filtering out the keys which are already applied in the first keys, and taking the keys which remain in the first keys as second keys; judging whether the second secret key is empty or not; if the second key is not null, screening a third key from the second key; if the second key is empty, combining the first key to obtain a third key which is not applied; and according to the target processing requirement, processing the target data by using the trusted domain method and the third key to obtain the target processing result.
13. An electronic device, comprising:
a memory for storing a computer program;
processor for implementing the steps of the trusted domain expansion method of any one of claims 1 to 10 when executing said computer program.
14. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program which, when executed by a processor, implements the steps of the trusted domain expansion method of any one of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311707492.3A CN117407864B (en) | 2023-12-13 | 2023-12-13 | Trusted domain expansion method, system, device, equipment and computer medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311707492.3A CN117407864B (en) | 2023-12-13 | 2023-12-13 | Trusted domain expansion method, system, device, equipment and computer medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117407864A CN117407864A (en) | 2024-01-16 |
| CN117407864B true CN117407864B (en) | 2024-02-27 |
Family
ID=89496541
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311707492.3A Active CN117407864B (en) | 2023-12-13 | 2023-12-13 | Trusted domain expansion method, system, device, equipment and computer medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117407864B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103414558A (en) * | 2013-07-17 | 2013-11-27 | 电子科技大学 | XEN cloud platform-based virtual machine block device isolation method |
| CN103888251A (en) * | 2014-04-11 | 2014-06-25 | 北京工业大学 | Virtual machine credibility guaranteeing method in cloud environment |
| CN109508555A (en) * | 2017-09-15 | 2019-03-22 | 英特尔公司 | Isolation is provided in virtualization system using inter-trust domain |
| CN110222081A (en) * | 2019-06-08 | 2019-09-10 | 西安电子科技大学 | Data cryptogram search method based on fine granularity sequence under multi-user environment |
| CN116897338A (en) * | 2020-12-23 | 2023-10-17 | 甲骨文国际公司 | End-to-end network encryption from a customer locally deployed network to a customer virtual cloud network using customer managed keys |
| CN117032908A (en) * | 2023-10-10 | 2023-11-10 | 中国船舶集团有限公司第七〇七研究所 | Integrated computing device deployment operation method and system based on redundancy architecture |
-
2023
- 2023-12-13 CN CN202311707492.3A patent/CN117407864B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103414558A (en) * | 2013-07-17 | 2013-11-27 | 电子科技大学 | XEN cloud platform-based virtual machine block device isolation method |
| CN103888251A (en) * | 2014-04-11 | 2014-06-25 | 北京工业大学 | Virtual machine credibility guaranteeing method in cloud environment |
| CN109508555A (en) * | 2017-09-15 | 2019-03-22 | 英特尔公司 | Isolation is provided in virtualization system using inter-trust domain |
| CN110222081A (en) * | 2019-06-08 | 2019-09-10 | 西安电子科技大学 | Data cryptogram search method based on fine granularity sequence under multi-user environment |
| CN116897338A (en) * | 2020-12-23 | 2023-10-17 | 甲骨文国际公司 | End-to-end network encryption from a customer locally deployed network to a customer virtual cloud network using customer managed keys |
| CN117032908A (en) * | 2023-10-10 | 2023-11-10 | 中国船舶集团有限公司第七〇七研究所 | Integrated computing device deployment operation method and system based on redundancy architecture |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117407864A (en) | 2024-01-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111934918B (en) | Network isolation method and device for container instances in same container cluster | |
| US9317316B2 (en) | Host virtual machine assisting booting of a fully-encrypted user virtual machine on a cloud environment | |
| CN107577516B (en) | Virtual machine password resetting method, device and system | |
| EP2845346B1 (en) | System and method for secure provisioning of virtualized images in a network environment | |
| CN108255497B (en) | Application deployment method and device | |
| CN108092984B (en) | Authorization method, device and equipment for application client | |
| US20120173871A1 (en) | System for securing virtual machine disks on a remote shared storage subsystem | |
| US10509904B2 (en) | USB attack protection | |
| US9529995B2 (en) | Auto discovery of virtual machines | |
| US10467019B2 (en) | Serving images to server groups | |
| US8838757B2 (en) | Method of starting up a computing device in a network, server and network of computing devices for the implementation thereof | |
| US11165761B2 (en) | Methods, devices, and computer program products for service security protection | |
| JP2018523192A (en) | Executing commands on virtual machine instances in distributed computing environments | |
| CN107391193A (en) | A kind of client, the system and method for configuration server | |
| CN112099913A (en) | Method for realizing safety isolation of virtual machine based on OpenStack | |
| KR101408034B1 (en) | Apparatus for setting policy of virtual machine in cloud computing server system, method therefor, and method for providing policy of virtual machine in cloud computing server system | |
| US8332642B2 (en) | Monitor portal, monitor system, terminal and computer readable medium thereof | |
| CN107908957B (en) | Safe operation management method and system of intelligent terminal | |
| TWI648637B (en) | System and method for deploying and operating mobile operating system on platform | |
| CN108347472A (en) | Configuration method, Cloud Server, cloud platform and the readable storage medium storing program for executing of IP address | |
| CN117407864B (en) | Trusted domain expansion method, system, device, equipment and computer medium | |
| CN102685115A (en) | Resource access method, resource management device and system | |
| EP3408781B1 (en) | Securing internal services in a distributed environment | |
| CN113923023A (en) | Authority configuration and data processing method, device, electronic equipment and medium | |
| CN109739615B (en) | Mapping method and device of virtual hard disk and cloud computing platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |