CN103516728B - A kind of mirror image encipher-decipher method preventing cloud platform virtual machine from illegally starting - Google Patents
A kind of mirror image encipher-decipher method preventing cloud platform virtual machine from illegally starting Download PDFInfo
- Publication number
- CN103516728B CN103516728B CN201310478092.XA CN201310478092A CN103516728B CN 103516728 B CN103516728 B CN 103516728B CN 201310478092 A CN201310478092 A CN 201310478092A CN 103516728 B CN103516728 B CN 103516728B
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- mirror image
- file
- key
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
A kind of mirror image encipher-decipher method preventing cloud platform virtual machine from illegally starting; it is characterized in that: the KMC of cloud management server is that the mirror image of each virtual machine creates a unique key, and uses this key of SRK cryptographic key protection of TPM in cloud management server;When cloud management server issues the mirror image of virtual machine, on the calculating node that key migration to the virtual machine protected by TPM in cloud management server is run, then utilize and calculate this key of SRK cryptographic key protection of TPM on node;Virtual machine normally starts when starting for the first time, when each virtual machine is closed, utilizes the mirror image moving to calculate the double secret key virtual machine on node to be encrypted;When virtual machine starts every time afterwards, the mirror image to encrypted virtual machine is decrypted.
Description
Technical field
The invention belongs to field of information security technology, particularly relate to a kind of mirror image encipher-decipher method preventing cloud platform virtual machine from illegally starting.
Background technology
In cloud computing IaaS (infrastructure is as service) platform, user can lease virtual machine (Domain U), then installs application on the virtual machine of oneself customization or is operated.But Domain U is to Domain
0(host system) for be visible, i.e. the personal secrets of user can not be guaranteed.Arbitrarily check for the malicious attacker of the keeper or Domain 0 that prevent Domain 0 privately owned file to user in the case of user is unwitting and even reveal, need the virtual machine image of user is encrypted storage.But a usual virtual machine image has the size of tens M byte, is therefore encrypted whole virtual machine image, the problem that can cause degraded performance.High in security requirement or in the environment of having laws and regulations requirement, the performance cost of encryption is worth, but generally, need a kind of to consider security and the compromise algorithm of performance simultaneously.
For the mirror image protection problem of virtual machine, document [1] provides a kind of based on dynamic Decomposition with the method for restructuring, and the virtual machine image file importing and exporting privately owned cloud carries out restructuring encryption.Document [2] proposes to utilize extra electronic equipment such as Usbkey that virtual machine image all carries out encryption and decryption.Document [3] uses the method for key resource pool dynamically to select the data of the every secondary use of double secret key user to carry out storage encryption from key resource pool.Document [4] devises a TVMM(Trusted Virtual Machine Monitor on the Host node that each virtual machine runs) whether virtual machine on this node of module monitors illegally distorted, but be not encrypted virtual machine image.Document [5] proposes distribute a key to the data disks of each VM, for the significant data of encryption and decryption user, but mirror image is not carried out encryption and decryption.Document [6] is produced a symmetric key by user side, entirely encrypts virtual machine image.It is to be encrypted whole mirror image that above-mentioned encryption method is summed up one, and the method performance in use is relatively low;Another kind is to be encrypted the user data in mirror image.The present invention proposes a kind of mirror image encipher-decipher method preventing cloud platform virtual machine from illegally starting, disc information main to virtual machine and crucial kernel module and is encrypted, and utilizes TPM to bind encryption key, prevents keeper from starting virtual machine without permission.
Relevant document: [1] Song Zhuo;Hu Zhong;Shen Qilong;Wang Peng;Appoint Hypon;Xu An;Niu Lixin. a kind of privately owned cloud computing application in virtual machine image safety method, 2011. [2] William M Du An. for virtual machine image provide security mechanism method and system, 2011. [3]
Zhang Xing;Wang Haiyang;Zhang Yazhe. a kind of vitualization environment data security partition method and system .2013. [4]
Santos N.Gummadi, K.P. Rodrigues
R.Towards Trusted Cloud Computing. In:Proceedings of the 2009
Conference on Hot Topics in Cloud Computing, HotCloud2009. USENIX
Association, Berkeley (2009). [5] Schiffman,
J. Moyer, T. Vijayakumar, H. Jaeger, T. McDaniel, P.
Seeding Clouds With Trust Anchors. In: Proceedings of
the, ACM Workshop on Cloud Computing Security, CCSW 2010, pp. 43-46. ACM, New
York (2010). [6] Aslam M. Gehrmann
C. RasmussonL. Bjorkman M.
Securely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud
- An Enterprise’s Perspective.
In: Leymann, F. Ivanov, I.
van Sinderen, M.,Shan,
T. (eds.) CLOSER,pp. 511-521. SciTePress
(2012)。
Summary of the invention
Weighing between security and performance, the present invention proposes a kind of mirror image encipher-decipher method preventing cloud platform virtual machine from illegally starting.
The technical scheme is that a kind of mirror image encipher-decipher method preventing cloud platform virtual machine from illegally starting; the KMC of cloud management server is that the mirror image of each virtual machine creates a unique key, and uses this key of SRK cryptographic key protection of TPM in cloud management server;When cloud management server issues the mirror image of virtual machine, on the calculating node that key migration to the virtual machine protected by TPM in cloud management server is run, then utilize and calculate this key of SRK cryptographic key protection of TPM on node;
Virtual machine normally starts when starting for the first time, when each virtual machine is closed, utilizes the mirror image moving to calculate the double secret key virtual machine on node to be encrypted;When virtual machine starts every time afterwards, the mirror image to encrypted virtual machine is decrypted.
And, utilizing and move to calculate preservation temporary file during the key on node is encrypted, used encryption flow comprises the following steps,
Step 1.1, to calculating the mirror image that node loads, obtains corresponding secret key according to the UUID of virtual machine;
Step 1.2, obtains filesystem information and system partition table from the starting position of mirror image;
Step 1.3, checks the whether normal termination of encryption flow last time, if last time is not normal termination it is necessary to recover to encryption flow operation last time, this time encryption flow terminates;
Step 1.4, checks the mark of encryption, sees that mirror image is the most encrypted, if otherwise carrying out step 1.5, if it is this time encryption flow terminates;
Step 1.5, if the key of step 1.1 acquisition is correct and image file complete, then carries out next step, otherwise deletes temporary file, exit encryption flow;
Step 1.6, obtains and loads the configuration file of this mirror image, the file specified inside encryption configuration file;
Step 1.7, according to different file encrypted file system key message, including encrypted file system partition information;Finally delete temporary file, exit encryption flow.
And, after virtual machine starts a period of time every time, the critical file used during ciphering startup.
And, preserve temporary file during the mirror image of encrypted virtual machine is decrypted, used and decipher flow process and comprise the following steps,
Step 2.1, to calculating the mirror image that node loads, obtains corresponding secret key according to the UUID of virtual machine;
Step 2.2, obtains filesystem information and system partition table from the starting position of mirror image;
Step 2.3, checks and deciphered flow process whether normal termination last time, if last time be not normal termination it is necessary to recover to decipher flow operations to last time before, this time deciphering flow process terminates;
Step 2.4, checks the mark of deciphering, sees that mirror image is the most decrypted, if otherwise carrying out step 2.5, if it is this time deciphering flow process terminates;
Step 2.5, if the key of step 2.1 acquisition is correct and image file complete, then carries out next step, otherwise deletes temporary file, exit deciphering flow process;
Step 2.6, deciphers filesystem information according to different file, including deciphering file partition information;
Step 2.7, obtains and loads the configuration file of this mirror image, the file specified inside deciphering configuration file;And decipher the critical file used in start-up course, delete temporary file, exit deciphering flow process.
The present invention utilizes reliable computing technology, it is proposed that a kind of mirror image encipher-decipher method preventing cloud platform virtual machine from illegally starting.The method utilizes TPM(credible calculating platform module) binding encryption key, the key component of encrypted virtual machine mirror image, it is encrypted including disc information main to virtual machine and crucial kernel module, prevent keeper from starting virtual machine without permission, it is ensured that virtual machine is deciphered automatically when credible intra domain user normally uses.Further, once the virtual machine image of this encryption has been illegally duplicated out inter-trust domain, and it is difficult or infeasible for carrying out Brute Force in practice.Therefore, technical scheme has the advantage that
(1) the encryption and decryption key of virtual machine image is produced and protection by the TPM of cloud platform management server, the calculating node run from cloud platform management server migration to this virtual machine during use.If virtual machine image has been copied out outside the cloud platform having this TPM by keeper, owing to key cannot be obtained, thus cannot illegally start this virtual machine image.
(2) when virtual machine image being deciphered, whole mirror image is not encrypted, and only key message to mirror file system, such as the file formulated in MBR, MFT table, and user profile, thus while ensureing confidentiality, improves the efficiency of encryption and decryption.Further, use the method preserving temporary file when encryption and decryption, thus ensure once power-off suddenly in encryption process, before the activity that will can return to encryption last time or deciphering when that next time starting.
Accompanying drawing explanation
Fig. 1 is the scene graph of the embodiment of the present invention.
Fig. 2 is the encryption flow figure of the embodiment of the present invention.
Fig. 3 is first sector strucre figure under embodiment of the present invention virtual image file the first subregion.
Fig. 4 is embodiment of the present invention windows encryption position schematic diagram.
Fig. 5 is embodiment of the present invention linux encryption position schematic diagram.
Detailed description of the invention
In cloud platform, the virtual machine image of not encrypted can be started by undelegated user, and such as, keeper can replicate the place being mirrored to outside inter-trust domain, then starts it.In order to protect virtual machine image to start without permission, best bet is exactly to be encrypted complete magnetic disk of virtual machine mirror image so that unauthorized user is difficult to cover this mirror image.But, this is clearly a time-consuming process, weighs between security and performance, and the present invention proposes a kind of mirror image encipher-decipher method preventing cloud platform virtual machine from illegally starting, can realize automatic operational process based on computer software technology.Technical solution of the present invention is described in detail below in conjunction with drawings and Examples.
Concrete application scenarios such as Fig. 1 of embodiment:
The first step: user is to cloud platform application virtual machine.Cloud platform typically uses server technology to realize, and i.e. provides cloud management server.When being embodied as, cloud management server has generally comprised Virtual Machine Manager part, KMC.
Second step: after cloud management server receives user's request, create a virtual machine (Domain U) for user.When being embodied as, typically realized by the Virtual Machine Manager part of cloud management server.
3rd step: the mirror image of each virtual machine that the KMC of cloud management server is created by cloud platform creates a unique key, and this key is by the TPM encipherment protection of cloud management server end.
4th step: cloud management server is selected a main frame (calculating node) and issued mirror image; now the TPM on cloud management server utilizes the key migration function of TPM that the symmetric key being used for cryptographic image moves to this calculating node, and the TPM used tricks on operator node protects.
5th step: judge the state of virtual machine when virtual machine activation, if virtual machine starts for the first time, the most normally starts virtual machine.When each virtual machine is closed, the symmetric key moved on this calculating node is utilized to be encrypted.In addition to for the first time, when starting, the virtual machine image encrypted being decrypted flow process, user can normally use this virtual machine the most every time.For preventing mirror image enciphering/deciphering process accidental interruption, all of file during whole enciphering/deciphering can be preserved as temporary file, until whole enciphering/deciphering terminates.
The virtual machine image encryption and decryption flow process of following description embodiment.
Embodiment, when encrypting virtual machine image, uses based on file system and user configured image encryption method.First the user's symmetric key protected by the TPM calculating node is obtained;Read the encryption configuration file of user, the file being included in configuration is encrypted;And from MBR(MBR) the inside obtains subregion and file system type information.Finally, the key message of encrypted file system, such as index structure.
The encryption flow of the virtual machine image file of embodiment such as Fig. 2:
The first step: to calculating the mirror image that node loads, according to the general unique identifier of the UUID(of virtual machine) obtain this virtual machine image corresponding secret key.
When being embodied as; when cloud management server end issues virtual machine image; utilize the Migrate_Key order of TPM on cloud management server end in prior art; on the calculating node run key migration to this virtual machine utilizing the SRK cryptographic key protection of TPM on cloud management server end, then utilize this symmetric key of SRK cryptographic key protection of TPM on this calculating node.SRK is the storage root key in TPM technology.Draw, when virtual machine starts on main frame, can obtain, by the UUID of this virtual machine, the symmetric key protected by the TPM calculated on node that this virtual machine is corresponding, then decipher this symmetric key.
Second step: obtain some information of mirror image, such as file system type, system partition table from the starting position (i.e. MBR) of mirror image.
3rd step: check the whether normal termination of encryption flow last time, if last time is not normal termination it is necessary to recover to encryption flow operation last time, this time encryption flow terminates.
4th step: check the mark of encryption, sees that mirror image is the most encrypted.If otherwise carrying out next step, if it is this time cryptographic operation terminates.In order to avoid repeating encryption, embodiment is provided with a mark, to identify the encrypted state of image file.If state display image file is the most encrypted, stop ciphering process.
5th step: if the key of first step acquisition is correct and image file complete, then carries out next step, otherwise delete temporary file, exit encryption flow.If image file is imperfect, then explanation image file is damaged.
6th step: obtain and load the configuration file of this mirror image, the file specified inside encryption configuration file.User can arrange the file specified in configuration file voluntarily.
7th step: according to different file encrypted file system key message, including encrypted file system partition information.Finally delete temporary file, exit encryption flow.
Virtual machine image file is equivalent to one piece of hard disk of physical machine, can guide, subregion, the operation such as formatting.First sector under first subregion of this hard disk is MBR, the MBS MBS of such as 512 bytes includes MBR MBR (446 byte), DPT hard disk partition table (64 byte), end mark is necessary for 55AA (2 byte), such as Fig. 3.For each mirror image, partition table all can be in the ending of MBR.Some partition informations can be obtained, such as the initial position of subregion, size and file system etc. by MBR.Such as, when magnetic disk of virtual machine image file is windows system, then each of which system reserved partition and the MFT table (MFT) of each subregion (C dish etc.) below and backup MFT table AES standard are encrypted, as shown in Figure 4.When image file is Linux system, then superblock (Super block), group descriptor, i-node bitmap, bitmap block and the data block of each piece of group in each subregion are carried out AES encryption, as it is shown in figure 5, subregion 1, subregion 2 ... block group 0, block group 1 is processed respectively one by one by this ....
Further, for preventing assailant from copying virtual machine after virtual machine activation, can be encrypted start-up course uses critical file after virtual machine activation a period of time (right times can be preset by those skilled in the art, such as 60s).It is to use the user's symmetric key protected by the TPM calculating node to be encrypted equally.Start-up course use critical file relevant with concrete system type, such as Windows system, it may include registration table, bootmbr, NTLDR, BOOT.INI, winlog.exe and some important files.
Deciphering similar with the flow process of encryption, different places is that encryption is to carry out when virtual machine is closed, and deciphering is carried out when virtual machine activation;Additionally, need first to decipher file system key message during deciphering, finally further according to the file of configuration file decrypted user customization, and the critical file that decryption system starts, can complete to start.
For the sake of ease of implementation, it is provided that the decrypting process of embodiment is described as follows:
The first step: to calculating the mirror image that node loads, according to the general unique identifier of the UUID(of virtual machine) obtain this virtual machine image corresponding secret key.
When virtual machine starts on main frame, can obtain, by the UUID of this virtual machine, the symmetric key protected by the TPM calculated on node that this virtual machine is corresponding, then decipher this symmetric key.
Second step: obtain some information of mirror image, such as file system type system partition table from the starting position (i.e. MBR) of mirror image.
3rd step: check and deciphered flow process whether normal termination last time, if last time be not normal termination it is necessary to recover to decipher flow operations to last time before, this time deciphering flow process terminates.
4th step: check the mark of deciphering, sees that mirror image is the most decrypted.If otherwise carrying out next step, if it is this time decryption oprerations terminates.In order to avoid repeating deciphering, embodiment is provided with a mark, to identify the decrypted state of image file.If state display image file is the most decrypted, stop decrypting process.
5th step: if the key of first step acquisition is correct and image file complete, then carries out next step, otherwise delete temporary file, exit deciphering flow process.If image file is imperfect, then explanation image file is damaged.
6th step: decipher file system key message according to different file, including deciphering file partition information.
7th step: obtain and load the configuration file of this mirror image, the file specified inside deciphering configuration file.Further, to start-up course using critical file be decrypted.Finally delete temporary file, exit deciphering flow process.After deciphering, user can normally use this virtual machine.
When being embodied as, software modularity mode can be used to realize encryption and decryption flow process, VMM adds virtual machine image encryption/decryption module, be decrypted when virtual machine activation and closedown and encrypt.
Specific embodiment described herein is only to present invention spirit explanation for example.Described specific embodiment can be made various amendment or supplements or use similar mode to substitute by those skilled in the art, but without departing from the spirit of the present invention or surmount scope defined in appended claims.
Claims (4)
1. the mirror image encipher-decipher method preventing cloud platform virtual machine from illegally starting, it is characterised in that: the key pipe of cloud management server
Reason center is that the mirror image of each virtual machine creates a unique key, and uses the SRK key of TPM in cloud management server to protect
Protecting this key, described SRK key is storage root key;When cloud management server issues the mirror image of virtual machine, will be by cloud management
On the calculating node that in server, key migration to the virtual machine of TPM protection runs, then utilize and calculate the SRK of TPM on node
This key of cryptographic key protection;
Virtual machine normally starts when starting for the first time, when each virtual machine is closed, utilizes and moves to calculate the double secret key on node
The mirror image of virtual machine is encrypted;When virtual machine starts every time afterwards, the mirror image to encrypted virtual machine is decrypted.
2. prevent, according to claim 1, the mirror image encipher-decipher method that cloud platform virtual machine illegally starts, it is characterised in that: utilize and move to
Calculating during the key on node is encrypted and preserve temporary file, used encryption flow comprises the following steps,
Step 1.1, to calculating the mirror image that node loads, obtains corresponding secret key according to the UUID of virtual machine;
Step 1.2, obtains filesystem information and system partition table from the starting position of mirror image;
Step 1.3, checks the whether normal termination of encryption flow last time, if not being normal termination it is necessary to recover to add to last time last time
Before close flow operations, this time encryption flow terminates;
Step 1.4, checks the mark of encryption, sees that mirror image is the most encrypted, if otherwise carrying out step 1.5, if it is this
Secondary encryption flow terminates;
Step 1.5, if the key of step 1.1 acquisition is correct and image file complete, then carries out next step, otherwise deletes interim
File, exits encryption flow;
Step 1.6, obtains and loads the configuration file of this mirror image, the file specified inside encryption configuration file;
Step 1.7, according to different file encrypted file system key message, including encrypted file system partition information;Finally
Delete temporary file, exit encryption flow.
3. prevent, according to claim 2, the mirror image encipher-decipher method that cloud platform virtual machine illegally starts, it is characterised in that: every at virtual machine
After secondary startup a period of time, the critical file used during ciphering startup.
4. prevent, according to claim 3, the mirror image encipher-decipher method that cloud platform virtual machine illegally starts, it is characterised in that: to encrypting void
The mirror image of plan machine preserves temporary file during being decrypted, and is used deciphering flow process to comprise the following steps,
Step 2.1, to calculating the mirror image that node loads, obtains corresponding secret key according to the UUID of virtual machine;
Step 2.2, obtains filesystem information and system partition table from the starting position of mirror image;
Step 2.3, checks and deciphered flow process whether normal termination last time, if not being normal termination it is necessary to recover to last time to solve last time
Before close flow operations, this time deciphering flow process terminates;
Step 2.4, checks the mark of deciphering, sees that mirror image is the most decrypted, if otherwise carrying out step 2.5, if it is this
Secondary deciphering flow process terminates;
Step 2.5, if the key of step 2.1 acquisition is correct and image file complete, then carries out next step, otherwise deletes interim
File, exits deciphering flow process;
Step 2.6, deciphers file system key message according to different file, including deciphering file partition information;
Step 2.7, obtains and loads the configuration file of this mirror image, the file specified inside deciphering configuration file;And decipher and started
The critical file used in journey, deletes temporary file, exits deciphering flow process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310478092.XA CN103516728B (en) | 2013-10-14 | 2013-10-14 | A kind of mirror image encipher-decipher method preventing cloud platform virtual machine from illegally starting |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310478092.XA CN103516728B (en) | 2013-10-14 | 2013-10-14 | A kind of mirror image encipher-decipher method preventing cloud platform virtual machine from illegally starting |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103516728A CN103516728A (en) | 2014-01-15 |
| CN103516728B true CN103516728B (en) | 2016-08-31 |
Family
ID=49898761
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310478092.XA Active CN103516728B (en) | 2013-10-14 | 2013-10-14 | A kind of mirror image encipher-decipher method preventing cloud platform virtual machine from illegally starting |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103516728B (en) |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104184743B (en) * | 2014-09-10 | 2017-06-16 | 西安电子科技大学 | Towards three layers of Verification System and authentication method of cloud computing platform |
| CN105743873A (en) * | 2015-04-17 | 2016-07-06 | 中国信息安全研究院有限公司 | Security system |
| CN104794394B (en) * | 2015-04-30 | 2017-11-03 | 浪潮电子信息产业股份有限公司 | A kind of virtual machine starts the method and device of verification |
| CN104866392A (en) * | 2015-05-20 | 2015-08-26 | 浪潮电子信息产业股份有限公司 | Virtual machine security protection method and apparatus |
| CN105389522B (en) * | 2015-12-23 | 2022-03-04 | 普华基础软件股份有限公司 | Virtual machine safety management system and computer terminal |
| CN105718301B (en) * | 2016-01-15 | 2018-10-09 | 浪潮集团有限公司 | A kind of virtual machine certificate migration method based on vSwitch |
| CN105975860B (en) * | 2016-04-26 | 2019-04-05 | 珠海豹趣科技有限公司 | A kind of trust file management method, device and equipment |
| CN106230584B (en) * | 2016-07-21 | 2019-09-03 | 北京可信华泰信息技术有限公司 | A kind of key migration method of credible platform control module |
| US11989332B2 (en) | 2016-08-11 | 2024-05-21 | Intel Corporation | Secure public cloud with protected guest-verified host control |
| US10303899B2 (en) * | 2016-08-11 | 2019-05-28 | Intel Corporation | Secure public cloud with protected guest-verified host control |
| CN107169373A (en) * | 2017-05-11 | 2017-09-15 | 山东超越数控电子有限公司 | A kind of virtual machine image file guard method and system |
| CN107943556B (en) * | 2017-11-10 | 2021-08-27 | 中国电子科技集团公司第三十二研究所 | KMIP and encryption card based virtualized data security method |
| CN109376119B (en) * | 2018-10-30 | 2021-10-26 | 郑州云海信息技术有限公司 | Method for creating disk image file encrypted snapshot, method for using disk image file encrypted snapshot and storage medium |
| CN109508224B (en) * | 2018-11-15 | 2022-07-05 | 中国电子科技网络信息安全有限公司 | User data isolation protection system and method based on KVM |
| CN110430046B (en) * | 2019-07-18 | 2021-07-06 | 上海交通大学 | Cloud environment-oriented trusted platform module two-stage key copying method |
| CN110955901B (en) * | 2019-10-12 | 2022-02-15 | 烽火通信科技股份有限公司 | Storage method and server for virtual machine image file of cloud computing platform |
| CN111741068B (en) * | 2020-05-20 | 2022-03-18 | 中国电子科技网络信息安全有限公司 | Data encryption key transmission method |
| CN111949372B (en) * | 2020-08-17 | 2021-07-06 | 海光信息技术股份有限公司 | Virtual machine migration method, general processor and electronic equipment |
| CN114296873B (en) * | 2021-12-24 | 2023-03-24 | 海光信息技术股份有限公司 | Virtual machine image protection method, related device, chip and electronic equipment |
| CN116842529A (en) * | 2023-07-13 | 2023-10-03 | 海光信息技术股份有限公司 | Software file, software running method and related devices thereof |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101976317A (en) * | 2010-11-05 | 2011-02-16 | 北京世纪互联工程技术服务有限公司 | Virtual machine image safety method in private cloud computing application |
| CN103069428A (en) * | 2010-06-07 | 2013-04-24 | 思科技术公司 | Secure virtual machine bootstrap in untrusted cloud infrastructures |
| CN103064706A (en) * | 2012-12-20 | 2013-04-24 | 曙光云计算技术有限公司 | Starting method and device for virtual machine system |
| CN103250163A (en) * | 2010-12-09 | 2013-08-14 | 国际商业机器公司 | Computer-readable storage mediums for encrypting and decrypting a virtual disc |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110246778A1 (en) * | 2010-03-31 | 2011-10-06 | Emc Corporation | Providing security mechanisms for virtual machine images |
-
2013
- 2013-10-14 CN CN201310478092.XA patent/CN103516728B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103069428A (en) * | 2010-06-07 | 2013-04-24 | 思科技术公司 | Secure virtual machine bootstrap in untrusted cloud infrastructures |
| CN101976317A (en) * | 2010-11-05 | 2011-02-16 | 北京世纪互联工程技术服务有限公司 | Virtual machine image safety method in private cloud computing application |
| CN103250163A (en) * | 2010-12-09 | 2013-08-14 | 国际商业机器公司 | Computer-readable storage mediums for encrypting and decrypting a virtual disc |
| CN103064706A (en) * | 2012-12-20 | 2013-04-24 | 曙光云计算技术有限公司 | Starting method and device for virtual machine system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103516728A (en) | 2014-01-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103516728B (en) | A kind of mirror image encipher-decipher method preventing cloud platform virtual machine from illegally starting | |
| US8261320B1 (en) | Systems and methods for securely managing access to data | |
| US7596812B2 (en) | System and method for protected data transfer | |
| US10423791B2 (en) | Enabling offline restart of shielded virtual machines using key caching | |
| KR100611687B1 (en) | Multi-token seal and unseal | |
| WO2021164166A1 (en) | Service data protection method, apparatus and device, and readable storage medium | |
| CN102948114A (en) | Single-use authentication methods for accessing encrypted data | |
| CN109416720A (en) | Across resetting attended operation system secret | |
| US20120216052A1 (en) | Efficient volume encryption | |
| KR102030858B1 (en) | Digital signing authority dependent platform secret | |
| CN107003866A (en) | The safety establishment of encrypted virtual machine from encrypted template | |
| CN1969500B (en) | Securing software | |
| JP2002318719A (en) | Highly reliable computer system | |
| US7818567B2 (en) | Method for protecting security accounts manager (SAM) files within windows operating systems | |
| CN110188555B (en) | Disk data protection method, system and related components | |
| US9824231B2 (en) | Retention management in a facility with multiple trust zones and encryption based secure deletion | |
| KR101910826B1 (en) | Method and apparatus for security of internet of things devices | |
| US11469880B2 (en) | Data at rest encryption (DARE) using credential vault | |
| CN104361297A (en) | File encryption and decryption method based on Linux operating system | |
| KR20100106110A (en) | Secure boot data total management system, methods for generating and verifying a verity of matadata for managing secure boot data, computer-readable recording medium storing program for executing any of such methods | |
| CN115357528B (en) | Secret key encryption method, secret key decryption method and safety protection system of solid state disk | |
| KR101604892B1 (en) | Method and devices for fraud prevention of android-based applications | |
| CN106650492B (en) | A kind of multiple device file guard method and device based on security catalog | |
| WO2015131607A1 (en) | Method and device for creating trusted environment, and method and device for restoration after base station fault | |
| KR102446985B1 (en) | Key management mechanism for cryptocurrency wallet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |