CN103885725A - Virtual machine access control system and method based on cloud computing environment - Google Patents
Virtual machine access control system and method based on cloud computing environment Download PDFInfo
- Publication number
- CN103885725A CN103885725A CN201410100951.6A CN201410100951A CN103885725A CN 103885725 A CN103885725 A CN 103885725A CN 201410100951 A CN201410100951 A CN 201410100951A CN 103885725 A CN103885725 A CN 103885725A
- Authority
- CN
- China
- Prior art keywords
- resource pool
- module
- secure
- virtual machine
- pool
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a virtual machine access control system and method based on cloud computing environment. The method comprises the steps of judging whether a mounting protocol of a virtual machine conforms to a mounting protocol of a physical resource server or not; judging whether a resource pool required by a command sent by the external virtual machine exists in a storage pool or not; if the resource pool exists, opening and decrypting the resource pool inside the storage pool; if the resource pool does not exist, creating and encrypting the required resource pool; creating the required resource pool and a corresponding safety sign, judging whether the safety sign of the resource pool conforms to the matching principle or not, and when the safety sign of the resource pool conforms to the matching principle, judging whether the attribute of the safety sign of the resource pool needs to be modified or not; opening and decrypting the existing resource pool; when decryption succeeds, judging whether the safety sign of an access process of the external virtual machine is matched with the decrypted safety sign or not, and calling a result output module. According to the virtual machine access control system and method based on the cloud computing environment, a host machine and the virtual machine can be isolated from each other according to the matching rate of the signs, the resource pool encryption method and the mounting protocol of the storage server.
Description
Technical field
The present invention relates to the virtual machine access control field in computer realm, be specifically related to a kind of virtual machine access control system and control method thereof based on cloud computing environment.
Background technology
Cloud computing is the product that the traditional computers such as Distributed Calculation, parallel computation, effectiveness calculating, the network storage, virtual, load balancing and network technical development merge.The computer processes moving in based on cloud computing virtual environment is to isolate with other virtual machine moving on same physical hardware.Each virtual machine is actual can both be stored on a physical hard disk, shuts down and carries and leave to continue isolation and guarantee safety.
But above-mentioned safety practice still can not be avoided the existence of some potential safety hazards in practice.Generally, virtual machine can be shared the hardware on machine, such as CPU, internal memory, disk and the network equipment; Once certain virtual machine infects shared data, other virtual machines of sharing same resource will be affected.In addition, if assailant breaks through virtual machine, taken all controls of virtual machine, or system supervisor (Hypervisor) exists the situations such as leak to occur, all can have many safety problems.
Summary of the invention
The object of the present invention is to provide a kind of virtual machine access control system and control method thereof based on cloud computing environment, under virtual environment, virtual machine is considered to operate in the individual process on host, by the control to process and process access resources, realizes the safety isolation of virtual machine.When breaking through of a certain virtual machine, can not affect other virtual machine, avoid causing other virtual machines to be rejected service.
In order to achieve the above object, the present invention is achieved through the following technical solutions:
A kind of virtual machine access control system based on cloud computing environment, be characterized in, this control system comprises: identifier identification matching module, and connected storage pool identification module, establishment/open resource pool module, distribution/renewal identification module, the mutual modular converter of identifier and result output module.
Storage pool identification module, establishment/open resource pool module, distribution/renewal identification module, the mutual modular converter of identifier connect successively; This mark creates/opens resource pool module and is connected with above-mentioned result output module.
A control method for virtual machine access control system based on cloud computing environment, is characterized in, this control method comprises:
Step 1, storage pool identification module judges whether the carry agreement of this outside virtual machine meets the predefine carry agreement of external physical Resource Server, and deposits judged result in identifier identification matching module;
Whether step 2, create/open the required resource pool of order that resource pool module judges that this outside virtual machine sends and be present in storage pool; While existence, above-mentioned establishment/open resource pool module to open and decipher the resource pool in this storage pool; While existence, this establishment/open resource pool module creation and encrypt this required resource pool;
Step 3, above-mentioned establishment/the open required resource pool of resource pool module creation, distribute/upgrade the resource pool that identification module is this new establishment to create corresponding secure ID, identifier identification matching module judges whether the secure ID of this resource pool meets matching principle, in the time that the secure ID of this resource pool meets matching principle, judge whether to change by the mutual modular converter of identifier the attribute of the secure ID of this resource pool;
Step 4, above-mentioned establishment/open resource pool module to open and decipher already present resource pool; In the time of successful decryption, above-mentioned identifier identification matching module judges whether the secure ID of outside virtual machine access process mates with the secure ID of deciphering, and calls above-mentioned result output module.
The control method of the above-mentioned virtual machine access control system based on cloud computing environment, is characterized in, above-mentioned step 1 comprises following steps:
Step 1.1, while not meeting, above-mentioned identifier identification matching module triggers above-mentioned result output module, and this result output module calls terminal computer display access failure, and virtual machine access finishes.
Step 1.2, while meeting, triggers above-mentioned establishment/open resource pool module 20 by this storage pool identification module, continues execution step 2.
The above-mentioned virtual machine access control method based on cloud computing environment, is characterized in, above-mentioned step 3 comprises following steps:
Step 3.1, above-mentioned establishment/open resource pool module creation and encrypt required resource pool, and resource memory command is imported into the operating system of above-mentioned physical resource server.
Step 3.2, the required external file of order that the operating system of above-mentioned physical resource server is sent this outside virtual machine deposits in the resource pool of this new establishment, and storage is completed to information feeds back to above-mentioned establishment/open resource pool module.
Step 3.3, above-mentioned establishment/opening resource pool module will distribute secure ID order to import above-mentioned distribution/renewal identification module into.
Step 3.4, the resource pool that above-mentioned distribution/renewal identification module is above-mentioned new establishment creates corresponding secure ID, and this secure ID is sent to above-mentioned identifier identification matching module.
Step 3.5, above-mentioned identifier identification matching module judges whether the secure ID of this resource pool meets matching principle; While meeting, import this secure ID into result output module; While not meeting, this secure ID is fed back to above-mentioned distribution/renewal identification module 30 and re-creates the secure ID of this resource pool, redirect execution step 3.4.
Step 3.6, in the time that the secure ID of this resource pool meets matching principle, above-mentioned result output module is exported the secure ID of this resource pool by terminal computer, and shows the attribute that whether needs to change this secure ID; Need to change time, call the mutual modular converter of above-mentioned identifier and change the attribute of this secure ID; During without change, the encryption that completes this resource pool creates, and this outside virtual machine can be accessed the resource pool on this physical resource server.
The control method of the above-mentioned virtual machine access control system based on cloud computing environment, is characterized in, above-mentioned step 4 comprises following steps:
Step 4.1, already present resource pool is opened and is deciphered in the order that above-mentioned establishment/open resource pool module is sent according to outside virtual machine; When successful decryption, this identifier identification matching module judges the secure ID of outside virtual machine; When Decryption failures, the access failure of this virtual machine.
Step 4.2, in the time of successful decryption, above-mentioned identifier identification matching module judges whether the secure ID of outside virtual machine access process mates with the secure ID of deciphering, and calls above-mentioned result output module.
The control method of the above-mentioned virtual machine access control system based on cloud computing environment, be characterized in, in above-mentioned step 3.6, in the time that the secure ID of this resource pool meets matching principle, the attribute that above-mentioned distribution/renewal identification module generates the secure ID of resource pool is dynamically labeled; The mutual modular converter of above-mentioned identifier can be converted to the secure ID with static attribute by the secure ID with dynamic attribute.
The control method of the above-mentioned virtual machine access control system based on cloud computing environment, is characterized in, above-mentioned step 4.2 comprises following steps:
Step 4.2.1, in the time that the secure ID of already present resource pool and the secure ID of outside virtual machine do not mate, above-mentioned result output module is accessed unsuccessfully by above-mentioned terminal computer.
Step 4.2.2, in the time that the secure ID of already present resource pool and the secure ID of outside virtual machine mate, outside virtual machine can be accessed the resource pool on this storage server.
The present invention compared with prior art has the following advantages:
Virtual machine access control method based on cloud computing of the present invention can be realized according to matching degree, resource pool encryption method and the storage server carry agreement of mark the isolation of host and virtual machine, prevent malicious process attack hypervisor, and then control the use of virtual machine.Prevent malicious user obtain a virtual right to use after so that control the administrative power of hypervisor, affect other virtual machines uses of trustship; Realize the isolation of virtual machine and virtual machine.Prevent the collapse of a virtual machine, can not affect the normal use of other virtual machines.
Accompanying drawing explanation
Fig. 1 is the overall schematic of a kind of virtual machine access control system based on cloud computing environment of the present invention.
Fig. 2 is the embodiment schematic diagram of a kind of virtual machine access control system based on cloud computing environment of the present invention.
Fig. 3 is the overall flow schematic diagram of a kind of virtual machine access control method based on cloud computing environment of the present invention.
Embodiment
Below in conjunction with accompanying drawing, by describing a preferably specific embodiment in detail, the present invention is further elaborated.
As shown in Figure 1, a kind of virtual machine access control system based on cloud computing environment, this control system comprises: identifier identification matching module 50, and connected storage pool identification module 10, create/open resource pool module 20, distribute/upgrade identification module 30, the mutual modular converter 40 of identifier and result output module 60.
Above-mentioned storage pool identification module 10, create/open resource pool module 20, distribute/upgrade identification module 30, the mutual modular converter 40 of identifier to connect successively; Above-mentioned result output module 60 and above-mentioned establishment/open resource pool module 20 to be connected.
As shown in Figure 2, when multiple virtual machines based on cloud computing are accessed main frame shared file, multiple virtual machines carry out information processing and demonstration using terminal computer 100 as host, multiple terminal computers 100 are by multiple physical resource servers 200 and storage server 300 transmits, exchange message.Multiple physical resource servers 200 comprise a primary physical Resource Server 210 and multiple Aided Physical Resource Server 220; The access control system of virtual machine is arranged on primary physical Resource Server 210, multiple Aided Physical Resource Servers 220, primary physical Resource Server 210 all with storage server 300 transmission of informations.When multiple virtual machines based on cloud computing are accessed main frame shared file, each virtual machine that is arranged on terminal computer 100 all conducts interviews to the shared file on storage server 300 by the virtual machine access control system being arranged on primary physical Resource Server 210.
As shown in Figure 3, a kind of virtual machine access control method based on cloud computing environment, this control method comprises:
A virtual machine access control method based on cloud computing environment, this control method comprises:
Step 1, storage pool identification module 10 is connected with the interface of outside virtual machine by physical resource server, judge whether the carry agreement of this outside virtual machine meets the predefine carry agreement of physical resource server 200, and deposit judged result in identifier identification matching module 50.
Should go for Network File System protocol (Net File System agreement by the virtual machine access control method based on cloud computing environment, be called for short NFS agreement), the agreement such as global file system agreement (Google File System agreement is called for short GFS agreement), general purpose I nternet file system protocol (Common Internet File System agreement).This step 1 specifically comprises following steps:
Step 1.1, while not meeting, above-mentioned identifier identification matching module 50 triggers above-mentioned result output module 60, and this result output module 60 calls terminal computer 100 display access failures, and virtual machine access finishes.
Step 1.2, while meeting, triggers this storage pool identification module 10 to create/open resource pool module 20.
In the present embodiment, virtual machine access protocal is Network File System protocol (Net File System agreement, be called for short NFS agreement), agreement when storage pool identification module 10 is identified storage carry according to Mandatory Access Control (Mandatory Access Control is called for short MAC); When the carry agreement of outside virtual machine is that virt_use_nfs is while being " virt_use_nfs--> off ", storage pool identification module 10 judges that the carry agreement of this outside virtual machine does not meet the predefine carry agreement of this external physical Resource Server, execution step 1.1; When the carry agreement of outside virtual machine is that virt_use_nfs is while being " virt_use_nfs--> on ", storage pond identification module 10 judges that the carry agreement of this outside virtual machine meets the predefine carry agreement of this external physical Resource Server, execution step 1.2.
Step 2, whether create/open the required resource pool of order that resource pool module 20 judges that this outside virtual machine sends is present in the storage pool of this storage server 300, while existence, above-mentioned establishment/open resource pool module 20 to open and decipher the resource pool in this storage pool, jumps to step 4; While existence, this establishment/open resource pool module 20 to create and encrypt this required resource pool, execution step 3.
In the present embodiment, the resource pool in the storage pool of storage server 300 comprises the resource informations such as virtual image, virtual hard disk partition table, virtual network.
Step 3, create/open resource pool module 20 and create required resource pool, distribute/upgrade the resource pool that identification module 30 is this new establishment to create corresponding secure ID, identifier identification matching module 50 judges whether the secure ID of this resource pool meets matching principle, in the time that the secure ID of this resource pool meets matching principle, judging whether need to be by the attribute of the secure ID of mutual modular converter 40 these resource pools of change of identifier.This step 3 comprises following steps:
Step 3.1, creates/opens resource pool module 20 and create and encrypt required resource pool, and resource memory command is imported into the operating system of above-mentioned physical resource server 200.
In the present embodiment, according to hash algorithm, the resource pool of new establishment is encrypted.
Step 3.2, the required external file of order that the operating system of physical resource server 200 is sent this outside virtual machine deposits in the resource pool of this new establishment, and storage is completed to information feeds back to above-mentioned establishment/open resource pool module 20.
Step 3.3, creates/opens resource pool module 20 and import the order of distribution secure ID into distribution/renewal identification module 30.
Step 3.4, distributes/upgrades the resource pool that identification module 30 is above-mentioned new establishment to create corresponding secure ID, and this secure ID is sent to above-mentioned identifier identification matching module 50.
For example, the secure ID of resource pool is svirt_image_t:s0:c441, c961, and sensitivity level S is 0 grade, category level is respectively 441,961.The scope of sensitivity level S can be 0-15, and the responsive rank of the larger representative of numeral is higher.
Step 3.5, identifier identification matching module 50 judges whether the resource pool secure ID generating meets matching principle; While meeting, import this secure ID into result output module 60; While not meeting, this secure ID is fed back to distribution/renewal identification module 30 and re-creates the secure ID of this resource pool, redirect execution step 3.4;
Step 3.6, in the time that the secure ID of this resource pool meets matching principle, result output module 60 is by the secure ID of terminal computer 100 these resource pools of output, and whether demonstration needs to change the attribute of this secure ID; Need to change time, call the attribute of mutual modular converter 40 these secure ID of change of above-mentioned identifier; During without change, the encryption that completes this resource pool creates, and this outside virtual machine can be accessed the resource pool on this physical resource server 200.
In above-mentioned step 3.6, the attribute that distributes/upgrade identification module 30 to generate the secure ID of resource pool is dynamically labeled; The mutual modular converter 40 of identifier can be converted to the secure ID with static attribute by the secure ID with dynamic attribute.
Step 4, creates/opens resource pool module 20 and open and decipher already present resource pool; In the time of successful decryption, identifier identification matching module 50 judges whether the secure ID of outside virtual machine access process mates with the secure ID of deciphering, and calls result output module 60.This step 4 comprises following steps:
Step 4.1, creates/opens the order that resource pool module 20 sends according to outside virtual machine and open and decipher already present resource pool; When successful decryption, this identifier identification matching module 50 judges the secure ID of outside virtual machine; When Decryption failures, the access failure of this virtual machine.
Step 4.2, in the time of successful decryption, identifier identification matching module 50 judges whether the secure ID of outside virtual machine access process mates with the secure ID of deciphering, and calls above-mentioned result output module 60.This step 4.2 comprises following steps:
Step 4.2.1, in the time that the secure ID of already present resource pool and the secure ID of outside virtual machine do not mate, above-mentioned result output module 60 is by the 100 display accesses failures of above-mentioned terminal computer;
Step 4.2.2, in the time that the secure ID of already present resource pool and the secure ID of outside virtual machine mate, outside virtual machine can be accessed the resource pool on this storage server 300.
For example, when the secure ID of resource pool is: svirt_image_t:s9:c453, c478, the secure ID of the virtual machine access process of coupling access is:: svirt_t:s9:c453, c478, coupling is proved to be successful, and outside virtual machine can be accessed the resource on storage server 300 by physical resource server 200.
Although content of the present invention has been done detailed introduction by above preferred embodiment, will be appreciated that above-mentioned description should not be considered to limitation of the present invention.Read after foregoing those skilled in the art, for multiple modification of the present invention and substitute will be all apparent.Therefore, protection scope of the present invention should be limited to the appended claims.
Claims (7)
1. the virtual machine access control system based on cloud computing environment, it is characterized in that, this control system comprises: identifier identification matching module (50), and connected storage pool identification module (10), create/open resource pool module (20), distribute/upgrade identification module (30), the mutual modular converter of identifier (40) and result output module (60);
Described storage pool identification module (10), create/open resource pool module (20), distribute/upgrade identification module (30), the mutual modular converter of identifier (40) to connect successively; This mark creates/opens resource pool module (20) and is connected with described result output module (60).
2. a control method for the virtual machine access control system based on cloud computing environment, is characterized in that, this control method comprises:
Step 1, described storage pool identification module (10) judges whether the carry agreement of outside virtual machine meets the predefine carry agreement of external physical Resource Server (200), and deposits described judged result in identifier identification matching module (50);
Step 2, whether the required resource pool of order that described establishment/open resource pool module (20) judges that this outside virtual machine sends is present in storage pool; While existence, described establishment/open resource pool module (20) to open and decipher the resource pool in this storage pool; While existence, this establishment/open resource pool module (20) to create and encrypt this required resource pool;
Step 3, described establishment/open resource pool module (20) to create required resource pool, the resource pool that described distribution/renewal identification module (30) is this new establishment creates corresponding secure ID, described identifier identification matching module (50) judges whether the secure ID of this resource pool meets matching principle, in the time that the secure ID of this resource pool meets matching principle, judge whether need to be by described identifier mutual modular converter (40) change the attribute of the secure ID of this resource pool;
Step 4, described establishment/open resource pool module (20) to open and decipher already present resource pool; In the time of successful decryption, described identifier identification matching module (50) judges whether the secure ID of outside virtual machine access process mates with the secure ID of deciphering, and calls described result output module (60).
3. the control method of the virtual machine access control system based on cloud computing environment as claimed in claim 2, is characterized in that, described step 1 comprises following steps:
Step 1.1, while not meeting, described identifier identification matching module (50) triggers described result output module (60), and this result output module (60) calls terminal computer (100) display access failure, and virtual machine access finishes;
Step 1.2, while meeting, triggers described establishment/open resource pool module (20) by this storage pool identification module (10), continues execution step 2.
4. the control method of the virtual machine access control system based on cloud computing environment as claimed in claim 2, is characterized in that, described step 3 comprises following steps:
Step 3.1, described establishment/open resource pool module (20) to create and encrypt required resource pool, and resource memory command is imported into the operating system of described physical resource server (200);
Step 3.2, the required external file of order that the operating system of described physical resource server (200) is sent this outside virtual machine deposits in the resource pool of this new establishment, and storage is completed to information feeds back to described establishment/open resource pool module (20);
Step 3.3, described establishment/opening resource pool module (20) will distribute secure ID order to import described distribution/renewal identification module (30) into;
Step 3.4, the resource pool that described distribution/renewal identification module (30) is above-mentioned new establishment creates corresponding secure ID, and this secure ID is sent to described identifier identification matching module (50);
Step 3.5, described identifier identification matching module (50) judges whether the secure ID of this resource pool meets matching principle; While meeting, import this secure ID into result output module (60); While not meeting, the distribution/renewal identification module (30) described in this secure ID is fed back to re-creates the secure ID of this resource pool, redirect execution step 3.4;
Step 3.6, in the time that the secure ID of this resource pool meets matching principle, described result output module (60) is exported the secure ID of this resource pool by described terminal computer (100), and shows the attribute that whether needs to change this secure ID; Need to change time, the mutual modular converter of identifier (40) described in calling is changed the attribute of this secure ID; During without change, the encryption that completes this resource pool creates, and this outside virtual machine can be accessed the resource pool on this physical resource server (200).
5. the control method of the virtual machine access control system based on cloud computing environment as claimed in claim 2, is characterized in that, described step 4 comprises following steps:
Step 4.1, already present resource pool is opened and is deciphered in the order that described establishment/open resource pool module (20) is sent according to outside virtual machine; When successful decryption, this identifier identification matching module (50) judges the secure ID of outside virtual machine; When Decryption failures, finish the access of this virtual machine;
Step 4.2, in the time of successful decryption, described identifier identification matching module (50) judges whether the secure ID of outside virtual machine access process mates with the secure ID of deciphering, and calls described result output module (60).
6. the control method of the virtual machine access control system based on cloud computing environment as claimed in claim 4, it is characterized in that, in described step 3.6, in the time that the secure ID of this resource pool meets matching principle, the attribute that described distribution/renewal identification module (30) generates the secure ID of resource pool is dynamically labeled; The mutual modular converter of described identifier (40) can be converted to the secure ID with static attribute by the secure ID with dynamic attribute.
7. the virtual machine access control method based on cloud computing environment as claimed in claim 5, is characterized in that, described step 4.2 comprises following steps:
Step 4.2.1, in the time that the secure ID of already present resource pool and the secure ID of outside virtual machine do not mate, described result output module (60) is accessed unsuccessfully by described terminal computer (100);
Step 4.2.2, in the time that the secure ID of already present resource pool and the secure ID of outside virtual machine mate, outside virtual machine can be accessed the resource pool on storage server (300).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410100951.6A CN103885725B (en) | 2014-03-19 | 2014-03-19 | A kind of virtual machine access control system and its control method based on cloud computing environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410100951.6A CN103885725B (en) | 2014-03-19 | 2014-03-19 | A kind of virtual machine access control system and its control method based on cloud computing environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103885725A true CN103885725A (en) | 2014-06-25 |
| CN103885725B CN103885725B (en) | 2017-03-15 |
Family
ID=50954645
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410100951.6A Active CN103885725B (en) | 2014-03-19 | 2014-03-19 | A kind of virtual machine access control system and its control method based on cloud computing environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103885725B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105653938A (en) * | 2015-12-31 | 2016-06-08 | 中国电子科技网络信息安全有限公司 | Sandbox protection system and method for virtual machine |
| CN106101113A (en) * | 2016-06-24 | 2016-11-09 | 中国科学院计算技术研究所 | A kind of cloud computing data security annotation management method and system |
| CN108121593A (en) * | 2017-12-22 | 2018-06-05 | 四川大学 | A kind of virtual machine process exception behavioral value method and system |
| CN108345491A (en) * | 2017-01-24 | 2018-07-31 | 北京航空航天大学 | A kind of cross-platform virtual machine forced access control method in cloud computing environment |
| CN113544655A (en) * | 2019-03-08 | 2021-10-22 | 国际商业机器公司 | Secure interface control secure storage hardware tag |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100198972A1 (en) * | 2009-02-04 | 2010-08-05 | Steven Michael Umbehocker | Methods and Systems for Automated Management of Virtual Resources In A Cloud Computing Environment |
| CN103020501A (en) * | 2012-11-14 | 2013-04-03 | 曙光云计算技术有限公司 | Access control method and access control device of user data |
| CN103164283A (en) * | 2012-05-10 | 2013-06-19 | 上海兆民云计算科技有限公司 | Method and system for dynamic scheduling management of virtualized resources in virtualized desktop system |
| CN103248696A (en) * | 2013-05-10 | 2013-08-14 | 无锡云动科技发展有限公司 | Dynamic configuration method for virtual resource in cloud computing environment |
-
2014
- 2014-03-19 CN CN201410100951.6A patent/CN103885725B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100198972A1 (en) * | 2009-02-04 | 2010-08-05 | Steven Michael Umbehocker | Methods and Systems for Automated Management of Virtual Resources In A Cloud Computing Environment |
| CN103164283A (en) * | 2012-05-10 | 2013-06-19 | 上海兆民云计算科技有限公司 | Method and system for dynamic scheduling management of virtualized resources in virtualized desktop system |
| CN103020501A (en) * | 2012-11-14 | 2013-04-03 | 曙光云计算技术有限公司 | Access control method and access control device of user data |
| CN103248696A (en) * | 2013-05-10 | 2013-08-14 | 无锡云动科技发展有限公司 | Dynamic configuration method for virtual resource in cloud computing environment |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105653938A (en) * | 2015-12-31 | 2016-06-08 | 中国电子科技网络信息安全有限公司 | Sandbox protection system and method for virtual machine |
| CN106101113A (en) * | 2016-06-24 | 2016-11-09 | 中国科学院计算技术研究所 | A kind of cloud computing data security annotation management method and system |
| CN106101113B (en) * | 2016-06-24 | 2019-04-30 | 中国科学院计算技术研究所 | A kind of cloud computing data security annotation management method and system |
| CN108345491A (en) * | 2017-01-24 | 2018-07-31 | 北京航空航天大学 | A kind of cross-platform virtual machine forced access control method in cloud computing environment |
| CN108345491B (en) * | 2017-01-24 | 2021-08-13 | 北京航空航天大学 | Cross-platform virtual machine mandatory access control method in cloud computing environment |
| CN108121593A (en) * | 2017-12-22 | 2018-06-05 | 四川大学 | A kind of virtual machine process exception behavioral value method and system |
| CN108121593B (en) * | 2017-12-22 | 2019-06-25 | 四川大学 | A kind of virtual machine process anomaly detection method and system |
| CN113544655A (en) * | 2019-03-08 | 2021-10-22 | 国际商业机器公司 | Secure interface control secure storage hardware tag |
| CN113544655B (en) * | 2019-03-08 | 2023-09-01 | 国际商业机器公司 | Secure interface control secure storage hardware markup |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103885725B (en) | 2017-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102151907B1 (en) | Blockchain data processing and storage in a trusted execution environment | |
| US20240126930A1 (en) | Secure Collaboration Between Processors And Processing Accelerators In Enclaves | |
| EP3404891A1 (en) | Method and system for distributing digital content in peer-to-peer network | |
| CN103107994B (en) | Vitualization environment data security partition method and system | |
| CN106105146A (en) | Prove that Energy Resources Service's protection client specifies voucher at password | |
| US10250723B2 (en) | Protocol-level identity mapping | |
| US20160261592A1 (en) | Method and device for the secure authentication and execution of programs | |
| CN104104692A (en) | Virtual machine encryption method, decryption method and encryption-decryption control system | |
| WO2022161182A1 (en) | Trusted computing method and apparatus based on data stream | |
| CN103885725A (en) | Virtual machine access control system and method based on cloud computing environment | |
| Alemami et al. | Cloud data security and various cryptographic algorithms | |
| KR20150092890A (en) | Security-Enhanced Device based on Virtualization and the Method thereof | |
| WO2021082647A1 (en) | Federated learning system, training result aggregation method, and device | |
| CN105100248A (en) | Cloud storage security realization method based on data encryption and access control | |
| CN111967065B (en) | Data protection method, processor and electronic equipment | |
| US10673827B1 (en) | Secure access to user data | |
| CN114996666A (en) | Method for encrypting and decrypting neural network model, electronic device and storage medium | |
| CN114450919A (en) | Online privacy protection techniques | |
| CN109684856B (en) | Data confidentiality method and system aiming at MapReduce calculation | |
| Prasadreddy et al. | A threat free architecture for privacy assurance in cloud computing | |
| EP4198780A1 (en) | Distributed attestation in heterogenous computing clusters | |
| US11856002B2 (en) | Security broker with consumer proxying for tee-protected services | |
| US20230030816A1 (en) | Security broker for consumers of tee-protected services | |
| US20230036165A1 (en) | Security broker with post-provisioned states of the tee-protected services | |
| JP2022141962A (en) | Data query and write method, device, electronic apparatus, readable storage medium, and computer program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |