CN112532600A - Cluster system with credible data exchange and credible data exchange method - Google Patents

Cluster system with credible data exchange and credible data exchange method Download PDF

Info

Publication number
CN112532600A
CN112532600A CN202011306513.7A CN202011306513A CN112532600A CN 112532600 A CN112532600 A CN 112532600A CN 202011306513 A CN202011306513 A CN 202011306513A CN 112532600 A CN112532600 A CN 112532600A
Authority
CN
China
Prior art keywords
trusted
nodes
information
domain
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011306513.7A
Other languages
Chinese (zh)
Other versions
CN112532600B (en
Inventor
石磊
马亮
刘春�
姜健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Qianyun Qichuang Information Technology Co ltd
Shandong Trusted Cloud Information Technology Research Institute
Zhongan Trustworthy Qingdao Network Technology Co ltd
Original Assignee
Shandong Qianyun Qichuang Information Technology Co ltd
Shandong Trusted Cloud Information Technology Research Institute
Zhongan Trustworthy Qingdao Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Qianyun Qichuang Information Technology Co ltd, Shandong Trusted Cloud Information Technology Research Institute, Zhongan Trustworthy Qingdao Network Technology Co ltd filed Critical Shandong Qianyun Qichuang Information Technology Co ltd
Priority to CN202011306513.7A priority Critical patent/CN112532600B/en
Publication of CN112532600A publication Critical patent/CN112532600A/en
Application granted granted Critical
Publication of CN112532600B publication Critical patent/CN112532600B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/1863Arrangements for providing special services to substations for broadcast or conference, e.g. multicast comprising mechanisms for improved reliability, e.g. status reports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/1881Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with schedule organisation, e.g. priority, sequence management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Debugging And Monitoring (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention belongs to the field of cluster data exchange, and provides a cluster system with credible data exchange and a credible data exchange method. The cluster system with the credible data exchange comprises a plurality of nodes which are communicated with each other, and the nodes are distributed in a broadcast domain; the trusted root TPM is arranged on the nodes and corresponds to the nodes one by one; and the credibility measurement agent independently runs on each node and is used for periodically broadcasting credibility information in the domain and monitoring credibility information broadcast by other nodes in the domain. The method is based on the trusted root TPM and the logically independently operated trusted measurement agent, and can ensure the safe and reliable exchange of data among the nodes.

Description

Cluster system with credible data exchange and credible data exchange method
Technical Field
The invention belongs to the field of cluster data exchange, and particularly relates to a cluster system with credible data exchange and a credible data exchange method.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
Cluster systems are becoming more common today, typically super-converged systems, distributed storage systems, big data systems, etc. The system is composed of a plurality of nodes, the nodes are interconnected through a network, and data exchange between the nodes is frequent.
The inventor finds that in the process of data exchange between nodes in the current cluster system, the risk of middleware man attack exists; without the support of the TPM trusted root and the transmission of the trust chain, each layer of the software stack has the risk of being tampered with logic, so that the reliability of various encryption authentication mechanisms cannot be guaranteed.
In summary, the current cluster system generally has the problem that data exchange between nodes inside the cluster is unreliable and uncontrollable.
Disclosure of Invention
In order to solve at least one technical problem in the background art, the invention provides a data exchange trusted cluster system and a trusted data exchange method, which are based on a trusted root TPM and a logically independently operated trusted measurement agent and can ensure the safe and reliable exchange of data between nodes.
In order to achieve the purpose, the invention adopts the following technical scheme:
a first aspect of the invention provides a data exchange trusted cluster system.
In one or more embodiments, a data exchange trusted cluster system, comprising:
a plurality of nodes in communication with each other, the nodes being distributed within a broadcast domain;
the trusted root TPM is arranged on the nodes and corresponds to the nodes one by one;
and the credibility measurement agent independently runs on each node and is used for periodically broadcasting credibility information in the domain and monitoring credibility information broadcast by other nodes in the domain.
In one or more embodiments, a data exchange trusted cluster system, comprising:
a plurality of nodes in communication with each other, the nodes being distributed within at least two broadcast domains;
the trusted root TPM is arranged on the nodes and corresponds to the nodes one by one;
and the credibility measurement agent runs on each node independently and is used for regularly broadcasting the credibility information in the domain, monitoring the credibility information broadcast by other nodes in the domain, spreading the credibility information across the domain and receiving and extracting the credibility information spread by other domains.
A second aspect of the invention provides a trusted data exchange method.
In one or more embodiments, a trusted data exchange method is based on a data exchange trusted cluster system as described above, and periodically broadcasts trusted information in a domain and listens for trusted information broadcast by other nodes in the domain by using a trust measurement proxy independently running on each node.
In one or more embodiments, a trusted data exchange method is based on the data exchange trusted cluster system, and the trusted data exchange trusted cluster system is characterized in that a trusted measurement agent independently running on each node is used for periodically broadcasting trusted information in a domain, monitoring the trusted information broadcasted by other nodes in the domain, spreading the trusted information across the domain and receiving and extracting the trusted information spread by other domains.
Compared with the prior art, the invention has the beneficial effects that:
(1) installing a unique corresponding trusted root TPM on each node, thereby realizing the credibility from the BIOS to an operating system; on the basis of a trusted root TPM, each node operates a logically independent trusted measurement subsystem-trusted measurement agent, so that bypass monitoring is realized; compared with the traditional technology which only relies on PKI, the reliability and controllability of the data exchange in the cluster are obviously improved.
(2) Each node regularly issues the node information to all nodes in the broadcast domain in a broadcast mode, if a certain node fails to send out broadcast on time in a preset period due to some reason, the node can be found by other nodes in the same domain, if an illegal node is accessed into a cluster to pretend to be other nodes, the broadcast information reaches other nodes in the local domain, information conflict can be caused and found, the node belongs to bypass monitoring, the processing logic and flow of original data flow are not changed, delay is small, and reliability is good.
Advantages of additional aspects of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification, illustrate exemplary embodiments of the invention and together with the description serve to explain the invention and not to limit the invention.
Fig. 1 is a schematic structural diagram of a cluster system with trusted data exchange according to a first embodiment of the present invention;
fig. 2 is a schematic structural diagram of a data-exchange trusted cluster system according to a second embodiment of the present invention.
Detailed Description
The invention is further described with reference to the following figures and examples.
It is to be understood that the following detailed description is exemplary and is intended to provide further explanation of the invention as claimed. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the invention. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.
Interpretation of terms:
TPM: the Trusted Platform Module is a chip which is planted in a computer and provides a Trusted root for the computer. The specification of the chip is set by Trusted Computing Group (Trusted Computing Group).
ID: IDentity, meaning of an identification number. Also called serial number or account number, is a relatively unique code in a certain system, and is equivalent to an "identity card" in a specific thing, the ID number is generally not changed, and as to what is used for identifying the thing, the rule set by the designer determines the thing.
MAC address: media Access Control Address, translated as a MAC Address, also known as a local area network Address (LAN Address), MAC Address, Ethernet Address or Physical Address, is an Address used to identify the location of a network device. In the OSI model, a third layer network layer is responsible for IP addresses and a second layer data link layer is responsible for MAC addresses. The MAC address is used to uniquely identify a network card in the network, and if one or more network cards exist in a device, each network card needs to have a unique MAC address.
IP address: the Internet Protocol Address refers to an Internet Protocol Address, which is also translated into an Internet Protocol Address.
Subnet mask: a subnet mask, also called netmask, address mask, subnet mask, is a type of mask used to indicate which bits of an IP address identify the subnet where the host is located, and which bits identify the host's bit mask.
Public key certificate: often referred to simply as a certificate, is a digitally signed statement that binds the value of a public key to the identity of a person, device or service that holds the corresponding private key.
Example one
In order to solve the problem of trusted data exchange between nodes in a cluster, referring to fig. 1, this embodiment provides a data exchange trusted cluster system, which includes:
a plurality of nodes in communication with each other, the nodes being distributed within a broadcast domain;
the trusted root TPM is arranged on the nodes and corresponds to the nodes one by one;
and the credibility measurement agent independently runs on each node and is used for periodically broadcasting credibility information in the domain and monitoring credibility information broadcast by other nodes in the domain.
In this embodiment, the unique ID of the root trusted TPM serves as the unique identity ID of the node. Based on the TPM, at least the trust of the BIOS, Bootload, and operating system should be guaranteed.
In this embodiment, the trust measurement proxy is a logically independent subsystem, and the TPM root of trust guarantees its own trust. The credibility measurement agent has two realization methods, one is used as a sub-thread of an operating system kernel to run; and secondly, under the condition of being supported by a hardware architecture, the system can directly operate as an independent subsystem, such as the TrustZone of ARM.
Specifically, the trusted measurement agent broadcasts the information of the node in a fixed measurement period, for example, a period of 20 seconds, which is configurable, in the current broadcast domain. Wherein, the content of the broadcast information comprises: the unique ID of the trusted root TPM, the MAC address of the network card communicating with other nodes, the public key certificate of the TPM, and the IP address and subnet mask of the current node.
In the process of monitoring the credible information broadcasted by other nodes in the domain by the credible measurement agent, after the nodes receive the broadcasts of other nodes in the domain, checking a locally maintained same-domain node information table in a contrasting manner, and if the information is consistent, only updating the corresponding recorded timestamp; and if the information is inconsistent or redundant nodes appear, the abnormal event is taken as an abnormal event and the risk of the abnormal event is measured.
The credible measurement agent also scans the information table of the nodes in the same domain regularly, and if the last information updating time of a certain node exceeds the measurement period, the node is also taken as an abnormal risk measurement.
Each node of this embodiment periodically issues this node information to all nodes in the broadcast domain in a broadcast manner, if a certain node fails to send out a broadcast on time in a predetermined period for some reason, it will be discovered by other nodes in the same domain, if an illegal node accesses a cluster to pretend to be other nodes, when its broadcast information reaches other nodes in this domain, it will cause information conflict and be discovered, and belongs to bypass monitoring, without changing the processing logic and flow of the original data stream, the delay is small, and the reliability is good.
Example two
Referring to fig. 2, a cluster system with trusted data exchange of this embodiment includes:
a plurality of nodes in communication with each other, the nodes being distributed within at least two broadcast domains;
the trusted root TPM is arranged on the nodes and corresponds to the nodes one by one;
and the credibility measurement agent runs on each node independently and is used for regularly broadcasting the credibility information in the domain, monitoring the credibility information broadcast by other nodes in the domain, spreading the credibility information across the domain and receiving and extracting the credibility information spread by other domains.
In this embodiment, the unique ID of the root trusted TPM serves as the unique identity ID of the node. Based on the TPM, at least the trust of the BIOS, Bootload, and operating system should be guaranteed.
In this embodiment, the trust measurement proxy is a logically independent subsystem, and the TPM root of trust guarantees its own trust. The credibility measurement agent has two realization methods, one is used as a sub-thread of an operating system kernel to run; and secondly, under the condition of being supported by a hardware architecture, the system can directly operate as an independent subsystem, such as the TrustZone of ARM.
Specifically, the trusted measurement agent broadcasts the information of the node in a fixed measurement period, for example, a period of 20 seconds, which is configurable, in the current broadcast domain. Wherein, the content of the broadcast information comprises: the unique ID of the trusted root TPM, the MAC address of the network card communicating with other nodes, the public key certificate of the TPM, and the IP address and subnet mask of the current node.
In the process of monitoring the credible information broadcasted by other nodes in the domain by the credible measurement agent, after the nodes receive the broadcasts of other nodes in the domain, checking a locally maintained same-domain node information table in a contrasting manner, and if the information is consistent, only updating the corresponding recorded timestamp; and if the information is inconsistent or redundant nodes appear, the abnormal event is taken as an abnormal event and the risk of the abnormal event is measured.
The credible measurement agent also scans the information table of the nodes in the same domain regularly, and if the last information updating time of a certain node exceeds the measurement period, the node is also taken as an abnormal risk measurement.
Each node of this embodiment periodically issues this node information to all nodes in the broadcast domain in a broadcast manner, if a certain node fails to send out a broadcast on time in a predetermined period for some reason, it will be discovered by other nodes in the same domain, if an illegal node accesses a cluster to pretend to be other nodes, when its broadcast information reaches other nodes in this domain, it will cause information conflict and be discovered, and belongs to bypass monitoring, without changing the processing logic and flow of the original data stream, the delay is small, and the reliability is good.
In particular implementations, to avoid storms, trusted information is passive in its propagation across domains. That is, only when one node needs to transmit data to the nodes of other domains, the node information table of the own domain is additionally transmitted.
In a specific implementation, the credible measurement agent is used for extracting data transferred from nodes of other domains and updating the data to the local; the credible measurement agent is also used for integrating node information tables of all domains maintained by the node, checking whether conflict abnormal conditions exist or not and measuring risks of the conflict abnormal conditions.
In the embodiment, a unique corresponding trusted root TPM is installed on each node, so that the credibility from the BIOS to an operating system is realized; on the basis of a trusted root TPM, each node operates a logically independent trusted measurement subsystem-trusted measurement agent, so that bypass monitoring is realized; the reliability and controllability of the data exchange within the cluster is significantly improved over conventional PKI-only techniques.
EXAMPLE III
The embodiment provides a trusted data exchange method, which is based on the data exchange trusted cluster system as described in the first embodiment, and periodically broadcasts trusted information in a domain and listens for trusted information broadcast by other nodes in the domain by using a trusted measurement agent independently running on each node.
In the embodiment, each node runs a logically independent trusted measurement subsystem, namely a trusted measurement agent, based on a trusted root TPM, so that bypass monitoring is realized; compared with the traditional technology only depending on PKI, the reliability and controllability of data exchange in the cluster system of the embodiment are obviously improved; each node regularly issues the node information to all nodes in the broadcast domain in a broadcast mode, if a certain node fails to send out broadcast on time in a preset period due to some reason, the node can be found by other nodes in the same domain, if an illegal node is accessed into a cluster to pretend to be other nodes, the broadcast information reaches other nodes in the local domain, information conflict can be caused and found, the node belongs to bypass monitoring, the processing logic and flow of original data flow are not changed, delay is small, and reliability is good.
Example four
The present embodiment provides a trusted data exchange method, which is based on the data exchange trusted cluster system described in the second embodiment, and periodically broadcasts intra-domain trusted information, listens to trusted information broadcast by other nodes in the domain, propagates the trusted information across domains, and receives and extracts trusted information propagated by other domains by using a trusted measurement agent independently running on each node.
In the embodiment, each node runs a logically independent trusted measurement subsystem, namely a trusted measurement agent, based on a trusted root TPM, so that bypass monitoring is realized; compared with the traditional technology only depending on PKI, the reliability and controllability of data exchange in the cluster system of the embodiment are obviously improved; the processing logic and flow of the original data stream are not changed, the delay is small, and the reliability is good.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A data exchange trusted cluster system, comprising:
a plurality of nodes in communication with each other, the nodes being distributed within a broadcast domain;
the trusted root TPM is arranged on the nodes and corresponds to the nodes one by one;
and the credibility measurement agent independently runs on each node and is used for periodically broadcasting credibility information in the domain and monitoring credibility information broadcast by other nodes in the domain.
2. The data-exchanging trusted clustered system of claim 1 wherein said trust measurement agent periodically broadcasts in-domain trust information including a unique ID of a root trusted TPM, a network card MAC address to communicate with other nodes, a public key certificate of the TPM, and an IP address and subnet mask of a current node.
3. The data exchange trusted clustering system of claim 1, wherein the trusted metrics agent is to: after the node receives the broadcast of other nodes in the domain, checking a locally maintained same-domain node information table in a contrasting manner, and if the information is consistent, only updating the timestamp of the corresponding record; and if the information is inconsistent or redundant nodes appear, the abnormal event is taken as an abnormal event and the risk of the abnormal event is measured.
4. The data exchange trusted clustering system of claim 1, wherein the trusted metrics agent is to: and regularly scanning the information table of the nodes in the same domain, and if the last information updating time of a certain node exceeds a measurement period, performing risk measurement as an exception.
5. A data exchange trusted cluster system, comprising:
a plurality of nodes in communication with each other, the nodes being distributed within at least two broadcast domains;
the trusted root TPM is arranged on the nodes and corresponds to the nodes one by one;
and the credibility measurement agent runs on each node independently and is used for regularly broadcasting the credibility information in the domain, monitoring the credibility information broadcast by other nodes in the domain, spreading the credibility information across the domain and receiving and extracting the credibility information spread by other domains.
6. The data-exchanging trusted clustered system of claim 5 wherein said trust measurement agent periodically broadcasts in-domain trust information including a unique ID of a root trusted TPM, a network card MAC address for communicating with other nodes, a public key certificate of the TPM, and an IP address and subnet mask of a current node.
7. The data exchange trusted clustering system of claim 5, wherein the trusted metrics agent is to: after the node receives the broadcast of other nodes in the domain, checking a locally maintained same-domain node information table in a contrasting manner, and if the information is consistent, only updating the timestamp of the corresponding record; and if the information is inconsistent or redundant nodes appear, the abnormal event is taken as an abnormal event and the risk of the abnormal event is measured.
8. The data exchange trusted clustering system of claim 5, wherein the trusted metrics agent is to: and regularly scanning the information table of the nodes in the same domain, and if the last information updating time of a certain node exceeds a measurement period, performing risk measurement as an exception.
9. The data-exchange trusted cluster system according to claim 5, wherein the trust measurement proxy takes a passive mode when propagating the trusted information across domains, that is, only when one node needs to transmit data to the nodes of other domains, the node information table of the domain is additionally transmitted;
or
The credibility measurement agent is used for extracting data transmitted from nodes of other domains and updating the data to the local;
or
The credible measurement agent is also used for integrating node information tables of all domains maintained by the node, checking whether conflict abnormal conditions exist or not and measuring risks of the conflict abnormal conditions.
10. A trusted data exchange method, characterized in that, based on the data exchange trusted cluster system according to any one of claims 1-4, a trusted measurement agent running independently on each node is used for periodically broadcasting trusted information in the domain and monitoring trusted information broadcasted by other nodes in the domain;
or
Based on a data exchange trusted cluster system according to any of claims 5-9, periodically broadcasting intra-domain trusted information, listening to trusted information broadcast by other nodes in the domain, propagating trusted information across domains, and receiving and extracting trusted information propagated by other domains by using a trusted measurement agent running independently on each node.
CN202011306513.7A 2020-11-19 2020-11-19 Cluster system with credible data exchange and credible data exchange method Active CN112532600B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011306513.7A CN112532600B (en) 2020-11-19 2020-11-19 Cluster system with credible data exchange and credible data exchange method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011306513.7A CN112532600B (en) 2020-11-19 2020-11-19 Cluster system with credible data exchange and credible data exchange method

Publications (2)

Publication Number Publication Date
CN112532600A true CN112532600A (en) 2021-03-19
CN112532600B CN112532600B (en) 2022-08-16

Family

ID=74981765

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011306513.7A Active CN112532600B (en) 2020-11-19 2020-11-19 Cluster system with credible data exchange and credible data exchange method

Country Status (1)

Country Link
CN (1) CN112532600B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100125731A1 (en) * 2008-11-14 2010-05-20 International Business Machines Corporation Method for securely merging multiple nodes having trusted platform modules
CN105760271A (en) * 2016-01-28 2016-07-13 浪潮电子信息产业股份有限公司 Method for monitoring credible state of computing node in cluster mode
CN108259469A (en) * 2017-12-19 2018-07-06 浪潮软件集团有限公司 Cluster security authentication method based on block chain, node and cluster
CN108833522A (en) * 2018-06-06 2018-11-16 北京八分量信息科技有限公司 A kind of believable system and method for determining node

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100125731A1 (en) * 2008-11-14 2010-05-20 International Business Machines Corporation Method for securely merging multiple nodes having trusted platform modules
CN105760271A (en) * 2016-01-28 2016-07-13 浪潮电子信息产业股份有限公司 Method for monitoring credible state of computing node in cluster mode
CN108259469A (en) * 2017-12-19 2018-07-06 浪潮软件集团有限公司 Cluster security authentication method based on block chain, node and cluster
CN108833522A (en) * 2018-06-06 2018-11-16 北京八分量信息科技有限公司 A kind of believable system and method for determining node

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
杜变霞等: "面向物联网的高效集群证明机制", 《计算机***应用》 *
陈振华: "一种基于节点评价的无线传感器网络安全模型", 《钦州学院学报》 *

Also Published As

Publication number Publication date
CN112532600B (en) 2022-08-16

Similar Documents

Publication Publication Date Title
US10691839B2 (en) Method, apparatus, and system for manageability and secure routing and endpoint access
WO2018228302A1 (en) Virtual network link detection method and device
US7471684B2 (en) Preventing asynchronous ARP cache poisoning of multiple hosts
US8683033B2 (en) Apparatus, system, and method for server failover to standby server during broadcast storm or denial-of-service attack
US8910129B1 (en) Scalable control system for test execution and monitoring utilizing multiple processors
US7788366B2 (en) Centralized network control
US9634991B2 (en) Method, apparatus, host, and network system for processing packet
US20150067764A1 (en) Whitelist-based network switch
US20060095961A1 (en) Auto-triage of potentially vulnerable network machines
Song et al. DS‐ARP: A New Detection Scheme for ARP Spoofing Attacks Based on Routing Trace for Ubiquitous Environments
CN107294876B (en) Network switch for performing wake-on-LAN
US20220263859A1 (en) Method and apparatus for defending against cyber attacks, receiving device and computer storage medium
CN115208606A (en) Method, system and storage medium for implementing network security protection
CN112532600B (en) Cluster system with credible data exchange and credible data exchange method
US20080010246A1 (en) System and method for providing operating system component version verification
CN110727636A (en) System on chip and device isolation method thereof
US10944719B2 (en) Restrict communications to device based on internet access
KR102582837B1 (en) Pharming dns analysis method and computing device therefor
CN114780327A (en) Server monitoring method, asset management method and PCIE card
Jeong et al. ASD: ARP spoofing detector using openwrt
CN108900481A (en) A kind of interchanger safety access system and method
CN110995502A (en) Network configuration management method, device, switching equipment and readable storage medium
TWI836279B (en) Network data packet processing device and network data packet processing method
US11303677B2 (en) Method and system for managing the operation of a group of several connected objects
CN114465986B (en) IP address conflict processing method, electronic device and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant