Forced access control method and apparatus in virtual environment

A technology of mandatory access control and virtualized environment, applied in program control devices, software simulation/interpretation/simulation, etc., can solve the problem of uncontrolled communication and resource sharing type, large granularity of communication and resource sharing control, and inapplicable multi-level security. environmental issues

Inactive Publication Date: 2009-06-10
SHANGHAI JIAO TONG UNIV
View PDF0 Cites 49 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method has the following problems: 1) This method has a relatively large control granularity for communication and resource sharing, and does not control specific types of communication and resource sharing; 2) Assuming that different labels are used to represent different security levels, virtual machines with different security levels Inability to communicate and share resources between
Therefore, this method is not suitable for multi-level security environment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Forced access control method and apparatus in virtual environment
  • Forced access control method and apparatus in virtual environment
  • Forced access control method and apparatus in virtual environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] The embodiments of the present invention are described in detail below in conjunction with the accompanying drawings: this embodiment is implemented on the premise of the technical solution of the present invention, and detailed implementation methods and specific operating procedures are provided, but the protection scope of the present invention is not limited to the following the described embodiment.

[0060] like figure 1 Shown is the virtual machine hierarchical relationship in this embodiment, the trusted virtual machine is on the root node of the hierarchical relationship, and other virtual machines are the child nodes of the root node.

[0061] This embodiment is implemented on the virtual machine monitor Xen. like figure 2 As shown, the Xen virtual machine monitor is an open source virtual machine monitor project developed by the computer laboratory of Cambridge University. The relationship between the Xen virtual machine monitor and physical hardware, virt...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a forced access control method and a device applied to a virtual environment in the technical field of computer application. The method comprises: designating a virtual machine in a virtual environment as a credible virtual machine with security management authority, in which, the credible virtual machine uses security classification and security category as a sensitive label to identify the security level of a single virtual machine; establishing an access matrix and setting the access type set of each virtual machine to other virtual machines; and when a certain virtual machine main body gets access to a certain virtual machine object in a certain access type, judging whether the access is permitted according to the sensitive label of both the main body and the object and the access type set of the main body to the object in the access matrix. The device comprises an access control initializing module, a virtual machine state monitoring module, an access judgment module, a security management assisting module and a virtual machine security information management module in the credible virtual machine. The forced access control method and the device can effectively control communication and resource sharing between virtual machines in a virtual environment of multilevel security.

Description

technical field [0001] The present invention relates to a method and device in the field of computer application technology, in particular to a mandatory access control method and device in a virtualized environment. Background technique [0002] Virtualization technology is the most popular technology in the current information technology industry. The application of virtualization technology can bring great benefits in the following aspects: 1. Integrating servers and deploying computer systems into virtual machines can improve the utilization rate of hardware equipment and reduce operating costs. 2. Use resource virtualization to improve service quality and reduce system offline time; 3. Reduce the preparation time for IT infrastructure settings, improve the flexibility of IT investment, and promote on-demand configuration; 4. Quickly provide testing and development environments to improve Development efficiency; 5. Migrate legacy operating systems and applications to vir...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/455
Inventor 翁楚良王观海骆源李明禄
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap