XEN platform-based virtual safety communication tunnel establishing method
A technology for secure communication and method establishment, applied in computer security devices, software simulation/interpretation/simulation, instruments, etc., can solve problems such as stealing, tampering with communication, XEN memory sharing operation security is not protected, etc.
Inactive Publication Date: 2012-10-31
BEIJING UNIV OF TECH
View PDF0 Cites 2 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0006] However, the security during the XEN memory sharing operation is not protected. If a virtual machine system is compromised, the intruder can impersonate other virtual machines to request memory sharing operations, or steal or tamper with the communication content
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0016] Attached below figure 2 Introduce implementation method and steps of the present invention in detail:
[0017] as attached figure 2 As shown, the present invention is a method for establishing a secure communication tunnel between virtual machines based on the XEN virtual machine platform.
[0018] ① First, add a key management module to the VMM, using an asymmetric key algorithm, responsible for generating, saving, and managing keys. When each virtual machine is started, the key management module will generate a public key and a private key for the virtual machine, distribute the private key to the virtual machine, and store the public key in the VMM.
[0019] ②When any virtual machine requests a memory sharing operation, it must use its own private key to digitally sign the pseudo-address of the memory to be shared, and pass the signature to the VMM. The information passed in at the same time includes the ID of the source virtual machine, the ID of the target vir...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses an XEN platform-based virtual safety communication tunnel establishing method, aims to ensure the safety of information transmission between virtual machines, and belongs to the field of information safety. In the method, a virtual machine monitor (VMM called XEN Hypervisor under an XEN platform, similarly hereinafter) takes charge of establishing a virtual communication tunnel by an immanent memory sharing mechanism of the XEN platform, and encrypts an address of a sharing memory so that the entrance of the tunnel is invisible to other objects besides two communication parties and the VMM. Compared with a conventional communication safety protection means, the method avoids encrypting a full text of the transmission information, saves performance, and similarly fulfills the aim of protecting the safety of a channel. Simultaneously, because the memory sharing is in a one-way one-time communication mode, the communication safety can be protected more completely by adding a digital signature to perform authentication and performing integrity identification on a message hash.
Description
Technical field: [0001] The invention aims at ensuring the security of information transmission between virtual machines, and belongs to the field of information security. Background technique: [0002] XEN is an open source virtual machine platform developed by the University of Cambridge in the United Kingdom. It is characterized by providing a virtualization method called para-virtualization. In the implementation of this virtualization method, it is necessary to modify the source code of the virtual machine operating system so that it calls hardware resources through the interface provided by the VMM, instead of providing virtual hardware as in the traditional virtualization method, which greatly reduces the The efficiency of virtual machine operation is improved. [0003] At present, in order to reduce performance waste, it has become a common method to deploy a distributed system on a virtualization platform, and each component module is deployed on a different virtua...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/00G06F9/455G06F21/60
Inventor 赖英旭王若曾刘静李健
Owner BEIJING UNIV OF TECH