A cloud management behavior security control method and system

A security control and cloud management technology, applied in the field of cloud computing security, can solve problems such as not improving platform security

Inactive Publication Date: 2016-04-27
PEKING UNIV
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] Although this patent also belongs to the field of cloud computing security, its focus is mainly on the different needs of different customers for security threat characteristics, and the security of management is realized by dividing security domains, but it does not improve the overall security. platform security

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A cloud management behavior security control method and system
  • A cloud management behavior security control method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] This paper establishes a trusted path between the cloud management center and the virtual machine monitor. In addition to the protection of the asymmetric key, this paper also adds a separate agent communication domain (DomP) on the virtualization node to reduce The risk of the link being snooped. At the same time, in order to ensure the normal and stable operation of the channel, this paper adds some new modules in the cloud management center and virtual machine monitor to encrypt or authenticate the management information. The main approach is to reduce the trusted computing base of the entire cloud platform. Such as figure 1 As shown, firstly, a new domain DomP is defined in this architecture as a proxy of the CMS, and all these secret and authentication information are transmitted through the authorized proxy. In addition, in order to allow CMS to strictly control the entire cloud, this article has added four components to the Xen virtual machine monitor: Verifier...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for controlling cloud management behavior security. The method comprises the steps: 1) a cloud management center CMS distributes a secrete key to each node, and an agent domain is established on each node; 2) the CMS inquires the secrete key of each node according to node number and determines the type of an authorization message; 3) the CMS generates a management authorization message of cloud management operations and sends the management authorization message to the agent domain after the management authorization message is signed; 4) the agent domain sends the management authorization message to a virtual machine monitor of each node to conduct verification and adds the management authorization message into a security server if the management authorization message passes the verification; 5) the CMS sends a cloud management operation request to a cloud platform agent CMP of the node; 6) the CMP sends a super call request to the virtual machine monitor according to the cloud management operation request, the virtual machine monitor firstly inquires whether an authorization item of the cloud management operation request exists in the security server or not, if the authorization item exists in the security server, the type and the timestamp of the authorization message are verified, if the verification is passed, the request is executed, and if the verification is not passed, the request is refused. The method can reduce the risk caused by the denial of service attack and malicious eavesdropping.

Description

technical field [0001] The invention relates to a cloud management behavior security control method and system, which belong to the field of cloud computing security and are mainly applied to the security management and control of computing nodes in a cloud environment. Background technique [0002] At present, cloud computing generally refers to the use of software to effectively manage computing resources and storage resources in one or more large-scale clusters, and then users can submit their own tasks to the cloud, regardless of how the cloud works internally. of. Generally speaking, cloud computing regards the entire computer cluster based on network interconnection as a supercomputer with unified management and unified operation. Personal computers, workstations, and mobile devices inside the cloud can work together to effectively utilize massive processors and processing space. [0003] Users can directly access the cloud through the Internet, and then get a comple...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/08H04L29/06
Inventor 沈晴霓周志轩吴中海杨雅辉
Owner PEKING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products