Security management method of virtual machine based on trust root

A security management and virtual machine technology, applied in the field of virtual machine security management based on the root of trust, can solve the problems of concurrent sharing of virtual computing domains, no description or report found, and no data collected.

Inactive Publication Date: 2016-05-11
CETC CHINACLOUD INFORMATION TECH CO LTD
View PDF3 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, mainstream trusted devices such as TPM cannot effectively run on KVM virtual machines, and cannot be shared concurrently by virtual computing domains, which introduces potential security threats to the security isolation between multiple virtual computing domains and the construction of root of trust
[0004] At present, there is no description or report of the similar technology of the present invention, and no similar data at home and abroad have been collected yet.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security management method of virtual machine based on trust root
  • Security management method of virtual machine based on trust root

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0033] This embodiment provides a virtual machine security management method based on root of trust, including the following steps:

[0034] Step S1: Load the TPM back-end driver: load the TPM back-end driver in the privileged domain, and generate a simulated device vTPM (virtual TPM device); the virtual TPM device is mainly used for:

[0035] - The ability to interact with the physical TPM driver to realize the virtualization of the physical TPM;

[0036] - Receive instructions from the front-end TPM driver and hand them over to the simulated device vTPM for processing;

[0037] Step S2: Start the virtual TPM device manager: initialize the global configuration of the virtualization monitor of the virtual TPM device manager to store virtual TPM related information, and create a root virtual TPM based on the physical TPM, which has the highest authority TPM instance, denoted as Ring-0;

[0038] Step S3: start the monitoring thread of the virtual TPM device manager; the monito...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a security management method of a virtual machine based on a trust root. The security management method comprises the following steps: S1, loading a back-end drive of an application layer to generate simulative equipment vTPM; S2, starting a virtualization monitor; S3, establishing a monitoring thread of a virtual TPM; S4, establishing the virtual TPM for a QEMU; S5, loading a front-end drive; S6, starting a security management thread, and loading a security strategy; and S7, processing a TPM instruction from a Hypervisor. The security management method of the virtual machine based on the trust root provided by the invention realizes the virtualization capability on the traditional TPM; integrity protection and isolation on a client machine are carried out over a virtualization system; and security management of the virtual machine is realized over the hypervisor.

Description

technical field [0001] The invention relates to virtualization security technology in cloud computing environment, in particular to a virtual machine security management method based on root of trust. Background technique [0002] The root of trust is the origin of Trusted Computing, which is a technology recommended and developed by the Trusted Computing Group (TCG). At the heart of TCG is the Trusted Platform Module (TPM), a tiny cryptographic chip embedded on a computer's motherboard that provides hardware-based security for programs. TPM provides a hardware-based root of trust, which provides internal key storage space and registers for storing digest values. The TPM also provides cryptographic functions to implement functions such as encryption / decryption, signing / verification, and hardware-based random number generation. [0003] The security problems in the cloud computing environment are largely caused by the virtual sharing of resources in virtualization technolog...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06F9/455
CPCG06F21/57G06F9/45533G06F2009/45587
Inventor 杨飞
Owner CETC CHINACLOUD INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap