Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A virtual machine data protection method based on trusted boot

A data protection and virtual machine technology, applied in digital data protection, electrical digital data processing, instruments, etc., can solve problems such as inability to read data

Active Publication Date: 2019-04-30
BEIJING VRV SOFTWARE CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This technology makes the disk of the virtual machine usually stored in the form of ciphertext, so that even if the attacker obtains the disk file, the data in it cannot be read

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] In order to enable those skilled in the art to better understand the technical solution of the present invention, the present invention will be further analyzed below in conjunction with specific examples.

[0018] A virtual machine data protection method based on trusted startup, including two parts of virtual machine disk encryption and decryption; the virtual machine disk encryption part is performed when the monitor is turned off, which includes: Step 1, calculating the key components of the system The hash value is written into the trusted module. The calculation of the hash value can choose different algorithms according to the needs. The algorithm of the hash value can use MD5, SHA1 general algorithm, or self-defined one-way hash value calculation method ; Step 2, register the callback mechanism when the virtual machine monitor is closed, so that it performs encryption on the virtual machine disk and writes the decryption key into the trusted module when the virtu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a trusted booting based data protecting method of a virtual machine. The method comprises a part of encrypting the disk of the virtual machine and a part of decrypting the disk of the virtual machine, wherein the part of encrypting the disk of the virtual machine includes the steps: calculating a hash value of a system key component and writing into a trusted module; registering a callback mechanism for the stopping of a monitor, and encrypting the disk of the virtual machine when the monitor is stopped and writing a decrypting key into the trusted module; the part of decrypting the disk of the virtual machine includes the steps: checking a key component to be examined during booting, and calculating the hash value of the key component through the trusted module before the trusted module loads the key component of the monitor of the virtual machine; comparing the calculated hash value with the hash value which is previously stored in the trusted module, and determining that the booting is trusted if the calculated hash value is equal to the previously-stored hash value; writing the decrypting key, stored in the trusted module, of the disk of the virtual machine, into a platform configuration register of the trusted module. The method has the beneficial effects that the data in the disk of the virtual machine can be encrypted and stored; the decrypting key of the disk of the virtual machine can be prevented from being stolen by a RootKit in the monitor of the virtual machine.

Description

technical field [0001] The invention relates to a data protection method for encrypting and decrypting a virtual machine disk used by a virtual machine by using a trusted module, in particular to a virtual machine data protection method based on trusted startup, which belongs to the field of computer applications. Background technique [0002] Trusted boot technology refers to saving some key system configuration or key information and hash values ​​of key components in the system in a trusted module, and recalculating the hash values ​​of key system components when the system starts, if it is the same as before If the saved values ​​are equal, it is judged that the current system is in a trusted state, and then the previously saved system configuration information or key information is written into the platform configuration register for normal startup of the system; if it is not equal to the previously saved number, it is judged If unauthorized changes to key system compon...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/62
CPCG06F21/62G06F2221/2107
Inventor 党艳平阳晓宇刘生
Owner BEIJING VRV SOFTWARE CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products