Virtual machine monitor local integrity detection system and implementation method

A virtual machine monitor and integrity detection technology, applied in the field of information security, can solve problems such as low security, inconvenient implementation, and inability to realize the integrity detection of the underlying environment, so as to ensure safe production, simple structure, and easy promotion and use value effect

Inactive Publication Date: 2016-09-07
INSPUR GROUP CO LTD
View PDF5 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This patent has the disadvantages of inconvenient implementation and low security, and it cannot realize the integrity detection of the underlying environment where users run their own VMs.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virtual machine monitor local integrity detection system and implementation method
  • Virtual machine monitor local integrity detection system and implementation method
  • Virtual machine monitor local integrity detection system and implementation method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] as attached figure 1 As shown, a system for local integrity detection of a virtual machine monitor of the present invention, the system includes a physical platform and a VM (virtual machine), the physical platform is provided with a TPM or TCM chip, and the TPM or TCM chip can work normally Start and run, and virtualize the corresponding vTPM (virtual trusted platform module) for each VM on the physical platform. The method of the system to realize the integrity detection: map the physical PCR with the VMM state to the vPCR corresponding to the vTPM , the VM user specifies the confidential data in the VM, encapsulates the confidential data and the state information in the vPCR into a data block and saves it; when the data block is decapsulated, only the vPCR value currently storing the VMM state information and the Only when the vPCR value is consistent can the data block be successfully decapsulated to obtain the confidential data.

Embodiment 2

[0039]The realization method of local integrity detection of a kind of virtual machine monitor of the present invention, this realization method comprises two phases, is respectively standard PCR value encapsulation stage and PCR value comparison decapsulation stage; Standard PCR value encapsulation stage refers to the VMM (Virtual Machine Controller) When starting for the first time, map the physical PCR with the VMM state to the vPCR corresponding to the vTPM, and the VM user specifies the confidential data in the VM, and encapsulates the confidential data and the state information in the vPCR into a data block And save; PCR value comparison decapsulation stage means that when the subsequent VM is restarted, the decapsulation operation is performed on the data block first, and only when the vPCR value currently storing the VMM state information is consistent with the vPCR value in the data block, can it be successful Decapsulate to get confidential data; if decapsulation fail...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a virtual machine monitor local integrity detection system and an implementation method and belongs to the field of information security. The invention is aimed at solving the technical problem that how to realize verifying a VM operation bottom layer environment of a user's own and guarantee safety production of VM. The technical scheme is described below: (1) a virtual machine monitor local integrity detection system comprises a physical platform and VMs, wherein the physical platform is provided with a TPM chip or a TCM chip, and a vTPM corresponding to each VM is virtualized on the physical platform. (2) an implementation method for virtual machine monitor local integrity detection comprises two stages which are the standard PCR value packaging stage and the PCR value comparing and de-packaging stage.

Description

technical field [0001] The invention relates to the field of information security, in particular to a system and an implementation method for local integrity detection of a virtual machine monitor. Background technique [0002] VMM (Virtual Machine Monitor, Virtual Machine Monitor) is a system software that can maintain multiple efficient and isolated program environments. This environment supports users to directly access real hardware. Such a program environment is called a virtual machine (Virtual Machine , VM). The physical machine manages the real resources of the computer system through the VMM and provides an interface for the virtual machine. That is, the VMM is a bridge for the interaction between the VM and the underlying hardware. Once the VMM is attacked or maliciously modified, the security of the VM will be threatened. [0003] In a cloud computing environment, although logically, users have the authority to manage their own VMs, physically, VMs run on a phys...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/455G06F21/53
CPCG06F9/45558G06F21/53G06F2009/45587
Inventor 郝虹戴鸿君于治楼
Owner INSPUR GROUP CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap