Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A virtual machine security migration system

A technology for migrating systems and virtual machines, applied in the field of virtual machine security migration systems, can solve problems such as active control attacks, less research on security issues, security threats, etc., and achieve the effect of ensuring atomicity

Inactive Publication Date: 2019-05-21
BEIJING KEXIN HUATAI INFORMATION TECH
View PDF5 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, most of the research on virtual machine dynamic migration technology is on the migration efficiency, such as shortening the migration time, fast migration, reducing the amount of migration, etc., and there are few researches on the security problems in the migration process.
In the actual cloud computing environment, there are often a large number of security threats that require in-depth research and reasonable solutions.
The problems mainly include: the vulnerability of the data transmission channel, that is, the migrating data may be attacked by passive listening and active control without any protection; for the attack on VMM, the attacker may use network deception and replay Attacks and other attack methods, when there is no access control, the attacker can hijack the control of VMM, arbitrarily initiate virtual machine migration and control the guest operating system; for the attack on the migration module, the migration module in the VMM that implements virtual machine migration Vulnerability could lead to compromise of VMM and guest OS by attacker

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A virtual machine security migration system
  • A virtual machine security migration system
  • A virtual machine security migration system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] Existing virtual machine migration systems do not have platform certification for virtual machine migration, and cannot guarantee that the state of the source platform and target platform of virtual machine migration is safe and credible. At the same time, it lacks data transmission protection and cannot handle threats such as man-in-the-middle attacks during virtual machine migration.

[0042] Aiming at the defects existing in the existing virtual machine migration system, this embodiment discloses a virtual machine security migration system, the system frame diagram is as follows figure 2 As shown, including the cloud server hardware environment, host system, virtual machine monitor and virtual machine instance:

[0043] Among them, the hardware TPCM chip in the underlying hardware environment provides the system with trusted computing cryptographic services, and the TPCM and the host system form a dual-system architecture proposed by Trust 3.0, which provides active...

Embodiment 2

[0048] This embodiment will describe in detail the local security migration engine in the above-mentioned virtual machine security migration system, as image 3As shown, the secure migration engine includes five modules of key agreement, remote attestation, confidentiality protection, integrity protection and virtual TPCM lifecycle management, and the functions of each module are described in detail below:

[0049] (1) Key agreement module

[0050] The key agreement module is used for mutual identity authentication between the source platform and the target platform, and negotiates the key used to protect the confidentiality and integrity of the subsequent data exchange, that is, to provide the confidentiality protection module and the integrity protection module of the local migration engine key. The key agreement module generates two symmetric keys—Kenc and Kmac—through the TLS handshake protocol. These two keys are calculated by the source and target platforms using the ex...

Embodiment 3

[0065] Based on the virtual machine security migration system in the above two embodiments, this embodiment proposes a virtual machine security migration method, such as Figure 4 As shown, the migration process is as follows:

[0066] (1) After the source platform receives the migration signal, it determines the address of the target platform. The source platform and the target platform use the TLS handshake protocol for key negotiation to obtain two symmetric keys——Kenc and Kmac.

[0067] (2) The source platform and the target platform verify the integrity of the target platform by using the session key obtained through key negotiation through the remote attestation module.

[0068] (3) The source platform virtual TPCM life cycle management module invokes the virtual TPCM manager to encapsulate the data of the virtual TPCM instance, and the virtual TPCM manager invokes the trusted computing resources of the underlying TPCM to complete the encapsulation of the virtual TPCM in...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a virtual machine security migration system. The virtual machine security migration system includes a sever hardware environment, a host machine system, a virtual machine monitor and one or more virtual machine instances, wherein the host machine system comprises a local security migration engine, the local security migration engine comprises a key agreement module, a remote proof module, a confidentiality protection module, an integrity protection module and a virtual TPCM life cycle management module. the security migration of the virtual machine between a source node and a target can be realized through the virtual machine security migration system provided by the invention.

Description

technical field [0001] The invention relates to the field of virtual cloud security, in particular to a virtual machine security migration system. Background technique [0002] With the rapid development of cloud computing technology, it has become a research hotspot in the Internet industry at home and abroad. As a new type of computing model, it focuses on resource leasing, application hosting, and service outsourcing, and provides IT resources, data, and applications as services to cloud tenants through the Internet. [0003] The most valuable in cloud computing is virtual machine live migration technology. The virtual machine live migration technology can migrate a virtual machine from a source physical machine to a destination physical machine while keeping the virtual machine running, and resume operation on the destination physical machine, so as to ensure that the migration process is transparent to users. Moreover, virtual machine dynamic migration technology can ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F9/455G06F21/53G06F21/60
Inventor 孙瑜王强夏攀王大海王涛洪宇
Owner BEIJING KEXIN HUATAI INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com