Security protection system and method for distributed virtualized storage of satellite data

A technology for satellite data and security protection, applied in the field of security protection for satellite data storage, can solve the problem that the confidentiality, integrity and credibility of satellite data distributed virtual storage system cannot be guaranteed, and the security protection of virtualization layer is not considered. problems, illegal tampering of satellite data and encrypted blackmail, etc., to achieve the effect of guaranteeing shared interaction and integrated applications, ensuring security, and realizing confidentiality

Active Publication Date: 2020-05-12
SPACE STAR TECH CO LTD
View PDF15 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Compared with the traditional distributed storage, the most special feature of satellite data distributed virtual storage is that a virtualization layer is added between the storage device and the application layer, while the existing security protection technologies for satellite data storage mainly adopt application Layer data encryption and authentication mechanisms, such methods do not take into account the security protection issues of the virtualization layer, and cannot guarantee the confidentiality, integrity, and credibility of the satellite data distributed virtualization storage system, and are especially vulnerable to APT attacks and 0Day Malicious stealing, illegal tampering and encrypted extortion of satellite data by new cyber attacks such as

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security protection system and method for distributed virtualized storage of satellite data
  • Security protection system and method for distributed virtualized storage of satellite data
  • Security protection system and method for distributed virtualized storage of satellite data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0063] In consideration of the confidentiality, integrity and credibility of distributed virtualized storage of satellite data, the embodiment of the present invention discloses a security protection system for distributed virtualized storage of satellite data, including: a platform trusted measurement module, Data encryption protection module, security monitoring and auditing module, trusted management server, key management server and log audit server. Among them, the platform trust measurement module, data encryption protection module and security monitoring and auditing module are set on the host computer side; the trusted management server, key management server and log auditing server are set on the security management server side.

[0064] Preferably, the platform trusted measurement module and the corresponding trusted management server are used for trusted measurement of the satellite data distributed virtual storage; the data encryption protection module and the corre...

Embodiment 2

[0073] refer to figure 1 , is a schematic structural diagram of a security protection system for distributed virtualized storage of satellite data provided by an embodiment of the present invention. In the invention, the security protection system for distributed virtualized storage of satellite data includes a distributed virtualized storage node 100 and a security management server 200 .

[0074] Specifically, the distributed virtualized storage node 100 specifically includes: a platform trust measurement module 21 for 20-layer security protection of the host operating system, a data encryption protection module 22 and a security monitoring and auditing module 23, and a virtual machine 30A vTCM metrics module 32A, vTCM reporting module 33A and audit proxy module 34A for layer security protection.

[0075] Wherein, the platform trust measurement module 21 includes a TCM measurement submodule 211 , a TCM report submodule 212 and a vTCM management submodule 213 . Since the ro...

Embodiment 3

[0086] refer to figure 2 , is a flow chart of a security protection method for distributed virtual storage of satellite data provided by an embodiment of the present invention. The security protection method for distributed virtual storage of satellite data is specifically a platform credibility measurement method, including the following steps:

[0087] Step S11, the TCM measurement submodule 211 calls the physical TCM11 to perform trusted measurement on the host operating system 20 and each application program, and sends the measurement result to the TCM report submodule 212, and the TCM report submodule 212 passes the measurement result through the SSL secure channel Send to trusted management server 201;

[0088] Step S12, the vTCM measurement module 32A invokes the vTCM instance generated by the vTCM management sub-module 213 to measure the credibility of the guest operating system 31A and each application program, and saves the measurement results to the vTCM report mod...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a security protection system and method for distributed virtualization storage of satellite data. The system comprises a platform trusted measurement module, a data encryptionprotection module, a security monitoring auditing module, a trusted management server, a key management server and a log auditing server. The platform credibility measurement module and the corresponding credibility management server are used for carrying out credibility measurement on satellite data distributed virtualization storage; the data encryption protection module and the corresponding key management server are used for performing data encryption on the satellite data distributed virtualization storage; and the security monitoring and auditing module and the corresponding log auditingserver are used for performing security monitoring and auditing on the satellite data distributed virtualization storage. An integrated security protection mechanism of platform credibility measurement, data encryption protection, security monitoring and auditing is constructed, novel network attack threats such as 0Day attacks and APT attacks can be particularly defended, and the security of satellite data is ensured.

Description

technical field [0001] The invention relates to the technical field of security protection for satellite data storage, in particular to a security protection system and method for distributed virtual storage of satellite data. Background technique [0002] With the continuous deepening and development of satellite applications in my country, a large amount of data has been accumulated in various related fields and industries, and the application requirements for large-scale satellite data sharing and integration and analysis and mining are also emerging. [0003] At present, the storage method of satellite data is transforming from traditional centralized unified storage to distributed virtualized storage. Compared with the traditional distributed storage, the most special feature of satellite data distributed virtual storage is that a virtualization layer is added between the storage device and the application layer, while the existing security protection technologies for s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06F21/71G06F21/60G06F21/62G06F21/53G06F16/18
CPCG06F21/57G06F21/71G06F21/602G06F21/6218G06F21/53G06F16/1815G06F2221/2107
Inventor 段鑫冬房超曾天宁顾聪慧陶利民王文良闫文张婷
Owner SPACE STAR TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products