CN105184158A - Method for improving security of cloud computing operating system - Google Patents

Method for improving security of cloud computing operating system Download PDF

Info

Publication number
CN105184158A
CN105184158A CN201510509372.1A CN201510509372A CN105184158A CN 105184158 A CN105184158 A CN 105184158A CN 201510509372 A CN201510509372 A CN 201510509372A CN 105184158 A CN105184158 A CN 105184158A
Authority
CN
China
Prior art keywords
operating system
information
virtual
virtual processor
register
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510509372.1A
Other languages
Chinese (zh)
Inventor
王智民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING OPZOON TECHNOLOGY Co Ltd
Opzoon Technology Co Ltd
Original Assignee
BEIJING OPZOON TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING OPZOON TECHNOLOGY Co Ltd filed Critical BEIJING OPZOON TECHNOLOGY Co Ltd
Priority to CN201510509372.1A priority Critical patent/CN105184158A/en
Publication of CN105184158A publication Critical patent/CN105184158A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine

Abstract

A method for improving security of cloud computing operating system comprises the following steps: step S1, shielding all original external access interfaces in an operating system; and step S2, performing re-wrap on a preset necessary external access interface in the operating system to form an validate external access interface. According to the method for improving security of cloud computing operating system provided by the present invention, a security check process of a large cloud computing operating system can be simplified, manpower, economy and material resources are saved, and a cloud operating system is enabled to have higher security.

Description

A kind of method promoting cloud computing operating system security
Technical field
The present invention relates to field of cloud computer technology, particularly relate to a kind of method promoting cloud computing operating system security.
Background technology
Cloud computing operating system, also known as cloud OS, cloud computing operating system, cloud computing center operating system, using cloud computing, cloud memory technology as the operating system supported, the holistic management operation system of cloud computing background data center, it refer to framework on the basic hardware resources such as server, storage, network and single-set operation system, middleware, database basic software, the management underlying hardware of magnanimity, the cloud platform total management system of software resource.
Operating system according to whether openly source code mode classify and can be divided into open source operating system and close source operating system.Open source operating system (opensourceoperatingsystem), namely discloses the operating system software of source code, follows open source protocol (GNU) and carry out using, compile and issuing.Under the prerequisite observing GNU agreement, anyone can freely use, the method for operation of random control software design.
Close source operating system (Closedsourceoperatingsystem), the i.e. operating system software of underground source code, it means a binary version of the computer program that only will obtain their licenses and does not have the source code of this program, and the translation amendment of software is almost impossible from technical elements.The source code of this progressions model is counted as the secret of the trade of this company, and therefore may obtain the group of source code access, such as school, must sign in advance and not leak agreement.
In prior art, open source operating system represents: Linux, Symbian, Android, unix derived system etc., closes source operating system representative: Windows, MacOS, iOS, WP etc.Mainly contain XEN and KVM based on open source operating system software, business software mainly contains the Hyper-V of vSphere, Microsoft of vmware.
Needing in the office of elevation information security, public institution and enterprise, whenever introduction operating system, need to check its source code, to guarantee the Information Security of this operating system, source code due to open source operating system has observability, alterability, leak search cheap property etc., therefore, the office of elevation information security, unit, operating divisions and enterprise is being needed generally to select open source operating system.
Existing large-scale cloud computing operating system is developed by foreign vendor, when the operating system introduced is cloud computing operating system, more need the security of its source code of close inspection, to prevent the manufacturer had different agendas from utilizing cloud computing operating system to steal the confidential data of government offices of China, public institution and enterprise abroad, thus bring serious security threat to government offices of China, public institution and enterprise.
But because the source code quantity of large-scale cloud computing operating system is quite huge, traditionally the mode of security process checks its source code, not only need the time of at substantial, manpower, financial resources, and when with combination of hardware, even if do not find potential safety hazard when checking, in use, the potential safety hazard of some the unknowns can still be produced.Therefore, a kind of safer, that efficiency is higher method that the security of cloud computing operation is reinforced is needed badly.
Summary of the invention
The object of this invention is to provide a kind of method promoting cloud computing operating system security, comprise the following steps:
Step S1, shields whole pristine outside access interface in this operating system;
Step S2, carrying out Reseal to presetting necessary external reference interface in this operating system, forming effective external reference interface.
Wherein, the step that the described external reference interface to presetting necessity in this operating system carries out Reseal comprises:
Arrange and control the system call of parameter of overall importance in encapsulation operation system;
The empty machine operational order of internal memory and establishment virtual processor is set in encapsulation virtual machine;
The virtual cpu operational order of the read-write of register in virtual processor, interruption, incident management and memory management is controlled in encapsulation virtual machine;
Described virtual cpu operational order comprise control register instruction, control to interrupt and incident management instruction and control the instruction of memory management.
Wherein, described system call comprises:
Create virtual machine; The external interface version of inquiry current virtual machine; Obtain index; Check expansion support situation; Run virtual machine and institute's shared drive region, User space space capacity.
Wherein, described empty machine operational order comprises:
For virtual machine creating virtual processor; According to structure information, run virtual machine; Create virtual programmable interrupt controller, and the virtual processor created subsequently is all associated with this programmable interrupt controller; Look-at-me is sent to virtual programmable interrupt controller; Read the interrupt identification information of programmable interrupt controller; The interrupt identification information of write programmable interrupt controller; Return the bitmap of dirty page.
Wherein, in virtual cpu operational order, the instruction of control register comprises:
Obtain general-purpose register information; General-purpose register information is set; Obtain specified register information; Specified register information is set; Obtain MSR register information; MSR register information is set; Obtain flating point register information; Flating point register information is set; Obtain the xsave register information of virtual processor; The xsave register information of virtual processor is set; Obtain the xcr register information of virtual processor; The xcr register information of virtual processor is set.
Wherein, the instruction controlling interruption and incident management in virtual cpu operational order comprises:
Virtual processor produces and interrupts; The look-at-me shielding mask of certain virtual processor is set; Obtain in virtual processor and be suspended the event treating delay process; The event of virtual processor is set.
Wherein, the instruction controlling memory management in virtual cpu operational order comprises:
The physical address translation of virtual processor is become HPA; The region of memory of amendment virtual processor; Initialization TSS region of memory; Create EPT page table.
Wherein, upon step s 2, also comprise step S3: the information interaction passage of operating system and external program is monitored, if find to also have other information interaction passage except effective external reference interface, then block this information interaction passage, and send alarm prompt.
Wherein, the described step monitored the information interaction passage of operating system and external program, comprising:
Screen the interactive information of operating system and external program and screen, interactive information is judged to be proper communication, suspicious traffic and hazardous communications by the information interaction situation according to presetting;
If result of determination is proper communication, then according to normal communication state process;
If result of determination is suspicious traffic, then send suspicious information alarm prompt;
If result of determination is hazardous communications, then block the information interaction passage of this information, and send dangerous information alarm prompt.
Wherein, described operating system comprises host operating system and client operating system;
In the described step that the information interaction passage of operating system and external program is monitored, comprise and the information interaction passage of host operating system and external program is monitored, and the information interaction passage of client operating system and external program is monitored.
Beneficial effect of the present invention is: simplify the security inspection work to large-scale cloud computing operating system, saves manpower, financial resources, material resources, and makes cloud operating system have higher security.
Accompanying drawing explanation
Fig. 1 is KVM logical framework in prior art;
Fig. 2 is KVM logical framework in the present invention;
Fig. 3 is the process flow diagram that the present invention promotes the method for cloud computing operating system security;
Fig. 4 is that the present invention promotes in the method for cloud computing operating system security the flow chart of steps that information interaction passage is monitored.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly understand, below in conjunction with embodiment also with reference to accompanying drawing, the present invention is described in more detail.Should be appreciated that, these describe just exemplary, and do not really want to limit the scope of the invention.In addition, in the following description, the description to known features and technology is eliminated, to avoid unnecessarily obscuring concept of the present invention.
Terminological interpretation
Intel Virtualization Technology is a core technology in cloud computing operating system, all virtual be all two parts compositions: virtual machine (VM) and host (HOST), run client operating system (GuestOS) in virtual machine (VM), in HOST, run host operating system (HostOS).
HOST---host, refers to the computing machine physically existed.
HostOS---host operating system, refers to the operating system that HOST runs.
VM (VirtualMachine)---virtual machine, computing machine in logic, one that refers to be simulated out by Vmware virtual computing machine.
GuestOS---client operating system, refers to operate in the operating system on VM (VirtualMachine).
Such as: installed on the computing machine of WindowsNT at one and installed Vmware, so, HOST refers to this computing machine installing WindowsNT, and its HostOS is WindowsNT.VM upper run be Linux, so Linux is GuestOS.
Full-Virtualization---Full-virtualization.Client operating system (GuestOS) operates on the hypervisor that is positioned on physical machine, and client operating system does not also know that it is virtualized, and just can work without any need for change.
Para-Virtualization---half is virtual.Client operating system (GuestOS) not only knows that it operates on hypervisor, also comprises the code allowing client operating system more efficiently excessively arrive hypervisor.
Hypervisor---one operates in the middleware software between host (HOST) and virtual machine (VM), multiple operating system and a set of underlying physical hardware of Application share can be allowed, therefore also can be regarded as " unit " operating system in virtual environment, it can all physical equipments on coordinating access server and virtual machine, is also virtual machine monitor (VirtualMachineMonitor).When startup of server and when performing Hypervisor, its can distribute appropriate internal memory, CPU, network and disk to each virtual machine, and loads the client operating system of all virtual machines.Hypervisor can catch cpu instruction, for instruction access hardware control and peripheral hardware serve as intermediary.Under the environment of Full-virtualization, hypervisor operates on naked hardware, serves as host operating system, and the virtual server running client operating system (guestOS) managed by hypervisor.
KVM (Kernel-basedVirtualMachine)---based on the virtual machine of linux kernel.The functional module of KVM comprises two parts: kernel state (linuxkernelwithKVM) and User space (qemu-kvm).
Kernel state (linuxkernelwithKVM)---be responsible for the CPU operation, memory management, equipment control etc. of simulation virtual machine.
User space (qemu-kvm)---for simulating I/O device interface and the User space control interface API of virtual machine.
Virtio---for the virtualized topmost general framework of I/O under KVM virtual environment.Virtio provide a set of effectively, easy care, easy exploiting, easily expansion middle layer interface API.Virtio is the level of abstraction be positioned in hypervisor on equipment, is abstract to group general-purpose simulation equipment of in hypervisor.Arranging of Virtio allows hypervisor to derive one group of general analog machine, and allows the analog machine of deriving become available by a general application programming interface (API).
Devicedriver---device driver.
Frontenddriver---front-end driven program, refers to the driver in client operating system.
Backenddriver---rear end driver, refers to the driver in host operating system.
I/Otrap---I/O order catcher, for catching I/O order.
Deviceemulation---emulator
The method of lifting cloud computing operating system of the present invention security, is mainly applicable to the cloud computing operating system of the pattern of increasing income, but is not restricted to this.
Fig. 1 is KVM logical framework in prior art.
As shown in Figure 1, in KVM model of the prior art, each virtual machine is a standard process managed by Linux scheduler program, starts Client OS at user's space.A common Linux process has two kinds of operational modes: kernel mode and user model.KVM adds the third pattern: user model (having oneself kernel mode and user model).
KVM exposes a character file/dev/kvm to qemu-kvm, qemu-kvm by operation file and ioctl mode and KVM mutual, KVM does not provide read and the write interface for/dev/kvm, only provides the interface of file open and close, other be all by ioctl interactive interfacing.
Fig. 2 is KVM logical framework in the present invention.
As shown in Figure 2, Processing Interface is asked with S-API replacement/dev/kvm and the relevant I/O of KVM process in the present invention; The qemu-kvm of standard of the prior art is replaced with S-qemu-kvm; The module for security monitoring is provided with in linuxkernelwithKVM.
As shown in Figure 3, the method promoting cloud computing operating system security comprises the following steps:
Step S1, shields whole pristine outside access interface in this operating system.
Shielding concrete meaning is: the external reference function of down interface, makes it be connected with outside or to access.Pristine outside access interface concrete meaning is: the operating system of introduction initially carries the external reference interface API of (inherently) instead of the external reference interface generated below.The external reference interface API of operating system is operating system and outside main thoroughfare of carrying out information interaction, when needing the group of elevation information security (as government offices, public institution and business unit) operating system introduced is when being large-scale cloud computing operating system, go according to mode in the past to check that the source code of the cloud computing operating system introduced expends too many time and manpower, therefore, the present invention is indifferent to the source code whether having reveal information in original operating system, adopt the mode of the original communication port of original this closedown of external reference interface API in this operating system of shielding, thus the leakage of information is avoided from root, and the mode of closing original information passage will far away than checking that the mode of source code is simple to operate, therefore, it is possible to effectively time and manpower is saved.
Step S2, carrying out Reseal to presetting necessary external reference interface in this operating system, forming effective external reference interface.
The implication of Reseal is: the masked state removing pristine outside access interface, can be connected with outside or access, and enterprising line program improves on the basis of the program code of pristine outside access interface.
The pristine outside access interface of Reseal is not had still to be in masked state.
Wherein, preset necessary external reference interface for: the necessary function needed for operating system, shields unnecessary API, only stays and maintains the necessary interface API of basic function, thus realize the quantity of the external reference interface API simplified in this operating system, namely minimize the collection of API.
Preset necessary external reference interface API, such as, comprise: " calculating virtual API ", user operation API, network traffics access API etc.
Carrying out Reseal to presetting necessary external reference interface API in this operating system, forming effective external reference interface S-API.Be specially:
Arrange and control the system call (system instruction) of parameter of overall importance in encapsulation operation system.System call (system instruction) comprising: create virtual machine; The external interface version of inquiry current virtual machine; Obtain index; Check expansion support situation; Run virtual machine and institute's shared drive region, User space space capacity.
The empty machine operational order (VM instruction) of internal memory and establishment virtual processor is set in encapsulation virtual machine.Empty machine operational order (VM instruction) comprising: be virtual machine creating virtual processor; According to structure information, run virtual machine; Create virtual programmable interrupt controller, and the virtual processor created subsequently is all associated with this programmable interrupt controller; Look-at-me is sent to virtual programmable interrupt controller; Read the interrupt identification information of programmable interrupt controller; The interrupt identification information of write programmable interrupt controller; Return the bitmap of dirty page.
The virtual cpu operational order (VCPU instruction) of the read-write of register in virtual processor, interruption, incident management and memory management is controlled in encapsulation virtual machine.Virtual cpu operational order (VCPU instruction) comprise control register instruction, control to interrupt and incident management instruction and control the instruction of memory management.
The instruction of control register comprises: obtain general-purpose register information; General-purpose register information is set; Obtain specified register information; Specified register information is set; Obtain MSR register information; MSR register information is set; Obtain flating point register information; Flating point register information is set; Obtain the xsave register information of virtual processor; The xsave register information of virtual processor is set; Obtain the xcr register information of virtual processor; The xcr register information of virtual processor is set.
The instruction controlling interruption and incident management comprises: produce on virtual processor and interrupt; The look-at-me shielding mask of certain virtual processor is set; Obtain in virtual processor and be suspended the event treating delay process; The event of virtual processor is set.
The instruction controlling memory management comprises: the physical address translation of virtual processor is become HPA; The region of memory of amendment virtual processor; Initialization TSS region of memory; Create EPT page table.
In one embodiment of the invention, when open source software is KVM, system instruction is specially:
In another embodiment of the present invention, when open source software is KVM, VM instruction is specially:
In another embodiment of the present invention, when open source software is KVM, in VCPU instruction, the instruction of control register is specially:
In another embodiment of the present invention, when open source software is KVM, the instruction controlling interruption and incident management in VCPU instruction is specially:
In one embodiment of the invention, when open source software is KVM, the instruction controlling memory management in VCPU instruction is specially:
The instruction controlling memory management in VCPU instruction also comprises the instruction such as setting, debugging interface of CPUID.In another embodiment of the present invention, in order to improve the security of cloud computing operating system further, after above-mentioned steps S3, further comprising the steps of: the information interaction passage of operating system and external program is monitored, if find to also have other information interaction passage except effective external reference interface, then block this information interaction passage, and send alarm prompt.
S-API is the passive external reference interface API externally provided of open source software (such as KVM), initiatively outwards provide " interface " to take precautions against open source software (such as KVM), such as utilize some unknowable nextport hardware component NextPort or characteristic initiatively outside transmission information, active or passive triggering outwards send enciphered message etc., need to monitor to the information interaction passage of operating system and external program, once find the information transmission except S-API exchange channels, then block immediately and report to the police.
Operating system comprises host operating system and client operating system, therefore in the step information interaction passage of operating system and external program monitored, both comprised and the information interaction passage of host operating system and external program had been monitored, and comprised again and the information interaction passage of client operating system and external program is monitored.Because Linux host operating system also exists larger insecurity, therefore, in the mode that the information interaction passage of operating system and external program is monitored, be not only the monitoring for KVM, also can carry out the monitoring of outgoing communication for other modules of linux kernel.Certainly monitor information interaction passage, the performance of meeting influential system, can consider to monitor at Emergency time.
Fig. 4 is that the present invention promotes in the method for cloud computing operating system security the flow chart of steps that information interaction passage is monitored.
As shown in Figure 4, to the step that the information interaction passage of operating system and external program is monitored, specifically comprise the following steps:
Screen the interactive information of operating system and external program and screen, interactive information is judged to be proper communication, suspicious traffic and hazardous communications by the information interaction situation according to presetting;
If result of determination is proper communication, then according to normal communication state process;
If result of determination is suspicious traffic, then send suspicious information alarm prompt;
If result of determination is hazardous communications, then block the information interaction passage of this information, and send dangerous information alarm prompt.
Should be understood that, above-mentioned embodiment of the present invention only for exemplary illustration or explain principle of the present invention, and is not construed as limiting the invention.Therefore, any amendment made when without departing from the spirit and scope of the present invention, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.In addition, claims of the present invention be intended to contain fall into claims scope and border or this scope and border equivalents in whole change and modification.

Claims (10)

1. promote a method for cloud computing operating system security, it is characterized in that, comprising:
Step S1, shields whole pristine outside access interface in this operating system;
Step S2, carrying out Reseal to presetting necessary external reference interface in this operating system, forming effective external reference interface.
2. method according to claim 1, is characterized in that, the step that the described external reference interface to presetting necessity in this operating system carries out Reseal comprises:
Arrange and control the system call of parameter of overall importance in encapsulation operation system;
The empty machine operational order of internal memory and establishment virtual processor is set in encapsulation virtual machine;
The virtual cpu operational order of the read-write of register in virtual processor, interruption, incident management and memory management is controlled in encapsulation virtual machine;
Described virtual cpu operational order comprise control register instruction, control to interrupt and incident management instruction and control the instruction of memory management.
3. method according to claim 2, is characterized in that, described system call comprises:
Create virtual machine; The external interface version of inquiry current virtual machine; Obtain index; Check expansion support situation; Run virtual machine and institute's shared drive region, User space space capacity.
4. method according to claim 2, is characterized in that, described empty machine operational order comprises:
For virtual machine creating virtual processor; According to structure information, run virtual machine; Create virtual programmable interrupt controller, and the virtual processor created subsequently is all associated with this programmable interrupt controller; Look-at-me is sent to virtual programmable interrupt controller; Read the interrupt identification information of programmable interrupt controller; The interrupt identification information of write programmable interrupt controller; Return the bitmap of dirty page.
5. method according to claim 2, is characterized in that, in virtual cpu operational order, the instruction of control register comprises:
Obtain general-purpose register information; General-purpose register information is set; Obtain specified register information; Specified register information is set; Obtain MSR register information; MSR register information is set; Obtain flating point register information; Flating point register information is set; Obtain the xsave register information of virtual processor; The xsave register information of virtual processor is set; Obtain the xcr register information of virtual processor; The xcr register information of virtual processor is set.
6. method according to claim 2, is characterized in that, the instruction controlling interruption and incident management in virtual cpu operational order comprises:
Virtual processor produces and interrupts; The look-at-me shielding mask of certain virtual processor is set; Obtain in virtual processor and be suspended the event treating delay process; The event of virtual processor is set.
7. method according to claim 2, is characterized in that, the instruction controlling memory management in virtual cpu operational order comprises:
The physical address translation of virtual processor is become HPA; The region of memory of amendment virtual processor; Initialization TSS region of memory; Create EPT page table.
8. the method according to any one of claim 1-7, it is characterized in that, upon step s 2, also comprise step S3: the information interaction passage of operating system and external program is monitored, if find to also have other information interaction passage except effective external reference interface, then block this information interaction passage, and send alarm prompt.
9. method according to claim 8, is characterized in that, the described step monitored the information interaction passage of operating system and external program, comprising:
Screen the interactive information of operating system and external program and screen, interactive information is judged to be proper communication, suspicious traffic and hazardous communications by the information interaction situation according to presetting;
If result of determination is proper communication, then according to normal communication state process;
If result of determination is suspicious traffic, then send suspicious information alarm prompt;
If result of determination is hazardous communications, then block the information interaction passage of this information, and send dangerous information alarm prompt.
10. method according to claim 8, is characterized in that,
Described operating system comprises host operating system and client operating system;
In the described step that the information interaction passage of operating system and external program is monitored, comprise and the information interaction passage of host operating system and external program is monitored, and the information interaction passage of client operating system and external program is monitored.
CN201510509372.1A 2015-08-18 2015-08-18 Method for improving security of cloud computing operating system Pending CN105184158A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510509372.1A CN105184158A (en) 2015-08-18 2015-08-18 Method for improving security of cloud computing operating system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510509372.1A CN105184158A (en) 2015-08-18 2015-08-18 Method for improving security of cloud computing operating system

Publications (1)

Publication Number Publication Date
CN105184158A true CN105184158A (en) 2015-12-23

Family

ID=54906232

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510509372.1A Pending CN105184158A (en) 2015-08-18 2015-08-18 Method for improving security of cloud computing operating system

Country Status (1)

Country Link
CN (1) CN105184158A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112131579A (en) * 2020-09-30 2020-12-25 中孚安全技术有限公司 Security check method and system for shielding difference between bottom CPU and operating system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101094245A (en) * 2007-07-11 2007-12-26 华中科技大学 Game platform system based on peer-to-peer covered network
CN101727555A (en) * 2009-12-04 2010-06-09 苏州昂信科技有限公司 Access control method for operation system and implementation platform thereof
CN101923462A (en) * 2009-06-10 2010-12-22 成都如临其境创意科技有限公司 FlashVR-based three-dimensional mini-scene network publishing engine
WO2013126615A1 (en) * 2012-02-21 2013-08-29 Pulselocker, Inc. Method and apparatus for limiting access to data by process or computer function with stateless encryption
US20140245384A1 (en) * 2013-02-28 2014-08-28 Winbond Electronics Corporation Nonvolatile Memory Device Having Authentication, and Methods of Operation and Manufacture Thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101094245A (en) * 2007-07-11 2007-12-26 华中科技大学 Game platform system based on peer-to-peer covered network
CN101923462A (en) * 2009-06-10 2010-12-22 成都如临其境创意科技有限公司 FlashVR-based three-dimensional mini-scene network publishing engine
CN101727555A (en) * 2009-12-04 2010-06-09 苏州昂信科技有限公司 Access control method for operation system and implementation platform thereof
WO2013126615A1 (en) * 2012-02-21 2013-08-29 Pulselocker, Inc. Method and apparatus for limiting access to data by process or computer function with stateless encryption
US20140245384A1 (en) * 2013-02-28 2014-08-28 Winbond Electronics Corporation Nonvolatile Memory Device Having Authentication, and Methods of Operation and Manufacture Thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
柳洋: "基于分层结构的可缩放浏览器设计", 《中国优秀博硕士学位论文全文数据库》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112131579A (en) * 2020-09-30 2020-12-25 中孚安全技术有限公司 Security check method and system for shielding difference between bottom CPU and operating system

Similar Documents

Publication Publication Date Title
Liu Research on cloud computing security problem and strategy
EP1939754B1 (en) Providing protected access to critical memory regions
CN102609298B (en) Based on network interface card virtualization system and the method thereof of hardware queue expansion
EP3095058A1 (en) Exploit detection system with threat-aware microvisor
CN106970823B (en) Efficient nested virtualization-based virtual machine security protection method and system
KR20180099682A (en) Systems and Methods for Virtual Machine Auditing
CN105095768A (en) Virtualization-based credible server trust chain construction method
CN102541765A (en) Security protection for memory content of processor main memory
CN103810429A (en) Computer virus searching and killing method based on desktop cloud virtualization technology
CN103345604A (en) Sandbox system based on light-weight virtual machine monitor and method for monitoring OS with sandbox system
CN103177212A (en) Computer security input system and method based on lightweight virtual machine monitor unit
CN104767741A (en) Calculation service separating and safety protecting system based on light virtual machine
CN103561045A (en) Safety monitoring system and method for Android system
CN103996003A (en) Data wiping system in virtualization environment and method thereof
TW202101263A (en) Incremental decryption and integrity verification of a secure operating system image
CN103645949A (en) Virtual machine dynamic migration security framework
CN110851188A (en) Domestic PLC trusted chain implementation device and method based on binary architecture
CN103425563B (en) Based on online I/O electronic evidence-collecting system and the evidence collecting method thereof of Intel Virtualization Technology
CN106790270A (en) A kind of safety system of cloud operating system
CN109684829A (en) Service call monitoring method and system in a kind of virtualized environment
Yu et al. A trusted architecture for virtual machines on cloud servers with trusted platform module and certificate authority
KR20130101648A (en) Apparatus and method for providing security for virtualization
Song Analysis of risks for virtualization technology
CN105184158A (en) Method for improving security of cloud computing operating system
Jin et al. Trusted attestation architecture on an infrastructure-as-a-service

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20151223

WD01 Invention patent application deemed withdrawn after publication