[go: up one dir, main page]

CN105007261A - Security protection method for image file in virtual environment - Google Patents

Security protection method for image file in virtual environment Download PDF

Info

Publication number
CN105007261A
CN105007261A CN201510295527.6A CN201510295527A CN105007261A CN 105007261 A CN105007261 A CN 105007261A CN 201510295527 A CN201510295527 A CN 201510295527A CN 105007261 A CN105007261 A CN 105007261A
Authority
CN
China
Prior art keywords
image file
virtual machine
file
mark
image
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510295527.6A
Other languages
Chinese (zh)
Inventor
付才
张嘉夫
韩兰胜
刘铭
崔永泉
汤学明
骆婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN201510295527.6A priority Critical patent/CN105007261A/en
Publication of CN105007261A publication Critical patent/CN105007261A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/131Protocols for games, networked simulations or virtual reality

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种虚拟化环境下镜像文件安全防护的方法,具体包括以下内容:获取虚拟机镜像文件的信息,生成镜像文件对应的唯一标识,当虚拟机启动时,校验其标识并判断镜像是否合法,校验通过则正常启动,否则将该虚拟机镜像文件判断为非法镜像,并通过一定方法破坏镜像文件结构,使其不能启动。需要说明的是破坏镜像文件的行为是可逆的,即被破坏的镜像文件是可以修复的。本发明保证了每一次虚拟机启动时,加载的镜像文件的安全性,运用生成标识的唯一性及破坏非法镜像文件等一系列措施,有效的对镜像文件进行了安全防护,从而提高了整个系统的安全性。

The invention discloses a method for security protection of image files in a virtualized environment, which specifically includes the following contents: obtaining information of virtual machine image files, generating a unique identifier corresponding to the image file, and verifying the identifier and judging when the virtual machine starts Whether the image is legal, if the verification is passed, it will start normally, otherwise, the virtual machine image file will be judged as an illegal image, and the structure of the image file will be destroyed by a certain method, so that it cannot be started. It should be noted that the behavior of destroying the image file is reversible, that is, the damaged image file can be repaired. The invention guarantees the security of the image file loaded every time the virtual machine is started, and uses a series of measures such as the uniqueness of the generated logo and the destruction of illegal image files to effectively protect the image file, thereby improving the security of the entire system. security.

Description

一种虚拟化环境下镜像文件的安全防护方法A security protection method for image files in a virtualized environment

技术领域technical field

本发明属于云计算领域,更具体地,涉及一种虚拟化环境下镜像文件的安全防护方法。The invention belongs to the field of cloud computing, and more specifically relates to a security protection method for image files in a virtualized environment.

背景技术Background technique

云计算代表着一种新的商业计算模式,其在各方面的实际应用上还有很多不确定的地方,面临着很多的安全挑战。其中,对于云平台中用户数据安全的问题尤其突出,主要表现在如下方面:在云中虚拟化的效率要求多个组织的虚拟机共存于同一物理资源上。虽然传统的数据中心的安全仍然适用于云环境,但是物理隔离和基于硬件的安全不能保护防止在同一服务器上虚拟机之间的攻击。管理访问是通过互联网,而不是传统数据中心模式中坚持的受控制的和限制的直接或到现场的连接。这增加了本地虚拟机镜像及磁盘文件的风险和暴露机会,将需要对系统控制和访问控制限制的变化进行严密监控。Cloud computing represents a new business computing model. There are still many uncertainties in its practical application in various aspects, and it faces many security challenges. Among them, the problem of user data security in the cloud platform is particularly prominent, mainly in the following aspects: the efficiency of virtualization in the cloud requires the virtual machines of multiple organizations to coexist on the same physical resource. While traditional data center security still applies to cloud environments, physical isolation and hardware-based security cannot protect against attacks between virtual machines on the same server. Management access is via the Internet, rather than the controlled and limited direct or on-site connections that have persisted in traditional data center models. This increases the risk and exposure of local virtual machine images and disk files, and will require close monitoring of changes to system controls and access control restrictions.

发明内容Contents of the invention

针对当前云环境下数据安全存在的缺陷,本发明的目的在于提供一种虚拟化环境下镜像文件的安全防护方法,旨在在当前基础上加强用户数据安全的保护,也使得安全检查在用户每次启动虚拟机时发生,提高校验的强制性及准确性,同时对于不安全的虚拟机第一时间阻止其启动,从而提高系统的整体的安全等级。Aiming at the deficiencies in data security in the current cloud environment, the purpose of the present invention is to provide a security protection method for image files in a virtualized environment, aiming at strengthening the protection of user data security on the current basis, and also enabling security checks every time a user Occurs when the virtual machine is started for the first time, which improves the compulsion and accuracy of the verification, and at the same time prevents the unsafe virtual machine from starting at the first time, thereby improving the overall security level of the system.

为实现上述目的,本发明提供了一种虚拟化环境下镜像文件的安全防护方法,包括以下步骤:In order to achieve the above object, the present invention provides a security protection method for image files in a virtualized environment, comprising the following steps:

(1)获取需要保护的镜像文件的基本信息,包括文件名、文件类型、文件大小及文件创建时间;(1) Obtain the basic information of the image file to be protected, including file name, file type, file size and file creation time;

(2)提取所述镜像文件的基本信息中的非文字信息,并将这些信息按照预设顺序组合构成最终的有效信息,根据有效信息生成该镜像文件对应的唯一标识;(2) extracting the non-text information in the basic information of the mirror image file, and combining these information according to a preset order to form the final valid information, and generating a unique identifier corresponding to the mirror image file according to the valid information;

(3)得到镜像文件的对应标识后,进行镜像文件与其对应标识的绑定;(3) After obtaining the corresponding identification of the image file, carry out the binding of the image file and its corresponding identification;

(4)当虚拟机启动加载镜像文件时,根据该镜像文件所对应的标识对该镜像文件进行合法性检查,若该镜像文件已绑定标识且标识合法则正常加载镜像文件并启动虚拟机;否则认为该虚拟机非法,锁定该虚拟机镜像文件并阻止其启动。(4) When the virtual machine starts to load the image file, the image file is checked for legality according to the image file corresponding to the image file. If the image file has been bound with an ID and the ID is legal, the image file is normally loaded and the virtual machine is started; Otherwise, the virtual machine is considered illegal, and the virtual machine image file is locked and prevented from starting.

本发明的一个实施例中,所述步骤(2)中标识的生成方式是秘密的,且生成的标识是唯一的。In an embodiment of the present invention, the generation method of the identification in the step (2) is secret, and the generated identification is unique.

本发明的一个实施例中,所述标识的生成方法为:使用公用的签名算法,或者自行设计算法。In an embodiment of the present invention, the identification generation method is: using a public signature algorithm, or designing an algorithm by itself.

本发明的一个实施例中,所述步骤(3)中镜像文件与其对应标识的绑定具体包括:使用数据库技术将镜像文件与其对应标识绑定,或将标识写入镜像文件的任何位置。In one embodiment of the present invention, the binding of the image file and its corresponding identifier in the step (3) specifically includes: using database technology to bind the image file and its corresponding identifier, or writing the identifier into any position of the image file.

本发明的一个实施例中,所述将标识写入镜像文件的任何位置具体包括:将标识写入镜像文件末尾,或散列的存储在镜像文件中。In an embodiment of the present invention, writing the identifier into any position of the image file specifically includes: writing the identifier into the end of the image file, or storing the identifier in the image file in a hashed form.

本发明的一个实施例中,所述步骤(4)中对该镜像文件进行合法性检查具体包括:校验镜像文件是否已绑定对应标识,并通过步骤(2)中的方法生成该镜像文件的对应标识,校验新生成的该对应标识是否与镜像文件中的对应标识一致合法。In one embodiment of the present invention, the legality check of the image file in the step (4) specifically includes: checking whether the image file has been bound with a corresponding identifier, and generating the image file by the method in step (2) The corresponding identifier of the newly generated corresponding identifier is verified to be consistent with the corresponding identifier in the image file.

本发明的一个实施例中,所述方法还包括:In one embodiment of the present invention, the method also includes:

(5)在判断该虚拟机非法时,通过破坏镜像文件结构的方法阻止非法虚拟机的启动。(5) When judging that the virtual machine is illegal, prevent the illegal virtual machine from starting by destroying the image file structure.

本发明的一个实施例中,所述破坏镜像文件结构的方法具体为:重写镜像文件的文件头。In an embodiment of the present invention, the method for destroying the structure of the image file specifically includes: rewriting the file header of the image file.

本发明的一个实施例中,所述镜像文件的破坏是可逆的,即管理员可以对镜像文件头部的前128字节再次异或并改写,以便可恢复已被破坏的虚拟机镜像文件,使其可以再次正常加载。In one embodiment of the present invention, the destruction of the image file is reversible, that is, the administrator can XOR and rewrite the first 128 bytes of the image file header again, so that the damaged virtual machine image file can be restored, so that it can load normally again.

通过本发明所构思的以上技术方案,与现有技术相比,本发明具有以下的有益效果:Through the above technical solutions conceived by the present invention, compared with the prior art, the present invention has the following beneficial effects:

(1)由于步骤(3)中使用的标识生成方法具有灵活多变的特性,管理员可以对其定期更新,以淘汰过时的算法,使用更加安全高效的签名算法。(1) Since the identification generation method used in step (3) is flexible and changeable, administrators can update it regularly to eliminate outdated algorithms and use more secure and efficient signature algorithms.

(2)由于步骤(4)中使用的校验过程是通过修改虚拟化系统源代码并重新编译安装实现的,因此校验的过程是强制的,是不可绕过的,校验在每次开启虚拟机前都会被执行,即每次开启虚拟机都会对其合法性进行检查。(2) Since the verification process used in step (4) is realized by modifying the source code of the virtualization system and recompiling and installing, the verification process is mandatory and cannot be bypassed. It will be executed before the virtual machine, that is, the validity of the virtual machine will be checked every time the virtual machine is turned on.

(3)用户无法通过直接拷贝标识的方式通过校验,原因如下:镜像文件的标识是根据对应文件的属性信息生成的,它们具有唯一性的特点,这些文件属性包括但不局限于文件名、文件大小、创建时间等。因此生成的标识同样具有唯一性的特点。(3) The user cannot pass the verification by directly copying the logo. The reason is as follows: the logo of the image file is generated according to the attribute information of the corresponding file, and they are unique. These file attributes include but are not limited to the file name, File size, creation time, etc. Therefore, the generated identification also has the characteristic of uniqueness.

(4)在步骤(5)中对于非法镜像文件的破坏可以在校验失败时立即执行的,故本次启动虚拟机时就会生效,即启动失败,且该步骤是通过破坏文件结构阻止其加载的,用户是无法自行恢复的,除非通过对应的恢复程序才能解锁镜像文件,使其可正常加载。(4) In step (5), the destruction of the illegal image file can be executed immediately when the verification fails, so it will take effect when the virtual machine is started this time, that is, the startup fails, and this step prevents it from destroying the file structure. If it is loaded, the user cannot recover it by itself, unless the corresponding recovery program is used to unlock the image file so that it can be loaded normally.

附图说明Description of drawings

图1是本发明中虚拟化环境下镜像文件防护方法的流程图。FIG. 1 is a flow chart of a method for protecting an image file in a virtualized environment in the present invention.

具体实施方式Detailed ways

为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

如图1所示,本发明中虚拟化环境下镜像文件的安全防护方法包括以下步骤:As shown in Figure 1, the safety protection method of image file under the virtualization environment among the present invention comprises the following steps:

(1)获取需要保护的镜像文件的基本信息,包括但不限于文件名、文件类型、文件大小及文件创建时间等。这些信息可以唯一的代表该镜像文件,作为下一步生成镜像文件标识的依据。(1) Obtain the basic information of the image file to be protected, including but not limited to the file name, file type, file size, and file creation time. These information can uniquely represent the image file and serve as the basis for generating the image file identification in the next step.

(2)提取之前得到的镜像文件的基本信息中的非文字信息,并将这些信息按照预设顺序组合构成最终的有效信息,根据有效信息生成该镜像文件对应的唯一标识。(2) Extract the non-text information in the basic information of the image file obtained before, and combine these information according to the preset order to form the final valid information, and generate the unique identifier corresponding to the image file according to the valid information.

其中,标识的生成方式是秘密的,也是不局限的:可以使用公开的签名算法,也可以自行设计算法实现,只需确保生成的标识具有唯一性及不可逆的特点即可。Among them, the generation method of the logo is secret and not limited: you can use a public signature algorithm, or design an algorithm yourself, as long as you only need to ensure that the generated logo is unique and irreversible.

(3)得到镜像文件的对应标识后,进行镜像文件与其对应标识的绑定。(3) After obtaining the corresponding identifier of the image file, the image file is bound to the corresponding identifier.

其中,标识与镜像文件的绑定方式是多样的,包括但并不局限于如下方法:使用数据库技术将镜像文件与其对应标识绑定,或将标识写入镜像文件的任何位置,如镜像文件末尾,或散列的存储在镜像文件中等。Among them, there are various ways to bind the logo to the image file, including but not limited to the following methods: use database technology to bind the mirror file with its corresponding logo, or write the logo to any position of the mirror file, such as the end of the mirror file , or the hash is stored in the image file, etc.

(4)当虚拟机启动,加载镜像文件时,根据该镜像文件所对应的标识对该镜像文件进行合法性检查,若该镜像文件已绑定标识且标识合法则正常加载镜像文件并启动虚拟机;否则认为该虚拟机非法,锁定该虚拟机镜像文件并阻止其启动。(4) When the virtual machine is started and the image file is loaded, the image file is checked for legality according to the image file corresponding to the image file. If the image file is bound with an ID and the image file is legal, the image file is loaded normally and the virtual machine is started. ; Otherwise, the virtual machine is considered illegal, and the image file of the virtual machine is locked and prevented from starting.

具体地,可以通过修改虚拟化系统源代码的方法,为虚拟化系统添加校验镜像文件标识的功能模块。Specifically, a function module for verifying the identity of the image file can be added to the virtualization system by modifying the source code of the virtualization system.

其中校验的过程是强制的,是不可绕过的,校验在每次开启虚拟机前都会被执行,即每次开启虚拟机都会对其合法性进行检查。该模块的主要功能是校验镜像文件是否已绑定对应标识,并通过模拟之前生成镜像文件标识的过程,校验具体镜像文件标识是否一致合法。The verification process is mandatory and cannot be bypassed. The verification will be performed before each virtual machine is started, that is, the validity of the virtual machine will be checked every time the virtual machine is started. The main function of this module is to verify whether the image file has been bound to the corresponding identifier, and verify whether the specific image file identifier is consistent and legal by simulating the process of generating the image file identifier before.

(5)通过破坏镜像文件结构的方法阻止非法虚拟机的启动,即重写镜像文件的文件头,对文件头部的前128字节异或并改写,这样加载镜像文件时就不能正确读取文件头信息,从而阻止该虚拟机启动。(5) Prevent the startup of the illegal virtual machine by destroying the image file structure, that is, rewrite the file header of the image file, XOR and rewrite the first 128 bytes of the file header, so that it cannot be read correctly when loading the image file file header information, thereby preventing the virtual machine from starting.

需要注意的是:对镜像文件的破坏是可逆的,即管理员可以对镜像文件头部的前128字节再次异或并改写,这样就可恢复已被破坏的虚拟机镜像文件,使其可以再次正常加载。It should be noted that the damage to the image file is reversible, that is, the administrator can XOR and rewrite the first 128 bytes of the image file header again, so that the damaged virtual machine image file can be restored so that it can Load normally again.

另外对校验失败的非法镜像文件,应立即破坏其文件结构,即锁定该镜像文件,使其不能正常启动,除非通过额外的恢复程序进行解锁后,该镜像文件才能正常加载并启动虚拟机。In addition, for the illegal image file that fails the verification, its file structure should be destroyed immediately, that is, the image file is locked so that it cannot be started normally, unless it is unlocked through an additional recovery program, the image file can be loaded normally and the virtual machine can be started.

本领域的技术人员容易理解,以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。It is easy for those skilled in the art to understand that the above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention, All should be included within the protection scope of the present invention.

Claims (10)

1. an image file safety protecting method under virtualized environment, comprises the following steps:
(1) obtain the essential information of the image file needing protection, comprise filename, file type, file size and file creation time;
(2) extract the non-legible information in the essential information of described image file, and these information are formed final effective information according to preset order combination, generate unique identification corresponding to this image file according to effective information;
(3), after obtaining the correspondence mark of image file, the image file binding that identify corresponding to it is carried out;
(4) when virtual machine activation load images file, the mark corresponding to this image file carries out validity checking to this image file, if this image file binding logo and identify legal, normal load image file also starts virtual machine; Otherwise think that this virtual machine is illegal, lock this virtual machine image file and stop it to start.
2. method according to claim 1, is characterized in that, in described step (2), the generating mode of mark is secret, and the mark generated is unique.
3. method according to claim 2, is characterized in that, the generation method of described mark is: use public signature algorithm, or designed, designed algorithm.
4. method according to claim 1 and 2, it is characterized in that, in described step (3), the image file binding that identify corresponding to it specifically comprises: corresponding to image file and its mark is bound by usage data storehouse technology, maybe by any position of mark write image file.
5. method according to claim 4, is characterized in that, described any position by mark write image file specifically comprises: mark is write image file end, or being stored in image file of hash.
6. method according to claim 1 and 2, it is characterized in that, carry out validity checking to this image file in described step (4) specifically to comprise: whether verification image file has bound corresponding mark, and generated the correspondence mark of this image file by the method in step (2), verify newly-generated this correspondence identify whether identify with corresponding in image file consistent legal.
7. method according to claim 1 and 2, is characterized in that, described method also comprises:
(5) when judging that this virtual machine is illegal, the startup of illegal virtual machine is stoped by the method destroying image file structure.
8. method according to claim 7, is characterized in that, the method for described destruction image file structure is specially: the file header rewriteeing image file.
9. method according to claim 8, it is characterized in that, the destruction of described image file is reversible, and namely keeper can to the XOR rewriting again of 128 bytes before image file head, disrupted virtual machine image file can be recovered, make it can normal load again.
10. method according to claim 7, it is characterized in that, to the illegal image file verified unsuccessfully, destroy its file structure immediately, namely this image file is locked, make it normally not start, after unlocking except by extra recovery routine, this image file ability normal load also starts virtual machine.
CN201510295527.6A 2015-06-02 2015-06-02 Security protection method for image file in virtual environment Pending CN105007261A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510295527.6A CN105007261A (en) 2015-06-02 2015-06-02 Security protection method for image file in virtual environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510295527.6A CN105007261A (en) 2015-06-02 2015-06-02 Security protection method for image file in virtual environment

Publications (1)

Publication Number Publication Date
CN105007261A true CN105007261A (en) 2015-10-28

Family

ID=54379784

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510295527.6A Pending CN105007261A (en) 2015-06-02 2015-06-02 Security protection method for image file in virtual environment

Country Status (1)

Country Link
CN (1) CN105007261A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106911744A (en) * 2015-12-23 2017-06-30 北京神州泰岳软件股份有限公司 The management method and managing device of a kind of image file
CN107704731A (en) * 2017-09-28 2018-02-16 成都安恒信息技术有限公司 A kind of cloud platform mirror image method for preventing piracy based on HOTP
CN109154903A (en) * 2016-05-02 2019-01-04 微软技术许可有限责任公司 Recovery environment for virtual machine
CN110489209A (en) * 2019-07-24 2019-11-22 联想(北京)有限公司 A kind of information processing method and equipment
CN111125725A (en) * 2019-11-22 2020-05-08 苏州浪潮智能科技有限公司 An encryption and decryption method, device and medium for image verification
CN112235427A (en) * 2020-12-14 2021-01-15 广东睿江云计算股份有限公司 Method and system for merging image files

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101465770A (en) * 2009-01-06 2009-06-24 北京航空航天大学 Method for disposing inbreak detection system
US20100299315A1 (en) * 2005-08-09 2010-11-25 Nexsan Technologies Canada Inc. Data archiving system
CN101976317A (en) * 2010-11-05 2011-02-16 北京世纪互联工程技术服务有限公司 Virtual machine image safety method in private cloud computing application
CN102214118A (en) * 2010-04-08 2011-10-12 中国移动通信集团公司 Method, system and device for controlling virtual machine (VM)
CN102419803A (en) * 2011-11-01 2012-04-18 成都市华为赛门铁克科技有限公司 Computer virus searching and killing method, system and device
CN102917046A (en) * 2012-10-17 2013-02-06 广州杰赛科技股份有限公司 Virtual machine starting control method in cloud system
CN103064706A (en) * 2012-12-20 2013-04-24 曙光云计算技术有限公司 Starting method and device for virtual machine system
CN103092650A (en) * 2013-01-09 2013-05-08 华中科技大学 Virtual machine mirror image generating method and device based on software preinstallation in cloud environment
CN103457974A (en) * 2012-06-01 2013-12-18 中兴通讯股份有限公司 Safety control method and device for virtual machine mirror images
CN103906068A (en) * 2012-12-26 2014-07-02 华为技术有限公司 Virtual base station establishment method and device
CN104463012A (en) * 2014-11-24 2015-03-25 东软集团股份有限公司 Virtual machine image file exporting and importing method and device

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100299315A1 (en) * 2005-08-09 2010-11-25 Nexsan Technologies Canada Inc. Data archiving system
CN101465770A (en) * 2009-01-06 2009-06-24 北京航空航天大学 Method for disposing inbreak detection system
CN102214118A (en) * 2010-04-08 2011-10-12 中国移动通信集团公司 Method, system and device for controlling virtual machine (VM)
CN101976317A (en) * 2010-11-05 2011-02-16 北京世纪互联工程技术服务有限公司 Virtual machine image safety method in private cloud computing application
CN102419803A (en) * 2011-11-01 2012-04-18 成都市华为赛门铁克科技有限公司 Computer virus searching and killing method, system and device
CN103457974A (en) * 2012-06-01 2013-12-18 中兴通讯股份有限公司 Safety control method and device for virtual machine mirror images
CN102917046A (en) * 2012-10-17 2013-02-06 广州杰赛科技股份有限公司 Virtual machine starting control method in cloud system
CN103064706A (en) * 2012-12-20 2013-04-24 曙光云计算技术有限公司 Starting method and device for virtual machine system
CN103906068A (en) * 2012-12-26 2014-07-02 华为技术有限公司 Virtual base station establishment method and device
CN103092650A (en) * 2013-01-09 2013-05-08 华中科技大学 Virtual machine mirror image generating method and device based on software preinstallation in cloud environment
CN104463012A (en) * 2014-11-24 2015-03-25 东软集团股份有限公司 Virtual machine image file exporting and importing method and device

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106911744A (en) * 2015-12-23 2017-06-30 北京神州泰岳软件股份有限公司 The management method and managing device of a kind of image file
CN106911744B (en) * 2015-12-23 2019-11-08 北京神州泰岳软件股份有限公司 A kind of management method and managing device of image file
CN109154903A (en) * 2016-05-02 2019-01-04 微软技术许可有限责任公司 Recovery environment for virtual machine
CN109154903B (en) * 2016-05-02 2022-09-23 微软技术许可有限责任公司 Recovery environment for virtual machines
CN107704731A (en) * 2017-09-28 2018-02-16 成都安恒信息技术有限公司 A kind of cloud platform mirror image method for preventing piracy based on HOTP
CN107704731B (en) * 2017-09-28 2021-03-09 成都安恒信息技术有限公司 Cloud platform mirror image anti-piracy method based on HOTP
CN110489209A (en) * 2019-07-24 2019-11-22 联想(北京)有限公司 A kind of information processing method and equipment
CN111125725A (en) * 2019-11-22 2020-05-08 苏州浪潮智能科技有限公司 An encryption and decryption method, device and medium for image verification
CN112235427A (en) * 2020-12-14 2021-01-15 广东睿江云计算股份有限公司 Method and system for merging image files

Similar Documents

Publication Publication Date Title
CN111030822B (en) Method and system for protecting firmware, and computer readable medium
CN111723383B (en) Data storage and verification method and device
CN105007261A (en) Security protection method for image file in virtual environment
CN104424441B (en) Processing system
CN102208000B (en) Method and system for providing security mechanisms for virtual machine images
JP5922113B2 (en) One-time authentication method for accessing encrypted data
CN104572168B (en) System and method is protected in a kind of BIOS self refreshes
US20200186340A1 (en) Self-Encryption Drive (SED)
TW201500960A (en) Detection of secure variable alteration in a computing device equipped with unified extensible firmware interface (UEFI)-compliant firmware
CN108255505A (en) A kind of firmware update, device, equipment and computer readable storage medium
CN104573490A (en) Method for protecting installed software on Android platform
CN111414612B (en) Security protection method and device for operating system mirror image and electronic equipment
US20100313011A1 (en) Identity Data Management in a High Availability Network
CN104778410B (en) A kind of application integrity verification method
CN104751063A (en) Operation system trusted guide method based on real mode technology
CN106203071A (en) A kind of firmware upgrade method and device
CN110109710A (en) A kind of OS trust chain constructing method and system of no physics trusted root
CN104794410A (en) Database security protection method based on dependable computing technology
KR20170089352A (en) Firmware integrity verification for performing the virtualization system
CN103873238A (en) Safety protection method of software integrity of cryptographic machine
TWI738020B (en) Electronic machine and its control method
CN113505363B (en) Method and system for realizing memory space replay prevention through software mode
CN105426749B (en) Method for controlling E L F file operation based on signature mechanism
CN108270767A (en) Data verification method
CN104361298A (en) Method and device for information safety and confidentiality

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20151028