[go: up one dir, main page]

CN111143030B - Migration method of cloud environment trusted virtual machine - Google Patents

Migration method of cloud environment trusted virtual machine Download PDF

Info

Publication number
CN111143030B
CN111143030B CN201911317120.3A CN201911317120A CN111143030B CN 111143030 B CN111143030 B CN 111143030B CN 201911317120 A CN201911317120 A CN 201911317120A CN 111143030 B CN111143030 B CN 111143030B
Authority
CN
China
Prior art keywords
physical machine
vtpcm
virtual machine
machine
migration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911317120.3A
Other languages
Chinese (zh)
Other versions
CN111143030A (en
Inventor
孙瑜
王强
王涛
王大海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING KEXIN HUATAI INFORMATION TECHNOLOGY CO LTD
Original Assignee
BEIJING KEXIN HUATAI INFORMATION TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING KEXIN HUATAI INFORMATION TECHNOLOGY CO LTD filed Critical BEIJING KEXIN HUATAI INFORMATION TECHNOLOGY CO LTD
Priority to CN201911317120.3A priority Critical patent/CN111143030B/en
Publication of CN111143030A publication Critical patent/CN111143030A/en
Application granted granted Critical
Publication of CN111143030B publication Critical patent/CN111143030B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • G06F9/485Task life-cycle, e.g. stopping, restarting, resuming execution
    • G06F9/4856Task life-cycle, e.g. stopping, restarting, resuming execution resumption being on a different machine, e.g. task migration, virtual machine migration
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/4557Distribution of virtual machine instances; Migration and load balancing
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a migration method of a cloud environment trusted virtual machine, which comprises the following steps: s1, when the time interval of processing tenant service by a trusted virtual machine is lower than a first preset time, migrating the trusted virtual machine from a source physical machine to a destination physical machine according to a dynamic migration mode; and S2, when the time interval of the trusted virtual machine for processing the tenant service reaches a second preset time, migrating the trusted virtual machine from the source physical machine to the destination physical machine according to a static migration mode. The trusted virtual machine migration comprises two modes of dynamic migration and static migration, wherein the dynamic migration is suitable for scenes with high requirements on tenant service time continuity, and the static migration is suitable for scenes with low requirements on tenant service time continuity. Different requirements of time continuity of tenant service on the virtual machine are met.

Description

Migration method of cloud environment trusted virtual machine
Technical Field
The invention relates to the technical field of virtual machine migration, in particular to a migration method of a cloud environment trusted virtual machine.
Background
Today, cloud computing technology is rapidly developed, and has become a research hotspot in the domestic and foreign internet industries. As a novel calculation mode, IT takes resource renting, application hosting and service outsourcing as cores, and IT resources, data and applications are provided as services to cloud tenants through the Internet. In the cloud environment, service services are provided for cloud tenants through virtual machines on physical machines. At present, the virtual machine migration technology mainly refers to a virtual machine dynamic migration technology, and the virtual machine dynamic migration technology can migrate a source physical machine to a destination physical machine while keeping the virtual machine running, and resume running on the destination physical machine, so that the migration process is transparent to users. Moreover, the virtual machine dynamic migration technology can realize dynamic load balancing and online maintenance of the server, and provides a prospective fault tolerance scheme. However, in an actual cloud computing environment, there are a number of security threats in the virtual machine dynamic migration process, such as vulnerability of the data transmission channel, that is, the migrated data may be attacked by passive interception and active control without any protection. Moreover, virtual machine dynamic migration techniques alone do not meet the different requirements of time continuity of tenant traffic on virtual machines.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a migration method of a trusted virtual machine in a cloud environment, which has a dynamic migration mode and a static migration mode and meets different requirements of time continuity of tenant services on the virtual machine.
In order to achieve the above purpose, the technical scheme adopted by the invention is as follows:
a method for migrating a trusted virtual machine in a cloud environment, the method comprising:
s1, when the time interval of processing tenant service by a trusted virtual machine is lower than a first preset time, migrating the trusted virtual machine from a source physical machine to a destination physical machine according to a dynamic migration mode;
s2, when the time interval of the trusted virtual machine for processing the tenant service reaches a second preset time, the trusted virtual machine is migrated from the source physical machine to the destination physical machine according to a static migration mode.
Further, the method as described above, step S1 includes:
s11, before migration, verifying the identity and the trusted state of a source physical machine and a destination physical machine, and after verification, negotiating a session key by two communication parties to establish a secure connection channel;
s12, based on the secure connection channel, migrating the following information of the trusted virtual machine from the source physical machine to the destination physical machine:
1) VM memory instance and VM image file;
2) vTPCM memory instance and vTPCM persistent storage file;
3) vTPCM context information in TSB;
4) The vTPCM instance in the TPCM has been loaded with key information.
Further, as described above, step S12 includes:
a1, transmitting a VM memory instance and a VM image file to the target physical machine by the migration process of the source physical machine through a dirty page retransmission mechanism, and suspending the trusted virtual machine and the vTPCM when the number of the residual VM dirty pages is smaller than a threshold value;
a2, the migration process of the source physical machine transmits the rest VM memory instance and VM image files to the destination physical machine;
a3, the migration process of the source physical machine stores the VM equipment state and transmits the VM equipment state to the destination physical machine;
a4, the migration process of the source physical machine transmits the vTPCM memory instance and the vTPCM persistent storage file to the destination physical machine;
a5, the migration process of the source physical machine stores the state of the vTPCM equipment and transmits the state to the destination physical machine;
a6, the migration process of the source physical machine stores the vTPCM context information in the TSB of the source physical machine and the loaded key information of the vTPCM instance in the TPCM and transmits the information to the destination physical machine;
and A7, after the trusted virtual machine and the vTPCM are normally migrated, disconnecting migration connection and ending the migration process.
Further, as described above, step S12 includes:
b1, creating a first virtual machine and a first vTPCM of a blank shell by the target physical machine, starting the first virtual machine and the first vTPCM, and suspending the first virtual machine and the first vTPCM;
b2, the migration process of the destination physical machine receives the VM memory instance and the VM image file transmitted by the source physical machine;
b3, the migration process of the destination physical machine receives the VM equipment state transmitted by the source physical machine, verifies the VM equipment state, and loads the VM equipment state into the first virtual machine after verification is passed;
b4, the migration process of the destination physical machine receives the vTPCM memory instance and the vTPCM persistent storage file transmitted by the source physical machine;
b5, the migration process of the destination physical machine receives the vTPCM equipment state transmitted by the source physical machine, verifies the vTPCM equipment state, and loads the vTPCM equipment state into the first vTPCM after the vTPCM equipment state passes the verification;
b6, the migration process of the destination physical machine receives the vTPCM context information and the vTPCM instance loaded key information transmitted by the source physical machine, verifies the vTPCM context information and the vTPCM instance loaded key information, loads the vTPCM context information into the TSB of the destination physical machine after verification, and imports the vTPCM instance loaded key information into the TPCM of the destination physical machine;
and B7, the destination physical machine resumes running the first virtual machine and the first vTPCM.
Further, the method as described above, step S2 includes:
s21, before migration, verifying the identity and the trusted state of the source physical machine and the destination physical machine, and after verification, negotiating a session key by two communication parties to establish a secure connection channel;
and S22, based on the secure connection channel, the VM image file and the vTPCM persistent storage file of the trusted virtual machine are migrated from the source physical machine to the destination physical machine.
Further, as described above, step S22 includes:
c1, after the current task of the trusted virtual machine is executed, the migration process of the source physical machine stores VM image files and vTPCM persistent storage files of the trusted virtual machine, and the trusted virtual machine is finished to be operated;
c2, the migration process of the source physical machine transmits the VM image file and the vTPCM persistent storage file to the destination physical machine through the secure connection channel;
and C3, after the trusted virtual machine resumes operation, the migration process of the source physical machine clears the saved VM image file and the vTPCM persistent storage file.
Further, the method as described above, step C2 includes:
and the migration process of the source physical machine encrypts the VM image file and the vTPCM persistent storage file through the session key, the key of the source physical machine, the key of the destination physical machine and the Nonce value and then transmits the encrypted VM image file and vTPCM persistent storage file to the destination physical machine.
Further, as described above, step S22 includes:
d1, the migration process of the destination physical machine receives the VM image file and the vTPCM persistent storage file transmitted by the source physical machine;
and D2, verifying the integrity, confidentiality, source reliability and freshness of the VM image file and the vTPCM persistent storage file by the migration process of the destination physical machine, and recovering to operate the trusted virtual machine after verification.
A storage medium having a computer program stored therein, wherein the computer program is configured to execute a migration method of a trusted virtual machine in a cloud environment according to the present invention when running.
An electronic device comprising a memory and a processor, the memory having stored therein a computer program, the processor being arranged to run the computer program to perform a method of migration of a cloud environment trusted virtual machine as described in the present invention.
The invention has the beneficial effects that: the trusted virtual machine migration comprises two modes of dynamic migration and static migration, wherein the dynamic migration is suitable for scenes with high requirements on tenant service time continuity, and the static migration is suitable for scenes with low requirements on tenant service time continuity. Different requirements of time continuity of tenant service on the virtual machine are met.
Drawings
Fig. 1 is a flow chart of a migration method of a trusted virtual machine in a cloud environment according to a first embodiment of the present invention;
FIG. 2 is a flow chart illustrating the steps of a method for dynamically migrating a trusted virtual machine according to a third embodiment of the present invention;
FIG. 3 is a flowchart illustrating steps of a method for dynamically migrating a trusted virtual machine according to a fourth embodiment of the present invention;
FIG. 4 is a schematic flow chart illustrating the steps of a static migration method of a trusted virtual machine according to a fifth embodiment of the present invention;
FIG. 5 is a flowchart illustrating a sub-step of a static migration method of a trusted virtual machine according to a sixth embodiment of the present invention;
FIG. 6 is a flowchart illustrating a sub-step of a static migration method of a trusted virtual machine according to a seventh embodiment of the present invention;
FIG. 7 is a frame diagram of a method for dynamically migrating a trusted virtual machine according to a second embodiment of the present invention;
FIG. 8 is a timing chart of a dynamic migration method of a trusted virtual machine according to a second embodiment of the present invention;
FIG. 9 is a frame diagram of a static migration method of a trusted virtual machine provided in a fifth embodiment of the present invention;
fig. 10 is a timing chart of a static migration method of a trusted virtual machine according to a fifth embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and the detailed description.
The migration method of the cloud environment trusted virtual machine provided by the invention is realized based on a trusted cloud system, and the trusted cloud system comprises the following steps: the system comprises a cloud platform system and a tenant service system, wherein the cloud platform system comprises a Trusted Platform Control Module (TPCM), physical machine trusted base software and a trusted computing virtualization supporting platform, the secure operation of bottom cloud platform service is ensured through the TPCM and the physical machine trusted base software, and a Virtual Trusted Platform Control Module (VTPCM) is provided for each virtual machine through the trusted computing virtualization supporting platform; the tenant service system comprises virtual machine trusted base software, wherein the virtual machine trusted base software is used for actively protecting a virtual machine trusted computing environment under the support of a VTPCM.
The technical principle of the trusted architecture of the cloud platform system is as follows:
1) The physical computing environment is ensured to be trusted through physical TPCM and physical machine trusted base software.
The trust chain and the trusted environment establishment mode of the cloud environment physical node are not different from those of a common physical network. Each physical node includes a compute node (a node that provides computing power for the virtual machine) and a non-compute node, each configured with a TPCM physical chip. The TPCM chip is typically embedded on a system motherboard and has physical protection functions. Through the design of a main board circuit, when the system is started, a physical chip actively measures the initial part (generally BIOS firmware) of a system starting code, and then the measured starting code measures the next starting code step by step until the operating system and the trusted base software machine are started. This is done and established through a trust chain. And the trusted base software is supported by the TPCM chip, so that the trust of the physical nodes and the physical network environment is ensured.
2) The physical computing environment is credible to ensure that the cloud platform service and the virtual machine running environment are credible.
The trusted base software and the physical TPCM chip work cooperatively, so that the trust of the physical computing environment is ensured, various services of the cloud environment can be measured according to a policy, the trusted state of the cloud environment before starting and in the running process is ensured, and an external system and a management platform can monitor the trusted state of the running environment.
Cloud environment virtualization system components are the basis for virtual machine operation. Cloud environment virtualization system components are also software of physical machines, which provide trust guarantees by the physical machine trusted environment.
3) Virtual VTPCM is established for each virtual machine, providing support for the trust of the virtual machine.
Through virtualization technology, a Virtual TPCM (VTPCM) is emulated as the trusted root of the virtual machine. The VTPCM is based on hardware security provided by the physical TPCM, and the VTPCM itself is monitored as software of the physical machine by physical machine trusted software base metrics. Similar to physical TPCM, VTPCM actively measures the components of the virtual machine starting process, gradually establishes a trusted chain of trust of the virtual machine until the trusted software base is started, and then the trusted chain is transferred into the virtual machine; the VTPCM all involves the cipher part of virtual machine calculation, VT is forwarded to physical TPCM to be executed and stored, virtual TPCM has the same function and security as physical TPCM.
Virtual machines have different lifecycle management relative to physical machines, and a unique control module is required to handle activities such as starting, suspending, hibernating, shutting down, resuming execution, and migration of the virtual machine.
4) The trusted base software in the virtual machine takes the VTPCM as support, and ensures the trusted computing environment of the virtual machine.
Similar to a physical computing environment, a virtual machine computing environment is trusted to be protected by trusted base software within the virtual machine using the support of VTPCM. The trusted software base in the virtual machine is identical to the trusted software machine of the physical machine, except that the functions supported by partial virtualization are not effective. The trusted base software inside the virtual machine is not until itself executed in the virtual machine, the VTPCM being the true TPCM for the trusted base software.
The internal trusted base software of the virtual machine monitors the security and reliability of the running time of the virtual machine through various metrics, and delegates tasks to the VTPCM process when necessary.
5) Physical TPCM adds context management, command handling to distinguish physical nodes from multiple virtual nodes
In order to distinguish and process the feasible command processing of a plurality of virtual nodes and physical nodes, the physical TPCM increases context management, establishes different contexts for the physical nodes and the plurality of virtual nodes, stores command queues and loaded keys, and has different identifications (the command identifications of the physical machines are null) for commands from the physical nodes and the plurality of nodes so as to distinguish which context is adopted, and the TPCM reasonably schedules the commands of the different nodes for ensuring proper fairness and reducing command response time.
The virtual node's context may be created, deleted, and paused. Can also be saved to the outside to reduce the use of resources inside the TPCM, and can load the saved context when necessary, in conjunction with virtual machine suspension, hibernation/resume, stop/start, migration, etc.
6) The trusted base software adds a virtual machine context management interface and modifies the command format.
The virtual machine context management interface is added in a trusted support mechanism of the trusted base software, and when the virtual machine is started, paused, dormant, closed, restored to be executed and migrated, the VTPCM can call the corresponding context management interface.
The command format is modified, and commands from the physical node and the plurality of nodes have different identifications to isolate commands of the physical machine from commands of different virtual machines.
7) And adding feasible relevant migration in the virtual machine migration process in the VMM.
The trusted related migration is added in the original migration process, and mainly comprises two parts:
the trusted data is migrated so that the trusted correlation component resumes original operation after the migration.
The trusted mechanism is utilized in the migration process to ensure the safety of the trusted data and the user data.
Migration trusted data mainly comprises migration of virtual machine context (mainly loaded keys) inside the TPCM, migration of VTPCM (virtual machine code) running state, migration of VTPCM off-line data and migration of key tree. VTPCM offline data includes persistent state configuration, keys (stored protected by physical TPCM), benchmarks, policies. Trusted data is also included in the virtual machine, and the data is migrated along with the virtual machine snapshot without separate processing. The migration of the trusted data is mainly to increase the migration of the trusted related data in the original migration process. Including obtaining save trusted data, transmitting trusted data, and resuming execution of trusted data. The key tree migration needs to ensure that the reason key can be reloaded and run in the target environment, and the physical TPCM of the two parties is required to finish the migration cooperatively.
The data security in the migration process is to encrypt and integrity protect the trusted data and the user data by using a trusted mechanism so as to ensure that the trusted data and the user data are not revealed and tampered.
Example 1
As shown in fig. 1, a migration method of a trusted virtual machine in a cloud environment includes:
s1, when the time interval of processing tenant service by a trusted virtual machine is lower than a first preset time, migrating the trusted virtual machine from a source physical machine to a destination physical machine according to a dynamic migration mode;
and S2, when the time interval of the trusted virtual machine for processing the tenant service reaches a second preset time, migrating the trusted virtual machine from the source physical machine to the destination physical machine according to a static migration mode.
The trusted virtual machine migration comprises two modes of dynamic migration and static migration, wherein the dynamic migration is suitable for scenes with high requirements on tenant service time continuity, and the static migration is suitable for scenes with low requirements on tenant service time continuity. Different requirements of time continuity of tenant service on the virtual machine are met.
Example two
The migration process of the trusted virtual machine in the live migration mode is described below.
Step S1 of the first embodiment includes:
s11, before migration, verifying the identity and the trusted state of a source physical machine and a destination physical machine, and after verification, negotiating a session key by two communication parties to establish a secure connection channel;
s12, based on the secure connection channel, the following information of the trusted virtual machine is migrated from the source physical machine to the destination physical machine:
1) VM memory instance and VM image file;
2) vTPCM memory instance and vTPCM persistent storage file;
3) vTPCM context information in TSB;
4) The vTPCM instance in the TPCM has been loaded with key information.
Before migration, firstly verifying the identity and the trusted state of the source physical machine and the destination physical machine, and if the identity verification passes and the identity verification is in the trusted state, establishing a secure channel between the source physical machine and the destination physical machine for secure communication and protecting transmission data.
When the trusted virtual machine performs the live migration operation, the components that need to be migrated are shown in fig. 7.
When the vTPCM instance runs, due to the special requirement on key security, encryption and decryption operations related to the key need to be delegated to the physical TPCM to complete. To achieve this functionality, in addition to the vtpmpersistent storage and the vtpmvirtual device, it is also necessary to save context information of the vtpms instance interacting with the physical TPCM in a Trusted Software Base (TSB) and store the loaded key information of the vtpms instance in the TPCM. Thus, when vttcm trusted virtual machine instance live migration is required, the following information needs to be migrated:
1) VM memory instance and VM image file
2) vTPCM memory instance and vTPCM persistent storage file
3) vTPCM context information in TSB
4) vTPCM instance in TPCM loaded key information
As shown in fig. 8, the trusted virtual machine dynamic migration process is specifically described as follows:
1) And establishing a migration connection channel. Before migration, the source physical machine migration process needs to verify the security state of the destination physical machine, confirm the identity of the other party and verify the trusted state of the destination physical machine. After the verification is passed, the two communication parties need to negotiate a session key to establish a secure connection channel.
2) The destination physical machine creates a first virtual machine and a first vTPCM of the empty shell. And initializing corresponding memory data structures in the first virtual machine and the first vTPCM. And then suspending the first virtual machine and the first vTPCM to reserve the memory data information related to the subsequent receiving source physical machine.
3) VM instance file transfer. And transmitting the VM memory state data and the VM image file through a dirty page retransmission mechanism, and suspending the trusted virtual machine and the vTPCM when the number of the residual VM dirty pages is smaller than a threshold value.
4) And transmitting the rest VM memory state data and VM image files.
5) The VM device state is saved on the source physical machine, transmitted, and then verified and loaded on the destination physical machine.
6) The vTPCM persistent storage file is transmitted.
7) The state of the vTPCM equipment is saved and transmitted on the source physical machine, and the state of the vTPCM equipment is verified and loaded on the destination physical machine.
8) The transmitted vTPCM context and the vTPCM loaded key. The vTPCM context and the vTPCM loaded key are saved on the source physical machine, then transferred to the destination physical machine, and finally verified and loaded on the destination physical machine.
9) And recovering the operation of the first virtual machine and the first vTPCM at the destination physical machine.
10 And (3) after the trusted virtual machine and the vTPCM are normally migrated, disconnecting migration connection and ending the migration process.
Example III
The following describes a live migration process of a trusted virtual machine with a source physical machine as an execution subject.
As shown in fig. 2, step S12 of the second embodiment includes:
a1, a migration process of a source physical machine transmits a VM memory instance and a VM image file to a destination physical machine through a dirty page retransmission mechanism, and when the number of the residual VM dirty pages is smaller than a threshold value, a trusted virtual machine and a vTPCM are suspended;
a2, the migration process of the source physical machine transmits the rest VM memory instance and VM image files to the destination physical machine;
a3, the migration process of the source physical machine stores the VM equipment state and transmits the VM equipment state to the destination physical machine;
a4, the migration process of the source physical machine transmits the vTPCM memory instance and the vTPCM persistent storage file to the destination physical machine;
a5, the migration process of the source physical machine stores the state of the vTPCM equipment and transmits the state to the destination physical machine;
a6, the migration process of the source physical machine stores the vTPCM context information in the TSB of the source physical machine and the loaded key information of the vTPCM instance in the TPCM and transmits the key information to the destination physical machine;
and A7, after the trusted virtual machine and the vTPCM are normally migrated, disconnecting migration connection and ending the migration process.
Example IV
The following describes a process of dynamic migration of a trusted virtual machine with a destination physical machine as an execution subject.
As shown in fig. 3, step S12 of the second embodiment includes:
b1, creating a first virtual machine and a first vTPCM of a blank shell by a target physical machine, starting the first virtual machine and the first vTPCM, and suspending the first virtual machine and the first vTPCM;
b2, the migration process of the destination physical machine receives the VM memory instance and the VM image file transmitted by the source physical machine;
b3, the migration process of the destination physical machine receives the VM equipment state transmitted by the source physical machine, verifies the VM equipment state, and loads the VM equipment state into the first virtual machine after verification is passed;
b4, the migration process of the destination physical machine receives the vTPCM memory instance and the vTPCM persistent storage file transmitted by the source physical machine;
b5, the migration process of the destination physical machine receives the vTPCM equipment state transmitted by the source physical machine, verifies the vTPCM equipment state, and loads the vTPCM equipment state into the first vTPCM after verification;
b6, the migration process of the destination physical machine receives the vTPCM context information and the vTPCM instance loaded key information transmitted by the source physical machine, verifies the vTPCM context information and the vTPCM instance loaded key information, loads the vTPCM context information into the TSB of the destination physical machine after verification, and imports the vTPCM instance loaded key information into the TPCM of the destination physical machine;
and B7, the destination physical machine resumes running the first virtual machine and the first vTPCM.
Example five
The migration process of the trusted virtual machine in the static migration mode is described below.
As shown in fig. 4, step S2 of the first embodiment includes:
s21, before migration, verifying the identity and the trusted state of a source physical machine and a destination physical machine, and after verification, negotiating a session key by two communication parties to establish a secure connection channel;
s22, based on the secure connection channel, the VM image file and the vTPCM persistent storage file of the trusted virtual machine are migrated from the source physical machine to the destination physical machine.
Before migration, firstly verifying the identity and the trusted state of the source physical machine and the destination physical machine, and if the identity verification passes and the identity verification is in the trusted state, establishing a secure channel between the source physical machine and the destination physical machine for secure communication and protecting transmission data.
A trusted virtual machine static migration process block diagram is shown in fig. 9. And when the virtual machine is in static migration, the virtual machine can end the running state, update the data of the running state into the VM image file and the vTPCM persistent storage file, and then transmit the VM image file and the vTPCM persistent storage file into a target platform file system through a virtual machine data security transmission measure. And after verifying and confirming the integrity, confidentiality, source reliability, freshness and the like of the VM image file and the vTPCM persistent storage file, performing virtual machine migration recovery on the target platform. And loading the migration VM image file and recovering the running state of the trusted virtual machine.
As shown in fig. 10, the trusted virtual machine static migration process is specifically described as follows:
1) Migration preparation work. Before static migration, carrying out identity verification on a source physical machine and a destination physical machine, detecting the trusted state of the destination physical machine, and exchanging keys required by migration.
2) And storing the running state of the virtual machine of the source physical machine. After the current task of the virtual machine is executed, the virtual machine operation is ended after the persistence information of the virtual machine is stored.
3) The VM image file and the vtpmm persistent storage file are encrypted using a source physical machine key, a destination physical machine key, a session key, a Nonce value, etc.
4) And securely transmitting the encrypted VM image file and the vTPCM persistent storage file to the destination physical machine.
5) And verifying the integrity, confidentiality and source reliability and freshness of the VM image file and the vTPCM persistent storage file on the destination physical machine.
6) And recovering the running state of the virtual machine on the target physical machine.
7) VM image files and vTPCM persistent storage files on the source physical machine are cleared.
8) And (5) finishing static migration.
Example six
The static migration process of the trusted virtual machine with the source physical machine as the execution subject is described below.
As shown in fig. 5, step S22 of the fifth embodiment includes:
c1, after the current task of the trusted virtual machine is executed, the migration process of the source physical machine stores VM image files and vTPCM persistent storage files of the trusted virtual machine, and the trusted virtual machine is finished to operate;
c2, the migration process of the source physical machine transmits the VM image file and the vTPCM persistent storage file to the destination physical machine through a secure connection channel;
step C2 includes:
and the migration process of the source physical machine encrypts the VM image file and the vTPCM persistent storage file through the session key, the key of the source physical machine, the key of the destination physical machine and the Nonce value and then transmits the VM image file and the vTPCM persistent storage file to the destination physical machine.
And C3, after the trusted virtual machine resumes operation, the migration process of the source physical machine clears the stored VM image file and the vTPCM persistent storage file.
Example seven
The static migration process of the trusted virtual machine with the destination physical machine as the execution subject is described below.
As shown in fig. 6, step S22 of the fifth embodiment includes:
the migration process of the destination physical machine receives the VM image file and the vTPCM persistent storage file transmitted by the source physical machine;
and D2, verifying the integrity, confidentiality, source reliability and freshness of the VM image file and the vTPCM persistent storage file by the migration process of the target physical machine, and recovering to operate the trusted virtual machine after verification.
Example eight
The invention also provides a storage medium, wherein the storage medium stores a computer program, and the migration method of the cloud environment trusted virtual machine can be executed when the computer program runs. The storage medium includes at least one of: the migration method of the cloud environment trusted virtual machine is converted into data (computer program) to be recorded in the storage medium, for example, a hard disk of the computer program carved with the migration method of the invention is put into a computer to run, so that the migration method of the invention can be realized.
Example nine
The invention also provides an electronic device comprising a memory in which a computer program is stored and a processor arranged to run the computer program to perform a method of migration of a trusted virtual machine of a cloud environment according to the invention. The memory belongs to the storage medium in the eighth embodiment, and is capable of storing the computer program of the method of the present invention, and the processor may process the data in the memory, and the electronic device may be a computer, a mobile phone or any other device including a memory and a processor. After the computer is started, the starting processor runs the computer program of the migration method of the present invention in the memory, so that the migration method of the present invention can be implemented.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (8)

1. A method for migrating a trusted virtual machine in a cloud environment, the method comprising:
s1, when the time interval of processing tenant service by a trusted virtual machine is lower than a first preset time, migrating the trusted virtual machine from a source physical machine to a destination physical machine according to a dynamic migration mode;
s2, when the time interval of the trusted virtual machine for processing tenant service reaches a second preset time, migrating the trusted virtual machine from the source physical machine to the destination physical machine according to a static migration mode;
the step S1 comprises the following steps:
s11, before migration, verifying the identity and the trusted state of a source physical machine and a destination physical machine, and after verification, negotiating a session key by two communication parties to establish a secure connection channel;
s12, based on the secure connection channel, migrating the following information of the trusted virtual machine from the source physical machine to the destination physical machine:
1) VM memory instance and VM image file;
2) vTPCM memory instance and vTPCM persistent storage file;
3) vTPCM context information in TSB;
4) The vTPCM instance in the TPCM has loaded the key information;
step S1 further comprises:
b1, creating a first virtual machine and a first vTPCM of a blank shell by the target physical machine, starting the first virtual machine and the first vTPCM, and suspending the first virtual machine and the first vTPCM;
b2, the migration process of the destination physical machine receives the VM memory instance and the VM image file transmitted by the source physical machine;
b3, the migration process of the destination physical machine receives the VM equipment state transmitted by the source physical machine, verifies the VM equipment state, and loads the VM equipment state into the first virtual machine after verification is passed;
b4, the migration process of the destination physical machine receives the vTPCM memory instance and the vTPCM persistent storage file transmitted by the source physical machine;
b5, the migration process of the destination physical machine receives the vTPCM equipment state transmitted by the source physical machine, verifies the vTPCM equipment state, and loads the vTPCM equipment state into the first vTPCM after the vTPCM equipment state passes the verification;
b6, the migration process of the destination physical machine receives the vTPCM context information and the vTPCM instance loaded key information transmitted by the source physical machine, verifies the vTPCM context information and the vTPCM instance loaded key information, loads the vTPCM context information into the TSB of the destination physical machine after verification, and imports the vTPCM instance loaded key information into the TPCM of the destination physical machine;
and B7, the destination physical machine resumes running the first virtual machine and the first vTPCM.
2. The method according to claim 1, wherein step S12 comprises:
a1, transmitting a VM memory instance and a VM image file to the target physical machine by the migration process of the source physical machine through a dirty page retransmission mechanism, and suspending the trusted virtual machine and the vTPCM when the number of the residual VM dirty pages is smaller than a threshold value;
a2, the migration process of the source physical machine transmits the rest VM memory instance and VM image files to the destination physical machine;
a3, the migration process of the source physical machine stores the VM equipment state and transmits the VM equipment state to the destination physical machine;
a4, the migration process of the source physical machine transmits the vTPCM memory instance and the vTPCM persistent storage file to the destination physical machine;
a5, the migration process of the source physical machine stores the state of the vTPCM equipment and transmits the state to the destination physical machine;
a6, the migration process of the source physical machine stores the vTPCM context information in the TSB of the source physical machine and the loaded key information of the vTPCM instance in the TPCM and transmits the information to the destination physical machine;
and A7, after the trusted virtual machine and the vTPCM are normally migrated, disconnecting migration connection and ending the migration process.
3. The method according to claim 1, wherein step S2 comprises:
s21, before migration, verifying the identity and the trusted state of the source physical machine and the destination physical machine, and after verification, negotiating a session key by two communication parties to establish a secure connection channel;
and S22, based on the secure connection channel, the VM image file and the vTPCM persistent storage file of the trusted virtual machine are migrated from the source physical machine to the destination physical machine.
4. A method according to claim 3, wherein step S22 comprises:
c1, after the current task of the trusted virtual machine is executed, the migration process of the source physical machine stores VM image files and vTPCM persistent storage files of the trusted virtual machine, and the trusted virtual machine is finished to be operated;
c2, the migration process of the source physical machine transmits the VM image file and the vTPCM persistent storage file to the destination physical machine through the secure connection channel;
and C3, after the trusted virtual machine resumes operation, the migration process of the source physical machine clears the saved VM image file and the vTPCM persistent storage file.
5. The method of claim 4, wherein step C2 comprises:
and the migration process of the source physical machine encrypts the VM image file and the vTPCM persistent storage file through the session key, the key of the source physical machine, the key of the destination physical machine and the Nonce value and then transmits the encrypted VM image file and vTPCM persistent storage file to the destination physical machine.
6. The method according to claim 4, wherein step S22 includes:
d1, the migration process of the destination physical machine receives the VM image file and the vTPCM persistent storage file transmitted by the source physical machine;
and D2, verifying the integrity, confidentiality, source reliability and freshness of the VM image file and the vTPCM persistent storage file by the migration process of the destination physical machine, and recovering to operate the trusted virtual machine after verification.
7. A storage medium having a computer program stored therein, wherein the computer program is configured to perform the migration method of a cloud environment trusted virtual machine of any one of claims 1 to 6 at runtime.
8. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, the processor being arranged to run the computer program to perform a method of migrating a cloud environment trusted virtual machine as claimed in any one of claims 1 to 6.
CN201911317120.3A 2019-12-19 2019-12-19 Migration method of cloud environment trusted virtual machine Active CN111143030B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911317120.3A CN111143030B (en) 2019-12-19 2019-12-19 Migration method of cloud environment trusted virtual machine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911317120.3A CN111143030B (en) 2019-12-19 2019-12-19 Migration method of cloud environment trusted virtual machine

Publications (2)

Publication Number Publication Date
CN111143030A CN111143030A (en) 2020-05-12
CN111143030B true CN111143030B (en) 2023-04-28

Family

ID=70518918

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911317120.3A Active CN111143030B (en) 2019-12-19 2019-12-19 Migration method of cloud environment trusted virtual machine

Country Status (1)

Country Link
CN (1) CN111143030B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112486628B (en) * 2020-11-20 2024-12-20 湖南麒麟信安科技股份有限公司 A method for migrating virtual machines between virtual private clouds
CN115002181A (en) * 2022-07-22 2022-09-02 北京工业大学 Virtual trusted root and virtual trust chain method thereof
CN118567777A (en) * 2023-02-21 2024-08-30 华为云计算技术有限公司 Cloud computing technology-based server and virtual instance management method

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5104588B2 (en) * 2007-10-18 2012-12-19 富士通株式会社 Migration program and virtual machine management device
CN102694672B (en) * 2011-03-24 2015-07-22 华为技术有限公司 Method for parameter migration of virtual machine, equipment and virtual machine server
US9092837B2 (en) * 2012-11-29 2015-07-28 International Business Machines Corporation Use of snapshots to reduce risk in migration to a standard virtualized environment
JP6037016B2 (en) * 2012-12-13 2016-11-30 ▲ホア▼▲ウェイ▼技術有限公司Huawei Technologies Co.,Ltd. Method and apparatus for determining virtual machine migration
CN106230584B (en) * 2016-07-21 2019-09-03 北京可信华泰信息技术有限公司 A kind of key migration method of credible platform control module
CN109684037A (en) * 2018-12-18 2019-04-26 北京可信华泰信息技术有限公司 A kind of secure virtual machine moving method

Also Published As

Publication number Publication date
CN111143030A (en) 2020-05-12

Similar Documents

Publication Publication Date Title
US10257170B2 (en) Systems and methods for decrypting network traffic in a virtualized environment
Pinto et al. IIoTEED: An enhanced, trusted execution environment for industrial IoT edge devices
CN111158906B (en) Active immunity credible cloud system
US11323259B2 (en) Version control for trusted computing
US20100146267A1 (en) Systems and methods for providing secure platform services
CN111143030B (en) Migration method of cloud environment trusted virtual machine
CN103139221A (en) Dependable virtual platform and construction method thereof, data migration method among platforms
JP2022040156A (en) Virtual machine transition method by check point authentication in virtualized environment
EP2862119B1 (en) Network based management of protected data sets
CN108809975B (en) Internal and external network isolation system and method for realizing internal and external network isolation
CN110768966A (en) Secure cloud management system construction method and device based on mimicry defense
Wen et al. The study on data security in Cloud Computing based on Virtualization
CN110012074A (en) A kind of credible context management method of cloud environment
Wang et al. Secured and reliable VM migration in personal cloud
Huang et al. Developing a trustworthy computing framework for clouds
Abed et al. Resilient intrusion detection system for cloud containers
Upadhyay et al. Secure live migration of VM's in Cloud Computing: A survey
Song et al. App’s auto-login function security testing via Android OS-level virtualization
WO2023041025A1 (en) Cloud-technology-based computing node and cloud-technology-based instance management method
Morbitzer Scanclave: verifying application runtime integrity in untrusted environments
CN111158854A (en) Method for recovering trust chain during migration of cloud environment virtual machine
US10261921B2 (en) Universal secure platform virtualization system and method thereof
Kumar et al. Ensuring security for virtualization in cloud services
Angin et al. Tamper-resistant autonomous agents-based mobile-cloud computing
WO2023041037A1 (en) Cloud-technology-based computing node and cloud-technology-based instance management method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant