-
公开(公告)号:US09785770B2
公开(公告)日:2017-10-10
申请号:US14572515
申请日:2014-12-16
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Bin Tu , Haibo Chen , Yubin Xia
CPC classification number: G06F21/554 , G06F9/45558 , G06F21/53 , G06F21/54 , G06F21/568 , G06F2009/45587 , G06F2221/03
Abstract: The present invention discloses a method, an apparatus, and a system for triggering virtual machine introspection, so as to provide a timely and effective security check triggering mechanism. In the present invention, data that needs to be protected is determined; the data that needs to be protected is monitored; and when it is determined that the data that needs to be protected is modified, virtual machine introspection is triggered. The present invention avoids a performance loss and a security problem that are brought about by regularly starting a virtual machine introspection system to perform a security check, and therefore, the present invention is more applicable.
-
公开(公告)号:US09672367B2
公开(公告)日:2017-06-06
申请号:US14721911
申请日:2015-05-26
Applicant: Huawei Technologies Co., Ltd.
Inventor: Xiaoxin Wu , Bin Tu
CPC classification number: G06F21/606 , G06F9/455 , G06F9/45533 , G06F9/45558 , G06F21/602 , G06F21/62 , G06F21/83 , G06F2009/45587 , G06F2221/031 , G06F2221/2105 , H04L63/0428
Abstract: Embodiments of the present invention provide a method and an apparatus for inputting data. The present invention relates to the communications field and aims to improve security of input information. The method includes: acquiring, by a virtual machine manager, input data; performing, by the virtual machine manager, encryption processing on the input data according to an encryption rule of a security connection to obtain encrypted data; and sending, by the virtual machine manager, the encrypted data to the server. The present invention is applicable to a data input scenario.
-
公开(公告)号:US20150309832A1
公开(公告)日:2015-10-29
申请号:US14795225
申请日:2015-07-09
Applicant: Huawei Technologies Co., Ltd.
Inventor: Bin Tu , Haibo Chen , Yubin Xia
IPC: G06F9/455
CPC classification number: G06F9/45558 , G06F21/53 , G06F2009/45575 , G06F2009/45587
Abstract: An isolation method for a management virtual machine and an apparatus, which resolves problems that performance of communication between service components is deteriorated, more resources are required for running a virtual machine, and security of the service components is relatively low. The method includes: acquiring a guest identifier; searching, according to the guest identifier, the management virtual machine for a kernel virtual machine; when the kernel virtual machine is not found in the management virtual machine, creating the kernel virtual machine in the management virtual machine; dividing a service provided for a guest virtual machine by the kernel virtual machine into multiple service components; and running the multiple service components in execution environments corresponding to permission of the service components, where the kernel virtual machine includes the multiple execution environments, and the multiple execution environment have different permission.
Abstract translation: 一种用于管理虚拟机和装置的隔离方法,其解决了服务组件之间的通信性能恶化的问题,运行虚拟机需要更多的资源,并且服务组件的安全性相对较低。 该方法包括:获取客户识别符; 根据客户标识符搜索内核虚拟机的管理虚拟机; 当在管理虚拟机中找不到内核虚拟机时,在管理虚拟机中创建内核虚拟机; 将由虚拟机提供的来宾虚拟机的服务划分为多个服务组件; 并且在执行环境中运行与服务组件的许可相对应的多个服务组件,其中内核虚拟机包括多个执行环境,并且多个执行环境具有不同的权限。
-
公开(公告)号:US09058500B2
公开(公告)日:2015-06-16
申请号:US14294700
申请日:2014-06-03
Applicant: Huawei Technologies Co., Ltd.
Inventor: Xiaoxin Wu , Bin Tu
CPC classification number: G06F21/606 , G06F9/455 , G06F9/45533 , G06F9/45558 , G06F21/602 , G06F21/62 , G06F21/83 , G06F2009/45587 , G06F2221/031 , G06F2221/2105 , H04L63/0428
Abstract: Embodiments of the present invention provide a method and an apparatus for inputting data. The present invention relates to the communications field and aims to improve security of input information. The method includes: acquiring, by a virtual machine manager, input data; performing, by the virtual machine manager, encryption processing on the input data according to an encryption rule of a security connection to obtain encrypted data, where the security connection refers to a connection that is established between an application interface and a server and used for data transmission; and sending, by the virtual machine manager, the encrypted data to the server. The present invention is applicable to a data input scenario.
Abstract translation: 本发明的实施例提供一种用于输入数据的方法和装置。 本发明涉及通信领域,旨在提高输入信息的安全性。 该方法包括:由虚拟机管理器获取输入数据; 由虚拟机管理器根据安全连接的加密规则执行对输入数据的加密处理以获得加密数据,其中安全连接是指在应用接口和服务器之间建立并用于数据的连接 传输; 并由虚拟机管理器将加密数据发送到服务器。 本发明可应用于数据输入场景。
-
公开(公告)号:US09971623B2
公开(公告)日:2018-05-15
申请号:US14795225
申请日:2015-07-09
Applicant: Huawei Technologies Co., Ltd.
Inventor: Bin Tu , Haibo Chen , Yubin Xia
CPC classification number: G06F9/45558 , G06F21/53 , G06F2009/45575 , G06F2009/45587
Abstract: An isolation method for a management virtual machine and an apparatus, which resolves problems that performance of communication between service components is deteriorated, more resources are required for running a virtual machine, and security of the service components is relatively low. The method includes: acquiring a guest identifier; searching, according to the guest identifier, the management virtual machine for a kernel virtual machine; when the kernel virtual machine is not found in the management virtual machine, creating the kernel virtual machine in the management virtual machine; dividing a service provided for a guest virtual machine by the kernel virtual machine into multiple service components; and running the multiple service components in execution environments corresponding to permission of the service components, where the kernel virtual machine includes the multiple execution environments, and the multiple execution environment have different permission.
-
Patent Agency Ranking
6.发明申请公开(公告)号:US20150186643A1
公开(公告)日:2015-07-02
申请号:US14572515
申请日:2014-12-16
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Bin Tu , Haibo Chen , Yubin Xia
CPC classification number: G06F21/554 , G06F9/45558 , G06F21/53 , G06F21/54 , G06F21/568 , G06F2009/45587 , G06F2221/03
Abstract: The present invention discloses a method, an apparatus, and a system for triggering virtual machine introspection, so as to provide a timely and effective security check triggering mechanism. In the present invention, data that needs to be protected is determined; the data that needs to be protected is monitored; and when it is determined that the data that needs to be protected is modified, virtual machine introspection is triggered. The present invention avoids a performance loss and a security problem that are brought about by regularly starting a virtual machine introspection system to perform a security check, and therefore, the present invention is more applicable.
Abstract translation: 本发明公开了一种用于触发虚拟机内省的方法,装置和系统,以提供及时有效的安全检查触发机制。 在本发明中,确定需要保护的数据; 监控需要保护的数据; 并且当确定需要保护的数据被修改时,虚拟机内省被触发。 本发明避免了通过定期启动虚拟机内省系统进行安全检查而导致的性能损失和安全性问题,因此本发明更适用。
-
公开(公告)号:US20140359273A1
公开(公告)日:2014-12-04
申请号:US14294700
申请日:2014-06-03
Applicant: Huawei Technologies Co., Ltd.
Inventor: Xiaoxin Wu , Bin Tu
CPC classification number: G06F21/606 , G06F9/455 , G06F9/45533 , G06F9/45558 , G06F21/602 , G06F21/62 , G06F21/83 , G06F2009/45587 , G06F2221/031 , G06F2221/2105 , H04L63/0428
Abstract: Embodiments of the present invention provide a method and an apparatus for inputting data. The present invention relates to the communications field and aims to improve security of input information. The method includes: acquiring, by a virtual machine manager, input data; performing, by the virtual machine manager, encryption processing on the input data according to an encryption rule of a security connection to obtain encrypted data, where the security connection refers to a connection that is established between an application interface and a server and used for data transmission; and sending, by the virtual machine manager, the encrypted data to the server. The present invention is applicable to a data input scenario.
Abstract translation: 本发明的实施例提供一种用于输入数据的方法和装置。 本发明涉及通信领域,旨在提高输入信息的安全性。 该方法包括:由虚拟机管理器获取输入数据; 由虚拟机管理器根据安全连接的加密规则执行对输入数据的加密处理以获得加密数据,其中安全连接是指在应用接口和服务器之间建立并用于数据的连接 传输; 并由虚拟机管理器将加密数据发送到服务器。 本发明可应用于数据输入场景。
-
公开(公告)号:US10007785B2
公开(公告)日:2018-06-26
申请号:US15199200
申请日:2016-06-30
Applicant: Huawei Technologies Co., Ltd.
Inventor: Bin Tu , Haibo Chen , Yubin Xia
CPC classification number: G06F21/565 , G06F9/45558 , G06F21/53 , G06F2009/45587 , G06F2009/45591 , G06F2221/034
Abstract: The present disclosure relates to the field of information technologies and discloses a method and an apparatus for implementing virtual machine introspection. The method provided in the present disclosure may further include: determining to-be-checked data in a virtual machine; starting to read the to-be-checked data, saving a copy of the read to-be-checked data, and storing a storage address of the read to-be-checked data in a hardware transactional memory, so that the hardware transactional memory is capable of monitoring the read to-be-checked data according to the storage address; when the read to-be-checked data is modified, stop reading the to-be-checked data, and delete the copy; and when reading the to-be-checked data is completed and it is not detected that the read to-be-checked data is modified, performing security check on the copy. The method can be applied to virtual machine introspection.
-
公开(公告)号:US20160314297A1
公开(公告)日:2016-10-27
申请号:US15199200
申请日:2016-06-30
Applicant: Huawei Technologies Co., Ltd.
Inventor: Bin Tu , Haibo Chen , Yubin Xia
CPC classification number: G06F21/565 , G06F9/45558 , G06F21/53 , G06F2009/45587 , G06F2009/45591 , G06F2221/034
Abstract: The present disclosure relates to the field of information technologies and discloses a method and an apparatus for implementing virtual machine introspection. The method provided in the present disclosure may further include: determining to-be-checked data in a virtual machine; starting to read the to-be-checked data, saving a copy of the read to-be-checked data, and storing a storage address of the read to-be-checked data in a hardware transactional memory, so that the hardware transactional memory is capable of monitoring the read to-be-checked data according to the storage address; when the read to-be-checked data is modified, stop reading the to-be-checked data, and delete the copy; and when reading the to-be-checked data is completed and it is not detected that the read to-be-checked data is modified, performing security check on the copy. The method can be applied to virtual machine introspection.
Abstract translation: 本公开涉及信息技术领域,并且公开了一种用于实现虚拟机内省的方法和装置。 本公开中提供的方法还可以包括:确定虚拟机中的待检查数据; 开始读取待检查的数据,保存读取的被检查数据的副本,以及将读取的被检查数据的存储地址存储在硬件事务存储器中,使得硬件事务存储器 能够根据存储地址监视读取的被检查数据; 当读取的被检查数据被修改时,停止读取待检查的数据,并删除副本; 并且当读取待检查数据完成并且未检测到读取的被检查数据被修改时,对拷贝执行安全性检查。 该方法可以应用于虚拟机内省。
-
公开(公告)号:US20150254466A1
公开(公告)日:2015-09-10
申请号:US14721911
申请日:2015-05-26
Applicant: Huawei Technologies Co., Ltd.
Inventor: Xiaoxin Wu , Bin Tu
CPC classification number: G06F21/606 , G06F9/455 , G06F9/45533 , G06F9/45558 , G06F21/602 , G06F21/62 , G06F21/83 , G06F2009/45587 , G06F2221/031 , G06F2221/2105 , H04L63/0428
Abstract: Embodiments of the present invention provide a method and an apparatus for inputting data. The present invention relates to the communications field and aims to improve security of input information. The method includes: acquiring, by a virtual machine manager, input data; performing, by the virtual machine manager, encryption processing on the input data according to an encryption rule of a security connection to obtain encrypted data; and sending, by the virtual machine manager, the encrypted data to the server. The present invention is applicable to a data input scenario.
Abstract translation: 本发明的实施例提供一种用于输入数据的方法和装置。 本发明涉及通信领域,旨在提高输入信息的安全性。 该方法包括:由虚拟机管理器获取输入数据; 由虚拟机管理者根据安全连接的加密规则执行对输入数据的加密处理,以获得加密的数据; 并由虚拟机管理器将加密数据发送到服务器。 本发明可应用于数据输入场景。
-
-
-
-
-
-
-
-
-
Search Results
10
records
(took 0.026 seconds)
