检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:唐乐爽 窦同锐 桑洪波 张玉国 TANG Le-Shuang;DOU Tong-Rui;SANG Hong-Bo;ZHANG Yu-Guo(Sansec Co.Ltd.,Jinan 250098,China)
出 处:《计算机系统应用》2022年第1期286-294,共9页Computer Systems & Applications
摘 要:密码技术是云计算安全的基础,支持SR-IOV虚拟化的高性能密码卡适用于云密码机,可以为云计算环境提供虚拟化数据加密保护服务,满足安全需求.针对该类密码卡在云密码机使用过程中存在的兼容性不好、扩充性受限、迁移性差以及性价比低等问题,本文提出了基于I/O前后端模型的密码卡软件虚拟化方法,利用共享内存或者VIRTIO作为通信方式,通过设计密码卡前后端驱动或者服务程序,完成多虚拟机与宿主机的高效通信,实现常规密码卡被多虚拟机共享.该方法可以有效地降低云密码机的硬件门槛,具有兼容性好、性能高、易扩展等特点,在信创领域具有广阔的应用前景.Cryptographic technology is the foundation of cloud computing security. The high-performance cryptographic cards supporting SR-IOV virtualization technology are suitable for cloud cipher machines, which can realize the encryption protection of virtualization data for cloud computing environments and meet the security requirements.However, these cryptographic cards have unsatisfactory compatibility, limited expansibility, poor migration, and low cost performance when applied in cloud cipher machines. Thus, this study proposes a software virtualization method of cryptographic cards based on an I/O front-end and back-end model. With shared memory or virtio as the communication mode, it completes the efficient communication between multiple virtual machines and the host by designing the front-end and back-end driver or service program of cryptographic cards and realizes that common cryptographic cards can be shared by multiple virtual machines. This method can effectively lower the hardware threshold of cloud cipher machines and makes cryptographic cards possess good compatibility and expansibility and high performance, thus showing broad application prospects in information technology applications and innovation.
关 键 词:信息安全 virtio 软件虚拟化 密码卡 共享内存
分 类 号:TN918.1[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.30