###
计算机系统应用英文版:2022,31(1):286-294
本文二维码信息
码上扫一扫!
基于I/O前后端模型的密码卡软件虚拟化
(三未信安科技股份有限公司, 济南 250098)
Software Virtualization of Cryptographic Card Based on I/O Front-end and Back-end Model
(Sansec Co. Ltd., Jinan 250098, China)
摘要
图/表
参考文献
相似文献
本文已被:浏览 953次   下载 1903
Received:March 15, 2021    Revised:April 09, 2021
中文摘要: 密码技术是云计算安全的基础,支持SR-IOV虚拟化的高性能密码卡适用于云密码机,可以为云计算环境提供虚拟化数据加密保护服务,满足安全需求.针对该类密码卡在云密码机使用过程中存在的兼容性不好、扩充性受限、迁移性差以及性价比低等问题,本文提出了基于I/O前后端模型的密码卡软件虚拟化方法,利用共享内存或者VIRTIO作为通信方式,通过设计密码卡前后端驱动或者服务程序,完成多虚拟机与宿主机的高效通信,实现常规密码卡被多虚拟机共享.该方法可以有效地降低云密码机的硬件门槛,具有兼容性好、性能高、易扩展等特点,在信创领域具有广阔的应用前景.
Abstract:Cryptographic technology is the foundation of cloud computing security. The high-performance cryptographic cards supporting SR-IOV virtualization technology are suitable for cloud cipher machines, which can realize the encryption protection of virtualization data for cloud computing environments and meet the security requirements. However, these cryptographic cards have unsatisfactory compatibility, limited expansibility, poor migration, and low cost performance when applied in cloud cipher machines. Thus, this study proposes a software virtualization method of cryptographic cards based on an I/O front-end and back-end model. With shared memory or virtio as the communication mode, it completes the efficient communication between multiple virtual machines and the host by designing the front-end and back-end driver or service program of cryptographic cards and realizes that common cryptographic cards can be shared by multiple virtual machines. This method can effectively lower the hardware threshold of cloud cipher machines and makes cryptographic cards possess good compatibility and expansibility and high performance, thus showing broad application prospects in information technology applications and innovation.
文章编号:     中图分类号:    文献标志码:
基金项目:
引用文本:
唐乐爽,窦同锐,桑洪波,张玉国.基于I/O前后端模型的密码卡软件虚拟化.计算机系统应用,2022,31(1):286-294
TANG Le-Shuang,DOU Tong-Rui,SANG Hong-Bo,ZHANG Yu-Guo.Software Virtualization of Cryptographic Card Based on I/O Front-end and Back-end Model.COMPUTER SYSTEMS APPLICATIONS,2022,31(1):286-294