基于I/O前后端模型的密码卡软件虚拟化

密码技术是云计算安全的基础,支持SR-IOV虚拟化的高性能密码卡适用于云密码机,可以为云计算环境提供虚拟化数据加密保护服务,满足安全需求.针对该类密码卡在云密码机使用过程中存在的兼容性不好、扩充性受限、迁移性差以及性价比低等问题,本文提出了基于I/O前后端模型的密码卡软件虚拟化方法,利用共享内存或者VIRTIO作为通信方式,通过设计密码卡前后端驱动或者服务程序,完成多虚拟机与宿主机的高效通信,实现常规密码卡被多虚拟机共享.该方法可以有效地降低云密码机的硬件门槛,具有兼容性好、性能高、易扩展等特点,在信创领域具有广阔的应用前景.

Software Virtualization of Cryptographic Card Based on I/O Front-end and Back-end Model

Cryptographic technology is the foundation of cloud computing security. The high-performance cryptographic cards supporting SR-IOV virtualization technology are suitable for cloud cipher machines, which can realize the encryption protection of virtualization data for cloud computing environments and meet the security requirements. However, these cryptographic cards have unsatisfactory compatibility, limited expansibility, poor migration, and low cost performance when applied in cloud cipher machines. Thus, this study proposes a software virtualization method of cryptographic cards based on an I/O front-end and back-end model. With shared memory or virtio as the communication mode, it completes the efficient communication between multiple virtual machines and the host by designing the front-end and back-end driver or service program of cryptographic cards and realizes that common cryptographic cards can be shared by multiple virtual machines. This method can effectively lower the hardware threshold of cloud cipher machines and makes cryptographic cards possess good compatibility and expansibility and high performance, thus showing broad application prospects in information technology applications and innovation.