With the gradual maturity of the Internet of vehicles and cloud computing industry and the continuous evolution of network attack forms, the demand for cloud security in the automotive industry will increase year by year. In the automobile cloud platform environment, because the traditional security scheme is still effective for the north-south traffic, the security problem of the automobile cloud platform mainly lies in the security protection of the east-west traffic of the platform and the division of the security boundary. The purpose of this project is to solve the security risk of east-west cross-subnet traffic of the automobile cloud platform, especially the traffic security problem between hosts, in order to provide the next generation firewall, intrusion prevention and other professional security protection functions for the virtual network environment without affecting the service virtual machine. In order to achieve the above purpose, it is necessary to solve the problem of virtual switch diversion and virtual machine drift on the cloud platform, study the service security requirements of the automotive cloud platform, the relationship between data transfer and processing on the cloud platform, and finally provide a prototype system of active security protection for the cloud platform risks. The system implements VM microisolation, network attack defense, malicious code defense, ip address-based secure access policies, application-type secure access policies, and VM migration security functions in cloud application scenarios.