Security reinforcement method for credible container based on Docker

A container and trusted technology, applied in the field of the Internet, can solve the problems such as the inability of the container container and the host to interconnect, the lack of concern for the security of the Docker container, the tampering of the Docker container and the image, etc., to ensure integrity, security, and reliability. The effect of letter initiation

Active Publication Date: 2015-11-18
WUHAN UNIV
View PDF3 Cites 78 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] (3) Daniel Walsh and others proposed to use the access control system to strengthen Docker security in 2014. Taking the SElinux system developed by RedHat as an example, the system puts a unique label on each container when it is created. And the container and the host cannot be interconnected by default, that is to say, all operations between the host and the object with different labels are prohibited, which greatly improves the isolation of the Docker container, but this method still does not care about the Docker container Internal security, Docker containers and images still face the possibility of tampering

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security reinforcement method for credible container based on Docker
  • Security reinforcement method for credible container based on Docker
  • Security reinforcement method for credible container based on Docker

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] In order to facilitate those of ordinary skill in the art to understand and implement the present invention, the present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the implementation examples described here are only used to illustrate and explain the present invention, and are not intended to limit this invention.

[0053] The invention provides a Docker-based trusted container security reinforcement method, which is used to enhance the security of a Docker container system, realize a Docker-based trusted container, and apply it to a Docker-based server cluster.

[0054] please see figure 1 , the Docker-based trusted container of this embodiment includes a container program Docker, a container trusted measurement module, a process monitoring module and a network communication monitoring module, wherein the container trusted measurement module includes a trusted startup s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a security reinforcement method for a credible container based on Docker used for performing security reinforcement on a Docker container system, and realizes the credible container based on the Docker, as well is applied to a server cluster based on the Docker. The credible container based on the Docker comprises a container program Docker, a container credible measurement module, a progress monitoring module and a network communication monitoring module, wherein the container credible measurement module comprises a credible booting sub-module and a file measurement sub-module. The reinforcement method focuses on the credibility of the Docker container; a credible computing and integrity measurement technology is matched with a real-time monitoring module to reinforce the container system based on the Docker, so that the container and a mirror image are prevented from tampering; and meanwhile, a network communication behavior of the container is limited, and an inner progress of the container is monitored, so as to realize the security reinforced credible container.

Description

technical field [0001] The invention belongs to the technical field of the Internet, and in particular relates to a Docker-based trusted container security reinforcement method. Background technique [0002] As the most popular lightweight virtualization technology nowadays, Docker is bringing a disruptive technological revolution to the industry. As the application scale of Docker technology becomes larger and wider, the security problems exposed by it are also It seems to be becoming more and more serious, such as imperfect isolation mechanism, excessive concentration of privileges, chaotic sharing mechanism, etc. These security risks have become key factors hindering the development of Docker. From the various security issues that have been discovered in Docker, it can be seen that both Docker images and containers have the risk of being tampered with. At the same time, incomplete isolation allows unauthorized communication between containers. The Docker system and eve...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55
CPCG06F21/53G06F21/552
Inventor 王鹃张雨菡于鹏陈铜李雅苹
Owner WUHAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap