Multi-tenant cloud computing-oriented container security monitoring method and system

A technology of security monitoring and cloud computing, which is applied in the field of cloud computing security to achieve the effect of ensuring system performance, realizing queryability and traceability, and ensuring security isolation

Active Publication Date: 2018-02-13
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF18 Cites 40 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The present invention provides a container security monitoring method and system for multi-tenant cloud computing, which solves the technical problem of unified monitoring of containers of different tenants in a public cloud environment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-tenant cloud computing-oriented container security monitoring method and system
  • Multi-tenant cloud computing-oriented container security monitoring method and system
  • Multi-tenant cloud computing-oriented container security monitoring method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045]In order to make the above objects, features and advantages of the present invention more comprehensible, the present invention will be further described in detail below through specific embodiments and accompanying drawings.

[0046] Container (Container) technology is an operating system-level lightweight virtualization technology. Its principle is to isolate based on Linux kernel technology. A process in a container cannot perceive the behavior of other containers and hosts, and is relatively independent and safe. operating environment. This embodiment describes a container monitoring system for multi-tenant cloud computing by using Docker as a container engine on a Linux system as an example.

[0047] figure 1 Shown is a typical system architecture diagram of the container monitoring system provided in this embodiment. The hardware layer of the system is a physical machine cluster composed of multiple physical machines, which is managed uniformly by using a cloud c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a multi-tenant cloud computing-oriented container security monitoring method and system. The method comprises the steps that 1), a cloud computing management platform allocatesvirtual machines to tenants and deploys monitoring programs in the virtual machines; 2), container clusters are established for the tenants on the virtual machines and containers in the container clusters are operated; 3), system call information in container operation processes are monitored through the monitoring programs, and the system call information is filtered in the virtual machines; 4),the filtered system call information is transmitted to a monitoring collection and analysis host; and 5), the monitoring collection and analysis host collects and analyzes the system call information,analyzes whether abnormities occur in the operation of the containers or not and feeds back analysis results to a system manager and the tenants. According to the method and the system, the usage condition of the user containers can be monitored in real time under a large-scale public cloud environment, the abnormal condition can be processed timely, and the security and the stability of a systemcan be improved.

Description

technical field [0001] The present invention relates to the technical field of cloud computing security, and in particular to a container security monitoring method and system for multi-tenant cloud computing. Background technique [0002] Container (Container) technology is a hot technology in cloud computing in the past two years, and it is a lightweight virtualization technology. Container technology uses mechanisms such as namespace and Cgroup supported by the Linux kernel itself to isolate environments and resources. Containers have fewer abstraction layers than virtual machines and directly use the host kernel, so they have obvious advantages over virtual machines in terms of energy consumption and startup speed. Due to the flexibility and portability of containers in application scenarios, many companies in the Internet industry (such as Google, Amazon, and Ali, etc.) have begun to use container technology for services, and the entire industry is on a rapid upward tr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/02H04L63/0227H04L63/0236H04L63/1425H04L67/1074H04L67/1095
Inventor 王利明孔同欧悯洁雷程马多贺王淼
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap