Application protection method and device based on virtualization container
A technology for virtualizing containers and applications, applied in the field of network security, can solve problems such as fuzzy network boundaries, no attention to code security, and worrying security situation at the application layer
Active Publication Date: 2021-05-04
SHANDONG CHAOYUE DATA CONTROL ELECTRONICS CO LTD
View PDF13 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
The security situation at the application layer is worrisome, mainly due to the following problems: most web system designs only focus on normal applications and do not pay attention to code security; application layer security defense measures lag behind, or even have no real defense; As a springboard to attack other application systems
However, in the cloud computing mode, the virtual network makes the traditional network boundary very blurred. Traditional firewalls, IDS (Intrusion Detection System), IPS (Intrusion Prevention System) and other network security devices are deployed on the boundary of the physical network, unable to Control the communication between different applications within the same cloud platform. Once an application on the cloud platform directly attacks other applications from the inside, it can bypass all network boundary protection measures, thus directly threatening the application or even the entire cloud computing platform security
[0006] Aiming at the problem that the application firewall on the cloud platform cannot effectively protect the application layer in the prior art, there is currently no effective solution
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0030] In order to make the object, technical solution and advantages of the present invention clearer, the embodiments of the present invention will be further described in detail below in combination with specific embodiments and with reference to the accompanying drawings.
[0031] It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used to distinguish two entities with the same name but different parameters or parameters that are not the same, see "first" and "second" It is only for the convenience of expression, and should not be construed as a limitation on the embodiments of the present invention, which will not be described one by one in the subsequent embodiments.
[0032] Based on the above purpose, the first aspect of the embodiments of the present invention proposes a first embodiment of a method for protecting applications based on virtualization containers for different applications or different types ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses an application program protection method and device based on a virtualized container, including: monitoring an external port and obtaining an application program access request from the outside; extracting application layer information from a data packet of the application program access request; using a firewall policy Filter the application layer information to generate legal application layer information; transmit the legal application layer information to the application container for processing. The application program protection method and device based on the virtualization container proposed by the present invention can effectively protect the security of the application layer of the server system from the influence of attack means such as SQL injection, cross-site scripting, and information leakage.
Description
technical field [0001] The present invention relates to the field of network security, and more specifically, to a method and device for protecting application programs based on virtualized containers. Background technique [0002] With the rapid development of Internet technology, the B / S (browser / server) architecture application based on the combination of Web and database has been widely used in the internal and external business systems of enterprises, and the Web system is playing an increasingly important role. At the same time, more and more web systems are frequently attacked due to potential security risks, resulting in tampering of sensitive data and pages of web systems, and even becoming puppets for spreading Trojan horses, which will eventually cause harm to more visitors , causing serious losses. [0003] For the front end of the Web system, network security devices such as firewalls and intrusion prevention have been widely deployed, and network access contro...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06F21/55
CPCG06F21/554H04L63/0227
Inventor 李若寒孙大军元河清孙晓妮刘强
Owner SHANDONG CHAOYUE DATA CONTROL ELECTRONICS CO LTD