Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Layered encryption storage method of container image based on device Mapper

A technology for encrypted storage and mirroring, applied in the field of containers, can solve problems such as residual security of sensitive data, and achieve the effect of facilitating application services, realizing storage security, and improving application security.

Active Publication Date: 2021-11-12
CHINA ELECTRONICS TECH CYBER SECURITY CO LTD
View PDF13 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The current container image storage is open, and the data of each layer of the image can be easily obtained
Hierarchical storage can easily lead to security issues of sensitive data residues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Layered encryption storage method of container image based on device Mapper
  • Layered encryption storage method of container image based on device Mapper
  • Layered encryption storage method of container image based on device Mapper

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] In order to better understand the present invention, the present invention will be described in detail below in conjunction with the accompanying drawings.

[0026] Such as figure 2 As shown, in the existing mirror layered storage, the snapshot of the first layer of the mirror is created from the basic device, and the subsequent mirror layers are created based on the snapshots of their parent mirror layers. The newly created snapshot already contains all the content of the parent layer, and then writes the content of the current mirror layer on this basis to form a new complete snapshot of the mirror layer.

[0027] Such as image 3 As shown, the Device Mapper-based container image layered encryption storage method of the present invention, for image layer 1,

[0028] s11. Initialize the resource pool;

[0029] s12. Initialize the basic equipment;

[0030] s13. Create a snapshot corresponding to image layer 1;

[0031] s14, activate the snapshot;

[0032] s15. Th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The container image layered encrypted storage method based on Device Mapper of the present invention mainly adopts dm-crypt to encrypt specific snapshot devices. A mirror layer corresponds to a logical device under Device Mapper, and the logical device is encrypted by the dm-crypt module using the key of the current mirror layer. When you need to use the mirror layer, use the mirror layer key to decrypt and open the previously encrypted device through the dm-crypt module. The decrypted and opened device is an accessible device, which is provided to the user after being bound to the file system. The present invention improves the existing container image storage mechanism, proposes a security mechanism for image layered encryption storage, realizes the security isolation of container image layer data, not only realizes the storage security of the container, but also realizes the storage of the container through layered encryption Access control. It is convenient for security managers to provide application services to users with different permissions according to different needs, so that the application security of containers is significantly improved.

Description

technical field [0001] The present invention relates to the technical field of containers, in particular to a layered encrypted storage method for container images. Background technique [0002] Container virtualization technology has matured and started to be widely used. As an important part of the container virtualization technology, the container image carries the specific business of the container and determines what the container will do. A mirror can run a simple independent command and then exit; it can also be as complex as a database software, waiting for the user to add data to it, store the data, and then use the data. The problem then arises, what should we do when we don't want others to have access to the data in the mirror. Furthermore, the container image is implemented based on the copy on write (CoW) technology. An image is composed of 1 to N layers of image layers, and each layer is a complete operating environment and is read-only. The user uses the i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/60
CPCG06F21/602
Inventor 王进刘丽刘晓毅何喆颐
Owner CHINA ELECTRONICS TECH CYBER SECURITY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com