Unlock instant, AI-driven research and patent intelligence for your innovation.

Container virtualization safety reinforcing device and method

A hardening device and virtualization technology, applied in program control devices, instruments, program/content distribution protection, etc., can solve problems such as unrealistic, large operating system code, and complex implementation of container-related isolation code, and achieve lightweight containers. The effect of fast level and fast startup

Active Publication Date: 2019-07-26
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF6 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, due to the huge amount of operating system code and the complexity of container-related isolation code implementation, it is very unrealistic to directly modify the underlying operating system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Container virtualization safety reinforcing device and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] The present invention provides a container virtualization security hardening device, which includes:

[0035] Containers running in client non-root mode;

[0036] The underlying operating system modules and common application modules running in the root mode of the host;

[0037] Implanting a microkernel in the non-root mode for managing memory and file system resources used by the container; wherein,

[0038] Enforced isolation between the container and the underlying operating system modules.

[0039] In the container virtualization security hardening device, the microkernel includes virtual CPU cores and virtual physical memory.

[0040] In the container virtualization security hardening device, the management of the container by the microkernel includes: system call processing, exception and interrupt processing, and system file system mounting.

[0041] The container virtualization security hardening device, wherein each of the virtual CPU cores is bound to a th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a container virtualization safety reinforcing device and method. The container virtualization safety reinforcing device comprises a container running in a non-root mode of a client; a bottom layer operation system module anda common application program module which run in a host machine root mode. A micro-kernel is implanted into the non-root mode and used for managing memory and file system resources used by the container; the container and the underlying operating system module are forcibly isolated. Compared with a traditional container, the device has better safety,and compared with a virtual machine and a container technology based on the virtual machine, the device has the advantages of being light in weight and high in starting speed.

Description

technical field [0001] The invention relates to the field of computer system security virtualization, and in particular to a container virtualization security hardening device and method. Background technique [0002] Due to the characteristics of flexibility and light weight of container technology, this technology has been widely used in the industry. Compared with the traditional hypervisor-based virtualization technology, container technology achieves isolation at the OS (operating system) layer, and the operating system kernel is shared between each container. Container-level virtualization is actually process-level virtualization provided by the operating system. The benefits achieved in this way mainly focus on two points: 1) It is lighter, and the VM (virtual machine) no longer needs to be accompanied by a huge guest operating system; 2) The startup speed is fast, and the startup of the container can be as fast as the startup of the process. [0003] However, the p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/14G06F9/455
CPCG06F9/45558G06F21/14
Inventor 王喆武成岗谢梦瑶张晓峰赖远明康妍曾凯
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI