Check patentability & draft patents in minutes with Patsnap Eureka AI!

TPM-based container trusted starting method and device

A container and trusted technology, which is applied in the field of network and information security, can solve the problems that are difficult to meet, cannot customize different types of containers, and limit the scalability of container functions, so as to achieve high availability, good compatibility, and good scalability.

Pending Publication Date: 2020-01-03
FUDAN UNIV
View PDF8 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method limits the scalability of container functions, cannot customize different types of containers, and is difficult to meet the needs of large-scale container clusters with complex and changeable conditions

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • TPM-based container trusted starting method and device
  • TPM-based container trusted starting method and device
  • TPM-based container trusted starting method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0039] according to Figure 6 As shown in , the implementation process is described by taking the trusted startup of the Docker container providing the Apache HTTP service as an example.

[0040] In the first step, the host operating system has been trusted and started. At this time, the user initiates a request to start Docker to provide HTTP services. This step assumes that the user has started the Docker before, otherwise the vTPM platform will intervene and mount the virtual TPM into the container. ;

[0041] In the second step, the image measurement module intervenes to audit whether each layer of the image has been tampered with. If it has been tampered with, whether it can be repaired by using the corresponding read-only image and read-write image countermeasures. The error of the read-only image is first compared by the layer summary The method determines the damaged image layer, and then reacquires the layer image from the image warehouse of the cluster where the ima...

Embodiment 2

[0046] Based on the basis of embodiment 1, in this embodiment, the TPM device is replaced with a TCM (trusted cryptography module, trusted cryptographic module) device, and the two encryption algorithms are different but similar in principle;

[0047] Docker in this embodiment is replaced by other containers, such as rkt of CoreOS;

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of network and information security, and relates to a TPM (Trusted Platform Module)-based container trusted starting method and device. The TPM-based container trusted starting device consists of a physical TPM, a mirror image abstract library, a vTPM platform and a virtual TPM; the physical TPM is used as trusted root, the mirror image abstract libraryuses an improved Merkle trusted tree structure to store abstracts of all layers of mirror images of the container; the vTPM platform is implanted in the container engine and can provide a virtual TPMwhen the container is started for the first time; the virtual TPM provides credibility verification for the application program in the container, credible starting of the container is achieved through the physical TPM verification mirror image, and credibility of the application in the container is guaranteed through the virtual TPM. The method and device are good in compatibility and suitable for various container implementation modes; the availability is high, a specific mirror image with an error is positioned, the fault tolerance of container starting is provided, and the method and device can adapt to a scene that the container is rapidly changed; and the expansibility is good, the virtual TPM in the container is the same as physical equipment in use, various application programs invarious containers can be verified, and the credibility of an application layer is ensured.

Description

technical field [0001] The invention belongs to the technical field of network and information security, and relates to a TPM-based container trusted startup method and device. The invention utilizes TPM and other trusted computing devices to implement a trusted startup method for containers on a cloud platform. Background technique [0002] Statistics show that container technology is another hot technology after big data and cloud computing. As the microservice architecture gradually becomes the mainstream of developing application systems, containers, as the cornerstone of this architecture, are getting more and more attention. The prior art discloses that the container can create a relatively independent operating environment in the host machine, but unlike the virtual machine, the container does not need to install the host operating system, and directly installs the container layer on the host system, using the host's Kernel to implement a lightweight virtual environm...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/53
CPCG06F21/53
Inventor 王国平匡翔宇吴承荣
Owner FUDAN UNIV
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com