Docker platform dynamic protection method based on trusted computing
A trusted computing and platform technology, applied in secure communication devices and key distribution, can solve problems such as high complexity, inability to guarantee the dynamic integrity of running services, and inability to isolate and store metric values
Active Publication Date: 2020-09-22
SOUTHEAST UNIV
View PDF3 Cites 9 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0006] In a container-based virtualization environment, traditional trusted computing implementation methods are either complex and cause unnecessary performance loss, or cannot store the metrics of each container in isolation to provide confidentiality
In addition, traditional trusted computing implementation methods only focus on the static integrity of the platform, and cannot guarantee the dynamic integrity of services running on the platform.
Therefore, the existing trusted computing implementation methods are difficult to be directly applied to container-based virtualization environments.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0061] The present invention will be further described below in conjunction with the accompanying drawings. Such as figure 1 Shown, the present invention comprises the following steps:
[0062] Step 1, system initialization: the / sys / kernel / security / vpcr / pcr_old file is generated during the initialization of the vPCR module (set the value in it as PCR old ), which is used to record the old value of the PCR (set to pPCR) in the physical TPM bound to the vPCR instance. When the initialization is completed, the PCR old and pPCR are both 0. The overall architecture of the vPCR module is as follows figure 2 shown. During the initialization process of the measurement agent module, a dynamic measurement file of the host domain is generated, and the PID namespace of the host domain is recorded.
[0063] Step 2, container generation: the user requests the Docker platform to generate a container to run the specified service. During the container generation process, the transfer of...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a Docker platform dynamic protection method based on trusted computing, and the method comprises the steps: firstly carrying out the initialization of a system, and completingthe initialization of a vPCR module and a measurement agent module; secondly, enabling a user to request a Docker platform to generate a container, and generating a vPCR instance corresponding to thecontainer in the container generation process; thirdly, enabling the user to request the platform to verify the dynamic integrity of the specific container through a remote verification module in theverification system; furthermore, enabling a measurement agent module in the target system to execute a measurement process according to the request, expand and store a measurement value into a security module consisting of the vPCR module and the TPM, and record a corresponding measurement log; then, enabling the target system to return integrity evidences to the verification system; and finally,enabling the verification system to judge the integrity state of the target system according to the integrity evidence of the target system. According to the method, the measurement process is executed while an original process execution result is not affected, and it is guaranteed that the dynamic integrity of the container is not damaged.
Description
technical field [0001] The invention relates to a dynamic protection method for a Docker platform based on trusted computing, and belongs to the field of dynamic integrity verification of trusted computing. Background technique [0002] With the continuous development and wide application of cloud computing technology, virtualization technology has become more and more important. Compared with traditional virtualization technology, container-based virtualization technology is more lightweight and flexible, and has less impact on system performance, so it is favored by more and more users and manufacturers. Docker technology is a kind of container technology, which currently occupies a dominant position in the container market and has become the de facto standard of container technology. Therefore, the security protection of the Docker platform has important research significance and practical value. In the Docker platform, the low isolation of containers and the constructio...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More IPC IPC(8): H04L9/32H04L9/08H04L29/06
CPCH04L9/3234H04L9/0877H04L9/3247H04L63/123
Inventor 黄杰潘桂鑫
Owner SOUTHEAST UNIV