Container software security detection system and method based on content difference

A software security and detection system technology, applied in computer security devices, instruments, platform integrity maintenance, etc., can solve the problems of consuming computing resources and time costs, difficult to apply container software security detection, and high consumption, etc. Efficiency, the effect of reducing storage space, saving computing and storage resources

Active Publication Date: 2022-06-28
SHANGHAI JIAOTONG UNIV
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of the prior art mentioned above, the inventor believes that the general problem of this type of method is that it needs to consume a lot of resources (storage, bandwidth) to download a large number of images to the local test environment, and it needs to consume a lot of computing resources and time costs for performing detection
Therefore, it is difficult to apply to large-scale container software security detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Container software security detection system and method based on content difference
  • Container software security detection system and method based on content difference

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047]The present invention will be described in detail below with reference to specific embodiments. The following examples will help those skilled in the art to further understand the present invention, but do not limit the present invention in any form. It should be noted that, for those skilled in the art, several changes and improvements can be made without departing from the inventive concept. These all belong to the protection scope of the present invention.

[0048] The embodiment of the present invention discloses a container software security detection system and method based on content difference, such as figure 1 and figure 2 As shown, it includes an identification and classification node, a data acquisition node and a security analysis node, and the three nodes exchange data through the message channel distributed task scheduling technology to work together. Distributed task scheduling technology adopts Gearman distributed task scheduling framework.

[0049] ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a container software security detection system and method based on content difference, including identification and classification nodes, data acquisition nodes and security analysis nodes, and the three nodes work together by exchanging data; identification and classification nodes: complete and User interaction, basic image identification for all input images to be detected, image classification, sending data acquisition tasks, etc.; data acquisition node: download the corresponding container image according to the issued data acquisition task, and download the completed container Image extracts the corresponding container image layer data; security analysis node: According to the extracted container image layer data, non-basic image layer data is identified, and the security analysis is performed on the non-basic image layer data. While ensuring the effectiveness of the detection, the present invention does not need to actually run the image, which greatly saves computing and storage resources, and can realize full security detection of a large number of images in the public warehouse in a relatively short period of time with limited resources.

Description

technical field [0001] The present invention relates to the technical field of container software security detection, in particular, to a container software security detection system and method based on content difference. Background technique [0002] Container software applications based on virtualization technology are becoming more and more common. The container form mainly represented by Docker carries various enterprise-level virtualization applications common in various cloud centers. Among them, Docker Hub is its official storage warehouse, which contains various users in the community. There are 18 million application images in the database, and users need to download such images from the warehouse as long as they use and deploy related applications. The vulnerability of such container images has become the focus of attack and defense. In particular, the lack of security configuration exposes serious security vulnerabilities such as privacy leakage and unauthorized ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/57
CPCG06F21/562G06F21/572G06F2221/033
Inventor 陈力波夏懿航赵瑞杰王轶骏薛质姜开达
Owner SHANGHAI JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products