Container security isolation reinforcement method and device, electronic equipment and storage medium

A technology for security isolation and hardening devices, applied in computer security devices, instruments, electrical digital data processing, etc., can solve problems such as incomplete container isolation, and achieve the effect of avoiding malicious access and realizing network isolation

Pending Publication Date: 2022-03-01
CHINA ELECTRIC POWER RES INST +3
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] The purpose of the present invention is to provide a container safety isolation reinforcement method, device, electronic equipment and storage medium to solve the technical problem of incomplete container isolation in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Container security isolation reinforcement method and device, electronic equipment and storage medium
  • Container security isolation reinforcement method and device, electronic equipment and storage medium
  • Container security isolation reinforcement method and device, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0050] Platform: Substation Monitoring System Basic Platform, cover server hardware, operating system, public service components, real-time database, historical database, message bus, process management, permission management, etc.

[0051] App: Substation specific business function modules, such as grid real-time data drive, network security monitoring, data services, model services, graphics services, alarm services, etc.

[0052] Data Communication Gateway: Communication, security, measurement, auxiliary control, fire protection and first, secondary equipment online monitoring, etc. The remote service and other functions provide smart communication devices for transport services for data, models, and graphics.

[0053] Container: The container is a series of processes separated from other parts of the system. All files required to run these processes are provided by another image, and the container has portability and consistency. The container can share the same operating syst...

Embodiment 1

[0055] The present invention is based on the container technology, and the isolation environment and the APP are safely reinforced, and customizable containers that meet all APP deployment security requirements are implemented.

[0056] See figure 1 As shown, in the container safety isolation reinforcement device, the software system on the data communication gateway (the host) is divided into the application layer and the base platform layer in accordance with the service, and the basic platform is deployed on the operating system. Application layer APP is deployed in the container During the container and the foundation platform, communication is connected by interactive manager. Through the container to satisfy the minimum resource from the APP run to an independent environment, the container is unified, and the interaction of the APP and the foundation platform is interactive through the interactive manager. Application layer App will only access resources in the container, an...

Embodiment 2

[0069] The present invention provides a container safety isolation reinforcement method, including: Interactive Manager Monitoring the container installed with APP through the interactive manager's resource usage, the resource uses more than the preset alarm threshold. Alarm.

[0070] In the present invention, the resources include: CPU usage, CPU occupancy weight, maximum memory, recommended memory, disk device write bandwidth, disk device read bandwidth, disk device write IO rate, disk device read IO rate , Disk / device read and write weight, network bandwidth, one or more of disk limit.

[0071] In the present invention, the interactive manager filters the commands emitted by the container in accordance with the preset high-risk command list; the high-risk command includes one or more of the IP addresses.

[0072] In the present invention, the interactive manager sets the container virtual network card, and configures the container virtual network card; limit the network to wh...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of embedded gateway systems, and discloses a container security isolation reinforcement method and device, electronic equipment and a storage medium. The method comprises the steps that an interaction manager monitors the resource use condition of a container provided with an APP for external access through the interaction manager, and an alarm is given when the resource use exceeds a preset alarm threshold value. The external resource access control and boundary protection capability of the APP in the container is improved through the interaction manager, network isolation of the container and the host machine is achieved, and the isolation level of the container is increased.

Description

Technical field [0001] The present invention belongs to the technical field of embedded network system, and more particularly to a container safety isolation reinforcement method, apparatus, electronic device, and storage medium. Background technique [0002] In the new power system mode in the future, with the continuous growth of intelligent substations to access various services (distributed photovoltaic, energy storage), the "Platform + App" mode can effectively solve multi-service functions, flexible integration issues, to solve different functions The security boundaries brought by the APP integration deployment, the lack of protective measures, different operations of operational environment, and difficulties in APP isolation, which proposes a container-based APP deployment solution. [0003] Docker is a lightweight virtualization technology, compared to traditional virtualization methods, the application process within the Docker container is directly running the kernel o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/53G06F21/51G06F21/57
CPCG06F21/53G06F21/51G06F21/577
Inventor 姚志强王顺江任浩贺欢徐歆任辉樊陈贾依霖姜玉磊李松涛杨名赵国庆赵瑜杨青张海东
Owner CHINA ELECTRIC POWER RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap