Micro-service access control method, system and device based on security attribute

Abstract

The invention provides a micro-service access control method, system and device based on security attributes, and relates to the technical field of network security, and the method comprises the steps: receiving a micro-service access request of a user, including a micro-service name; querying and obtaining all corresponding security attributes and attribute values according to the micro-service name; obtaining attribute values of all security attributes of the micro-service corresponding to the user, and comparing the attribute values with attribute values of all security attribute values of the micro-service to obtain an authorization result; and if authorization is allowed, the micro-service returns an access result to the user according to the access request. The method has the advantages that a user role based on role access control provided by a k8s system is reserved, attributes are allocated to the user, permission limitation is carried out on the user according to the security attributes, security management of micro-service resource access is achieved, the principles of dynamics and expansibility are followed, and the method is easy to implement. And dynamic and fine-grained management of micro-service resource access is realized.

Description

technical field [0001] The present invention relates to the technical field of network security, in particular to a security attribute-based microservice access control method, system and device. Background technique [0002] With the rapid development of Internet technology, access control technology, as one of the core means to ensure network information security, has been widely used in various application scenarios, such as cloud computing, mobile computing and other application scenarios. With the popularity of Kubernetes in cloud computing, mobile computing, and edge computing, as well as the development of 5G networks, containerization, and microservices, providing a safe and reliable cloud computing platform must be considered. [0003] The authorization method in Kubernetes (same as k8s) system uses RBAC strategy by default, that is, role-based access control (Role-Based Access Control): the concept of "role (Role)" is introduced between users and permissions, and e...

AI Technical Summary

Problems solved by technology

[0004] The above-mentioned security protection method provided by the Kubernetes system itself has limited protection for the microservices deployed in the container cloud. If an attacker launches a traffic attack or other penetration attack against one or more microservices, the Kubernetes cluster’s existing The ability of advanced security technology to monitor and intercept attacks is limited, and attackers can easily bypass existing security policies and carry out various attacks on system microservices; moreover, the granularity of control is not perfect enough, and the scope of authority corresponding to roles is difficult to predetermine. There are great challenges to edge cloud applications; and the authorization method is static, unable to dynamically perceive user behavior change decisions, and there are hidden dangers in some scenarios

For example, the user can initiate crazy requests under the condition of having certain permissions, and there is currently no corresponding countermeasure for this operation

Images