Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Micro-service access control method, system and device based on security attribute

A security attribute and access control technology, applied in the field of network security, can solve problems such as system microservice attacks, hidden dangers, and no countermeasures, and achieve the effects of clear system hierarchy, enhanced security management, and reduced performance problems

Pending Publication Date: 2022-04-29
北京思特奇信息技术股份有限公司 +1
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The above-mentioned security protection method provided by the Kubernetes system itself has limited protection for the microservices deployed in the container cloud. If an attacker launches a traffic attack or other penetration attack against one or more microservices, the Kubernetes cluster’s existing The ability of advanced security technology to monitor and intercept attacks is limited, and attackers can easily bypass existing security policies and carry out various attacks on system microservices; moreover, the granularity of control is not perfect enough, and the scope of authority corresponding to roles is difficult to predetermine. There are great challenges to edge cloud applications; and the authorization method is static, unable to dynamically perceive user behavior change decisions, and there are hidden dangers in some scenarios
For example, the user can initiate crazy requests under the condition of having certain permissions, and there is currently no corresponding countermeasure for this operation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Micro-service access control method, system and device based on security attribute
  • Micro-service access control method, system and device based on security attribute
  • Micro-service access control method, system and device based on security attribute

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0122] Such as Figure 4 As shown in , the user initiates an access request to the microservice resource Pod, and the process is as follows:

[0123] After the user passes the JWT token verification of the gateway;

[0124] The request will be forwarded to the interface for reading Pod details in the system ( / k8s / pods / detail);

[0125] The system parses the two parameters of the desired Pod's namespace (namespace) and name (podName) carried in the request parameter;

[0126] The system will query the resource_attr table in the database according to the Pod name to obtain the two values ​​of the resource's danger level (dangerLevel) and security level (securityLevel), and query the user's two attribute values ​​in attributes (attributes).

[0127] If the user's risk factor is higher than the microservice resource, or the user's security level is lower than the resource, the system will reject the user's request;

[0128] After the user passes the attribute verification of th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a micro-service access control method, system and device based on security attributes, and relates to the technical field of network security, and the method comprises the steps: receiving a micro-service access request of a user, including a micro-service name; querying and obtaining all corresponding security attributes and attribute values according to the micro-service name; obtaining attribute values of all security attributes of the micro-service corresponding to the user, and comparing the attribute values with attribute values of all security attribute values of the micro-service to obtain an authorization result; and if authorization is allowed, the micro-service returns an access result to the user according to the access request. The method has the advantages that a user role based on role access control provided by a k8s system is reserved, attributes are allocated to the user, permission limitation is carried out on the user according to the security attributes, security management of micro-service resource access is achieved, the principles of dynamics and expansibility are followed, and the method is easy to implement. And dynamic and fine-grained management of micro-service resource access is realized.

Description

technical field [0001] The present invention relates to the technical field of network security, in particular to a security attribute-based microservice access control method, system and device. Background technique [0002] With the rapid development of Internet technology, access control technology, as one of the core means to ensure network information security, has been widely used in various application scenarios, such as cloud computing, mobile computing and other application scenarios. With the popularity of Kubernetes in cloud computing, mobile computing, and edge computing, as well as the development of 5G networks, containerization, and microservices, providing a safe and reliable cloud computing platform must be considered. [0003] The authorization method in Kubernetes (same as k8s) system uses RBAC strategy by default, that is, role-based access control (Role-Based Access Control): the concept of "role (Role)" is introduced between users and permissions, and e...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L9/32
CPCH04L63/10H04L63/20H04L9/3213
Inventor 吴智辰裘晓峰高骏捷寿国础刘乃希陈远强孙浩张文蕾李继清李洪星薛俊礼刘雅琼胡怡红
Owner 北京思特奇信息技术股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products