Docker mirror image scanning method based on static analysis

A technology of static analysis and scanning method, which is applied in the directions of instruments, computing, and electrical digital data processing, etc., which can solve the problems of limiting the realization of large-scale scanning and lack of detection coverage, so as to facilitate large-scale rapid scanning, improve scanning speed and detection coverage , The effect of fast and efficient detection

Pending Publication Date: 2022-05-31
ZHEJIANG UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Based on conventional detection methods, it lacks detection coverage for software that is introduced into the image during the constructi...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Docker mirror image scanning method based on static analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] The invention discloses a static analysis-based Docker image scanning method, and proposes a method for scanning the Docker image and construction history records based on the static analysis. Use the image scanning tool to obtain the existing vulnerability information of the image, and build a prediction model and analyze the application of the software vulnerability development trend; use feature extraction and feature matching to scan the image construction history record, and analyze the security problems existing in the image. Combining the two aspects of scanning and detection, the software vulnerability prediction results of the Docker image and the security scanning results of the image are obtained.

[0019] The present invention is based on scanning a large number of images, uses a static analysis method to extract security features from the security issues in the images, and then establishes a security feature database, and then uses the established feature da...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Docker mirror image scanning method based on static analysis, and the method comprises the steps: carrying out the feature extraction of a large number of Docker mirror image construction historical records through a manual analysis method, building a safety feature library, carrying out the feature matching of a to-be-detected mirror image according to the safety feature library, and detecting the safety problem of the mirror image according to the feature information and a white list mechanism. Meanwhile, the number of software vulnerabilities in the mirror image is detected through a mirror image scanning tool, function fitting is conducted according to a scatter diagram of time distribution, a vulnerability prediction model is established, finally, the safety problem of the Docker mirror image is comprehensively analyzed through information of the software vulnerabilities and the scatter diagram, and a mirror image scanning result is fed back. According to the method, mirror image software vulnerabilities are analyzed in combination with a mirror image scanning tool and a self-defined scanning method, the mirror image scanning tool analyzes the mirror image software vulnerabilities, function fitting is carried out according to a vulnerability number distribution scatter diagram, and a mirror image vulnerability prediction model is established.

Description

technical field [0001] The invention relates to a Docker image security detection technology, in particular to a static analysis-based Docker image scanning method. Background technique [0002] At present, there are more than 8 million images in the Docker Hub image warehouse and the number is growing rapidly. There are a large number of images with security problems. In order to detect the vulnerabilities in the image, the image scanning tool is mainly used for detection at present. It can scan the existing vulnerability information in the image, but it lacks knowledge of unknown information, cannot understand the development trend of the vulnerability in the image, and lacks scanning from a development perspective. analyze. At the same time, the implementation principle of the current image scanning tool mainly relies on scanning the entire image file, detecting according to the software management information inside the image, and then matching with the remote vulnerabi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06F21/57
CPCG06F21/577G06F21/562
Inventor 申文博庄阿得任奎
Owner ZHEJIANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap