Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Container security execution method and device and storage medium

An execution method and container technology, applied in the computer field, can solve problems such as lack of comparison and verification, failure to provide services normally, lack of planning, etc., and achieve the effect of solving the isolation problem between containers

Pending Publication Date: 2022-06-24
SUZHOU LANGCHAO INTELLIGENT TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Protect the security of the Docker image and verify the integrity of the container image, but lacks the comparison and verification of the integrity value of the stored image after Docker download and the official website, and lacks the encrypted storage function
Cgroup is used to limit the use of resources by containers, but the lack of overall planning may cause an application to overuse computing, memory, and disk resources, thereby crowding out the resources of other applications in the shared host, making it unable to provide services normally
At the same time, in the existing technology, the integrity measurement of the program at runtime is generally assisted by the TPM, which needs to increase the hardware cost

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Container security execution method and device and storage medium
  • Container security execution method and device and storage medium
  • Container security execution method and device and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] In order to make the objectives, technical solutions and advantages of the present invention more clearly understood, the embodiments of the present invention will be further described in detail below with reference to the specific embodiments and the accompanying drawings.

[0044] like figure 1 As shown, the present invention provides a container security execution method, including:

[0045] Step S1, establish a main monitor and multiple sub-monitors based on SGX, and manage the container through the main monitor and multiple sub-monitors;

[0046] Step S2, in response to the first startup of the container system, perform integrity measurement on the structural file of the container system, calculate the integrity measurement value of the structural file of the container system, and use the integrity measurement value as The integrity metric base value of the container system is saved to the master monitor.

[0047]In the present invention, the present invention pr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a container security execution method and device and a storage medium, and the method comprises the steps: building a main monitor and a plurality of sub-monitors based on an SGX, and carrying out the management of a container through the main monitor and the plurality of sub-monitors; the method comprises the following steps: in response to the first starting of a container system, carrying out integrity measurement on a structural file of the container system, calculating an integrity measurement value of the structural file of the container system, and storing the integrity measurement value as an integrity measurement base value of the container system to a main monitor. The problem that containers in the same Network Namespace can access each other is solved, the problem of isolation between the containers is solved, and malicious attack behaviors of untrusted containers are prevented by setting a container network white list and limiting the access capability of other containers to the running containers. The problems that the integrity and legality of a code segment and a stack function return address are verified when a container runs, the code segment is tampered when the container runs, and the stack function return address overflows are solved.

Description

technical field [0001] The invention belongs to the field of computers, and in particular relates to a container security execution method, device and storage medium. Background technique [0002] With the rapid development of Internet technology and big data, cloud computing technology has become the mainstream computing method. More and more enterprises and users choose cloud computing as the primary computing and storage method. Among them, virtual machines and containers are the two main virtual machine technologies in cloud computing. Container technology is a lightweight virtualization solution in which multiple containers share an operating system kernel. The container includes the system environment it depends on and the applications to be deployed. The size of the container is generally only tens to hundreds of MB. Among the container technologies, Docker containers are more popular among enterprises. Docker containers have the advantages of faster interaction a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/53
CPCG06F21/53
Inventor 麻付强
Owner SUZHOU LANGCHAO INTELLIGENT TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com