Container escape detection and blocking method, device and equipment and storage medium

A container and process technology, applied in multi-program devices, program control devices, computer security devices, etc., can solve problems such as unable to kill escaped processes in time, achieve the effect of low performance consumption and protection of the operating system

Active Publication Date: 2022-06-28
杭州默安科技有限公司
View PDF8 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] A container escape detection and blocking method provided by this application aims to solve the pr

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Container escape detection and blocking method, device and equipment and storage medium
  • Container escape detection and blocking method, device and equipment and storage medium
  • Container escape detection and blocking method, device and equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] like figure 1 As shown, a container escape detection and blocking method includes the following steps:

[0039] S110, load a dynamically loadable kernel module in the system, and make the dynamically loadable kernel module hook a fork function for creating a subprocess and an execve function for converting the process into a binary program;

[0040] S120: Acquire key information of the host process and store it in the global table, where the key information includes its process identifier, the process identifier of its parent process, the string value of its namespace, and the value in its fs_struct structure ;

[0041] S130, when the fork function or the execve function is called by the container process, obtain key information of the container process and store it in the global table;

[0042] S140. Search the global table for the key information of the host process and compare it with the key information of the container process to determine whether the container p...

Embodiment 2

[0105] like figure 2 As shown, a container escape detection and blocking device includes:

[0106] The mount module 10 is used for loading a dynamically loadable kernel module in the system, and making the dynamically loadable kernel module hook a fork function for creating a child process and an execve function for converting a process into a binary program;

[0107] The first storage table module 20 is used to obtain the key information of the host process and store it in the global table, the key information includes its process identifier, the process identifier of its parent process, the string value of its namespace and The value in its fs_struct structure;

[0108] The second storage table module 30 is configured to acquire key information of the container process and store it in the global table when the fork function or the execve function is called by the container process;

[0109] The judgment module 40 is used to look up the key information of the host process ...

Embodiment 3

[0112] like image 3 As shown, an electronic device includes a memory 301 and a processor 302, the memory 301 is used to store one or more computer instructions, wherein the one or more computer instructions are executed by the processor 302 to achieve the above A container escape detection and blocking method. Those skilled in the art can clearly understand that, for the convenience and brevity of description, for the specific working process of the electronic device described above, reference may be made to the corresponding process in the foregoing method embodiments, which will not be repeated here. A computer-readable storage medium storing a computer program, the computer program enables the computer to implement the above-mentioned container escape detection and blocking method. Exemplarily, the computer program can be divided into one or more modules / units, one or more modules / units are stored in the memory 301 and executed by the processor 302, and the data is comple...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a container escape detection and blocking method, device and equipment and a storage medium, and relates to the technical field of safety environment detection.The method comprises the following steps that a dynamic loadable kernel module is loaded in a system, and the dynamic loadable kernel module is made to hook a fork function and an excve function; acquiring key information of a host machine process and storing the key information into a global table; when the fork function or the excve function is called by the container process, key information of the container process is obtained and stored in a global table; and searching the key information of the host machine process in the global table, comparing the key information with the key information of the container process to determine whether the container process escapes or not, and if so, blocking the container process. According to the method, the execution process of the process is supervised, and the process can be killed before the escape process executes malicious actions, so that blocking in the process is realized, and an operating system is protected to the maximum extent.

Description

technical field [0001] The present application relates to the technical field of safety environment detection, and in particular, to a container escape detection and blocking method, device, equipment and storage medium. Background technique [0002] Container technology is a virtualization technology that supports easy sharing of CPU, memory, storage space and network resources at the operating system level, and provides a logical packaging mechanism, and applications packaged with this mechanism can be separated from their actual operating environment, This makes the application of container technology more and more widely, and the security problems it faces are also particularly important. Container escape is a typical representative of its security problems. [0003] There are two main types of container escape detection methods: one is an active detection method that requires manual intervention and cannot be used for intrusion detection; the other is a passive detectio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/55G06F21/56G06F9/445G06F9/48G06F9/455
CPCG06F21/554G06F21/566G06F21/568G06F9/44521G06F9/485G06F9/45558
Inventor 王嘉雄周涛涛
Owner 杭州默安科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap