CN110233817B - Container safety system based on cloud computing - Google Patents

Container safety system based on cloud computing Download PDF

Info

Publication number
CN110233817B
CN110233817B CN201810182403.0A CN201810182403A CN110233817B CN 110233817 B CN110233817 B CN 110233817B CN 201810182403 A CN201810182403 A CN 201810182403A CN 110233817 B CN110233817 B CN 110233817B
Authority
CN
China
Prior art keywords
security
container
access
cloud computing
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810182403.0A
Other languages
Chinese (zh)
Other versions
CN110233817A (en
Inventor
熊常春
成胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Vcmy Technology Co ltd
Original Assignee
Guangzhou Vcmy Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Vcmy Technology Co ltd filed Critical Guangzhou Vcmy Technology Co ltd
Priority to CN201810182403.0A priority Critical patent/CN110233817B/en
Publication of CN110233817A publication Critical patent/CN110233817A/en
Application granted granted Critical
Publication of CN110233817B publication Critical patent/CN110233817B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a cloud computing-based container security system, which belongs to the technical field of communication. The system adopts network access security, API access security and WEB access security to realize multi-dimensional access security detection and control; the container deployment is transferred from the physical server to the virtual machine of the cloud computing, so that the safety problem of poor container isolation is solved, the influence range of the container when the container is in risk is reduced, and the safety level of the container is improved; the safe isolation of the container is realized by utilizing the multi-tenant isolation of cloud computing; various security mechanisms are adopted, and the security of the container is realized by utilizing cloud computing multi-tenants.

Description

Container safety system based on cloud computing
Technical Field
The invention belongs to the technical field of communication, and particularly relates to a cloud computing-based container security system.
Background
Currently, container-based virtualization technology has rolled up the entire software development community in a hurry short of blinding. After containerization is applied, the creation can be carried out more quickly, the maintenance is easier, and meanwhile, higher quality can be obtained.
At the same time, containerization is increasingly used, with attendant safety issues. Containers are virtualization technologies as virtual machines, but containers have more security issues to consider than virtual machines. Enterprises that use containers must carefully treat data privacy and security, assess when, where, and the risks posed by the containers. Although various manufacturers offer a variety of security products, no mature integrated solution for container security is currently formed.
Current container management technologies are kubernets, Swarm, and messes, all facing the same container security issues, including application threats, host threats, data security, multi-tenant security threats, and privileged user issues, embodied as:
application threat: SQL injection, cross-site, etc. attacks against the application layer;
host threat: the containers and the hosts share the kernel, and one container has a safety problem and can influence the safety of the hosts or other containers;
and (3) data security: the confidentiality, integrity and availability of data are destroyed; how to ensure that the downloaded image is authentic and has not been tampered with; a storage volume of a container exists on a single host machine and is in the risk of single-point failure;
multi-tenant security threats: containers of tenants with different security requirements may run on the same physical machine, which is difficult to handle by traditional security measures;
privileged user problems: the separation of application and resource ownership results in the possibility of administrator access to user data, thereby compromising data confidentiality, integrity, availability.
Therefore, in order to better exploit the advantages of the container, ensure the safety of the container environment, standardize the safety architecture of the container, and provide a good container safety system is a technical problem which needs to be solved urgently at present.
Disclosure of Invention
In order to overcome the defects in the prior art, the invention provides a cloud computing-based container security system.
In order to achieve the above purpose, the invention provides the following technical scheme:
a cloud computing-based container security system comprises an access layer security subsystem, a security service subsystem and a resource layer security subsystem;
the access layer security subsystem comprises:
the network access security module is used for detecting whether the application program adopts an encrypted communication protocol or not when a user accesses the containerized application resource, executing control check when each function of the application program is accessed, protecting the integrity and confidentiality of communication information and having the capabilities of user authentication and authentication;
the API access security module is used for providing access control, attack prevention and security transmission capability of the API; authority and certificate authentication is carried out on API call of the container application program or API call of container resources, and access is denied to API requests which do not pass verification;
the WEB access security module is used for providing WEB code security, resource access control and remote access security transmission capability, performing validity check on input and output, taking a defense vulnerability measure and formulating an access control strategy for accessed container resources;
the security service subsystem comprises:
the host security service module is used for providing anti-virus, vulnerability detection and third-party defense services;
the network security service module is used for providing basic illegal connection detection, network defense and flow monitoring services;
the data security module is used for establishing unified key and certificate management, providing authentication service for a cloud computing environment or a container environment, and providing unified management functions of data encryption, backup and recovery and key and certificate;
the safety audit module is used for providing an audit function, has automatic audit information identification and processing functions, and provides access, operation and use condition recording and examination of a cloud computing environment and a container environment;
the resource layer security subsystem comprises:
the physical resource security module is used for monitoring the security of basic hardware and network and the security of physics and environment;
and the virtual resource security module is used for providing functions of virtual space isolation, resource monitoring and overload protection of computing, storage and network resources.
Preferably, the API access security module is also capable of preventing replay, code injection and DoS/DDos attacks.
Preferably, the countermeasure comprises: enhancing the verification of the received data; adding input/output filtering to the data; repairing the problem that Dos/DDos vulnerability may exist; attack traffic is cleaned by using anti-DoS/DDos services.
Preferably, the vulnerabilities include authentication vulnerabilities, permission vulnerabilities, session vulnerabilities, WEB service vulnerabilities, and injection vulnerabilities.
Preferably, the data security module is provided with an automatic detection mechanism.
The cloud computing-based container security system provided by the invention comprises an access layer security subsystem, a security service subsystem and a resource layer security subsystem; the access layer security subsystem comprises a network access security module, an API access security module and a WEB access security module, the security service subsystem comprises a host security service module, a network security service module, a data security module and an audit module, and the resource layer security subsystem comprises a physical resource security module and a virtual resource security module. The system adopts network access security, API access security and WEB access security to realize multi-dimensional access security detection and control; the container deployment is transferred from the physical server to the virtual machine of the cloud computing, so that the safety problem of poor container isolation is solved, the influence range of a single leak is effectively solved, the influence range of the container when the container is in risk is reduced, and the safety level of the container is improved; the safe isolation of the container is realized by utilizing the multi-tenant isolation of cloud computing; various security mechanisms are adopted, and the security of the container is realized by utilizing cloud computing multi-tenants.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a block diagram of a cloud computing-based container security system according to embodiment 1 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
The embodiment 1 of the invention provides a cloud computing-based container security system which deploys containerized applications to a cloud computing environment by utilizing the technologies of multi-tenant, computing virtualization, storage virtualization, network virtualization and the like of cloud computing. The container can be perfectly matched with a virtualization technology which can protect the virtual machine, and provides deep defense for the host. Specifically, the implementation process of the cloud-computing-based container security system provided by the embodiment depends on both a cloud computing environment and an environment with a similar architecture, and provides a security safeguard measure for the application of the container platform. The containerized application is deployed in a cloud computing environment, and all container applications and container resource interface APIs which provide services to the outside are detected and controlled by an access layer security subsystem. Fig. 1 is a block diagram of a cloud computing-based container security system according to an embodiment of the present invention, where the system includes an access layer security subsystem, a security service subsystem, and a resource layer security subsystem.
Specifically, the access layer security subsystem comprises a network access security module, an API access security module and a WEB access security module. The network access security module is used for detecting whether the application program adopts an encrypted communication protocol or not when a user accesses the containerized application resource, and executing control check when each function of the application program is accessed, so that the integrity and confidentiality of communication information are protected, and the network access security module has the capabilities of user authentication and authentication; the API access security module is used for providing access control, attack prevention and security transmission capability of the API; authority and certificate authentication is carried out on API call of the container application program or API call of container resources, and access is denied to API requests which do not pass verification; the WEB access security module is used for providing WEB code security, resource access control and remote access security transmission capability, carrying out validity check on input and output, taking a defense vulnerability measure and formulating an access control strategy for accessed container resources.
It should be noted that, the network access security module detects whether the application program adopts the encrypted communication protocol, and executes the control check when each function of the application program is accessed, and when it is detected that the communication protocol encrypted as required or the control check is abnormal, an alarm is issued and recorded by the security audit module.
When the external access calls the container application program or the container resource through the API, the API access security module carries out authority and credential authentication on the API call of the container application program or the API call of the container resource, and refuses the access to the API request which is not verified. The API access security module also has the capability of preventing attacks such as replay, code injection, DoS/DDos and the like, and the prevention means comprises: enhancing the verification of the received data; adding input/output filtering to the data; repairing the possible Dos/DDos vulnerability problem by cleaning attack traffic with anti-Dos/DDos services.
When external access passes through a WEB access container application program or container resources, the WEB access security module carries out validity check on input and output, takes measures for preventing vulnerability of authentication, vulnerability of authority, vulnerability of session, vulnerability of WEB service, vulnerability of injection and the like, and makes an access control strategy for the accessed container resources.
Specifically, the security service subsystem comprises a host security service module, a network security service module, a data security module and an auditing module. The host security service module is used for providing anti-virus, vulnerability detection and third-party defense services; the network security service module is used for providing basic illegal connection detection, network defense and flow monitoring services; the data security module is used for establishing unified key and certificate management, providing authentication service for a cloud computing environment or a container environment, and providing unified management functions of data encryption, backup and recovery and key and certificate; the safety audit module is used for providing an audit function, has automatic audit information identification and processing functions, and provides access, operation and use condition recording and examination of a cloud computing environment and a container environment.
It should be noted that the operating environment of the container is the most security issue to be considered, and especially in a multi-tenant environment, it is difficult to guarantee the true security of the container only by means of the security isolation measures of the existing container. Therefore, in the invention, the container environment is transferred from the physical service cluster to the virtualized environment of cloud computing, and the environmental security problem of the container is improved by utilizing the multi-tenant and resource isolation capability of the cloud computing, such as tenants 1 to n in the figure, wherein each tenant has an independent host security service module, a network security service module, a data security module and a security audit module. In combination with the characteristics of the security service subsystem and the cloud computing environment in fig. 1, tenants are used as isolation units, each tenant is equivalent to a VPC, and logically, independent computing, storage and network resources are provided. The container application program runs in the virtual machine of the tenant, so that the container application programs between the tenants are logically and effectively isolated in a safe mode, and the host safety of the container is transferred from the physical server to the virtual machine which is easy to control. And basic security protection of the host security service module is utilized or third-party host security protection software is accessed, so that security reinforcement, intrusion detection and malicious code protection of the virtual machine are realized, and the security of the container application program is further ensured. In a cloud environment, the container network security protection in the tenant is also transferred to the network security protection of the virtual machine, and the illegal connection detection, the network flow monitoring, the attack and intrusion behavior detection and the like are realized through the network security service module, so that the normal operation of the virtual machine network and the container application program is protected. The data security of the container is drawn in many aspects, firstly, unified secret key and certificate management is established through the data security service module to provide authentication service for a cloud computing environment or a container environment, secondly, functions of data encryption, backup, recovery and the like are achieved through the data security service module, and further, an automatic detection mechanism is provided, and if data are tampered, the data can be found in time. A security audit service module in the container environment provides access, operation, usage logging and review of the cloud computing environment and the container environment to ensure that security rules are executed correctly and to help analyze the cause of the security event. According to the strategy, the security audit service module can intelligently analyze the information of the cloud computing environment and the container environment, and automatically audit response is carried out when a security intrusion event is detected.
Specifically, the resource layer security subsystem includes a physical resource security module and a virtual resource security module. The physical resource security module is used for monitoring the security of basic hardware and network and the security of physics and environment; the virtual resource security module is used for providing functions of virtual space isolation, resource monitoring and overload protection of computing, storage and network resources, and can be isolated into a plurality of units, such as virtual resource space security 1 to virtual resource security module n, and the computing and monitoring functions are conveniently realized through isolation.
It should be noted that, as described above, in the cloud computing environment, the container application runs in the virtual machine, and different security spaces may be divided into the virtual resources according to tenants by using the virtual resource security module of the resource layer security subsystem, where the security spaces may be a physical host space, a data center space, and the like. The virtual resources are divided into different security spaces, so that the isolation of the container application program in a physical layer is realized, and the security protection level of the container is further improved. In addition, the virtual resource security module can monitor the resource usage in real time, and once the resource usage is overloaded, overload protection is triggered. The physical resource security module of the resource layer security subsystem provides basic hardware, network and physical environment monitoring, and when any item is abnormal, the alarm of the physical resource security module can be triggered and recorded to the security audit module.
The cloud computing-based container security system provided by the embodiment has the following beneficial effects:
(1) the cloud computing-based container security system provided by the embodiment adopts network access security, API access security and WEB access security to realize multi-dimensional access security detection and control;
(2) the system transfers container deployment from the physical server to the virtual machine of cloud computing, solves the safety problem of poor container isolation, effectively solves the influence range of a single leak, reduces the influence range of the container when the container is in risk, and improves the safety level of the container;
(3) the safe isolation of the container is realized by utilizing the multi-tenant isolation of cloud computing;
(4) various security mechanisms are adopted, and the security of the container is realized by utilizing cloud computing multi-tenants.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (4)

1. A cloud computing-based container security system is characterized by comprising an access layer security subsystem, a security service subsystem and a resource layer security subsystem;
the access layer security subsystem comprises:
the network access security module is used for detecting whether the application program adopts an encrypted communication protocol or not when a user accesses the containerized application resource, executing control check when each function of the application program is accessed, protecting the integrity and confidentiality of communication information and having the capabilities of user authentication and authentication;
the API access security module is used for providing access control, attack prevention and security transmission capability of the API; authority and certificate authentication is carried out on API call of the container application program or API call of container resources, and access is denied to API requests which do not pass verification;
the WEB access security module is used for providing WEB code security, resource access control and remote access security transmission capability, performing validity check on input and output, taking a defense vulnerability measure and formulating an access control strategy for accessed container resources;
the prevention means includes: enhancing the verification of the received data; adding input/output filtering to the data; repairing the problem that Dos/DDos vulnerability may exist; cleaning attack flow by adopting anti-DoS/DDos service;
the security service subsystem comprises:
the host security service module is used for providing anti-virus, vulnerability detection and third-party defense services;
the network security service module is used for providing basic illegal connection detection, network defense and flow monitoring services;
the data security module is used for establishing unified key and certificate management, providing authentication service for a cloud computing environment or a container environment, and providing unified management functions of data encryption, backup and recovery and key and certificate;
the safety audit module is used for providing an audit function, has automatic audit information identification and processing functions, and provides access, operation and use condition recording and examination of a cloud computing environment and a container environment;
the resource layer security subsystem comprises:
the physical resource security module is used for monitoring the security of basic hardware and network and the security of physics and environment;
and the virtual resource security module is used for providing functions of virtual space isolation, resource monitoring and overload protection of computing, storage and network resources.
2. The cloud computing-based container security system of claim 1, wherein the API access security module is further capable of protecting against replay, code injection, DoS/DDos attacks.
3. The cloud computing-based container security system of claim 1, wherein the vulnerabilities include authentication vulnerabilities, permission vulnerabilities, session vulnerabilities, WEB service vulnerabilities, and injection vulnerabilities.
4. The cloud computing-based container security system of claim 1, wherein the data security module is provided with an automatic detection mechanism.
CN201810182403.0A 2018-03-06 2018-03-06 Container safety system based on cloud computing Active CN110233817B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810182403.0A CN110233817B (en) 2018-03-06 2018-03-06 Container safety system based on cloud computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810182403.0A CN110233817B (en) 2018-03-06 2018-03-06 Container safety system based on cloud computing

Publications (2)

Publication Number Publication Date
CN110233817A CN110233817A (en) 2019-09-13
CN110233817B true CN110233817B (en) 2021-12-28

Family

ID=67861783

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810182403.0A Active CN110233817B (en) 2018-03-06 2018-03-06 Container safety system based on cloud computing

Country Status (1)

Country Link
CN (1) CN110233817B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131176B (en) * 2019-12-04 2022-07-01 北京北信源软件股份有限公司 Resource access control method, device, equipment and storage medium
CN111753326B (en) * 2020-05-22 2024-02-13 湖南麒麟信安科技股份有限公司 Container cloud platform cloud storage resource encryption method, system and medium
CN111901203B (en) * 2020-08-03 2022-03-29 北京启明星辰信息安全技术有限公司 Method for capturing network flow and Kubernetes cluster
CN112613042A (en) * 2020-12-28 2021-04-06 北京浪潮数据技术有限公司 Tool, method and equipment for safety inspection and repair of Docker container
CN112989343A (en) * 2021-03-09 2021-06-18 东莞中国科学院云计算产业技术创新与育成中心 Method, electronic device and medium for detecting network security of super-convergence platform
CN113037467B (en) * 2021-05-24 2021-08-24 杭州海康威视数字技术股份有限公司 Video Internet of things equipment key certificate management method, device and system
CN113794578A (en) * 2021-07-08 2021-12-14 中国南方电网有限责任公司 Communication network monitoring architecture system based on cloud platform
CN115604028A (en) * 2022-11-28 2023-01-13 北京鸿迪鑫业科技有限公司(Cn) Cloud server data security protection system
CN116760639B (en) * 2023-08-18 2023-10-31 深圳市大恒数据安全科技有限责任公司 Data security isolation and sharing framework implementation method for multiple tenants

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103368973A (en) * 2013-07-25 2013-10-23 浪潮(北京)电子信息产业有限公司 Safety system for cloud operating system
CN106445515A (en) * 2016-09-18 2017-02-22 深圳市华云中盛科技有限公司 PaaS cloud implementation method based on containers
CN106936636A (en) * 2017-03-15 2017-07-07 无锡华云数据技术服务有限公司 A kind of implementation method of the cloud computing test platform of rapid deployment containerization
CN107689953A (en) * 2017-08-18 2018-02-13 中国科学院信息工程研究所 A kind of vessel safety monitoring method and system towards multi-tenant cloud computing

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8627426B2 (en) * 2010-04-26 2014-01-07 Vmware, Inc. Cloud platform architecture
US8495356B2 (en) * 2010-12-31 2013-07-23 International Business Machines Corporation System for securing virtual machine disks on a remote shared storage subsystem

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103368973A (en) * 2013-07-25 2013-10-23 浪潮(北京)电子信息产业有限公司 Safety system for cloud operating system
CN106445515A (en) * 2016-09-18 2017-02-22 深圳市华云中盛科技有限公司 PaaS cloud implementation method based on containers
CN106936636A (en) * 2017-03-15 2017-07-07 无锡华云数据技术服务有限公司 A kind of implementation method of the cloud computing test platform of rapid deployment containerization
CN107689953A (en) * 2017-08-18 2018-02-13 中国科学院信息工程研究所 A kind of vessel safety monitoring method and system towards multi-tenant cloud computing

Also Published As

Publication number Publication date
CN110233817A (en) 2019-09-13

Similar Documents

Publication Publication Date Title
CN110233817B (en) Container safety system based on cloud computing
RU2714607C2 (en) Double self-test of memory for protection of multiple network endpoints
US10454950B1 (en) Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks
KR101737726B1 (en) Rootkit detection by using hardware resources to detect inconsistencies in network traffic
US20200327236A1 (en) Using a Threat Model to Monitor Host Execution in a Virtualized Environment
CA2953788A1 (en) Automated code lockdown to reduce attack surface for software
US10769275B2 (en) Systems and methods for monitoring bait to protect users from security threats
Gupta et al. Taxonomy of cloud security
US8782809B2 (en) Limiting information leakage and piracy due to virtual machine cloning
WO2013090314A1 (en) Secure operating system/web server systems and methods
Sze et al. Hardening openstack cloud platforms against compute node compromises
Kumara et al. Hypervisor and virtual machine dependent Intrusion Detection and Prevention System for virtualized cloud environment
US10339307B2 (en) Intrusion detection system in a device comprising a first operating system and a second operating system
US11637842B2 (en) Detection of security intrusion in a computing system
Lemoudden et al. A Survey of Cloud Computing Security Overview of Attack Vectors and Defense Mechanisms.
Çalışkan et al. Benefits of the virtualization technologies with intrusion detection and prevention systems
CN117494144A (en) Cloud platform-based safety environment protection method
Shajan et al. Survey of security threats and countermeasures in cloud computing
KR101614809B1 (en) Practice control system of endpoint application program and method for control the same
Sun et al. Cloud armor: Protecting cloud commands from compromised cloud services
CN107516039B (en) Safety protection method and device for virtualization system
Mahfouz et al. Secure live virtual machine migration through runtime monitors
CN116257889A (en) Data integrity protection method and related device
CN106598713A (en) Secure dynamic virtual machine migration method and system
Kumar Intrusion detection and prevention system in enhancing security of cloud environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant