Endogenous Security Protection Method Suitable for the Full Life Cycle of Docker

Konferenz: ISCTT 2021 - 6th International Conference on Information Science, Computer Technology and Transportation
26.11.2021 - 28.11.2021 in Xishuangbanna, China

Tagungsband: ISCTT 2021

Seiten: 4Sprache: EnglischTyp: PDF

Persönliche VDE-Mitglieder erhalten auf diesen Artikel 10% Rabatt

Guo, Wei; Hang, Feilu; Xie, Linjiang; Lv, Yao; Chen, Hexiong (Information Center, Yunnan Power Grid Co., Ltd, Kunming, China)

The cloud computing has been already extensively used and developed in depth with the increasing innovation of information technology. And it can be more efficient, flexible and expandable due to the key technology - virtualization technology. Among them, docker container technology has been widely adopted due to its light weight and high performance, but at the same time, the security problems brought by docker have gradually attracted people's attention. Aiming at the problem that project researchers cannot participate in policy formulation and security policies cannot be freely migrated with docker containers, an endogenous security protection method suitable for the full life cycle of docker is proposed in this paper. Before the project is delivered, the security policy is encapsulated in the docker image by the R&D personnel; the host machine with security software deployed can monitor the startup behavior of the docker image dynamically at any time and run the security policy in the image. After performance analysis, this solution can effectively achieve security protection for the entire life cycle of docker mirroring.