| Cloud computing is a service model that pays for usage.Docker container technology drives the cloud computing industry's prosperity.However,Docker container technology implements operating system-level virtualization and multiple containers share the system kernel,so containers face multiple security risks in a cloud environment.In order to ensure the safe operation of container in cloud environment,this paper analyzes the basic features of Docker container,operation process,technology and potential security threats in cloud environment,Proposing a feasible Docker container security model and the corresponding solution.The main work of the paper is as follows?This article starts with the basic technologies implemented in Docker containers,detailing three techniques for implementing Docker containers:Namespaces,Control groups,and AUFS.In this paper,we Study the operation of the container process and the realization of principles,in-depth analysis of Docker containers potential security threats in the cloud environment.Secondly,according to the analysis results,a Docker container security model is proposed.The solutions to the above problems are given.The detailed design of the solution is given,including account management mechanism,security inspection mechanism based on user authorization,storage encryption mechanism of data volumes,images bug fixes and dynamic update mechanism of containers,and flow control of mirror repository.Then,this article implements Docker container prototype system,which realizes the basic functions of Docker container and realizes the solution given in this prototype system.Finally,the prototype system is tested and analyzed.The test and analysis results show the effectiveness of the security model and solution. |
PDF Full Text Request