Research And Design Of Trusted Running Environment Based On Container

Today,with the widespread application of cloud computing technology,from government departments to large enterprises,important businesses have moved to the cloud,cloud computing has become an important technology to protect the national economy and people's livelihood.The lightweight virtualization container technology represented by docker has become one of the most dazzling technologies in the field of cloud computing due to its agility,efficiency and flexibility.However,with the popularity of container technology and the high incidence of container safety problems,the deteriorating situation of safety protection has become the focus of social attention.Facing the severe situation of Cyberspace Security,the promulgation and implementation of Cyberspace Security Law has effectively reversed this situation.As the basic law of Cyberspace Security Management,the law stipulates that China implements the network security level protection system in the field of Cyberspace Security.Basic requirements for network security level protection of information security technology(level 2.0)on the basis of level 1.0,pay more attention to active defense,expand the rating object to the cloud computing platform,and put forward the requirements for the cloud platform and other important information systems to carry out trusted verification with trusted support as the core.Therefore,using trusted computing technology to provide trusted authentication and security for the container of cloud platform has become one of the research hotspots in the field of information security.This paper focuses on the security research of the container running environment on the cloud platform to ensure the safe and reliable operation of the container.The main work and contributions of this paper are as follows:Combined with the active immune trusted computing technology,the security management center is built in the cloud platform management node,and the overall framework of the security management center is proposed.Through the trusted computing trust chain technology,the trust relationship is transferred to the upper application of the cloud platform,and the whole deployment and operation process of the container on the cloud platform can be trusted verified;In view of the possible security problems in the process of dynamic migration of containers,this paper proposes a scheme of dynamic trusted migration of containers,which ensures the security and credibility of dynamic migration of containers through the technology of trusted verification;Before the deployment of container,the platform credibility of the container work node cannot be verified.This paper designs a container work section Point remote certification scheme is used to verify the security and trustworthiness of the platform basic configuration of the container work node,and the container health report is used to verify the trustworthiness of the upper container operation environment of the container work node;In view of the security problems caused by the tampering of the image file and the old version of the image file in the container,this paper uses the method of establishing the trusted reference database of the image file and the trusted verification of the image before using to solve the problem of the tampering of the image file,and establishes the query mechanism of the image version update to ensure the security of the image version;In view of the problems that there are many containers deployed in a single node,and the different permissions,security risks and running resource requirements of containers lead to the confusion of containers and the low efficiency of security protection,a resource pool classification method and container risk classification rules are proposed.And effectively improves the security protection of container operation environment Efficiency.