Research On Serverless Computing Technology For Cloud Cryptographic Resource Poo

Cloud computing technology is widely used in various life scenarios,providing convenience for people but also bringing certain security problems.To protect the security of data,Internet data needs to be encrypted.Cloud cryptographic resource pool have become an important security service in cloud computing.With the rapid development of cloud computing technology,providing cloud cryptographic resource pool services in the form of serverless computing has become a hot spot in industry and academia.At present,open source serverless computing platforms are built based on container technologies with weak isolation,facing security threats such as container escape and privilege upgrade.At the same time,third-party cryptographic libraries such as OpenSSL introduced by the cloud cryptographic resource pool may cause vulnerabilities exposed in the library to be maliciously exploited.In order to improve the security of cloud cryptographic resource pool under the serverless computing architecture,a lightweight and isolated serverless computing multi-layer security mechanism is proposed to ensure the security services of cloud cryptographic resource pool by combining static vulnerability detection,function execution in the WebAssembly sandbox and system call monitoring.Secondly,in view of the additional performance overhead introduced after applying the above security mechanism,a container selection strategy combining Prophet prediction model and MRFU algorithm is studied to predict future requests of containers and warm up containers in advance,so as to reduce the cold start frequency of containers and function execution costs.Finally,based on the Knative open source serverless computing framework,a cloud cryptographic resource pool was built,which could call functions of third-party cryptographic libraries such as OpenSSL,and the lightweight isolated multi-layer security mechanism and container warming module are integrated into the platform.After experimental verification and testing,it is found that the static vulnerability detection module in the security mechanism has an average detection accuracy of 86%for vulnerabilities in third-party libraries,the average interception rate of dangerous events of the system call monitoring module has exceeded 84%,and the container warm-up module can reduce the cold start delay of the cloud cryptographic resource pool by 5.1% to 82%.