Security Access Control of Docker Process Based on Trust

Security Access Control of Docker Process Based on Trust

연구 분야: Software Development

학회: International Conference on Artificial Intelligence and Security

Container technology has become a widely recognized server resource sharing method, which can provide system administrators with great flexibility in the process of building operating system instances on demand. Nowadays, container technology, especially Docker technology, is widely used in power systems, but the container manages resources through the kernel C-groups, use namespace to limit the resource visibility of the application in the container, making isolation not as high as traditional virtual machines, this will make the container less secure. And the namespace is currently not perfect, there are still many problems in the deployment configuration of the container. These are also important factors that threaten the security of containers. This paper combines MNT file name/directory randomization technology, access control based on user trust, and CP-ABE algorithm with trusted timestamp verification, dynamically assigning access keys to users to restrict users’ access to resources.