CN110233817A - A kind of vessel safety system based on cloud computing - Google Patents

A kind of vessel safety system based on cloud computing Download PDF

Info

Publication number
CN110233817A
CN110233817A CN201810182403.0A CN201810182403A CN110233817A CN 110233817 A CN110233817 A CN 110233817A CN 201810182403 A CN201810182403 A CN 201810182403A CN 110233817 A CN110233817 A CN 110233817A
Authority
CN
China
Prior art keywords
security
access
module
container
cloud computing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810182403.0A
Other languages
Chinese (zh)
Other versions
CN110233817B (en
Inventor
熊常春
成胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Vcmy Technology Co Ltd
Original Assignee
Guangzhou Vcmy Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Vcmy Technology Co Ltd filed Critical Guangzhou Vcmy Technology Co Ltd
Priority to CN201810182403.0A priority Critical patent/CN110233817B/en
Publication of CN110233817A publication Critical patent/CN110233817A/en
Application granted granted Critical
Publication of CN110233817B publication Critical patent/CN110233817B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The vessel safety system based on cloud computing that the present invention provides a kind of, belong to field of communication technology, the access layer secure subsystem of the system includes net access security module, API Access security module and WEB access safety module, security service subsystem includes Host Security service module, Network Security Service module, data security module and Audit Module, and resource layer secure subsystem includes physical resource security module and virtual resource security module.The system uses net access security, API Access safety and WEB access safety, realizes that the access safety of various dimensions detects and controls;Container deployment from the virtual machine that physical server is transferred to cloud computing, solves the safety problem of vessel isolation difference, reduce coverage when container occurrence risk, and improve the security level of container;It is isolated using the multi-tenant of cloud computing, realizes the security isolation of container;Using various security mechanisms, the safety of container is realized using cloud computing multi-tenant.

Description

A kind of vessel safety system based on cloud computing
Technical field
The invention belongs to fields of communication technology, and in particular to a kind of vessel safety system based on cloud computing.
Background technique
Currently, having swept across entire software development community based on the virtualization technology of container with gesture with lightning speed.It answers It after containerization, can quickly be created, and be more readily maintained, while higher quality can be obtained again.
At the same time, more and more application containers, incident is the safety problem of containerization.Container and virtual Machine is the same, is all virtualization technology, but container has more safety problems to need to consider compared to for virtual machine.Use appearance The enterprise of device must treat data privacy and safety in earnest, time for playing a role to container, place and produced Risk assessed.Although each manufacturer provides various safety products, there is no form mature adaptation at present In the total solution of vessel safety.
Current Container Management technology has Kubernetes, Swarm and Mesos etc., they all suffer from identical container peace Full problem, including application threat, host threat, data safety, multi-tenant security threat and superuser problem, specific manifestation Are as follows:
Using threat: SQL injection, the attack for being directed to application layer across station etc.;
Host threatens: there is safety problem in container and host shared internal nucleus, one of container, will affect host or The safety of other containers;
Data safety: the confidentiality, integrity, and availability of data is destroyed;The mirror image how to ensure to download is credible , be not tampered with;The storage volume of container faces the risk of Single Point of Faliure there are on single host;
Multi-tenant security threat: the container of the tenant of different demands for security may operate in same physical machine, tradition Safety measure is difficult to handle such case;
Superuser problem: the separation of application system and resources ownership causes administrator that may access user data, from And data confidentiality, integrality, availability are damaged.
Therefore, in order to preferably play the advantage of container, the safety of container environment, the security system of standardised container are ensured Framework, providing a good vessel safety system is current technical problem urgently to be solved.
Summary of the invention
In order to overcome the shortcomings of the prior art described above, the present invention provides a kind of vessel safety system based on cloud computing System.
To achieve the goals above, the invention provides the following technical scheme:
A kind of vessel safety system based on cloud computing includes access layer secure subsystem, security service subsystem and money Active layer secure subsystem;
The access layer secure subsystem includes:
Net access security module, for when user accesses containerization application resource, whether detection application program to be used The communication protocol of encryption, and ensure to execute control when each function of application program is accessed and check, protect communication information Integrality and confidentiality, and have the ability that user identifies and authenticates;
API Access security module, for providing access control, attack protection, the safe transmission ability of API;To container application The API Calls or container resource API Calls of program carry out permission and credential accreditation, to the API request refusal not over verifying Access;
WEB access safety module, for providing WEB code security, resources accessing control and remote access safe transmission energy Power carries out validity check to input and output, and takes prevention loophole measure, and formulates access control to the container resource of access System strategy;
The security service subsystem includes:
Host Security service module, for providing anti-virus, Hole Detection, third party's defence service;
Network Security Service module, for providing basic illegal connection detection, cyber-defence, traffic monitoring service;
Data security module is provided for establishing unified key and certificate management for cloud computing environment or container environment Authentication service provides the unified management function of data encryption, backup and recovery, key and certificate;
Security audit module for providing audit function, and has automatic audit information identification and processing function, provides cloud It calculates access, operation, the service condition record of environment and container environment and examines;
The resource layer secure subsystem includes:
Physical resource security module, for being responsible for the monitoring of underlying hardware Yu network security, physics and Environmental security;
Virtual resource security module, for provide calculate, storage and the Virtual Space isolation of Internet resources, monitoring resource, Overload protection function.
Preferably, the API Access security module is also equipped with prevention playback, code injection, DoS/DDos attacking ability.
Preferably, the means of the prevention include: verification of the enhancing to the data received;Increase to the inputs of data/ Output filtering;Repair the problem of there may be Dos/DDos loopholes;Attack traffic is carried out by using anti-DoS/DDos service Cleaning.
Preferably, the loophole includes certification loophole, permission loophole, session loophole, WEB service loophole and injection loophole.
Preferably, the data security module has automatic detecting machine system.
Vessel safety system provided by the invention based on cloud computing includes access layer secure subsystem, security service subsystem System and resource layer secure subsystem;Access layer secure subsystem include net access security module, API Access security module and WEB access safety module, security service subsystem include Host Security service module, Network Security Service module, data safety Module and Audit Module, resource layer secure subsystem include physical resource security module and virtual resource security module.The system Using net access security, API Access safety and WEB access safety, realize that the access safety of various dimensions detects and controls;Appearance Device is disposed from the virtual machine that physical server is transferred to cloud computing, solves the safety problem of vessel isolation difference, effectively The range that single loophole influences is solved, reduces coverage when container occurrence risk, and improve the security level of container; It is isolated using the multi-tenant of cloud computing, realizes the security isolation of container;It is real using cloud computing multi-tenant using various security mechanisms The safety of existing container.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is a kind of structural block diagram for vessel safety system based on cloud computing that the embodiment of the present invention 1 provides.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Embodiment 1
The embodiment of the present invention 1 provide a kind of vessel safety system based on cloud computing be utilized cloud computing multi-tenant, The technologies such as virtualization, Storage Virtualization and network virtualization are calculated, the application of containerization is deployed in cloud computing environment.Container It perfect can arrange in pairs or groups with the virtualization technology that can protect virtual machine itself, and provide depth in-verse for host.Specifically, this The vessel safety system implementation process based on cloud computing that embodiment provides is dependent on cloud computing environment or has similar framework Environment, for container platform application safe safeguard procedures are provided.The application of containerization is deployed in cloud computing environment, All external containers for providing service are applied and container resource interface API, are all detected and controlled by access layer secure subsystem. Fig. 1 is a kind of structural block diagram of the vessel safety system based on cloud computing provided in an embodiment of the present invention, which includes access Layer secure subsystem, security service subsystem and resource layer secure subsystem.
Specifically, access layer secure subsystem includes net access security module, API Access security module and WEB access Security module.Net access security module is used for when user accesses containerization application resource, and whether detection application program uses The communication protocol of encryption, and ensure to execute control when each function of application program is accessed and check, protect communication information Integrality and confidentiality, and have the ability that user identifies and authenticates;API Access security module is for providing the access control of API System, attack protection, safe transmission ability;API Calls or container resource API Calls to container application carry out permission and voucher Identification, to the API request denied access not over verifying;WEB access safety module is for providing WEB code security, resource Input and output are carried out validity check by access control and remote access safe transmission ability, and take prevention loophole measure, And access control policy is formulated to the container resource of access.
It should be noted that whether net access security module detection application program uses the communication protocol of encryption, and Ensure to execute control when each function of application program is accessed and check, when detect the communication protocol not encrypted as required or When control checks abnormal, then issues and alert and recorded by security audit module.
When outside access passes through API Calls container application or container resource, API Access security module answers container Permission and credential accreditation are carried out with the API Calls of program or container resource API Calls, is refused not over the API request of verifying Access absolutely.API Access security module is also equipped with the attacking abilities such as prevention playback, code injection, DoS/DDos, risk prevention instruments packet It includes: verification of the enhancing to the data received;Increase the input/output to data to filter;There may be Dos/DDos leakages for reparation The problem of hole, cleans attack traffic by using anti-DoS/DDos service.
When outside access accesses container application or container resource by WEB, WEB access safety module is defeated to inputting Validity check is carried out out, and takes prevention certification loophole, permission loophole, session loophole, WEB service loophole, injection loophole Equal loopholes measure, and access control policy is formulated to the container resource of access.
Specifically, security service subsystem includes Host Security service module, Network Security Service module, data safety mould Block and Audit Module.Host Security service module is for providing anti-virus, Hole Detection, third party's defence service;Network security Service module is for providing basic illegal connection detection, cyber-defence, traffic monitoring service;Data security module is for establishing Unified key and certificate management provides authentication service for cloud computing environment or container environment, provides data encryption, backup and extensive Multiple, key and certificate unified management function;Security audit module has automatic audit information and knows for providing audit function Does not record and examine with processing function, the access, operation, service condition for providing cloud computing environment and container environment.
It should be noted that the running environment of container is to need most the safety problem of consideration, especially in multi-tenant environment Under, simply by virtue of the security isolation measure of existing container, it is difficult to ensure the real safety of container.Therefore, in the present invention, appearance Device environment utilizes the multi-tenant and resource isolation energy of cloud computing from the virtualized environment that physical services cluster is transferred to cloud computing Power improves the environmental security of container, and if the tenant 1 in figure arrives tenant n, each tenant possesses independent Host Security Service module, Network Security Service module, data security module and security audit module.In conjunction with security service subsystem in Fig. 1 And the characteristics of cloud computing environment, using tenant as isolated location, each tenant is equivalent to a VPC, logically has independent Calculating, storage and Internet resources.Container application operates in the virtual machine of tenant, the container application journey between such tenant Sequence has logically carried out effective security isolation, and the Host Security of container has also been transferred to from physical server and has been easier to control Virtual machine in.Underlying security protection or the access third party's host security defense software of Host Security service module are recycled, It realizes secure virtual machine reinforcing, intrusion detection, malicious code protection, further ensures the safety of container application.In cloud ring In border, the capacitor network security protection in tenant has been also transferred to the network safety prevention of virtual machine, passes through Network Security Service Module realizes illegal connection detection, network flow monitoring, attack and intrusion behavior detection etc., and virtual machine network and container is protected to answer With the normal operation of program.The data safety of container is drawn and to various aspects, first by data safety service module, establishes unified Key and certificate management, authentication service is provided for cloud computing environment or container environment, secondly, servicing mould by data safety Block realizes the functions such as the encryption, backup and recovery of data, further, has automatic detecting machine system, if data are tampered, It can find in time.Security audit service module in container environment provides the access of cloud computing environment and container environment, operates, makes It is recorded and is examined with situation, to guarantee that safety regulation is executed correctly, and help to analyze security incident Producing reason.According to plan Summary, the information of security audit service module meeting intellectual analysis cloud computing environment and container environment, invades safely thing when having detected When part, audit response is carried out automatically.
Specifically, resource layer secure subsystem includes physical resource security module and virtual resource security module.Physics money Source security module is used to be responsible for the monitoring of underlying hardware Yu network security, physics and Environmental security;Virtual resource security module is used In providing calculating, storage and the Virtual Space isolation of Internet resources, monitoring resource, overload protection function, virtual resource can be pacified Full module is isolated into multiple units, if virtual resource space safety 1 arrives virtual resource security module n, is easy to implement by isolation Calculating and monitoring function.
It should be noted that as described above, in cloud computing environment, container application is operated in virtual machine, It is empty that different safety can be divided to virtual resource according to tenant by the virtual resource security module of resource layer secure subsystem Between, which can be physical host space, data center space etc..By virtual resource being divided into different safety Space realizes that container application in the isolation of physical level, further improves the security levels of container.In addition, empty Quasi- resource security module can in real time be monitored resource use, once resource operating overload, will trigger overload protection.Resource The physical resource security module of layer secure subsystem provides the monitoring of underlying hardware, network and physical environment, and wherein Arbitrary Term is sent out It is raw abnormal, the alarm of physics resource security module can be triggered, and security audit module is recorded.
Vessel safety system provided in this embodiment based on cloud computing has the advantages that
(1) the vessel safety system provided in this embodiment based on cloud computing is pacified using net access security, API Access Complete and WEB access safety, realizes that the access safety of various dimensions detects and controls;
(2) system disposes container from the virtual machine that physical server is transferred to cloud computing, solves vessel isolation Property difference safety problem, the range that the single loophole of effective solution influences reduces coverage when container occurrence risk, and Improve the security level of container;
(3) it is isolated using the multi-tenant of cloud computing, realizes the security isolation of container;
(4) various security mechanisms are used, the safety of container is realized using cloud computing multi-tenant.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (5)

1. a kind of vessel safety system based on cloud computing, which is characterized in that include access layer secure subsystem, security service System and resource layer secure subsystem;
The access layer secure subsystem includes:
Whether net access security module adds for detecting application program and using when user accesses containerization application resource Close communication protocol, and ensure to execute control when each function of application program is accessed and check, protect the complete of communication information Property and confidentiality, and have user identify and authentication ability;
API Access security module, for providing access control, attack protection, the safe transmission ability of API;To container application API Calls or container resource API Calls carry out permission and credential accreditation, to the API request denied access not over verifying;
WEB access safety module is right for providing WEB code security, resources accessing control and remote access safe transmission ability Input and output carry out validity check, and take prevention loophole measure, and formulate access control plan to the container resource of access Slightly;
The security service subsystem includes:
Host Security service module, for providing anti-virus, Hole Detection, third party's defence service;
Network Security Service module, for providing basic illegal connection detection, cyber-defence, traffic monitoring service;
Data security module provides certification for establishing unified key and certificate management for cloud computing environment or container environment Service, provides the unified management function of data encryption, backup and recovery, key and certificate;
Security audit module for providing audit function, and has automatic audit information identification and processing function, provides cloud computing Access, operation, service condition record and the examination of environment and container environment;
The resource layer secure subsystem includes:
Physical resource security module, for being responsible for the monitoring of underlying hardware Yu network security, physics and Environmental security;
Virtual resource security module, for providing calculating, storage and the Virtual Space isolation of Internet resources, monitoring resource, overload Defencive function.
2. the vessel safety system according to claim 1 based on cloud computing, which is characterized in that the API Access safety Module is also equipped with prevention playback, code injection, DoS/DDos attacking ability.
3. the vessel safety system according to claim 2 based on cloud computing, which is characterized in that the means packet of the prevention It includes: verification of the enhancing to the data received;Increase the input/output to data to filter;There may be Dos/DDos leakages for reparation The problem of hole;Attack traffic is cleaned by using anti-DoS/DDos service.
4. the vessel safety system according to claim 1 based on cloud computing, which is characterized in that the loophole includes certification Loophole, permission loophole, session loophole, WEB service loophole and injection loophole.
5. the vessel safety system according to claim 1 based on cloud computing, which is characterized in that the data security module Has automatic detecting machine system.
CN201810182403.0A 2018-03-06 2018-03-06 Container safety system based on cloud computing Active CN110233817B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810182403.0A CN110233817B (en) 2018-03-06 2018-03-06 Container safety system based on cloud computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810182403.0A CN110233817B (en) 2018-03-06 2018-03-06 Container safety system based on cloud computing

Publications (2)

Publication Number Publication Date
CN110233817A true CN110233817A (en) 2019-09-13
CN110233817B CN110233817B (en) 2021-12-28

Family

ID=67861783

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810182403.0A Active CN110233817B (en) 2018-03-06 2018-03-06 Container safety system based on cloud computing

Country Status (1)

Country Link
CN (1) CN110233817B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131176A (en) * 2019-12-04 2020-05-08 北京北信源软件股份有限公司 Resource access control method, device, equipment and storage medium
CN111753326A (en) * 2020-05-22 2020-10-09 湖南麒麟信安科技有限公司 Container cloud platform cloud storage resource encryption method, system and medium
CN111901203A (en) * 2020-08-03 2020-11-06 北京启明星辰信息安全技术有限公司 Method for capturing network flow and Kubernetes cluster
CN112613042A (en) * 2020-12-28 2021-04-06 北京浪潮数据技术有限公司 Tool, method and equipment for safety inspection and repair of Docker container
CN112989343A (en) * 2021-03-09 2021-06-18 东莞中国科学院云计算产业技术创新与育成中心 Method, electronic device and medium for detecting network security of super-convergence platform
CN113037467A (en) * 2021-05-24 2021-06-25 杭州海康威视数字技术股份有限公司 Video Internet of things equipment key certificate management method, device and system
CN113794578A (en) * 2021-07-08 2021-12-14 中国南方电网有限责任公司 Communication network monitoring architecture system based on cloud platform
CN115604028A (en) * 2022-11-28 2023-01-13 北京鸿迪鑫业科技有限公司(Cn) Cloud server data security protection system
CN116760639A (en) * 2023-08-18 2023-09-15 深圳市大恒数据安全科技有限责任公司 Data security isolation and sharing framework implementation method for multiple tenants

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110265164A1 (en) * 2010-04-26 2011-10-27 Vmware, Inc. Cloud platform architecture
US20120173866A1 (en) * 2010-12-31 2012-07-05 International Business Machines Corporation System for securing virtual machine disks on a remote shared storage subsystem
CN103368973A (en) * 2013-07-25 2013-10-23 浪潮(北京)电子信息产业有限公司 Safety system for cloud operating system
CN106445515A (en) * 2016-09-18 2017-02-22 深圳市华云中盛科技有限公司 PaaS cloud implementation method based on containers
CN106936636A (en) * 2017-03-15 2017-07-07 无锡华云数据技术服务有限公司 A kind of implementation method of the cloud computing test platform of rapid deployment containerization
CN107689953A (en) * 2017-08-18 2018-02-13 中国科学院信息工程研究所 A kind of vessel safety monitoring method and system towards multi-tenant cloud computing

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110265164A1 (en) * 2010-04-26 2011-10-27 Vmware, Inc. Cloud platform architecture
US20120173866A1 (en) * 2010-12-31 2012-07-05 International Business Machines Corporation System for securing virtual machine disks on a remote shared storage subsystem
CN103368973A (en) * 2013-07-25 2013-10-23 浪潮(北京)电子信息产业有限公司 Safety system for cloud operating system
CN106445515A (en) * 2016-09-18 2017-02-22 深圳市华云中盛科技有限公司 PaaS cloud implementation method based on containers
CN106936636A (en) * 2017-03-15 2017-07-07 无锡华云数据技术服务有限公司 A kind of implementation method of the cloud computing test platform of rapid deployment containerization
CN107689953A (en) * 2017-08-18 2018-02-13 中国科学院信息工程研究所 A kind of vessel safety monitoring method and system towards multi-tenant cloud computing

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131176B (en) * 2019-12-04 2022-07-01 北京北信源软件股份有限公司 Resource access control method, device, equipment and storage medium
CN111131176A (en) * 2019-12-04 2020-05-08 北京北信源软件股份有限公司 Resource access control method, device, equipment and storage medium
CN111753326A (en) * 2020-05-22 2020-10-09 湖南麒麟信安科技有限公司 Container cloud platform cloud storage resource encryption method, system and medium
CN111753326B (en) * 2020-05-22 2024-02-13 湖南麒麟信安科技股份有限公司 Container cloud platform cloud storage resource encryption method, system and medium
CN111901203A (en) * 2020-08-03 2020-11-06 北京启明星辰信息安全技术有限公司 Method for capturing network flow and Kubernetes cluster
CN112613042A (en) * 2020-12-28 2021-04-06 北京浪潮数据技术有限公司 Tool, method and equipment for safety inspection and repair of Docker container
CN112989343A (en) * 2021-03-09 2021-06-18 东莞中国科学院云计算产业技术创新与育成中心 Method, electronic device and medium for detecting network security of super-convergence platform
CN113037467B (en) * 2021-05-24 2021-08-24 杭州海康威视数字技术股份有限公司 Video Internet of things equipment key certificate management method, device and system
CN113037467A (en) * 2021-05-24 2021-06-25 杭州海康威视数字技术股份有限公司 Video Internet of things equipment key certificate management method, device and system
CN113794578A (en) * 2021-07-08 2021-12-14 中国南方电网有限责任公司 Communication network monitoring architecture system based on cloud platform
CN115604028A (en) * 2022-11-28 2023-01-13 北京鸿迪鑫业科技有限公司(Cn) Cloud server data security protection system
CN116760639A (en) * 2023-08-18 2023-09-15 深圳市大恒数据安全科技有限责任公司 Data security isolation and sharing framework implementation method for multiple tenants
CN116760639B (en) * 2023-08-18 2023-10-31 深圳市大恒数据安全科技有限责任公司 Data security isolation and sharing framework implementation method for multiple tenants

Also Published As

Publication number Publication date
CN110233817B (en) 2021-12-28

Similar Documents

Publication Publication Date Title
CN110233817A (en) A kind of vessel safety system based on cloud computing
Gou et al. Analysis of various security issues and challenges in cloud computing environment: a survey
Diaz Lopez et al. Shielding IoT against cyber-attacks: An event-based approach using SIEM
Zhou et al. Anomaly detection methods for IIoT networks
Gupta et al. Taxonomy of cloud security
CN115001870B (en) Information security protection system, method and storage medium
Rani et al. Cyber security techniques, architectures, and design
CN116319024A (en) Access control method and device of zero trust system and zero trust system
CN106982204A (en) Credible and secure platform
Yu et al. A faramework for cyber–physical system security situation awareness
Lemoudden et al. A Survey of Cloud Computing Security Overview of Attack Vectors and Defense Mechanisms.
Sadavarte et al. Data security and integrity in cloud computing: Threats and Solutions
CN102098313A (en) Waterproof wall system and authentication method thereof
Shyam et al. Achieving Cloud Security Solutions through Machine and Non-Machine Learning Techniques: A Survey.
Chaudhari et al. A review on cloud security issues and solutions
Bennasar et al. State-of-The-Art of cloud computing cyber-security
Li et al. Research on security issues of military Internet of Things
Uyyala MULTILEVEL AUTHENTICATION SYSTEM USING HIERARCHICAL INTRUSION DETECTION ARCHITECTURE FOR ONLINE BANKING
CN106598713A (en) Secure dynamic virtual machine migration method and system
Shyam et al. Machine vs Non-Machine Learning Approaches to Cloud Security Solutions: A Survey
Rekha Determining Intrusion Attacks Against Online Applications Using Cloud-Based Data Security
Parthasarathy et al. An Overview of Cloud Computing Different Services Models and Security Issues and Concerns in an Enterprises Data Storages
CN105912945A (en) Safety reinforcing device and operation method of operating system
MA et al. Attacks and countermeasures in software system security
Abirami et al. A Survey on Challenges of Cloud Security Attacks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant