CN110233817A - A kind of vessel safety system based on cloud computing - Google Patents
A kind of vessel safety system based on cloud computing Download PDFInfo
- Publication number
- CN110233817A CN110233817A CN201810182403.0A CN201810182403A CN110233817A CN 110233817 A CN110233817 A CN 110233817A CN 201810182403 A CN201810182403 A CN 201810182403A CN 110233817 A CN110233817 A CN 110233817A
- Authority
- CN
- China
- Prior art keywords
- security
- access
- module
- container
- cloud computing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The vessel safety system based on cloud computing that the present invention provides a kind of, belong to field of communication technology, the access layer secure subsystem of the system includes net access security module, API Access security module and WEB access safety module, security service subsystem includes Host Security service module, Network Security Service module, data security module and Audit Module, and resource layer secure subsystem includes physical resource security module and virtual resource security module.The system uses net access security, API Access safety and WEB access safety, realizes that the access safety of various dimensions detects and controls;Container deployment from the virtual machine that physical server is transferred to cloud computing, solves the safety problem of vessel isolation difference, reduce coverage when container occurrence risk, and improve the security level of container;It is isolated using the multi-tenant of cloud computing, realizes the security isolation of container;Using various security mechanisms, the safety of container is realized using cloud computing multi-tenant.
Description
Technical field
The invention belongs to fields of communication technology, and in particular to a kind of vessel safety system based on cloud computing.
Background technique
Currently, having swept across entire software development community based on the virtualization technology of container with gesture with lightning speed.It answers
It after containerization, can quickly be created, and be more readily maintained, while higher quality can be obtained again.
At the same time, more and more application containers, incident is the safety problem of containerization.Container and virtual
Machine is the same, is all virtualization technology, but container has more safety problems to need to consider compared to for virtual machine.Use appearance
The enterprise of device must treat data privacy and safety in earnest, time for playing a role to container, place and produced
Risk assessed.Although each manufacturer provides various safety products, there is no form mature adaptation at present
In the total solution of vessel safety.
Current Container Management technology has Kubernetes, Swarm and Mesos etc., they all suffer from identical container peace
Full problem, including application threat, host threat, data safety, multi-tenant security threat and superuser problem, specific manifestation
Are as follows:
Using threat: SQL injection, the attack for being directed to application layer across station etc.;
Host threatens: there is safety problem in container and host shared internal nucleus, one of container, will affect host or
The safety of other containers;
Data safety: the confidentiality, integrity, and availability of data is destroyed;The mirror image how to ensure to download is credible
, be not tampered with;The storage volume of container faces the risk of Single Point of Faliure there are on single host;
Multi-tenant security threat: the container of the tenant of different demands for security may operate in same physical machine, tradition
Safety measure is difficult to handle such case;
Superuser problem: the separation of application system and resources ownership causes administrator that may access user data, from
And data confidentiality, integrality, availability are damaged.
Therefore, in order to preferably play the advantage of container, the safety of container environment, the security system of standardised container are ensured
Framework, providing a good vessel safety system is current technical problem urgently to be solved.
Summary of the invention
In order to overcome the shortcomings of the prior art described above, the present invention provides a kind of vessel safety system based on cloud computing
System.
To achieve the goals above, the invention provides the following technical scheme:
A kind of vessel safety system based on cloud computing includes access layer secure subsystem, security service subsystem and money
Active layer secure subsystem;
The access layer secure subsystem includes:
Net access security module, for when user accesses containerization application resource, whether detection application program to be used
The communication protocol of encryption, and ensure to execute control when each function of application program is accessed and check, protect communication information
Integrality and confidentiality, and have the ability that user identifies and authenticates;
API Access security module, for providing access control, attack protection, the safe transmission ability of API;To container application
The API Calls or container resource API Calls of program carry out permission and credential accreditation, to the API request refusal not over verifying
Access;
WEB access safety module, for providing WEB code security, resources accessing control and remote access safe transmission energy
Power carries out validity check to input and output, and takes prevention loophole measure, and formulates access control to the container resource of access
System strategy;
The security service subsystem includes:
Host Security service module, for providing anti-virus, Hole Detection, third party's defence service;
Network Security Service module, for providing basic illegal connection detection, cyber-defence, traffic monitoring service;
Data security module is provided for establishing unified key and certificate management for cloud computing environment or container environment
Authentication service provides the unified management function of data encryption, backup and recovery, key and certificate;
Security audit module for providing audit function, and has automatic audit information identification and processing function, provides cloud
It calculates access, operation, the service condition record of environment and container environment and examines;
The resource layer secure subsystem includes:
Physical resource security module, for being responsible for the monitoring of underlying hardware Yu network security, physics and Environmental security;
Virtual resource security module, for provide calculate, storage and the Virtual Space isolation of Internet resources, monitoring resource,
Overload protection function.
Preferably, the API Access security module is also equipped with prevention playback, code injection, DoS/DDos attacking ability.
Preferably, the means of the prevention include: verification of the enhancing to the data received;Increase to the inputs of data/
Output filtering;Repair the problem of there may be Dos/DDos loopholes;Attack traffic is carried out by using anti-DoS/DDos service
Cleaning.
Preferably, the loophole includes certification loophole, permission loophole, session loophole, WEB service loophole and injection loophole.
Preferably, the data security module has automatic detecting machine system.
Vessel safety system provided by the invention based on cloud computing includes access layer secure subsystem, security service subsystem
System and resource layer secure subsystem;Access layer secure subsystem include net access security module, API Access security module and
WEB access safety module, security service subsystem include Host Security service module, Network Security Service module, data safety
Module and Audit Module, resource layer secure subsystem include physical resource security module and virtual resource security module.The system
Using net access security, API Access safety and WEB access safety, realize that the access safety of various dimensions detects and controls;Appearance
Device is disposed from the virtual machine that physical server is transferred to cloud computing, solves the safety problem of vessel isolation difference, effectively
The range that single loophole influences is solved, reduces coverage when container occurrence risk, and improve the security level of container;
It is isolated using the multi-tenant of cloud computing, realizes the security isolation of container;It is real using cloud computing multi-tenant using various security mechanisms
The safety of existing container.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is a kind of structural block diagram for vessel safety system based on cloud computing that the embodiment of the present invention 1 provides.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Embodiment 1
The embodiment of the present invention 1 provide a kind of vessel safety system based on cloud computing be utilized cloud computing multi-tenant,
The technologies such as virtualization, Storage Virtualization and network virtualization are calculated, the application of containerization is deployed in cloud computing environment.Container
It perfect can arrange in pairs or groups with the virtualization technology that can protect virtual machine itself, and provide depth in-verse for host.Specifically, this
The vessel safety system implementation process based on cloud computing that embodiment provides is dependent on cloud computing environment or has similar framework
Environment, for container platform application safe safeguard procedures are provided.The application of containerization is deployed in cloud computing environment,
All external containers for providing service are applied and container resource interface API, are all detected and controlled by access layer secure subsystem.
Fig. 1 is a kind of structural block diagram of the vessel safety system based on cloud computing provided in an embodiment of the present invention, which includes access
Layer secure subsystem, security service subsystem and resource layer secure subsystem.
Specifically, access layer secure subsystem includes net access security module, API Access security module and WEB access
Security module.Net access security module is used for when user accesses containerization application resource, and whether detection application program uses
The communication protocol of encryption, and ensure to execute control when each function of application program is accessed and check, protect communication information
Integrality and confidentiality, and have the ability that user identifies and authenticates;API Access security module is for providing the access control of API
System, attack protection, safe transmission ability;API Calls or container resource API Calls to container application carry out permission and voucher
Identification, to the API request denied access not over verifying;WEB access safety module is for providing WEB code security, resource
Input and output are carried out validity check by access control and remote access safe transmission ability, and take prevention loophole measure,
And access control policy is formulated to the container resource of access.
It should be noted that whether net access security module detection application program uses the communication protocol of encryption, and
Ensure to execute control when each function of application program is accessed and check, when detect the communication protocol not encrypted as required or
When control checks abnormal, then issues and alert and recorded by security audit module.
When outside access passes through API Calls container application or container resource, API Access security module answers container
Permission and credential accreditation are carried out with the API Calls of program or container resource API Calls, is refused not over the API request of verifying
Access absolutely.API Access security module is also equipped with the attacking abilities such as prevention playback, code injection, DoS/DDos, risk prevention instruments packet
It includes: verification of the enhancing to the data received;Increase the input/output to data to filter;There may be Dos/DDos leakages for reparation
The problem of hole, cleans attack traffic by using anti-DoS/DDos service.
When outside access accesses container application or container resource by WEB, WEB access safety module is defeated to inputting
Validity check is carried out out, and takes prevention certification loophole, permission loophole, session loophole, WEB service loophole, injection loophole
Equal loopholes measure, and access control policy is formulated to the container resource of access.
Specifically, security service subsystem includes Host Security service module, Network Security Service module, data safety mould
Block and Audit Module.Host Security service module is for providing anti-virus, Hole Detection, third party's defence service;Network security
Service module is for providing basic illegal connection detection, cyber-defence, traffic monitoring service;Data security module is for establishing
Unified key and certificate management provides authentication service for cloud computing environment or container environment, provides data encryption, backup and extensive
Multiple, key and certificate unified management function;Security audit module has automatic audit information and knows for providing audit function
Does not record and examine with processing function, the access, operation, service condition for providing cloud computing environment and container environment.
It should be noted that the running environment of container is to need most the safety problem of consideration, especially in multi-tenant environment
Under, simply by virtue of the security isolation measure of existing container, it is difficult to ensure the real safety of container.Therefore, in the present invention, appearance
Device environment utilizes the multi-tenant and resource isolation energy of cloud computing from the virtualized environment that physical services cluster is transferred to cloud computing
Power improves the environmental security of container, and if the tenant 1 in figure arrives tenant n, each tenant possesses independent Host Security
Service module, Network Security Service module, data security module and security audit module.In conjunction with security service subsystem in Fig. 1
And the characteristics of cloud computing environment, using tenant as isolated location, each tenant is equivalent to a VPC, logically has independent
Calculating, storage and Internet resources.Container application operates in the virtual machine of tenant, the container application journey between such tenant
Sequence has logically carried out effective security isolation, and the Host Security of container has also been transferred to from physical server and has been easier to control
Virtual machine in.Underlying security protection or the access third party's host security defense software of Host Security service module are recycled,
It realizes secure virtual machine reinforcing, intrusion detection, malicious code protection, further ensures the safety of container application.In cloud ring
In border, the capacitor network security protection in tenant has been also transferred to the network safety prevention of virtual machine, passes through Network Security Service
Module realizes illegal connection detection, network flow monitoring, attack and intrusion behavior detection etc., and virtual machine network and container is protected to answer
With the normal operation of program.The data safety of container is drawn and to various aspects, first by data safety service module, establishes unified
Key and certificate management, authentication service is provided for cloud computing environment or container environment, secondly, servicing mould by data safety
Block realizes the functions such as the encryption, backup and recovery of data, further, has automatic detecting machine system, if data are tampered,
It can find in time.Security audit service module in container environment provides the access of cloud computing environment and container environment, operates, makes
It is recorded and is examined with situation, to guarantee that safety regulation is executed correctly, and help to analyze security incident Producing reason.According to plan
Summary, the information of security audit service module meeting intellectual analysis cloud computing environment and container environment, invades safely thing when having detected
When part, audit response is carried out automatically.
Specifically, resource layer secure subsystem includes physical resource security module and virtual resource security module.Physics money
Source security module is used to be responsible for the monitoring of underlying hardware Yu network security, physics and Environmental security;Virtual resource security module is used
In providing calculating, storage and the Virtual Space isolation of Internet resources, monitoring resource, overload protection function, virtual resource can be pacified
Full module is isolated into multiple units, if virtual resource space safety 1 arrives virtual resource security module n, is easy to implement by isolation
Calculating and monitoring function.
It should be noted that as described above, in cloud computing environment, container application is operated in virtual machine,
It is empty that different safety can be divided to virtual resource according to tenant by the virtual resource security module of resource layer secure subsystem
Between, which can be physical host space, data center space etc..By virtual resource being divided into different safety
Space realizes that container application in the isolation of physical level, further improves the security levels of container.In addition, empty
Quasi- resource security module can in real time be monitored resource use, once resource operating overload, will trigger overload protection.Resource
The physical resource security module of layer secure subsystem provides the monitoring of underlying hardware, network and physical environment, and wherein Arbitrary Term is sent out
It is raw abnormal, the alarm of physics resource security module can be triggered, and security audit module is recorded.
Vessel safety system provided in this embodiment based on cloud computing has the advantages that
(1) the vessel safety system provided in this embodiment based on cloud computing is pacified using net access security, API Access
Complete and WEB access safety, realizes that the access safety of various dimensions detects and controls;
(2) system disposes container from the virtual machine that physical server is transferred to cloud computing, solves vessel isolation
Property difference safety problem, the range that the single loophole of effective solution influences reduces coverage when container occurrence risk, and
Improve the security level of container;
(3) it is isolated using the multi-tenant of cloud computing, realizes the security isolation of container;
(4) various security mechanisms are used, the safety of container is realized using cloud computing multi-tenant.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (5)
1. a kind of vessel safety system based on cloud computing, which is characterized in that include access layer secure subsystem, security service
System and resource layer secure subsystem;
The access layer secure subsystem includes:
Whether net access security module adds for detecting application program and using when user accesses containerization application resource
Close communication protocol, and ensure to execute control when each function of application program is accessed and check, protect the complete of communication information
Property and confidentiality, and have user identify and authentication ability;
API Access security module, for providing access control, attack protection, the safe transmission ability of API;To container application
API Calls or container resource API Calls carry out permission and credential accreditation, to the API request denied access not over verifying;
WEB access safety module is right for providing WEB code security, resources accessing control and remote access safe transmission ability
Input and output carry out validity check, and take prevention loophole measure, and formulate access control plan to the container resource of access
Slightly;
The security service subsystem includes:
Host Security service module, for providing anti-virus, Hole Detection, third party's defence service;
Network Security Service module, for providing basic illegal connection detection, cyber-defence, traffic monitoring service;
Data security module provides certification for establishing unified key and certificate management for cloud computing environment or container environment
Service, provides the unified management function of data encryption, backup and recovery, key and certificate;
Security audit module for providing audit function, and has automatic audit information identification and processing function, provides cloud computing
Access, operation, service condition record and the examination of environment and container environment;
The resource layer secure subsystem includes:
Physical resource security module, for being responsible for the monitoring of underlying hardware Yu network security, physics and Environmental security;
Virtual resource security module, for providing calculating, storage and the Virtual Space isolation of Internet resources, monitoring resource, overload
Defencive function.
2. the vessel safety system according to claim 1 based on cloud computing, which is characterized in that the API Access safety
Module is also equipped with prevention playback, code injection, DoS/DDos attacking ability.
3. the vessel safety system according to claim 2 based on cloud computing, which is characterized in that the means packet of the prevention
It includes: verification of the enhancing to the data received;Increase the input/output to data to filter;There may be Dos/DDos leakages for reparation
The problem of hole;Attack traffic is cleaned by using anti-DoS/DDos service.
4. the vessel safety system according to claim 1 based on cloud computing, which is characterized in that the loophole includes certification
Loophole, permission loophole, session loophole, WEB service loophole and injection loophole.
5. the vessel safety system according to claim 1 based on cloud computing, which is characterized in that the data security module
Has automatic detecting machine system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810182403.0A CN110233817B (en) | 2018-03-06 | 2018-03-06 | Container safety system based on cloud computing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810182403.0A CN110233817B (en) | 2018-03-06 | 2018-03-06 | Container safety system based on cloud computing |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110233817A true CN110233817A (en) | 2019-09-13 |
CN110233817B CN110233817B (en) | 2021-12-28 |
Family
ID=67861783
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810182403.0A Active CN110233817B (en) | 2018-03-06 | 2018-03-06 | Container safety system based on cloud computing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110233817B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111131176A (en) * | 2019-12-04 | 2020-05-08 | 北京北信源软件股份有限公司 | Resource access control method, device, equipment and storage medium |
CN111753326A (en) * | 2020-05-22 | 2020-10-09 | 湖南麒麟信安科技有限公司 | Container cloud platform cloud storage resource encryption method, system and medium |
CN111901203A (en) * | 2020-08-03 | 2020-11-06 | 北京启明星辰信息安全技术有限公司 | Method for capturing network flow and Kubernetes cluster |
CN112613042A (en) * | 2020-12-28 | 2021-04-06 | 北京浪潮数据技术有限公司 | Tool, method and equipment for safety inspection and repair of Docker container |
CN112989343A (en) * | 2021-03-09 | 2021-06-18 | 东莞中国科学院云计算产业技术创新与育成中心 | Method, electronic device and medium for detecting network security of super-convergence platform |
CN113037467A (en) * | 2021-05-24 | 2021-06-25 | 杭州海康威视数字技术股份有限公司 | Video Internet of things equipment key certificate management method, device and system |
CN113794578A (en) * | 2021-07-08 | 2021-12-14 | 中国南方电网有限责任公司 | Communication network monitoring architecture system based on cloud platform |
CN115604028A (en) * | 2022-11-28 | 2023-01-13 | 北京鸿迪鑫业科技有限公司(Cn) | Cloud server data security protection system |
CN116760639A (en) * | 2023-08-18 | 2023-09-15 | 深圳市大恒数据安全科技有限责任公司 | Data security isolation and sharing framework implementation method for multiple tenants |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110265164A1 (en) * | 2010-04-26 | 2011-10-27 | Vmware, Inc. | Cloud platform architecture |
US20120173866A1 (en) * | 2010-12-31 | 2012-07-05 | International Business Machines Corporation | System for securing virtual machine disks on a remote shared storage subsystem |
CN103368973A (en) * | 2013-07-25 | 2013-10-23 | 浪潮(北京)电子信息产业有限公司 | Safety system for cloud operating system |
CN106445515A (en) * | 2016-09-18 | 2017-02-22 | 深圳市华云中盛科技有限公司 | PaaS cloud implementation method based on containers |
CN106936636A (en) * | 2017-03-15 | 2017-07-07 | 无锡华云数据技术服务有限公司 | A kind of implementation method of the cloud computing test platform of rapid deployment containerization |
CN107689953A (en) * | 2017-08-18 | 2018-02-13 | 中国科学院信息工程研究所 | A kind of vessel safety monitoring method and system towards multi-tenant cloud computing |
-
2018
- 2018-03-06 CN CN201810182403.0A patent/CN110233817B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110265164A1 (en) * | 2010-04-26 | 2011-10-27 | Vmware, Inc. | Cloud platform architecture |
US20120173866A1 (en) * | 2010-12-31 | 2012-07-05 | International Business Machines Corporation | System for securing virtual machine disks on a remote shared storage subsystem |
CN103368973A (en) * | 2013-07-25 | 2013-10-23 | 浪潮(北京)电子信息产业有限公司 | Safety system for cloud operating system |
CN106445515A (en) * | 2016-09-18 | 2017-02-22 | 深圳市华云中盛科技有限公司 | PaaS cloud implementation method based on containers |
CN106936636A (en) * | 2017-03-15 | 2017-07-07 | 无锡华云数据技术服务有限公司 | A kind of implementation method of the cloud computing test platform of rapid deployment containerization |
CN107689953A (en) * | 2017-08-18 | 2018-02-13 | 中国科学院信息工程研究所 | A kind of vessel safety monitoring method and system towards multi-tenant cloud computing |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111131176B (en) * | 2019-12-04 | 2022-07-01 | 北京北信源软件股份有限公司 | Resource access control method, device, equipment and storage medium |
CN111131176A (en) * | 2019-12-04 | 2020-05-08 | 北京北信源软件股份有限公司 | Resource access control method, device, equipment and storage medium |
CN111753326A (en) * | 2020-05-22 | 2020-10-09 | 湖南麒麟信安科技有限公司 | Container cloud platform cloud storage resource encryption method, system and medium |
CN111753326B (en) * | 2020-05-22 | 2024-02-13 | 湖南麒麟信安科技股份有限公司 | Container cloud platform cloud storage resource encryption method, system and medium |
CN111901203A (en) * | 2020-08-03 | 2020-11-06 | 北京启明星辰信息安全技术有限公司 | Method for capturing network flow and Kubernetes cluster |
CN112613042A (en) * | 2020-12-28 | 2021-04-06 | 北京浪潮数据技术有限公司 | Tool, method and equipment for safety inspection and repair of Docker container |
CN112989343A (en) * | 2021-03-09 | 2021-06-18 | 东莞中国科学院云计算产业技术创新与育成中心 | Method, electronic device and medium for detecting network security of super-convergence platform |
CN113037467B (en) * | 2021-05-24 | 2021-08-24 | 杭州海康威视数字技术股份有限公司 | Video Internet of things equipment key certificate management method, device and system |
CN113037467A (en) * | 2021-05-24 | 2021-06-25 | 杭州海康威视数字技术股份有限公司 | Video Internet of things equipment key certificate management method, device and system |
CN113794578A (en) * | 2021-07-08 | 2021-12-14 | 中国南方电网有限责任公司 | Communication network monitoring architecture system based on cloud platform |
CN115604028A (en) * | 2022-11-28 | 2023-01-13 | 北京鸿迪鑫业科技有限公司(Cn) | Cloud server data security protection system |
CN116760639A (en) * | 2023-08-18 | 2023-09-15 | 深圳市大恒数据安全科技有限责任公司 | Data security isolation and sharing framework implementation method for multiple tenants |
CN116760639B (en) * | 2023-08-18 | 2023-10-31 | 深圳市大恒数据安全科技有限责任公司 | Data security isolation and sharing framework implementation method for multiple tenants |
Also Published As
Publication number | Publication date |
---|---|
CN110233817B (en) | 2021-12-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110233817A (en) | A kind of vessel safety system based on cloud computing | |
Gou et al. | Analysis of various security issues and challenges in cloud computing environment: a survey | |
Diaz Lopez et al. | Shielding IoT against cyber-attacks: An event-based approach using SIEM | |
Zhou et al. | Anomaly detection methods for IIoT networks | |
Gupta et al. | Taxonomy of cloud security | |
CN115001870B (en) | Information security protection system, method and storage medium | |
Rani et al. | Cyber security techniques, architectures, and design | |
CN116319024A (en) | Access control method and device of zero trust system and zero trust system | |
CN106982204A (en) | Credible and secure platform | |
Yu et al. | A faramework for cyber–physical system security situation awareness | |
Lemoudden et al. | A Survey of Cloud Computing Security Overview of Attack Vectors and Defense Mechanisms. | |
Sadavarte et al. | Data security and integrity in cloud computing: Threats and Solutions | |
CN102098313A (en) | Waterproof wall system and authentication method thereof | |
Shyam et al. | Achieving Cloud Security Solutions through Machine and Non-Machine Learning Techniques: A Survey. | |
Chaudhari et al. | A review on cloud security issues and solutions | |
Bennasar et al. | State-of-The-Art of cloud computing cyber-security | |
Li et al. | Research on security issues of military Internet of Things | |
Uyyala | MULTILEVEL AUTHENTICATION SYSTEM USING HIERARCHICAL INTRUSION DETECTION ARCHITECTURE FOR ONLINE BANKING | |
CN106598713A (en) | Secure dynamic virtual machine migration method and system | |
Shyam et al. | Machine vs Non-Machine Learning Approaches to Cloud Security Solutions: A Survey | |
Rekha | Determining Intrusion Attacks Against Online Applications Using Cloud-Based Data Security | |
Parthasarathy et al. | An Overview of Cloud Computing Different Services Models and Security Issues and Concerns in an Enterprises Data Storages | |
CN105912945A (en) | Safety reinforcing device and operation method of operating system | |
MA et al. | Attacks and countermeasures in software system security | |
Abirami et al. | A Survey on Challenges of Cloud Security Attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |