CN112671861A - Method and device for improving security of micro-service system - Google Patents
Method and device for improving security of micro-service system Download PDFInfo
- Publication number
- CN112671861A CN112671861A CN202011480566.0A CN202011480566A CN112671861A CN 112671861 A CN112671861 A CN 112671861A CN 202011480566 A CN202011480566 A CN 202011480566A CN 112671861 A CN112671861 A CN 112671861A
- Authority
- CN
- China
- Prior art keywords
- service
- security
- attribute information
- api
- container
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a method and a device for improving the safety of a microservice system, wherein the method comprises the following steps: utilizing a container instance arrangement tool to automatically carry out dynamic arrangement of service business and resources according to configuration; automatically setting attribute information of a service container by executing a pre-configured script file; dynamically acquiring attribute information of all related service containers in a service link; dynamically updating firewall software policies and firewall equipment policies according to the attribute information of all the related service containers; a service application program interface API is called. According to the method and the device for improving the security of the micro-service system, the dynamic information security policy verification and the calling service API verification are carried out through the arrangement linkage with the application service instance, and the secure communication between the application services can be ensured.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a device for improving the security of a micro-service system.
Background
The micro-service technology is established on the container technology, and the micro-service architecture is relative to a single application, and divides the application or service into a plurality of fine-grained and loosely-coupled service components, and through the flexible combination of different service components, rapid iteration is performed through continuous integration and continuous deployment, and dynamic scheduling of services and resources is performed, so that the variable requirements of users are rapidly responded.
After the container technology and the micro-service framework are used, dynamic elastic expansion of container examples is achieved, and the example names, host names, MAC addresses, IP addresses, ports and the like of the examples are constantly and randomly changed, so that on one hand, a traditional static security policy seriously depends on manual configuration and issuing of the security policy, and on the other hand, the static security policy is lagged compared with service application, and hidden dangers of unavailable service and reduced security exist.
The existing static security strategy can not meet the requirements of dynamically changing services and dynamic information security, so that the security of the micro-service system is low.
Disclosure of Invention
The invention provides a method and a device for improving the security of a microservice system, which are used for solving the technical problems in the prior art.
The invention provides a method for improving the safety of a microservice system, which comprises the following steps:
utilizing a container instance arrangement tool to automatically carry out dynamic arrangement of service business and resources according to configuration; automatically setting attribute information of a service container by executing a pre-configured script file; the pre-configured script file comprises an attribute name of a service container to be set;
dynamically acquiring attribute information of all related service containers in a service link;
dynamically updating firewall software policies and firewall equipment policies according to the attribute information of all the related service containers;
a service application program interface API is called.
According to the method for improving the security of the micro-service system, provided by the invention, the attribute information comprises: instance name, host name, MAC address, IP address, and port.
According to the method for improving the security of the micro-service system, provided by the invention, the firewall software strategy is the firewall software strategy of the host operating system.
According to the method for improving the security of the micro-service system, the method for dynamically updating the firewall software policy and the firewall equipment policy according to the attribute information of all the related service containers comprises the following steps:
dynamically updating firewall software strategies according to the attribute information of all relevant service containers, and checking whether the operation is successful or not;
and if the firewall software strategy is updated dynamically, dynamically updating the firewall equipment strategy according to the attribute information of all the related service containers.
According to the method for improving the safety of the micro-service system, provided by the invention, the calling service application program interface API comprises the following steps:
verifying the user before calling the API;
carrying out malicious call and DDOS malicious attack verification on the API;
and carrying out verification, encryption and decryption processing on the input and output information of the API.
According to the method for improving the safety of the micro-service system, the user is verified before the API interface is called, and the method comprises the following steps:
judging whether the target user fails to log in continuously for more than 3 times;
and if the login fails for more than 3 times continuously, moving the target user into a blacklist.
According to the method for improving the safety of the micro-service system, which is provided by the invention, the malicious calling and DDOS malicious attack verification are carried out on the API interface, and the method comprises the following steps:
judging whether the target user calls the same API at a frequency of more than 10 times per second or not;
if the same API is called more than 10 times per second, the target user is moved into the blacklist.
The invention also provides a device for improving the safety of the microservice system, which comprises:
the instance arrangement module is used for carrying out dynamic arrangement of service business and resources according to configuration automation by utilizing a container instance arrangement tool; automatically setting attribute information of a service container by executing a pre-configured script file; the pre-configured script file comprises an attribute name of a service container to be set;
the acquisition module is used for dynamically acquiring the attribute information of all related service containers in the service link;
the updating module is used for dynamically updating the firewall software strategy and the firewall equipment strategy according to the attribute information of all the related service containers;
and the calling module is used for calling the service application program interface API.
The invention also provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the program to realize the steps of any one of the methods for improving the security of the microservice system.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method of enhancing the security of a microservice system as set forth in any of the above.
According to the method and the device for improving the security of the micro-service system, the dynamic information security policy verification and the calling service API verification are carried out through the arrangement linkage with the application service instance, and the secure communication between the application services can be ensured.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a flow chart illustrating a method for enhancing security of a microservice system according to the present invention;
FIG. 2 is a schematic logic flow diagram illustrating the present invention for enhancing security of a microservice system;
FIG. 3 is a schematic structural diagram of an apparatus for enhancing security of a microservice system according to the present invention;
fig. 4 is a schematic structural diagram of an electronic device provided in the present invention.
Detailed Description
The container technology mainly uses a virtualization technology to optimize the utilization rate of computing resources, and is different from a Hypervisor virtualization technology, research results of research institutions show that compared with the Hypervisor, the container technology has a lot of key indexes which are greatly improved, the container technology has better performance than the Hypervisor in multiple fields, the running speed of the container technology is almost twice of that of the Hypervisor, and the performance of the container technology is close to that of a local operating system.
Kubernetes is a container instance arranging tool, service business and resource dynamic arranging and scheduling are automatically carried out according to configuration, and the requirement of quick elastic expansion is met.
The micro-service technology is established on the container technology, and the micro-service architecture is relative to a single application, and divides the application or service into a plurality of fine-grained and loosely-coupled service components, and through the flexible combination of different service components, rapid iteration is performed through continuous integration and continuous deployment, and dynamic scheduling of services and resources is performed, so that the variable requirements of users are rapidly responded.
After a container technology and a micro-service framework are used, dynamic elastic expansion of a container instance is achieved, instance names, host names, MAC addresses, IP addresses, ports and the like of the instance are constantly and randomly changed, on one hand, a traditional static security policy seriously depends on manual configuration and issuing of security policies, on the other hand, the static security policy is lagged compared with service application, hidden dangers that services are unavailable and security is reduced exist, and implementing a zero-trust condition to dynamically and quickly adjust an access control security policy is a means for guaranteeing point-to-point credibility and communication security of the container instance of the micro-service and detecting and resisting external attacks and internal attacks of the container, and is a key for solving the problems of service security and information security.
The "service registration and discovery center" mainly provides storage of service provider information such as, for example, service name, IP, port, service name, and maintains a heartbeat with the service provider to monitor the service provider's survival, and deregisters a service instance if the heartbeat cannot be maintained. The service consumer periodically sends a query request to the registry to obtain information about the service provider, and after obtaining the information, the service consumer can initiate a service call to the service provider.
"service invocation link tracing" refers to tracing invocation relationships and invocation paths between services using tools.
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a dynamic security policy based on a container and micro-service, which adopts a set of 'service registration and discovery center' and 'service call link tracking' automatic dynamic update security policy linked with the arrangement of an application service container instance according to the micro-service, and verifies the security policy of a user before calling an API interface, input and output information tamper-proof and leakage-proof when calling the API interface, and the API interface resists DDOS malicious attack, and verifies the dynamic information security policy for communication between the inside, the inside and the outside, and the outside of a service area, thereby not only ensuring normal communication between different areas, but also strengthening the dynamic update security policy and resisting illegal communication which does not accord with the policy. In the dynamic arrangement process of the micro-service embodiment, the secure communication between the application services can still be ensured under the condition that the example name, the host name, the MAC address, the IP address, the port and the like of the embodiment are static or constantly and randomly changed.
Fig. 1 is a schematic flow chart of a method for improving security of a microservice system according to the present invention, and as shown in fig. 1, an embodiment of the present invention provides a method for improving security of a microservice system. The method comprises the following steps:
102, dynamically acquiring attribute information of all related service containers in a service link;
and step 104, calling a service Application Program Interface (API).
Optionally, the attribute information includes: instance name, host name, MAC address, IP address, and port.
Optionally, the firewall software policy is a firewall software policy of a host operating system.
Optionally, the dynamically updating the firewall software policy and the firewall device policy according to the attribute information of all the relevant service containers includes:
dynamically updating firewall software strategies according to the attribute information of all relevant service containers, and checking whether the operation is successful or not;
and if the firewall software strategy is updated dynamically, dynamically updating the firewall equipment strategy according to the attribute information of all the related service containers.
Optionally, the invoking service application program interface API includes:
verifying the user before calling the API;
carrying out malicious call and DDOS malicious attack verification on the API;
and carrying out verification, encryption and decryption processing on the input and output information of the API.
Optionally, the verifying the user before calling the API interface includes:
judging whether the target user fails to log in continuously for more than 3 times;
and if the login fails for more than 3 times continuously, moving the target user into a blacklist.
Optionally, the performing malicious call and DDOS malicious attack verification on the API interface includes:
judging whether the target user calls the same API at a frequency of more than 10 times per second or not;
if the same API is called more than 10 times per second, the target user is moved into the blacklist.
Specifically, fig. 2 is a schematic logic flow diagram for enhancing security of the microservice system provided by the present invention, and as shown in fig. 2, the logic flow of the dynamic security policy based on the container and the microservice includes the following steps:
STEP 1: service container instance orchestration.
When the container instance is arranged, the instance name, the host name, the MAC address, the IP address and the port of the container are automatically set according to the YAML script.
For example, the IP address of the service is 172.18.1.100, the protocol is TCP, the container port is 9001, and the host port is 39001.
STEP 2: and dynamically acquiring instance names, host names, MAC addresses, IP addresses and ports.
When the service instance is arranged, the dynamic acquisition of service instance names, host names, MAC addresses, IP addresses, ports and the like from a service registration and discovery center is triggered, and the instance names, the host names, the MAC addresses, the IP addresses, the ports and the like of all related services in a service link are dynamically acquired from a service call link tracking tool.
For example, after the details of the service API related to the query are called, the IP address of the example service is shown as 172.18.1.100, the protocol is TCP, the container port is 9001, and the host port is 39001, and the instance names, host names, MAC addresses, IP addresses, and ports of all the related services in the service link are obtained at the same time.
STEP 3: and dynamically updating the firewall software strategy of the host operating system.
And dynamically updating firewall software strategies of the host operating system according to the IP address, the protocol and the port acquired in the last step, checking whether the operation is successful, continuing the next step if the operation is successful, and continuing to try the step if the operation is failed.
STEP 4: and dynamically updating the firewall equipment strategy.
And if the network protocol of all the IP and all the ports of the specified source is allowed to be communicated to the IP and the ports of the destination, checking whether the operation is successful or not.
For example, since there is a boundary firewall device to isolate the boundary generally at the boundary of the area, the firewall device policy configuration is dynamically updated by calling the API interface of the firewall device, allowing the network TCP protocol of all IPs (denoted by ". x.") and all ports (denoted by unimit) of the specified source to communicate to the IP of the destination 192.168.10.100 and the port 39001, and checking whether this operation is successful.
STEP 5: a service API is called.
The inside or outside of the zone obtains the specified service capabilities by calling different service APIs. Normal legitimate calls to the service API are guaranteed by the following specific security policy. The method comprises the following steps:
(1) verifying the user before calling the API;
(2) the API interface resists malicious calls and DDOS malicious attacks;
(3) the input and output information of the API interface is tamper-proof and leak-proof.
The invention makes up the deficiency of the safety protection capability of the container and the micro-service, automatically and dynamically and rapidly adjusts the access control safety strategy according to the dynamic elastic expansion of the container example and the linkage information safety software hardware, and not only ensures the normal communication between different areas, but also strengthens the dynamic update safety strategy and resists the illegal communication which does not conform to the strategy through the continuous strategy verification.
The invention provides a dynamic security policy based on a container and micro-service, which adopts a set of 'service registration and discovery center' and 'service call link tracking' automatic dynamic update security policy linked with the arrangement of an application service container instance according to the micro-service, and verifies the security policy of a user before calling an API interface, inputting and outputting information to prevent tampering and leakage when calling the API interface, and the API interface resists DDOS malicious attack, and verifies the dynamic information security policy on communication among the inner parts, the outer parts and the outer parts of service areas, thereby not only ensuring normal communication among different areas, but also strengthening the dynamic update security policy and ensuring the dynamic security communication of the application service.
Fig. 3 is a schematic structural diagram of an apparatus for enhancing security of a microservice system provided by the present invention, and as shown in fig. 3, an embodiment of the present application provides an apparatus for enhancing security of a microservice system, which can be used as an execution main body of the method for enhancing security of a microservice system in the foregoing embodiment, and specifically includes an instance orchestration module 301, an obtaining module 302, an updating module 303, and a calling module 304, where:
the instance arrangement module 301 is used for performing dynamic arrangement of service business and resources according to configuration automation by using a container instance arrangement tool; automatically setting attribute information of a service container by executing a pre-configured script file; the pre-configured script file comprises an attribute name of a service container to be set; the obtaining module 302 is configured to dynamically obtain attribute information of all relevant service containers in a service link; the updating module 303 is configured to dynamically update the firewall software policy and the firewall device policy according to the attribute information of all the relevant service containers; the calling module 304 is used for calling a service application program interface API.
The apparatus for improving the security of the microservice system provided in the embodiment of the present application may be configured to execute the method described in the corresponding embodiment, and the specific steps of executing the method described in the corresponding embodiment by the apparatus provided in the embodiment are the same as those in the corresponding embodiment, and the same technical effects may be achieved.
Fig. 4 is a schematic structural diagram of an electronic device provided in the present invention, and as shown in fig. 4, the electronic device may include: a processor (processor)410, a communication Interface 420, a memory (memory)430 and a communication bus 440, wherein the processor 410, the communication Interface 420 and the memory 430 are communicated with each other via the communication bus 440. The processor 410 may call logic instructions in the memory 430 to perform a method of enhancing the security of a microservice system, the method comprising:
utilizing a container instance arrangement tool to automatically carry out dynamic arrangement of service business and resources according to configuration; automatically setting attribute information of a service container by executing a pre-configured script file; the pre-configured script file comprises an attribute name of a service container to be set;
dynamically acquiring attribute information of all related service containers in a service link;
dynamically updating firewall software policies and firewall equipment policies according to the attribute information of all the related service containers;
a service application program interface API is called.
In addition, the logic instructions in the memory 430 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, which includes a computer program stored on a non-transitory computer-readable storage medium, the computer program including program instructions, when the program instructions are executed by a computer, the computer being capable of executing the method for enhancing the security of the microservice system provided by the above methods, the method including:
utilizing a container instance arrangement tool to automatically carry out dynamic arrangement of service business and resources according to configuration; automatically setting attribute information of a service container by executing a pre-configured script file; the pre-configured script file comprises an attribute name of a service container to be set;
dynamically acquiring attribute information of all related service containers in a service link;
dynamically updating firewall software policies and firewall equipment policies according to the attribute information of all the related service containers;
a service application program interface API is called.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium, on which a computer program is stored, the computer program being implemented by a processor to perform the method for enhancing security of a microservice system provided in the above aspects, the method comprising:
utilizing a container instance arrangement tool to automatically carry out dynamic arrangement of service business and resources according to configuration; automatically setting attribute information of a service container by executing a pre-configured script file; the pre-configured script file comprises an attribute name of a service container to be set;
dynamically acquiring attribute information of all related service containers in a service link;
dynamically updating firewall software policies and firewall equipment policies according to the attribute information of all the related service containers;
a service application program interface API is called.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A method for improving the security of a microservice system, comprising:
utilizing a container instance arrangement tool to automatically carry out dynamic arrangement of service business and resources according to configuration;
automatically setting attribute information of a service container by executing a pre-configured script file; the pre-configured script file comprises an attribute name of a service container to be set;
dynamically acquiring attribute information of all related service containers in a service link;
dynamically updating firewall software policies and firewall equipment policies according to the attribute information of all the related service containers;
a service application program interface API is called.
2. The method for improving the security of the microservice system of claim 1, wherein the attribute information comprises: instance name, host name, MAC address, IP address, and port.
3. The method for improving the security of the microservice system of claim 1, wherein the firewall software policy is a firewall software policy of a host operating system.
4. The method for improving the security of the microservice system according to claim 1, wherein the step of dynamically updating the firewall software policy and the firewall device policy according to the attribute information of all the related service containers comprises:
dynamically updating firewall software strategies according to the attribute information of all relevant service containers, and checking whether the operation is successful or not;
and if the firewall software strategy is updated dynamically, dynamically updating the firewall equipment strategy according to the attribute information of all the related service containers.
5. The method for improving the security of the microservice system of claim 1, wherein the invoking a service Application Program Interface (API) comprises:
verifying the user before calling the API;
carrying out malicious call and DDOS malicious attack verification on the API;
and carrying out verification, encryption and decryption processing on the input and output information of the API.
6. The method for improving the security of the microservice system according to claim 1, wherein the authenticating the user before calling the API interface comprises:
judging whether the target user fails to log in continuously for more than 3 times;
and if the login fails for more than 3 times continuously, moving the target user into a blacklist.
7. The method for improving the security of the micro service system according to claim 1, wherein the malicious call and DDOS malicious attack verification on the API interface comprises:
judging whether the target user calls the same API at a frequency of more than 10 times per second or not;
if the same API is called more than 10 times per second, the target user is moved into the blacklist.
8. An apparatus for enhancing the security of a microservice system, comprising:
the instance arrangement module is used for carrying out dynamic arrangement of service business and resources according to configuration automation by utilizing a container instance arrangement tool; automatically setting attribute information of a service container by executing a pre-configured script file; the pre-configured script file comprises an attribute name of a service container to be set;
the acquisition module is used for dynamically acquiring the attribute information of all related service containers in the service link;
the updating module is used for dynamically updating the firewall software strategy and the firewall equipment strategy according to the attribute information of all the related service containers;
and the calling module is used for calling the service application program interface API.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program performs the steps of the method for increasing the security of a microservice system according to any of the claims 1 to 7.
10. A non-transitory computer readable storage medium, on which a computer program is stored, wherein the computer program, when being executed by a processor, implements the steps of the method for enhancing the security of a microservice system according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011480566.0A CN112671861B (en) | 2020-12-15 | 2020-12-15 | Method and device for improving security of micro-service system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011480566.0A CN112671861B (en) | 2020-12-15 | 2020-12-15 | Method and device for improving security of micro-service system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112671861A true CN112671861A (en) | 2021-04-16 |
| CN112671861B CN112671861B (en) | 2023-03-24 |
Family
ID=75406111
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011480566.0A Active CN112671861B (en) | 2020-12-15 | 2020-12-15 | Method and device for improving security of micro-service system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112671861B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113791758A (en) * | 2021-09-01 | 2021-12-14 | 湖南大学 | Service arrangement localization execution system and method thereof |
| CN113923199A (en) * | 2021-10-11 | 2022-01-11 | 交控科技股份有限公司 | Data communication transmission optimization method and system |
| CN114301841A (en) * | 2021-12-20 | 2022-04-08 | 山石网科通信技术股份有限公司 | K8S-based micro-isolation strategy processing method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9521115B1 (en) * | 2016-03-24 | 2016-12-13 | Varmour Networks, Inc. | Security policy generation using container metadata |
| CN110781476A (en) * | 2019-10-15 | 2020-02-11 | 南京南瑞信息通信科技有限公司 | Flexible micro-service security access control method and system |
| CN111064715A (en) * | 2019-11-29 | 2020-04-24 | 北京浪潮数据技术有限公司 | Method and device for arranging firewall and computer readable storage medium |
| US20200177549A1 (en) * | 2018-12-04 | 2020-06-04 | Cisco Technology, Inc. | Micro-firewalls in a microservice mesh environment |
| CN111752641A (en) * | 2020-06-29 | 2020-10-09 | 深圳壹账通智能科技有限公司 | Method, device, equipment and storage medium for starting service between micro-service containers |
| CN111835794A (en) * | 2020-09-17 | 2020-10-27 | 腾讯科技(深圳)有限公司 | Firewall policy control method and device, electronic equipment and storage medium |
-
2020
- 2020-12-15 CN CN202011480566.0A patent/CN112671861B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9521115B1 (en) * | 2016-03-24 | 2016-12-13 | Varmour Networks, Inc. | Security policy generation using container metadata |
| US20200177549A1 (en) * | 2018-12-04 | 2020-06-04 | Cisco Technology, Inc. | Micro-firewalls in a microservice mesh environment |
| CN110781476A (en) * | 2019-10-15 | 2020-02-11 | 南京南瑞信息通信科技有限公司 | Flexible micro-service security access control method and system |
| CN111064715A (en) * | 2019-11-29 | 2020-04-24 | 北京浪潮数据技术有限公司 | Method and device for arranging firewall and computer readable storage medium |
| CN111752641A (en) * | 2020-06-29 | 2020-10-09 | 深圳壹账通智能科技有限公司 | Method, device, equipment and storage medium for starting service between micro-service containers |
| CN111835794A (en) * | 2020-09-17 | 2020-10-27 | 腾讯科技(深圳)有限公司 | Firewall policy control method and device, electronic equipment and storage medium |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113791758A (en) * | 2021-09-01 | 2021-12-14 | 湖南大学 | Service arrangement localization execution system and method thereof |
| CN113923199A (en) * | 2021-10-11 | 2022-01-11 | 交控科技股份有限公司 | Data communication transmission optimization method and system |
| CN114301841A (en) * | 2021-12-20 | 2022-04-08 | 山石网科通信技术股份有限公司 | K8S-based micro-isolation strategy processing method and device |
| CN114301841B (en) * | 2021-12-20 | 2024-02-06 | 山石网科通信技术股份有限公司 | K8S-based micro-isolation strategy processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112671861B (en) | 2023-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112671861B (en) | Method and device for improving security of micro-service system | |
| US10375111B2 (en) | Anonymous containers | |
| RU2755880C2 (en) | Hardware virtualized isolation for ensuring security | |
| US9807118B2 (en) | Security orchestration framework | |
| US8079030B1 (en) | Detecting stealth network communications | |
| Gupta et al. | A profile based network intrusion detection and prevention system for securing cloud environment | |
| US11711399B2 (en) | Policy enforcement for secure domain name services | |
| US11711345B2 (en) | Split tunnel-based security | |
| US20130111542A1 (en) | Security policy tokenization | |
| US11881938B2 (en) | Provisioning of encrypted DNS services | |
| US10193862B2 (en) | Security policy analysis based on detecting new network port connections | |
| RU2584506C1 (en) | System and method of protecting operations with electronic money | |
| US10944720B2 (en) | Methods and systems for network security | |
| US20180212945A1 (en) | Authenticator plugin interface | |
| US11917080B2 (en) | Secure attestation of endpoint capability | |
| US20210073374A1 (en) | Securing an application framework from shared library sideload vulnerabilities | |
| US11599675B2 (en) | Detecting data leakage to websites accessed using a remote browsing infrastructure | |
| US8272041B2 (en) | Firewall control via process interrogation | |
| US11930359B2 (en) | Wireless access point with multiple security modes | |
| US20200412725A1 (en) | Cloud-based shared security cache | |
| US8925091B2 (en) | System and method for evaluation in a collaborative security assurance system | |
| WO2016014370A1 (en) | Establishing secure computing devices for virtualization and administration | |
| Mahfouz et al. | Secure live virtual machine migration through runtime monitors | |
| US11671371B2 (en) | Synchronization of multi-stack nodes | |
| Annane et al. | Research gaps based virtualization in mobile cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |