CN113239359A - Block chain trusted container security reinforcement system and method - Google Patents
Block chain trusted container security reinforcement system and method Download PDFInfo
- Publication number
- CN113239359A CN113239359A CN202110455375.7A CN202110455375A CN113239359A CN 113239359 A CN113239359 A CN 113239359A CN 202110455375 A CN202110455375 A CN 202110455375A CN 113239359 A CN113239359 A CN 113239359A
- Authority
- CN
- China
- Prior art keywords
- container
- host
- safety detection
- security
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Abstract
The invention discloses a block chain trusted container security reinforcing system and a method, wherein the system comprises: the system comprises a container security detection module, a host security detection module and an intelligent contract upgrading and rolling back module. And respectively carrying out security detection on the container and the host running the container simultaneously through OpenSCAP, and ensuring that the block chain service runs in a trusted container on a trusted host system. Meanwhile, the security of the host system is reinforced through the OSTree, the situation that the host system cannot normally operate due to attack of malicious programs or failure in upgrading and the like is prevented, block chain service abnormity in the container is further caused, and the safety and the reliability of the container and the host system are greatly guaranteed.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a block chain trusted container security reinforcing system and method.
Background
The lightweight security isolation feature of the container may provide better performance and security for the services running therein. Block chain as a service (BaaS) is currently widely deployed in virtual environments, particularly in containers. But the image of the running container itself may still have security flaws, for example, the installation package in the image has a CVE (Common virtualization & explores, Common vulnerability disclosure).
In addition, a host operating system for running the container may have a security problem, or a system failure may be caused by an abnormality, for example, after the host is attacked by a malicious user, the container is controlled by installing a trojan program; the host system is interrupted in the upgrading process due to power failure, network interruption and the like, so that the host system cannot be normally started, and further, the service abnormality in the container during operation is caused.
Therefore, how to provide a secure and reliable system for reinforcing the trusted container for blockchain services is a problem that needs to be solved by those skilled in the art.
Disclosure of Invention
In view of this, the invention provides a system and a method for reinforcing the security of a block chain trusted container, which effectively solve the problems that services in the container cannot work normally due to the security defect of an operating container or the security defect of a host system.
In order to achieve the purpose, the invention adopts the following technical scheme:
in one aspect, the present invention provides a system for securing and reinforcing a blockchain trusted container, the system comprising:
the container safety detection module is used for selecting a container to be subjected to safety detection, determining an identifier for operating the container, and performing safety detection on the container to obtain a container safety detection result;
the host safety detection module is used for acquiring a network identifier of a host machine to be detected, and carrying out safety detection on the host machine through the network identifier to obtain a host safety detection result; and
the upgrading and rollback intelligent contract module is used for respectively judging whether the container and the host have safety defects according to the container safety detection result and the host safety detection result, and upgrading the container if the container has the safety defects; if the host machine has a security defect, the host system is upgraded, and if the host system is upgraded abnormally, the original available host system version is automatically rolled back.
Further, the above-mentioned system for reinforcing the security of a block chain trusted container further includes: and the detection result output module is used for respectively generating corresponding safety detection reports according to the container safety detection result and the host safety detection result, and marking the health condition of the container or the host in the safety detection reports.
The detection result output module respectively collects safety detection reports generated by the container and the host, and if the CVE exists, the health condition of the container or the host is marked to be red in the report based on the web; otherwise, marking the health condition as green; if there is no CVE, but the application or package installed on the container or host system (the RPM package based Linux system) has not been updated for more than a week, then the health status is marked as yellow. And links to specific test results by clicking on the "detailed report" at the report.
The intelligent contract module for upgrading and rolling back has the main function of defining and realizing automatic contract codes, and when the defined contract rules are met, the contract codes are automatically executed. Contract codes are divided into upgrade and rollback contracts, and upgrade contracts are further divided into container upgrade contracts and host system upgrade contracts. For example, if the security detection finds that the container has the CVE, the CVE triggers a container upgrade contract code to complete the automatic upgrade process of the container.
Further, an OpenSCAP open source tool is pre-deployed in the host or an external host associated therewith, and the OpenSCAP open source tool is used for performing security detection on the container and the host.
The container security detection part can acquire the security condition of the container or the container mirror image, and the method and the system perform security scanning on the container or the container mirror image based on an OpenSCAP open source tool and generate a security report. The corresponding OpenSCAP command is oscap-docker container-CVE to detect whether the operation container has CVE or not; the oscap-docker image-CVE detects whether a CVE exists in the container image.
Further, an OSTree tool is pre-installed in the host machine and used for upgrading the container and the host system and rolling back the host system.
According to the system provided by the invention, by determining the safety condition of the current operation container, if the container has a safety leak, the safety defect repair needs to be carried out by upgrading the container (installation package), so that the operation container is safely reinforced, and the operation container is safely scanned based on OpenSCAP to obtain the safety level of the container, thereby repairing the potential safety hazard. Meanwhile, the invention also ensures the safety and reliability of the host system through OpenSCAP and OSTree, and realizes safety reinforcement.
In another aspect, the present invention further provides a method for securing and reinforcing a blockchain trusted container, where the method includes:
selecting a container to be subjected to safety detection, determining an identifier for operating the container, and carrying out safety detection on the container to obtain a container safety detection result;
acquiring a network identification of a host machine to be detected, and carrying out security detection on the host machine through the network identification to obtain a host security detection result;
respectively judging whether the container and the host have safety defects according to the container safety detection result and the host safety detection result, and upgrading the container if the container has the safety defects; if the host machine has a security defect, the host system is upgraded, and if the host system is upgraded abnormally, the original available host system version is rolled back.
Further, the above method for reinforcing the security of the block chain trusted container further includes: and respectively generating corresponding safety detection reports according to the container safety detection result and the host safety detection result, and marking the health condition of the container or the host in the safety detection reports.
Further, the identification of the container may be a container ID or a container name. Certainly, the method can also be implemented by determining the identifier of the container mirror image, the corresponding docker command is used for acquiring the ID and the name of the container for docker ps, and the docker images are used for acquiring the ID and the name of the container mirror image.
Further, the network identifier of the host to be detected is a host name or a network IP address. In the invention, the default SSH port is 22, the corresponding OpenSCAP command is oscap-SSH, and the security check of the remote host can also be completed through the scap-workbench desktop application.
Further, the security detection of the container and the host machine is completed through an OpenSCAP open source tool.
Further, the upgrading of the container and the host system and the rollback of the host system are all completed through an OSTree tool.
According to the technical scheme, compared with the prior art, the system and the method for reinforcing the safety of the block chain trusted container are disclosed, safety detection is simultaneously performed on the container and the host of the operation container through OpenSCAP, and the block chain service is ensured to be operated in the trusted container on the trusted host system. Meanwhile, the security of the host system is reinforced through the OSTree, the situation that the host system cannot normally operate due to attack of malicious programs or failure in upgrading and the like is prevented, block chain service abnormity in the container is further caused, and the safety and the reliability of the container and the host system are greatly guaranteed.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a schematic structural diagram of a block chain trusted container security enforcement system according to the present invention;
FIG. 2 is a schematic diagram illustrating a host system upgrade and rollback process according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart illustrating an implementation of a block chain trusted container security reinforcing method according to the present invention;
FIG. 4 is a schematic flow chart illustrating a process of security detection and upgrade of a container according to an embodiment of the present invention;
FIG. 5 is a schematic flow chart of a host system security detection and upgrade process according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a smart contract triggering process in the embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In one aspect, referring to fig. 1, an embodiment of the present invention discloses a block chain trusted container security reinforcing system, including:
the container safety detection module 1 is used for selecting a container to be subjected to safety detection, determining an identifier of an operating container, and performing safety detection on the container to obtain a container safety detection result;
the host safety detection module 2 is used for acquiring a network identifier of a host machine to be detected, and carrying out safety detection on the host machine through the network identifier to obtain a host safety detection result; and
the upgrading and rollback intelligent contract module 3 is used for respectively judging whether the container and the host have safety defects according to the container safety detection result and the host safety detection result, and upgrading the container if the container has the safety defects; if the host machine has security defects, the host system is upgraded, and if the host system is upgraded abnormally, the original available host system version is automatically rolled back.
Preferably, the above block chain trusted container security reinforcing system further includes: and the detection result output module 4 is used for respectively generating corresponding safety detection reports according to the container safety detection result and the host safety detection result, and marking the health condition of the container or the host in the safety detection reports.
The detection result output module 4 respectively collects safety detection reports generated by the container and the host, and if the CVE exists, the health condition of the container or the host is marked to be red in the report based on the web; otherwise, marking the health condition as green; if there is no CVE, but the application or package installed on the container or host system (the RPM package based Linux system) has not been updated for more than a week, then the health status is marked as yellow. And links to specific test results by clicking on the "detailed report" at the report.
The intelligent contract module 3 for upgrading and rolling back in this embodiment can define and implement automatic contract codes, which will be automatically executed when the defined contract rules are satisfied. Contract codes are divided into upgrade and rollback contracts, and upgrade contracts are further divided into container upgrade contracts and host system upgrade contracts.
Specifically, if the container is found to have safety defects, the container is automatically updated to repair the potential safety hazard; if the host system is found to have safety problems, the host system is automatically upgraded, if the upgrading process is abnormal, for example, the upgrading is interrupted due to external factors such as power failure and network interruption, the original available host system version is automatically rolled back, and the function is realized through the OSTree; after the problem is solved, the upgrade is tried, if the upgrade is successful, the new host system version is automatically switched to, and the host system upgrade and rollback principle is as shown in fig. 2.
On the other hand, referring to fig. 3, an embodiment of the present invention further discloses a method for reinforcing the security of a block chain trusted container, where the method includes:
s1: selecting a container to be subjected to safety detection, determining an identifier of an operating container, and carrying out safety detection on the container to obtain a container safety detection result;
s2: acquiring a network identifier of a host machine to be detected, and carrying out security detection on the host machine through the network identifier to obtain a host security detection result;
s3: respectively judging whether the container and the host have safety defects according to the container safety detection result and the host safety detection result, and upgrading the container if the container has the safety defects; if the host machine has security defects, the host system is upgraded, and if the host system is upgraded abnormally, the original available host system version is rolled back.
Preferably, the above method for reinforcing the security of the blockchain trusted container further includes:
s4: and respectively generating corresponding safety detection reports according to the container safety detection result and the host safety detection result, and marking the health condition of the container or the host in the safety detection reports.
Referring to fig. 4, the safety inspection process of the container in this embodiment is as follows:
firstly, acquiring a container to be detected or a container mirror image
Firstly, deploying and operating an OpenSCAP container on a host, selecting a container to be subjected to security detection, and determining an identifier of the operating container or a container mirror image, wherein the identifier can be an ID or a name. The corresponding docker command acquires the ID and name of the container for docker ps, and the docker images acquires the ID and name of the container mirror image.
Safety detection and output of result of container
The security condition of the container is checked periodically, and in order to obtain the security condition of the running container or the container image, the embodiment performs security scan on the container or the container image based on the OpenSCAP open source tool and generates a security report. The corresponding OpenSCAP command is oscap-docker container-CVE to detect whether the operation container has CVE or not; the oscap-docker image-CVE detects whether a CVE exists in the container image. If there is a security flaw or the container is not updated for more than a week, the container is upgraded to repair the flaw or risk.
Referring to fig. 5, the host security detection process in this embodiment is as follows:
firstly, deploying an OpenSCAP client on a Linux host to obtain a network identifier of a host to be detected, carrying out remote security check on the host system through the network identifier of the host system and reporting a detection result, wherein the network identifier can be a system host name or a network IP address, and an SSH port is set as 22 by default. The corresponding OpenSCAP command is osc-ssh, and the security check of the remote host can also be completed through the scap-workbench desktop application. If the security defect exists or the host system is not updated for more than one week, the host system is upgraded to repair the defect or risk, if the upgrade is successful, the system is switched to a new system version, and if a problem occurs in the upgrade process, the system is automatically rolled back to the old system version.
In a detection result output link, safety detection reports generated by the container and the host are respectively collected, and if CVE exists, the health condition of the container or the host is marked to be red in a web-based report; otherwise, marking the health condition as green; if there is no CVE, but the application or package installed on the container or host system (the RPM package based Linux system) has not been updated for more than a week, then the health status is marked as yellow. And links to specific test results by clicking on the "detailed report" at the report.
In the security reinforcement link, automatic contract codes need to be defined and implemented, and when defined contract rules are met, the contract codes are automatically executed. Contract codes are divided into upgrade and rollback contracts, and upgrade contracts are further divided into container upgrade contracts and host system upgrade contracts. For example, if the security detection finds that the container has the CVE, the CVE triggers a container upgrade contract code to complete the automatic upgrade process of the container. The triggering process of the intelligent contract in this embodiment is shown in fig. 6.
The following describes the implementation flows of the security enforcement method for the container and the host system by two specific embodiments, with reference to fig. 4, 5 and 6.
Example 1
And (3) carrying out security reinforcement on the blockchain service container: the vessel was run on a red-capped open source Atomic host (Fedora CoreOS) with OSTree and Atomic tools already installed inside. The containers running the blockchain service are periodically checked for security to identify security risks for the containers. If the risk exists, including the fact that the CVE and the application or package in the container are not updated for more than one week through security check, a container upgrading contract code is triggered, automatic upgrading of the container is completed, and the safety of the container is strengthened through upgrading and repairing defects.
The safety reinforcement process comprises the following specific implementation steps:
the method comprises the following steps: and acquiring the red cap open source version atomic host system mirror image from the Internet, and deploying and starting the atomic host.
Step two: the container image is pulled and run on the host (i.e., atomic host) system, e.g., the fedora container image is pulled and run. The corresponding specific docker command is docker run-name blkchain-container-td docker.
Step three: and deploying the needed block chain service in the running container blkchain-container, wherein the deployment process is similar to a physical machine, and the container mirror change is submitted.
Step four: the OpenSCAP container is deployed and run on the host system.
Step five: defining and implementing container upgrade intelligent contract code, for example, container upgrade script blkchain-container-upgrade.
if[[cve_found]]||[[pkg_unupdate_more_than_one_week]];then
atomic containers update blkchain-container
fi
Step six: a cron-timed task is implemented, for example, security detection of a blkchain-container is performed by an oscap-docker tool provided by an OpenSCAP container at a specified time each day. Once the blkchain-container is found to have a CVE or the version within the container has not been updated for more than one week, the blkchain-container-update. script is called and the CVE _ found and pkg _ unapplate _ more _ than _ one _ week parameter values are passed.
Example 2
And (3) carrying out security reinforcement on a host system: the part still takes a red-cap open-source atom host as an example, and the specific implementation steps are described as follows:
the method comprises the following steps: and acquiring the red cap open source version atomic host system mirror image from the Internet, and deploying and starting the atomic host.
Step two: the blockchain service image is run on the host (i.e., atomic host) system, referring to step two and step three in embodiment 1 above.
Step three: and deploying an OpenSCAP tool or a scap-workbench desktop application on another Linux host. Here, the OpenSCAP containers deployed on the hosts are not uniformly used for security scanning of the hosts, and performance factors and OpenSCAP toolkit security problems are mainly considered.
Step four: the method includes the steps that an intelligent contract code of host upgrading and rollback is realized on a Linux host which deploys an OpenSCAP tool or a scap-workbench desktop application, for example, a host upgrading rollback script host _ upgrade _ rollback is realized, and the basic logic of the code is as follows:
step five: the method comprises the steps of implementing a cron timing task on a Linux host for deploying an OpenSCAP tool or a scap-workbench desktop application, for example, remotely detecting a host system through an ospap-ssh at a specified time every day, and calling host _ update _ rollback once the host is found to have a CVE or the version of a host packet is not updated for more than one week, and transmitting CVE _ found and pkg _ unapplate _ more _ than _ one _ week parameter values.
Some technical terms appearing in the present invention are explained below:
a block chain is a novel decentralized distributed account book for recording digital assets, and is characterized in that a point-to-point network (P2P), an intelligent contract and a cryptographic hash are used, so that the history of the digital assets is transparent, traceable, maintained collectively and not falsifiable.
The container is a light-weight operating system level virtualization method. The method is characterized in that the isolation of the process level is realized through Linux namespace (namely name space), and the resource control of the process is realized through Cgroup (namely control group).
OpenSCAP, open secure Content Automation Protocol project, SCAP (secure Content Automation Protocol) is a multipurpose specification framework, supporting automatic configuration, vulnerability and patch inspection, technical control compliance activities and Security measurement.
The OSTree, a system upgrading method based on Linux operating system, performs atomic upgrade on the complete file system tree. At the core, it is a content addressable object store like git with branches (or "references") to track the storage file system tree. For submitting and downloading bootable file system trees.
In summary, the system and method provided by the present invention adopt the OpenSCAP open source security technology, check and ensure the security of both the container running the blockchain service and the host system running the container through the disclosed security policy, and provide the atomic rollback function through the OSTree open source technology in the process of upgrading the host system, thereby ensuring that at least one stable and reliable system version is available for the host running the blockchain service container. In addition, on the Linux host, except/etc,/var and the user home directory can be written, the whole host system is a read-only system, and a malicious user cannot attack the container and the host by installing a hacker program, so that the environment for running the blockchain service is safe and reliable.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A blockchain trusted container security reinforcement system, comprising:
the container safety detection module is used for selecting a container to be subjected to safety detection, determining an identifier of an operating container, and carrying out safety detection on the container to obtain a container safety detection result;
the host safety detection module is used for acquiring a network identifier of a host machine to be detected, and carrying out safety detection on the host machine through the network identifier to obtain a host safety detection result; and
the upgrading and rollback intelligent contract module is used for respectively judging whether the container and the host have safety defects according to the container safety detection result and the host safety detection result, and upgrading the container if the container has the safety defects; if the host machine has a security defect, the host system is upgraded, and if the host system is upgraded abnormally, the original available host system version is automatically rolled back.
2. The system of claim 1, further comprising: and the detection result output module is used for respectively generating corresponding safety detection reports according to the container safety detection result and the host safety detection result, and marking the health condition of the container or the host in the safety detection reports.
3. The system of claim 1, wherein an OpenSCAP open source tool is pre-deployed in the host or an external host associated therewith, and the OpenSCAP open source tool is configured to perform security detection on the container and the host.
4. A block chain trusted container security hardened system as claimed in claim 1, wherein said host is pre-installed with an OSTree tool for upgrading said container and said host system and rolling back said host system.
5. A block chain trusted container security reinforcement method is characterized by comprising the following steps:
selecting a container to be subjected to safety detection, determining an identifier of an operating container, and carrying out safety detection on the container to obtain a container safety detection result;
acquiring a network identification of a host machine to be detected, and carrying out security detection on the host machine through the network identification to obtain a host security detection result;
respectively judging whether the container and the host have safety defects according to the container safety detection result and the host safety detection result, and upgrading the container if the container has the safety defects; if the host machine has a security defect, the host system is upgraded, and if the host system is upgraded abnormally, the original available host system version is rolled back.
6. The method for securing and reinforcing a blockchain trusted container according to claim 5, further comprising: and respectively generating corresponding safety detection reports according to the container safety detection result and the host safety detection result, and marking the health condition of the container or the host in the safety detection reports.
7. The method of claim 5, wherein the identification of the container is a container ID or a container name.
8. The method as claimed in claim 5, wherein the network identifier of the host to be detected is a host name or a network IP address.
9. The method of claim 5, wherein the security detection of the container and the host is performed by an OpenSCAP open source tool.
10. The method of claim 5, wherein the upgrading of the container and the host system and the rollback of the host system are performed by an OSTree tool.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110455375.7A CN113239359A (en) | 2021-04-26 | 2021-04-26 | Block chain trusted container security reinforcement system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110455375.7A CN113239359A (en) | 2021-04-26 | 2021-04-26 | Block chain trusted container security reinforcement system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113239359A true CN113239359A (en) | 2021-08-10 |
Family
ID=77129279
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110455375.7A Pending CN113239359A (en) | 2021-04-26 | 2021-04-26 | Block chain trusted container security reinforcement system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113239359A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108256337A (en) * | 2018-02-26 | 2018-07-06 | 北京阿尔山金融科技有限公司 | Intelligent contract leak detection method, device and electronic equipment |
| US20180260212A1 (en) * | 2017-03-10 | 2018-09-13 | Salesforce.Com, Inc. | Blockchain version control systems |
| US20190102423A1 (en) * | 2017-09-29 | 2019-04-04 | Oracle International Corporation | System and method for providing an interface for a blockchain cloud service |
| CN111680304A (en) * | 2020-06-15 | 2020-09-18 | 北京凌云信安科技有限公司 | Scanning system for comprehensively detecting Docker vulnerability and unsafe configuration |
-
2021
- 2021-04-26 CN CN202110455375.7A patent/CN113239359A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180260212A1 (en) * | 2017-03-10 | 2018-09-13 | Salesforce.Com, Inc. | Blockchain version control systems |
| US20190102423A1 (en) * | 2017-09-29 | 2019-04-04 | Oracle International Corporation | System and method for providing an interface for a blockchain cloud service |
| CN108256337A (en) * | 2018-02-26 | 2018-07-06 | 北京阿尔山金融科技有限公司 | Intelligent contract leak detection method, device and electronic equipment |
| CN111680304A (en) * | 2020-06-15 | 2020-09-18 | 北京凌云信安科技有限公司 | Scanning system for comprehensively detecting Docker vulnerability and unsafe configuration |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Brady et al. | Docker container security in cloud computing | |
| EP2164017B1 (en) | Automatic hardware-based recovery of a compromised computer | |
| US8621278B2 (en) | System and method for automated solution of functionality problems in computer systems | |
| US9652632B2 (en) | Method and system for repairing file at user terminal | |
| US8850587B2 (en) | Network security scanner for enterprise protection | |
| US20050091542A1 (en) | Automated computer vulnerability resolution system | |
| Schwarzkopf et al. | Increasing virtual machine security in cloud environments | |
| US20110247071A1 (en) | Automated Malware Detection and Remediation | |
| US20060248522A1 (en) | Deploying agent software to managed computer systems | |
| US20110283138A1 (en) | Change Tracking and Management in Distributed Applications | |
| US9244758B2 (en) | Systems and methods for repairing system files with remotely determined repair strategy | |
| JP2015531508A (en) | System and method for automated memory and thread execution anomaly detection in computer networks | |
| US20170244761A1 (en) | Consensus-based network configuration management | |
| US10102073B2 (en) | Systems and methods for providing automatic system stop and boot-to-service OS for forensics analysis | |
| CN110059007B (en) | System vulnerability scanning method and device, computer equipment and storage medium | |
| CN111177708A (en) | PLC credibility measuring method, system and measuring device based on TCM chip | |
| CN110795346A (en) | Product monitoring method, device, equipment and readable storage medium | |
| CN102915359B (en) | File management method and device | |
| CN105791250A (en) | Application detection method and device | |
| CN113239359A (en) | Block chain trusted container security reinforcement system and method | |
| Schwarzkopf et al. | Checking running and dormant virtual machines for the necessity of security updates in cloud environments | |
| CN111625834A (en) | System and method for detecting vulnerability of Docker mirror image file | |
| CN102902564B (en) | Method and the device of patch are installed | |
| CN114861168A (en) | Anti-escape attack behavior deception honeypot construction method | |
| CN113254941A (en) | Linux kernel source code processing method, device and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |