CN114650184A - Docker process security access control method based on trust degree - Google Patents

Docker process security access control method based on trust degree Download PDF

Info

Publication number
CN114650184A
CN114650184A CN202210395021.2A CN202210395021A CN114650184A CN 114650184 A CN114650184 A CN 114650184A CN 202210395021 A CN202210395021 A CN 202210395021A CN 114650184 A CN114650184 A CN 114650184A
Authority
CN
China
Prior art keywords
directory
user
file name
trust
access control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210395021.2A
Other languages
Chinese (zh)
Other versions
CN114650184B (en
Inventor
郭晶
郑建宁
张津铭
刘泽三
李玉
宋卫平
杨帆
刘歆一
韩宏军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Zhongdian Aostar Information Technologies Co ltd
State Grid Information and Telecommunication Co Ltd
Original Assignee
Sichuan Zhongdian Aostar Information Technologies Co ltd
State Grid Information and Telecommunication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Zhongdian Aostar Information Technologies Co ltd, State Grid Information and Telecommunication Co Ltd filed Critical Sichuan Zhongdian Aostar Information Technologies Co ltd
Priority to CN202210395021.2A priority Critical patent/CN114650184B/en
Publication of CN114650184A publication Critical patent/CN114650184A/en
Application granted granted Critical
Publication of CN114650184B publication Critical patent/CN114650184B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Abstract

The invention relates to the technical field of container and trust access control, and discloses a trust-based Docker process security access control method, which comprises the following steps: inputting system security parameters of a host machine where the container is located, acquiring and outputting system public parameters and a system master key; traversing the file name/directory, filling, and then using the output system public parameter as a public key to carry out randomization encryption processing on the file name/directory to obtain the file name/directory after randomization; generating corresponding private keys for the access authorities corresponding to the file names/directories according to the output system public parameters and the system master key; the access control structure based on the user trust distributes the private key according to the attribute of the user sending the access request, and distributes the private key to the user process with the corresponding trust; verifying and verifying the timeliness and the accuracy of a private key of a user by using the trusted timestamp; when the user process accesses the file name/directory, the judgment is carried out and the decryption is carried out by using the private key.

Description

Docker process security access control method based on trust degree
Technical Field
The invention relates to the technical field of container and trust access control, in particular to a trust-based Docker process security access control method, which is used for combining the access control of user trust with MNT-namespace file name/directory randomization and controlling the access of a process to the file name/directory through the randomization of the MNT-namespace file name/directory.
Background
SELinux (Security-enhanced Linux) is a kind of MAC, and Linux establishes a fine-grained Security enforcement policy and Type Enforcement (TE) through independent components or tags. The Android system includes SELinux (in a mandatory mode) and a corresponding security policy applicable to the entire Android open source code (AOSP) by default. In the force mode, illegal operations are blocked and all violations attempted are logged by the kernel into dmesg and logcat. However, SELinux is disabled or no enforcement policies are performed in many cases, and furthermore SELinux typically discovers vulnerabilities or weaknesses within the policy file itself or inappropriately applied tags. As with any other MAC system, due to lack of restrictions on system calls or other kernel boundary conditions, a hole or vulnerability in SELinux may also result in a significant hole, and may even result in an attack on the entire system.
To implement access control, the AppArmor security module is inserted into the LSM security framework in a loadable form, such that it can identify both the file and posix.1e property draft resources, control all access to both resources, and restrict applications within both resource orientations. Thus, AppArmor can effectively prevent restricted programs from accessing both resources in an impermissible manner. In use, although the AppArmor module can well limit configured programs, the AppArmor module identifies program files based on paths, once the program files are replaced, the AppArmor module may execute some programs with viruses, the system cannot be well protected, and an intruder can bypass the security module to destroy the system.
In the aspect of Linux container virtualization technology, Seccomp can provide a safe running environment for untrusted pure computing code, so as to protect the normal running of a system and an application program from being interfered by the untrusted code. Seccomp can filter system calls in a program to allow a process to run in a more secure mode in which the process only allows a restricted set of system calls to be executed. If a system call other than the Seccomp policy is executed in the program, the process will be terminated. For a process, a plurality of system calls are not used in the life cycle of the process, and some system calls used by the process are unsafe, so that a plurality of bugs are generated in the process of the system calls, and the system is attacked by bringing a multiplicative opportunity to other untrusted processes. The advantages of Seccomp are the conccomp, but only pure computing code can be supported, so that the application of the Seccomp is greatly limited. For example, a process in the Seccomp mode cannot dynamically allocate memory, cannot use shared memory with other processes, cannot use new file descriptors, and so on. If a rich-featured application is to be supported, additional methods are needed to intercept and process other system calls. For content, the kernel system call interface is an important attack surface, so it is useful to use Seccomp to further isolate the container. However, only Docker supports Seccomp-bpf at present, and LXCv1.0 only uses Seccomp as an option. The main reasons why Seccomp-bpf is not widely used are that a white list and a black list of system call are difficult to set, a security hole exists in the required system call, and the Seccomp performance loss is large.
Disclosure of Invention
The invention aims to provide a trust-based Docker process security access control method, which is used for combining the access control of user trust and MNT-namespace file name/directory randomization to achieve the effect of dynamically controlling the access and the authority of a process to a created Docker container.
The invention is realized by the following technical scheme: a Docker process security access control method based on trust degree comprises the following steps:
s1, inputting system security parameters of a host machine where a container is located, acquiring and outputting system public parameters and a system master key;
s2, traversing the file names/directories, filling, and then performing randomized encryption processing on the file names/directories by using the system public parameters output in the step S1 as public keys to obtain randomized file names/directories;
s3, generating corresponding private keys according to the system public parameters and the system master key output in the step S1 and the access authorities corresponding to the file names/directories;
s4, distributing the private key in the step S3 according to the attribute of the user sending the access request by the access control structure based on the user trust degree, and distributing the private key to the user process corresponding to the trust degree;
s5, verifying and verifying timeliness and accuracy of a private key of the user by using the trusted timestamp;
and S6, when the user process accesses the file name/directory, judging and decrypting by using a private key.
In the invention, the zero trust is based on the access control model of trust, the essence of the zero trust security is based on the access control of trust, and the balance of self-adaption, manageability and expandability of an authorization strategy needs to be fully considered in specific practice. It is proposed to use a combination of a role-based access control model RBAC and an attribute-based access control model ABAC. Coarse-grained authorization is realized through RBAC, and an authority baseline meeting a minimum authority principle is established; the dynamic mapping of roles is realized based on subject, object and environment attributes through an ABAC model, and flexible management requirements are met; and filtering the angle and the authority through risk assessment and analysis to realize dynamic authorization of scene and risk perception. The classical access control framework contains 4 access control functional components: an Initiator (Initiator), a Target (Target), an access control enforcement function (AEF), and an access control decision function (ADF), most access control and authorization schemes can be abstracted to this framework model. The initiator represents both the person and the computer-based entity accessing or attempting to access the target. The target represents a computer or communication-based entity that the initiator has access to or attempts to access. For example, the target may be an OSI layer entity, a file, or a real system. The access request represents operations and operands that form the basis of an attempted access. The AEF (Access Control implementation Function) ensures that the initiator can only perform accesses on the target that are allowed as determined by the ADF. When the initiator makes a request to perform a particular access on the target, the AEF notifies the ADF that a decision needs to be made in order to be able to make the decision. Other inputs to the ADF (Access Control Decision Function) are Access Control policy rules (from the ADF security domain authority) and any context information needed to interpret the ADI or policy. Examples of contextual information include the location of the originator, the access time, or the particular communication path used. Based on these inputs, and possibly the ADI that remained in the previous decision, the ADF may make a decision to allow or disallow the originator from attempting to access the target. The decision is passed to the AEF, which either allows the access request to be passed to the target or takes other appropriate action. Isolation of the process and its related resources is achieved in the context of a Linux container, and these resources also include the file system environment of the process. This requires a separate file environment in the container and processes in the container share this file system environment, i.e., the container's own root file system environment. The kernel introduces the concept of MNT-namespace to achieve isolation of the file system environment. CP-ABE (ciphertext policy attribute based encryption System): the ciphertext policy encryption system is used for decrypting a ciphertext corresponding to an access structure and decrypting a ciphertext corresponding to an attribute set only if the attribute in the attribute set can meet the access structure.
The timestamp refers to the total number of seconds from the greenwich time of 1970, 01, 00 min 00 sec (the time of 00 min 00 sec of 01, 08 of 01, 1970) to the present, and in popular terms, the timestamp is a complete and verifiable piece of data that can indicate that the piece of data exists at a specific time.
In order to better implement the invention, the randomized encryption processing method and the decryption processing method are further CP-ABE algorithm.
In order to better implement the present invention, step S2 further includes:
the access of the process to the file name/directory is controlled by the randomization of the MNT-namespace file name/directory;
and firstly reading the direct file name/directory, and then filling the direct file name/directory to obtain the file name/directory needing to be subjected to randomization processing.
In order to better implement the present invention, further, the specific calculation method of the user confidence level in step S4 includes: obtaining a structural element U, which is a set of users who make access requests to filenames/directories in MNT-namespace and is expressed as U-U1u2,u3,...,ua};
The level R in the system is obtained, representing the qualification for accessing the filename/directory in MNT namespace, and is denoted as R ═ R { (R)1,r2,r3,...,rb};
Obtaining the operation authority P for accessing the resource in MNT namespace, and expressing as P ═ P1,p2,p3,...,pc};
A set F of filenames within the MNT namespace is obtained and denoted as F ═ F1,f2,f3,...,fd};
Obtaining a confidence level TC, and representing the confidence level TC as {1, 2, 3., r };
obtaining an initial trust value IT, reading the user access times and access success times from a host kernel, calculating a trust value T according to the success times and the total times, and expressing the trust value T as
Figure BDA0003598513100000041
Wherein, the total times of the user accessing the file is recorded as NijAnd the number of successes is denoted Sij
Figure BDA0003598513100000042
Is a penalty term;
a composite confidence value CT is obtained and expressed as CT ═ α1IT+α2T, wherein α1And alpha2Is the weight.
In order to better implement the invention, further, the method further comprises the following steps:
the legitimate trust value change is represented as:
Figure BDA0003598513100000043
the illegal trust value change is represented as:
Figure BDA0003598513100000044
in order to better implement the present invention, step S5 further includes:
and carrying out credible verification on the private key distributed by the user by using credible timestamp verification, entering the next step after the verification is passed, and ending the flow if the verification is not passed.
In order to better realize the invention, further, the user carries out Hash abstract processing on the file data;
a user makes a request of the time stamp, and the Hash value is transmitted to a time stamp server;
the timestamp server signs the hash value and a date/time record to generate a timestamp;
and the timestamp data and the file information are returned after being bound, and the user performs the next operation.
In order to better implement the present invention, step S6 further includes:
when the user process accesses the file name/directory, judging whether the accessed file name/directory is the file name/directory after randomization, if so, performing path analysis and accessing the file, and if not, performing randomization encryption processing on the file name/directory again.
Compared with the prior art, the invention has the following advantages and beneficial effects:
(1) the invention utilizes keys to encrypt the file name/directory, thereby forming an MNT (name management table) name space with randomized file name/directory;
(2) the invention uses CP-ABE algorithm to encrypt and decrypt; distributing a private key by using an access control structure based on the user trust level, and verifying a trusted timestamp before decrypting by using the private key; the encrypted object is the filename/directory within the MNT-namespace and the decrypted object is the encrypted randomized filename/directory. The invention can dynamically control the access and the authority of the process to the established Docker container.
Drawings
The invention is further described in connection with the following figures and examples, all of which are intended to be open ended and within the scope of the invention.
Fig. 1 is a flowchart of a method for controlling security access to a Docker process based on trust provided by the present invention.
Fig. 2 is a flowchart of a trusted timestamp verification method of the trust-based Docker process security access control method provided by the present invention.
FIG. 3 is a CP-ABE algorithm diagram of a Docker process security access control method based on trust provided by the present invention.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments, and therefore should not be considered as a limitation to the scope of protection. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
In the description of the present invention, it is to be noted that, unless otherwise explicitly specified or limited, the terms "disposed," "connected," and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Example 1:
in the method for controlling security access to a Docker process based on trust level of this embodiment, as shown in fig. 1 to 3, the method for controlling security access to a Docker process based on trust level is provided based on a trust-based access control model, access control, namespace technology, CP-ABE encryption algorithm and trusted timestamp verification in zero trust.
The invention controls the access of the process to the file name/directory by the randomization of the MNT-namespace file name/directory: and inputting the security parameters of the host system where the container is located to obtain and output the system public parameters and the system master key. And firstly reading the direct file name/directory, then filling the file direct file name/directory, and then encrypting the file name/directory by using the system public parameters output in the previous step as a public key to obtain the randomized file name/directory. The file name/directory generates different private keys under the combined action of the master key and the system public parameters, and the access control structure distributes the private keys according to the user attributes. And the user verifies the validity of the private key by using the trusted timestamp verification.
In this embodiment, the randomized file name/directory is decrypted, and the path is analyzed and accessed. If the user does not have a corresponding private key, the access request will be denied. Combining a file name/directory randomization technology with a Docker container file isolation mechanism MNT-namespace, and generating MNT namespace keys (keys); encrypting the file name/directory by utilizing keys to further form an MNT (name management table) name space for file name/directory randomization; resolving the path name to enable an authorized trusted user to normally access the file; if the attacker wants to successfully obtain the normal file name/directory, the attacker either needs to acquire the root user authority for creating the MNT namespace or needs to operate on data residing in the kernel and the memory, which undoubtedly increases the difficulty of the attack.
Firstly, through read direct traversal and file direct filling, file names/directories which need to be randomized are obtained and input into host system security parameters, and a system master key and system public parameters are obtained; encrypting (randomizing) the selected file name/directory using the system common parameter as a public key; the system master key and the system public parameter jointly act on the authority corresponding to the file name/directory to generate a corresponding private key; collecting user information, tracking and evaluating user behaviors, generating user attributes, and distributing corresponding private keys according to the user attributes; the private key distributed by the user is verified by using the trusted timestamp, the verification is passed, the next step is carried out, the verification is not passed, and the flow is ended; and judging whether the accessed file name/directory is the file name/directory after randomization, if so, entering the next step, otherwise, ending. And decrypting the corresponding file name/directory by using the private key, analyzing the path and accessing the file.
Example 2:
the embodiment is further optimized on the basis of the embodiment 1, and the randomized encryption processing method and the decryption processing method are CP-ABE algorithms. CP-ABE (ciphertext policy attribute based encryption System): by ciphertext policy encryption system, a ciphertext corresponds to an access structure and a key corresponds to a set of attributes, and decryption is performed if and only if the attributes in the set of attributes satisfy the access structure.
The invention controls the access of the process to the file name/directory by the randomization of the MNT-namespace file name/directory, the randomization technology is completed by encryption and decryption, and the CP-ABE algorithm is encrypted based on the ciphertext attribute and is adaptive to the multilevel characteristics of the file name/directory, so that the corresponding file can be decrypted according to the private key corresponding to the attribute owned by the process of the user initiating the access request. Reading and sorting file names and the subordination relation thereof in the MNT-namespace to construct a binary tree, and setting each file name as a node on the binary tree so as to facilitate retrieval and access; according to the position of the file name and the attribute of the file name, the generated private key can be issued as the authority.
Other parts of this embodiment are the same as embodiment 1, and thus are not described again.
Example 3:
the embodiment is further optimized on the basis of the embodiment 1 or 2, and the access of the process to the file name/directory is controlled by the randomization of the MNT-namespace file name/directory; and firstly reading the direct file name/directory, and then filling the direct file name/directory to obtain the file name/directory needing to be subjected to randomization processing. Meanwhile, when the access control structure aiming at the file names/directories in the MNT-namespace is established, the access control model based on the users, the roles and the authorities is established, and the file name set and the trust level set are additionally constructed on the basis of the original user set, role set and authority set. The center around the challenge and randomization is the file name/directory, while encryption and decryption is based on the attributes of the file name, thus mapping the attributes of the set of file names into the set of permissions. And the trust level set corresponds to the role set one by one. The trust level set is generated along with the user set, so that the trust level set can connect the role set with the user set, and the access user can be endowed with related authority.
Other parts of this embodiment are the same as those of embodiment 1 or 2, and thus are not described again.
Example 4:
in this embodiment, further optimization is performed on the basis of any one of the embodiments 1 to 3, and the specific calculation method of the user trust includes:
obtaining a structural element U, wherein the structural element U is used for making an access request for a file name/directory in MNT-namespaceSet of households and denoted as U ═ U1,u2,u3,...,ua};
The level R in the system is obtained, representing the qualification for accessing the filename/directory in MNT namespace, and is denoted as R ═ R { (R)1,r2,r3,...,rb};
Obtaining the operation authority P for accessing the resource in MNT namespace, and expressing as P ═ P1,p2,p3,...,pc};
A set F of filenames within the MNT namespace is obtained and denoted as F ═ F1,f2,f3,...,fd};
Obtaining a confidence level TC, and representing the confidence level TC as {1, 2, 3.., r };
obtaining an initial trust value IT, reading the user access times and access success times from a host kernel, calculating a trust value T according to the success times and the total times, and expressing as
Figure BDA0003598513100000071
Wherein, the total times of the user accessing the file is recorded as NijAnd the number of successes is denoted Sij
Figure BDA0003598513100000072
Is a penalty term;
a composite confidence value CT is obtained and expressed as CT ═ α1IT+α2T, wherein α1And alpha2Is the weight.
As shown in FIG. 2, the present embodiment provides for filename/directory randomization using the CP-ABE algorithm, CP-ABE (ciphertext policy attribute based encryption System): by ciphertext policy encryption system, a ciphertext corresponds to an access structure and a key corresponds to a set of attributes, and decryption is performed if and only if the attributes in the set of attributes satisfy the access structure. The design is closer to the actual application scene, and can simulate that each user obtains the key from the attribute mechanism according to the condition or attribute of the user, and then the encryptor formulates the access control to the message.
The file name/directory has multilevel characteristics, the authority also has multilevel characteristics, the access authority of the file name/directory is the attribute of the corresponding user, the file name/directory is randomized by using a CP-ABE algorithm, and the file name/directory is matched with the actual condition that the high authority covers the low authority in an enterprise, and the file name/directory covers layer by layer in the system.
The selected file name/directory is encrypted using the system common parameter as a public key (randomization process).
And acquiring user information, tracking and evaluating user behaviors, generating user attributes, and distributing corresponding private keys according to the user attributes. The user attributes are calculated and evaluated through the formula. And decrypting the corresponding file name/directory by using the private key, analyzing the path and accessing the file.
Other parts of this embodiment are the same as any of embodiments 1 to 3, and thus are not described again.
Example 5:
in this embodiment, further optimization is performed on the basis of any one of the embodiments 1 to 4, where the change of the legal trust value is expressed as:
Figure BDA0003598513100000081
the illegal trust value change is represented as:
Figure BDA0003598513100000082
in this embodiment, after each access cycle is finished, according to the success rate of the user access behavior, the trust level is subjected to one time of reward and punishment. The method and the device have the advantages that the trust level of the user is continuously and dynamically evaluated, one-time reward punishment is carried out on the trust level of the user regularly, the identity information of the user is collected, the initial trust value and the trust level are given to the user according to the identity information of the user, the trust value of the user is dynamically calculated according to the success rate of the access behavior of the user, and the trust level is given to the user dynamically. And updating and increasing the trust value when the legal behavior reaches the corresponding proportion according to the rule set by the company, wherein theta is the weight added to the corresponding trust value. And according to the rule set by the company, updating and increasing the trust value when the illegal action reaches the corresponding proportion, and reducing the weight for the corresponding trust value by eta.
Other parts of this embodiment are the same as any of embodiments 1 to 4, and thus are not described again.
Example 6:
the embodiment is further optimized on the basis of any one of the embodiments 1 to 5, the trusted timestamp is used for verifying the trusted private key distributed by the user, the verification is passed, the next step is carried out, the verification is not passed, and the flow is ended. The time stamp is the total number of seconds from greenwich time 1970, 01, 00 hours 00 minutes 00 seconds (beijing time 1970, 01, 08 hours 00 seconds) to the present. Colloquially, a timestamp is a complete verifiable piece of data that can indicate that a piece of data already exists at a particular point in time.
Other parts of this embodiment are the same as any of embodiments 1 to 5, and thus are not described again.
Example 7:
in this embodiment, further optimization is performed on the basis of any one of the embodiments 1 to 6, and a user performs Hash digest processing on file data;
a user makes a request of the timestamp, and the Hash value is transmitted to a timestamp server;
the timestamp server signs the hash value and a date/time record to generate a timestamp;
and the timestamp data and the file information are returned after being bound, and the user performs the next operation.
As shown in FIG. 3, the present invention provides trusted timestamp validation of the CP-ABE algorithm private key;
carrying out Hash abstract processing on file data by a user; a user makes a request of the timestamp, and the Hash value is transmitted to a timestamp server; the timestamp server signs the hash value and a date/time record to generate a timestamp; and the timestamp data and the file information are returned after being bound, and the user performs the next operation.
Other parts of this embodiment are the same as any of embodiments 1 to 6, and thus are not described again.
Example 8:
this embodiment is further optimized on the basis of any one of embodiments 1 to 7, and step S6 includes:
when the user process accesses the file name/directory, judging whether the accessed file name/directory is the file name/directory after randomization, if so, performing path analysis and accessing the file, and if not, performing randomization encryption processing on the file name/directory again.
Other parts of this embodiment are the same as any of embodiments 1 to 7, and thus are not described again.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and all simple modifications and equivalent variations of the above embodiments according to the technical spirit of the present invention are included in the scope of the present invention.

Claims (8)

1. A Docker process security access control method based on trust degree is characterized by comprising the following steps:
s1, inputting system security parameters of a host machine where a container is located, acquiring and outputting system public parameters and a system master key;
s2, traversing the file names/directories, filling, and then performing randomized encryption processing on the file names/directories by using the system public parameters output in the step S1 as public keys to obtain randomized file names/directories;
s3, generating corresponding private keys according to the system public parameters and the system master key output in the step S1 and the access authorities corresponding to the file names/directories;
s4, distributing the private key in the step S3 according to the attribute of the user sending the access request by the access control structure based on the user trust degree, and distributing the private key to the user process corresponding to the trust degree;
s5, verifying and verifying timeliness and accuracy of a private key of the user by using the trusted timestamp;
and S6, when the user process accesses the file name/directory, judging and decrypting by using a private key.
2. The Docker process security access control method based on the trust degree of claim 1, wherein the randomized encryption processing method and the decryption processing method are CP-ABE algorithms.
3. The Docker process security access control method based on the trust degree of claim 1, wherein the step S2 includes:
the access of the process to the file name/directory is controlled by the randomization of the MNT-namespace file name/directory;
and firstly reading the direct file name/directory, and then filling the direct file name/directory to obtain the file name/directory needing randomization.
4. The Docker process security access control method based on the trust degree as claimed in claim 1, wherein the specific calculation method of the user trust degree in the step S4 includes:
obtaining a structural element U, wherein the structural element U is a set of users making access requests to file names/directories in MNT-namespace and is expressed as U ═ U ═1,u2,u3,...,ua};
The level R in the system is obtained, representing the qualification for accessing the filename/directory in MNT namespace, and is denoted as R ═ R { (R)1,r2,r3,...,rb};
Obtaining the operation authority P for accessing the resource in MNT namespace, and expressing as P ═ P1,p2,p3,...,pc};
A set F of filenames within the MNT namespace is obtained and denoted as F ═ F1,f2,f3,...,fd};
Obtaining a confidence level TC, and representing the confidence level TC as {1, 2, 3., r };
obtaining an initial trust value IT, reading the user access times and the access success times from a host kernel, and according to the success times and the total numberThe confidence value T is calculated a number of times and is expressed as
Figure FDA0003598513090000021
Wherein, the total times of the user accessing the file is recorded as NijAnd the number of successes is denoted as Sij
Figure FDA0003598513090000022
Is a penalty term;
a composite confidence value CT is obtained and expressed as CT ═ α1IT+α2T, wherein α1And alpha2Is the weight.
5. The Docker process security access control method based on the trust degree of claim 4, further comprising:
the legitimate trust value change is represented as:
Figure FDA0003598513090000023
theta is the weight added to the corresponding trust value;
the illegal trust value change is represented as:
Figure FDA0003598513090000024
η is the weight by which the corresponding trust value decreases.
6. The Docker process security access control method based on the trust degree of claim 1, wherein the step S5 includes:
and verifying the private key distributed by the user by using the trusted timestamp to perform trusted verification, wherein the verification is passed, the next step is carried out, the verification is not passed, and the flow is ended.
7. The Docker process security access control method based on the trust degree of claim 6, comprising:
carrying out Hash abstract processing on file data by a user;
a user makes a request of the time stamp, and the Hash value is transmitted to a time stamp server;
the timestamp server signs the hash value and a date/time record to generate a timestamp;
and the timestamp data and the file information are returned after being bound, and the user performs the next operation.
8. The Docker process security access control method based on the trust degree of claim 1, wherein the step S6 includes:
when the user process accesses the file name/directory, judging whether the accessed file name/directory is the file name/directory after randomization, if so, performing path analysis and accessing the file, and if not, performing randomization encryption processing on the file name/directory again.
CN202210395021.2A 2022-04-15 2022-04-15 Docker process security access control method based on trust degree Active CN114650184B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210395021.2A CN114650184B (en) 2022-04-15 2022-04-15 Docker process security access control method based on trust degree

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210395021.2A CN114650184B (en) 2022-04-15 2022-04-15 Docker process security access control method based on trust degree

Publications (2)

Publication Number Publication Date
CN114650184A true CN114650184A (en) 2022-06-21
CN114650184B CN114650184B (en) 2023-05-26

Family

ID=81996555

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210395021.2A Active CN114650184B (en) 2022-04-15 2022-04-15 Docker process security access control method based on trust degree

Country Status (1)

Country Link
CN (1) CN114650184B (en)

Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102664888A (en) * 2012-04-19 2012-09-12 中国科学院软件研究所 Trust-based access control method and system thereof
US20140289513A1 (en) * 2013-03-15 2014-09-25 Arizona Board Of Regents On Behalf Of Arizona State University Enabling Comparable Data Access Control for Lightweight Mobile Devices in Clouds
CN105871854A (en) * 2016-04-11 2016-08-17 浙江工业大学 Self-adaptive cloud access control method based on dynamic authorization mechanism
CN105991596A (en) * 2015-02-15 2016-10-05 中兴通讯股份有限公司 Access control method and system
CN105991278A (en) * 2016-07-11 2016-10-05 河北省科学院应用数学研究所 Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption)
CN106790100A (en) * 2016-12-26 2017-05-31 中国科学技术大学 A kind of data storage and access control method based on asymmetric cryptographic algorithm
US20170249472A1 (en) * 2016-02-26 2017-08-31 Intuit Inc. Idps access-controlled and encrypted file system design
CN107222433A (en) * 2017-04-18 2017-09-29 中国科学院信息工程研究所 A kind of access control method and system based on SDN path
CN107612910A (en) * 2017-09-19 2018-01-19 北京邮电大学 A kind of distributed document data access method and system
WO2018121445A1 (en) * 2016-12-29 2018-07-05 中兴通讯股份有限公司 Multi-tenant access control method and apparatus
CN109561108A (en) * 2019-01-07 2019-04-02 中国人民解放军国防科技大学 Policy-based container network resource isolation control method
CN111130757A (en) * 2019-12-31 2020-05-08 华中科技大学 Multi-cloud CP-ABE access control method based on block chain
CN111371553A (en) * 2020-03-16 2020-07-03 南京工业大学 Method for encrypting and decrypting CP-ABE (packet encryption and decryption) of revocable user
CN111796904A (en) * 2020-05-21 2020-10-20 北京中软华泰信息技术有限责任公司 Docker file access control method based on namespace
CN112260829A (en) * 2020-10-19 2021-01-22 浙江工商大学 Multi-authorization-based CP-ABE method for supporting mobile equipment under hybrid cloud
CN112966245A (en) * 2021-04-07 2021-06-15 中国南方电网有限责任公司 Power grid information system access control method and system based on information measurement
CN113132103A (en) * 2021-03-11 2021-07-16 西安电子科技大学 Data cross-domain security sharing system and method
CN113159866A (en) * 2021-05-13 2021-07-23 北京计算机技术及应用研究所 Method for building network user trust evaluation model in big data environment

Patent Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102664888A (en) * 2012-04-19 2012-09-12 中国科学院软件研究所 Trust-based access control method and system thereof
US20140289513A1 (en) * 2013-03-15 2014-09-25 Arizona Board Of Regents On Behalf Of Arizona State University Enabling Comparable Data Access Control for Lightweight Mobile Devices in Clouds
CN105991596A (en) * 2015-02-15 2016-10-05 中兴通讯股份有限公司 Access control method and system
US20170249472A1 (en) * 2016-02-26 2017-08-31 Intuit Inc. Idps access-controlled and encrypted file system design
CN105871854A (en) * 2016-04-11 2016-08-17 浙江工业大学 Self-adaptive cloud access control method based on dynamic authorization mechanism
CN105991278A (en) * 2016-07-11 2016-10-05 河北省科学院应用数学研究所 Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption)
CN106790100A (en) * 2016-12-26 2017-05-31 中国科学技术大学 A kind of data storage and access control method based on asymmetric cryptographic algorithm
WO2018121445A1 (en) * 2016-12-29 2018-07-05 中兴通讯股份有限公司 Multi-tenant access control method and apparatus
CN107222433A (en) * 2017-04-18 2017-09-29 中国科学院信息工程研究所 A kind of access control method and system based on SDN path
CN107612910A (en) * 2017-09-19 2018-01-19 北京邮电大学 A kind of distributed document data access method and system
CN109561108A (en) * 2019-01-07 2019-04-02 中国人民解放军国防科技大学 Policy-based container network resource isolation control method
CN111130757A (en) * 2019-12-31 2020-05-08 华中科技大学 Multi-cloud CP-ABE access control method based on block chain
CN111371553A (en) * 2020-03-16 2020-07-03 南京工业大学 Method for encrypting and decrypting CP-ABE (packet encryption and decryption) of revocable user
CN111796904A (en) * 2020-05-21 2020-10-20 北京中软华泰信息技术有限责任公司 Docker file access control method based on namespace
CN112260829A (en) * 2020-10-19 2021-01-22 浙江工商大学 Multi-authorization-based CP-ABE method for supporting mobile equipment under hybrid cloud
CN113132103A (en) * 2021-03-11 2021-07-16 西安电子科技大学 Data cross-domain security sharing system and method
CN112966245A (en) * 2021-04-07 2021-06-15 中国南方电网有限责任公司 Power grid information system access control method and system based on information measurement
CN113159866A (en) * 2021-05-13 2021-07-23 北京计算机技术及应用研究所 Method for building network user trust evaluation model in big data environment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
E. BACIS等: "\"DockerPolicyModules: Mandatory Access Control for Docker containers\"", 《2015 IEEE CONFERENCE ON COMMUNICATIONS AND NETWORK SECURITY (CNS)》 *
陈尚卫等: "\"一种基于信任度的动态访问控制模型\"", 《西安文理学院学报(自然科学版)》 *

Also Published As

Publication number Publication date
CN114650184B (en) 2023-05-26

Similar Documents

Publication Publication Date Title
CN109923548B (en) Method, system and computer program product for implementing data protection by supervising process access to encrypted data
Tan et al. A root privilege management scheme with revocable authorization for Android devices
Martin et al. 2011 CWE/SANS top 25 most dangerous software errors
US7296274B2 (en) Method and apparatus providing deception and/or altered execution of logic in an information system
US9515832B2 (en) Process authentication and resource permissions
Kapil et al. Attribute based honey encryption algorithm for securing big data: Hadoop distributed file system perspective
JP2022525765A (en) Improved computer system security with biometric authentication gateways for user service access with split and distributed secret encryption keys
Loukil et al. Data privacy based on IoT device behavior control using blockchain
US11501005B2 (en) Security system for using shared computational facilities
Park et al. Security architecture for a secure database on android
Pramanik et al. Security policies to mitigate insider threat in the document control domain
Omotunde et al. A Comprehensive Review of Security Measures in Database Systems: Assessing Authentication, Access Control, and Beyond
Ibrahim A Review on the Mechanism Mitigating and Eliminating Internet Crimes using Modern Technologies: Mitigating Internet crimes using modern technologies
Jha et al. Trusted platform module-based privacy in the public cloud: Challenges and future perspective
Shyam et al. Achieving Cloud Security Solutions through Machine and Non-Machine Learning Techniques: A Survey.
Elkabbany et al. Security issues in distributed computing system models
CN114650184B (en) Docker process security access control method based on trust degree
Seong et al. Security Improvement of File System Filter Driver in Windows Embedded OS.
Proudler Concepts of trusted computing
Yang et al. New paradigm of inference control with trusted computing
Zhang Detection and mitigation of security threats in cloud computing
Mughaid et al. Intelligent cybersecurity approach for data protection in cloud computing based internet of things
CN113259939B (en) Terminal credibility authentication method and system based on electronic signature
Nyamwaro Application for enhancing confidentiality and availability for sensitive user data using AES algorithm in smartphone devices
Booth et al. Securing the IMSS Assets

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant