基于TPCM的容器云可信环境研究

容器技术是一种轻量级的操作系统虚拟化技术,被广泛应用于云计算环境,是云计算领域的研究热点,其安全性备受关注.提出了一种采用主动免疫可信计算进行容器云可信环境构建方法,其安全性符合网络安全等级保护标准要求.首先,通过TPCM对容器云服务器进行度量,由TPCM到容器的运行环境建立一条可信链.然后,通过在TSB增加容器可信的...

Research on the trusted environment of container cloud based on the TPCM

Container technology is a lightweight operating system virtualization technology that is widely used in cloud computing environments and is a research hotspot in the field of cloud computing.The security of container technology has attracted much attention.A method for constructing a trusted environment of container cloud using active immune trusted computing was proposed, and its security meet the requirements of network security level protection standards.First, container cloud servers were measured through the TPCM and a trust chain from the TPCM to the container's operating environment was established.Then, by adding the trusted measurement agent of the container to the TSB, the trusted measurement and trusted remote attestation of the running process of the container were realized.Finally, an experimental prototype based on Docker and Kubernetes and conduct experiments were built.The experimental results show that the proposed method can ensure the credibility of the boot process of the cloud server and the running process of the container and meet the requirements of the network security level protection standard evaluation.