[1]鲁涛,陈杰,史军.Docker 安全性研究[J].计算机技术与发展,2018,28(06):115-120.[doi:10.3969/ j. issn.1673-629X.2018.06.026]
 LU Tao,CHEN Jie,SHI Jun.Research of Docker Security[J].,2018,28(06):115-120.[doi:10.3969/ j. issn.1673-629X.2018.06.026]
点击复制

Docker 安全性研究()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
28
期数:
2018年06期
页码:
115-120
栏目:
安全与防范
出版日期:
2018-06-10

文章信息/Info

Title:
Research of Docker Security
文章编号:
1673-629X(2018)06-0115-06
作者:
鲁涛陈杰史军
江南计算技术研究所,江苏 无锡 214083
Author(s):
LU TaoCHEN JieSHI Jun
Jiangnan Institute of Computing Technology,Wuxi 214083,China
关键词:
Docker容器威胁安全防护
Keywords:
Dockercontainerthreatsecurity protection
分类号:
TN915.08
DOI:
10.3969/ j. issn.1673-629X.2018.06.026
文献标志码:
A
摘要:
在云计算应用日益广泛的今天,虚拟化作为其中的关键技术发展迅速,特别是 Docker 容器技术以轻便性和高性能优势而成为研究者关注的热点,与其相关的安全性研究也愈受重视。 在对 Docker 架构及组件构成简要介绍的基础上,先从网络通信、镜像构建、容器运行、仓库存储、内核支持和软件本身六个角度对现阶段 Docker 存在的安全威胁进行全面分析归纳,再从安全支撑、内核安全和数据中心安全三大层面对 Docker 安全防护技术进行全方位的梳理论述,阐明了每种安全防护技术的优势及需要完善改进的不足之处,并总结了日志审计、威胁检测和安全模型等其他安全防护技术。 不仅呈
现出当前 Docker 安全研究的概貌,同时明确指出了 Docker 安全领域亟需解决的一些关键问题,探讨与展望了 Docker 安全研究的发展趋势。
Abstract:
 With the increasing use of cloud computing,virtualization has developed rapidly as the key technology. Especially,Docker container technology has become the focus of researchers because of its advantages of easy deployment and high performance. Consequently,the research of Docker security has become more and more important. Based on the brief introduction of Docker architecture and components,the security threats of Docker are analyzed and summarized from six perspectives including network communication,mirror construction,container operation,image storage,kernel support and software itself. Then we discuss the Docker security protection technology from three aspects including security support,kernel security and data center security,and point out the advantages and shortcomings of each security technology. At last,we summarize other security technologies such as log audit,threat detection and security model. We not only show the current Docker safety research profile,but also clearly point out the key issues that Docker security areas need to solve,and explore and look forward to the development trend of Docker security research.

相似文献/References:

[1]汪恺,张功萱,周秀敏. 基于容器虚拟化技术研究[J].计算机技术与发展,2015,25(08):138.
 WANG Kai,ZHANG Gong-xuan,ZHOU Xiu-min. Research on Virtualization Technology Based on Container[J].,2015,25(06):138.
[2]张可颖,彭丽苹,吕晓丹,等.开源云上的 Kubernetes弹性调度[J].计算机技术与发展,2019,29(02):109.[doi:10.3969/j.issn.1673-629X.2019.02.023]
 ZHANG Keying,PENG Liping,LYU Xiaodan,et al.Elastic Scheduling Strategy for Private Cloud Resource Based on Kubernetes and Openstack[J].,2019,29(06):109.[doi:10.3969/j.issn.1673-629X.2019.02.023]
[3]刘钱超,董超群,张垚.基于容器技术的软件测试优化研究[J].计算机技术与发展,2019,29(04):13.[doi:10. 3969 / j. issn. 1673-629X. 2019. 04. 003]
 LIU Qian-chao,DONG Chao-qun,ZHANG Yao.Research on Optimization of Software Testing Based on Container Technology[J].,2019,29(06):13.[doi:10. 3969 / j. issn. 1673-629X. 2019. 04. 003]
[4]张祥俊,伍卫国.基于FastDFS的数字媒体系统设计与实现技术研究[J].计算机技术与发展,2019,29(05):6.[doi:10. 3969 / j. issn. 1673-629X. 2019. 05. 002]
 ZHANG Xiang-jun,WU Wei-guo.Research on Design and Implementation of Digital Media System Based on FastDFS[J].,2019,29(06):6.[doi:10. 3969 / j. issn. 1673-629X. 2019. 05. 002]
[5]郝慧杰,肖 建,张 粮,等.VNF 生命周期管理系统设计与实现[J].计算机技术与发展,2020,30(07):12.[doi:10. 3969 / j. issn. 1673-629X. 2020. 07. 003]
 HAO Hui-jie,XIAO Jian,ZHANG Liang,et al.Design and Implementation of VNF Life Cycle Management System[J].,2020,30(06):12.[doi:10. 3969 / j. issn. 1673-629X. 2020. 07. 003]
[6]赵旭杰,粱正和.Kubernetes 可视化管理平台[J].计算机技术与发展,2021,31(02):106.[doi:10. 3969 / j. issn. 1673-629X. 2021. 02. 020]
 ZHAO Xu-jie,LIANG Zheng-he.Kubernetes Visual Management Platform[J].,2021,31(06):106.[doi:10. 3969 / j. issn. 1673-629X. 2021. 02. 020]
[7]康克松,张庆海,信寄遥,等.UOS 操作系统 Ceph 集群性能测试工具对比研究[J].计算机技术与发展,2022,32(05):63.[doi:10. 3969 / j. issn. 1673-629X. 2022. 05. 011]
 KANG Ke-song,ZHANG Qing-hai,XIN Ji-yao,et al.Comparative Study of Ceph Cluster Performance Testing Tools for UOS Operating System[J].,2022,32(06):63.[doi:10. 3969 / j. issn. 1673-629X. 2022. 05. 011]
[8]万嘉龙,况立群*,熊风光,等.面向 Spring 的热点代码在线部署方法研究[J].计算机技术与发展,2023,33(05):105.[doi:10. 3969 / j. issn. 1673-629X. 2023. 05. 016]
 WAN Jia-long,KUANG Li-qun*,XIONG Feng-guang,et al.Research on Hot Code Online Deployment Method for Spring[J].,2023,33(06):105.[doi:10. 3969 / j. issn. 1673-629X. 2023. 05. 016]
[9]徐胜超,杨 波.基于人工鱼群算法的容器云资源低能耗部署方法[J].计算机技术与发展,2023,33(06):22.[doi:10. 3969 / j. issn. 1673-629X. 2023. 06. 004]
 XU Sheng-chao,YANG Bo.Low Energy Consumption Deployment Method for Container Cloud Resources Based on Artificial Fish Swarm Algorithm[J].,2023,33(06):22.[doi:10. 3969 / j. issn. 1673-629X. 2023. 06. 004]
[10]赵乐乐,黄刚,马越. 基于Docker的Hadoop平台架构研究[J].计算机技术与发展,2016,26(09):99.
 ZHAO Le-le,HUANG Gang,MA Yue. Research on Hadoop Platform Based on Docker[J].,2016,26(06):99.

更新日期/Last Update: 2018-08-21