Title:
SECURITY REINFORCEMENT METHOD AND APPARATUS, DEVICE, AND MEDIUM
Document Type and Number:
WIPO Patent Application WO/2023/226421
Kind Code:
A1
Abstract:
The present application discloses a security reinforcement method and apparatus, a device, and a medium. The method comprises: if a security container starting instruction is received, reading a configuration file into which a target parameter is written, and calling a pre-defined analytic function in a target program to analyze the target parameter in the configuration file; and if the target parameter is used for indicating that a security mechanism of a virtual machine monitor is opened, sending the target parameter to the virtual machine monitor, so that the virtual machine monitor is started on the basis of the target parameter to control the security mechanism of the virtual machine monitor to be opened. In the embodiments of the present application, the virtual machine monitor can be subjected to security reinforcement by controlling the security mechanism of the virtual machine monitor to be opened, so that the external attack exposure surface of the virtual machine monitor is reduced, thereby avoiding the problem that a host is damaged due to the fact that the virtual machine monitor is attacked, and improving the security of the container environment.
Inventors:
ZHOU LIANG (CN)
MAO ZE (CN)
ZHANG YANCHEN (CN)
SHI YAN (CN)
ZHENG HONGFEI (CN)
MA SAN (CN)
MAO ZE (CN)
ZHANG YANCHEN (CN)
SHI YAN (CN)
ZHENG HONGFEI (CN)
MA SAN (CN)
Application Number:
PCT/CN2022/141587
Publication Date:
November 30, 2023
Filing Date:
December 23, 2022
Export Citation:
Assignee:
CHINA TELECOM CLOUD TECH CO LTD (CN)
International Classes:
G06F9/445; G06F9/455
Foreign References:
| CN115033302A | 2022-09-09 | |||
| CN110059453A | 2019-07-26 | |||
| CN114035886A | 2022-02-11 | |||
| US20200285733A1 | 2020-09-10 | |||
| US20200026859A1 | 2020-01-23 |
Other References:
ANONYMOUS: "Using Seccomp to Restrict System Calls to Containers", KUBERNETES V1.19 [STABLE], 24 February 2022 (2022-02-24), XP093112574, Retrieved from the Internet
YE CHEN, XIN FAN: "Docker Container Security Application Restrictions Seccomp", THBLOG, 21 June 2021 (2021-06-21), XP093112580, Retrieved from the Internet [retrieved on 20231215]
YE CHEN, XIN FAN: "Docker Container Security Application Restrictions Seccomp", THBLOG, 21 June 2021 (2021-06-21), XP093112580, Retrieved from the Internet
Attorney, Agent or Firm:
ZHEJIANG KG IP LAW FIRM (CN)
Download PDF: