计算机工程2024,Vol.50Issue(2):165-179,15.DOI:10.19678/j.issn.1000-3428.0066958
容器云中面向持久化存储的拟态防御技术研究
Research on Persistent Storage-Oriented Mimic Defense Technology in Container Clouds
摘要
Abstract
Persistent storage security threats in the container cloud directly affect the creation and operation of the container.Traditional defense methods cannot detect an attack based on unknown vulnerabilities in time and establish corresponding defense strategies.Existing studies on enhancing the security of the container and persistent storage through dynamic,heterogeneous and redundant lack detailed analyses of the persistent storage security threats.The performance loss caused by the voting mechanism has also not been optimized.To this end,this paper first proposes a mimic defense architecture for persistent storage based on the flexible and efficient characteristics of containers and the principle of mimic defense for the aforementioned problems.Second,the analytic hierarchy process method is used to optimize the request voting mechanism of heterogeneous container applications.Thereafter,an adaptive voting algorithm is proposed based on the first-come-first-decision mechanism to improve the voting rate.Next,users are provided with an optional scheduling scheme to improve the adaptability of the architecture by evaluating the security and system overhead.Finally,this study implements a prototype system mimic-proxy.Theoretical analysis and experimental verification results demonstrate that mimic-proxy can effectively defend against persistent storage security threats in the container cloud.The adaptive voting algorithm reduces the response delay by 28.85% and improves the throughput by 40.52% compared with the traditional voting algorithm.Compared with the traditional defense architecture,the adaptive voting algorithm can effectively protect the persistent storage and enhance the container security under the condition of increasing the response delay by 0.99% and reducing the throughput by 1.01%.关键词
容器云/持久化存储/拟态防御/原型系统/容器安全Key words
container cloud/persistent storage/mimic defense/prototype system/container safety分类
信息技术与安全科学引用本文复制引用
刘道清,扈红超,霍树民..容器云中面向持久化存储的拟态防御技术研究[J].计算机工程,2024,50(2):165-179,15.基金项目
国家自然科学基金(62072467) (62072467)
国家重点研发计划(2021YFB1006200,2021YFB1006201). (2021YFB1006200,2021YFB1006201)
