首页|期刊导航|信息安全研究|基于系统调用隔离的安全容器研究综述

基于系统调用隔离的安全容器研究综述

Zhang Tian Zhang Jie Liu Weijie Liu Ximeng

信息安全研究2026，Vol.12Issue(1)：2-15,14.

信息安全研究2026，Vol.12Issue(1)：2-15,14.DOI:10.12379/j.issn.2096-1057.2026.01.01

基于系统调用隔离的安全容器研究综述

Review of Secure Containers Based on System Call Isolation

Zhang Tian ¹Zhang Jie ²Liu Weijie ³Liu Ximeng¹

作者信息

1. College of Computer and Data Science,Fuzhou University,Fuzhou 350108
2. College of Mathematics and Computer Science,Shanxi Normal University,Taiyuan 030031
3. College of Cryptology and Cyber Science,Nankai University,Tianjin 300350
折叠

摘要

Abstract

This article elucidates the research progress in enhancing container security through the isolation of system calls.The article firstly outlines the development background of containerization technology and its major security challenges.Subsequently,an in-depth analysis is conducted on the role of system call isolation in enhancing the security of containers,including the techniques of limiting the system calls of containerized applications to reduce the attack surface,and leveraging operating system middleware and hardware protection mechanisms to accomplish the isolation and protection of containers.By comparing the implementation principles,performance,and their effects on isolation,reduction of attack surfaces,and data protection,the article reveals the advantages and limitations of system call isolation technologies in enhancing container security.

关键词

安全容器/系统调用/隔离/Seccomp BPF/操作系统中间件/硬件保护机制

Key words

secure container/system call/isolation/Seccomp BPF/operating system middleware/hardware protection mechanism

分类

信息技术与安全科学

引用本文复制引用

Zhang Tian,Zhang Jie,Liu Weijie,Liu Ximeng..基于系统调用隔离的安全容器研究综述[J].信息安全研究,2026,12(1):2-15,14.

基金项目

国家自然科学基金项目(62072109) （62072109）

福建省自然科学基金项目(2021J06013) （2021J06013）

天津市自然科学基金青年项目(24JCQNJC02140) （24JCQNJC02140）

信息安全研究

ISSN：2096-1057

访问量0

下载量0

段落导航