Chinese Journal of Network and Information Security ›› 2021, Vol. 7 ›› Issue (4): 164-174.doi: 10.11959/j.issn.2096-109x.2021068

• Papers • Previous Articles     Next Articles

Research on the trusted environment of container cloud based on the TPCM

Guojie LIU1,2, Jianbiao ZHANG1,2, Ping YANG3, Zheng LI1,2   

  1. 1 Faculty of Information Technology, Beijing University of Technology, Beijing 100124, China
    2 Beijing Key Laboratory of Trusted Computing, Beijing 100124, China
    3 Beijing Information Science and Technology University, Beijing 100192, China
  • Revised:2021-04-22 Online:2021-08-15 Published:2021-08-01
  • Supported by:
    The National Natural Science Foundation of China(61971014);National Defense Science and Technology Laboratory of Information Security(2017XXAQ08)

Abstract:

Container technology is a lightweight operating system virtualization technology that is widely used in cloud computing environments and is a research hotspot in the field of cloud computing.The security of container technology has attracted much attention.A method for constructing a trusted environment of container cloud using active immune trusted computing was proposed, and its security meet the requirements of network security level protection standards.First, container cloud servers were measured through the TPCM and a trust chain from the TPCM to the container's operating environment was established.Then, by adding the trusted measurement agent of the container to the TSB, the trusted measurement and trusted remote attestation of the running process of the container were realized.Finally, an experimental prototype based on Docker and Kubernetes and conduct experiments were built.The experimental results show that the proposed method can ensure the credibility of the boot process of the cloud server and the running process of the container and meet the requirements of the network security level protection standard evaluation.

Key words: trusted computing, trusted boot, trusted measurement, remote attestation

CLC Number: 

No Suggested Reading articles found!