摘要
容器作为虚拟机的轻量级替代产品,以其灵活、高效的特点促进了云计算的发展,但同时也面临着同驻攻击、逃逸攻击等安全威胁。针对云环境中的容器安全威胁,构建了基于移动目标防御的信号博弈模型,并提出了多阶段最优防御策略求解算法,通过博弈模型和求解算法选取最优策略,同时通过容器调度方法对容器进行调度,可以增强容器安全性。仿真实验结果表明,提出的迁移策略获取的防御收益相较于Kubernetes自带迁移策略提升了3.6倍,同时容器同驻率降低了79.62%,对现实容器云环境下的防御策略选取和安全性增强具有一定的借鉴意义。
As a lightweight alternative product of virtual machine, container technology promotes the development of cloud computing with its flexible and efficient characteristics.But it also suffers various security threats, such as co-residency attack, escape attack and so on.Aiming at promoting the container security level in the cloud environment, this paper constructed a signaling game model based on moving target defense(MTD),and proposed a multi-stage optimal defense strategy solution algorithm.The container security could be enhanced by scheduling the container through the optimal strategy and container scheduling method.The simulation results show that the defense utility obtained by the proposed migration strategy is 3.6 times higher than that of Kubernetes’ native migration strategy, and the container co-residency rate is reduced by 79.62%,which has a valuable referenced significance for the selection of defense strategy and security enhancement in the real container cloud environment.
作者
刘道清
扈红超
霍树民
Liu Daoqing;Hu Hongchao;Huo Shumin(Institute of Information Technology,University of Information Engineering,Zhengzhou 450001,China)
出处
《计算机应用研究》
CSCD
北大核心
2023年第3期890-897,共8页
Application Research of Computers
基金
国家自然科学基金资助项目
国家重点研发计划基金资助项目。
关键词
容器云
移动目标防御
信号博弈
容器调度
容器安全
container cloud
moving target defense
signaling game
container scheduling
container safety
