N-variant Architecture for Container Runtime Security Threats
It is container technology that has promoted the development of cloud computing with its lightweight and scalability advantages,but the security threat of container runtime is increasingly serious.The existing intrusion detection and access control technology can't effectively deal with the attack behavior of using container runtime to achieve container escape.First of all,this paper proposes an N-variant architecture for container runtime security threats combined with the redundancy and diversity me-thods of N-variant system.Secondly,through the redundancy and diversity methods of the N-variant system and the combination of the voting algorithm based on historical information,the accuracy of the voting is improved.Besides,service quality of container applications is optimized through two-stage voting and scheduling strategies.Finally,a prototype system is built.The test results show that the performance loss of the prototype system is within an acceptable range,and the attack surface of the system is re-duced to a certain extent,thus achieving the purpose of enhancing the security of container applications.
NETL
NSTL
万方数据
