Container mirror hierarchical encryption storage method based on Device Mapper

An encrypted storage and mirroring technology, which is applied in the container field, can solve the problems of sensitive data residual security and other issues, and achieve the effect of improving application security and realizing storage security

Active Publication Date: 2019-01-11
CHINA ELECTRONICS TECH CYBER SECURITY CO LTD
View PDF13 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The current container image storage is open, and the data of each layer of the image can be easily obtained
Hierarchical storage can easily lead to security issues of sensitive data residues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Container mirror hierarchical encryption storage method based on Device Mapper
  • Container mirror hierarchical encryption storage method based on Device Mapper
  • Container mirror hierarchical encryption storage method based on Device Mapper

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] In order to better understand the present invention, the present invention will be described in detail below in conjunction with the accompanying drawings.

[0026] Such as figure 2 As shown, in the existing mirror layered storage, the snapshot of the first layer of the mirror is created from the basic device, and the subsequent mirror layers are created based on the snapshots of their parent mirror layers. The newly created snapshot already contains all the content of the parent layer, and then writes the content of the current mirror layer on this basis to form a new complete snapshot of the mirror layer.

[0027] Such as image 3 As shown, the Device Mapper-based container image layered encryption storage method of the present invention, for image layer 1,

[0028] s11. Initialize the resource pool;

[0029] s12. Initialize the basic equipment;

[0030] s13. Create a snapshot corresponding to image layer 1;

[0031] s14, activate the snapshot;

[0032] s15. Th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a container mirror image hierarchical encryption storage method based on Device Mapper, which mainly adopts dm-crypt to encrypt the specific snapshot device. A mirroring layercorresponds to a logical device under Device Mapper, and the current mirroring layer key is used to encrypt the logical device via dm-crypt module. When you need to use the mirroring layer, the mirroring layer key is used to decrypt the previously encrypted device via dm-crypt module, which is an accessible device that is provided to the user by binding to the file system. The invention improvesthe existing container mirror image storage mechanism, proposes a mirror image hierarchical encryption storage security mechanism, realizes the safe isolation of container mirror layer data, not onlyrealizes the storage security of the container, but also realizes the access control of the container through the hierarchical encryption. The method brings convenience for security administrators toprovide application services to users with different rights according to different needs, so that the application security of the container is significantly improved.

Description

technical field [0001] The present invention relates to the technical field of containers, in particular to a layered encrypted storage method for container images. Background technique [0002] Container virtualization technology has matured and started to be widely used. As an important part of the container virtualization technology, the container image carries the specific business of the container and determines what the container will do. A mirror can run a simple independent command and then exit; it can also be as complex as a database software, waiting for the user to add data to it, store the data, and then use the data. The problem then arises, what should we do when we don't want others to have access to the data in the mirror. Furthermore, the container image is implemented based on the copy on write (CoW) technology. An image is composed of 1 to N layers of image layers, and each layer is a complete operating environment and is read-only. The user uses the i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/60
CPCG06F21/602
Inventor 王进刘丽刘晓毅何喆颐
Owner CHINA ELECTRONICS TECH CYBER SECURITY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap