Abstract
For cloud service providers, lightweight virtualization is a more economical way of virtualization. While the user is worried about the safety of applications and data of the container, due to the container sharing the underlying interface and the kernel, therefore the security and trusted degree of lightweight virtualization container isolation mechanism is critical for the promotion of lightweight virtualization service. Because the user cannot directly participate in the process of the construction and management of container isolation mechanism, it is difficult for them to establish confidence in the security and trusted degree of container isolation mechanism. Based on the research and analysis of system credible and virtualization isolation mechanism, this paper puts forward a set of lightweight virtualization security isolation strategy mechanism, divides lightweight virtualization container storage address space into several parts, puts forward the definition of lightweight virtualization security isolation, gives the formal description and proof of container security isolation strategy, and combines with related technology to verify the feasibility of lightweight virtualization security isolation strategy mechanism. The mechanism has important guiding significance for cloud services providers to deploy container security isolation.
Highlights
These Cloud computing generally adopt virtualization technology to support themselves, the traditional virtualization technologies include Xen hypervisor, VMWare, and Linux kernel Virtual Machine (KVM) and so on, these virtualization technology can achieve extension, control computing resources, and can securely isolate Virtual Machine (VM), while the resources they consume is large, and the performance and economic benefits they bring are relatively low
This paper proposes a safety isolation strategy mechanism under lightweight virtualization environment with the help of lightweight virtualization containers technology and virtualization isolation mechanism, aims to solve the problem of container security isolation
The first chapter introduces the research status of the related technology, including the current research status of the system trust and virtualization isolation mechanism; The second chapter embarks from dividing the address space of lightweight virtualization storage resources, researches lightweight virtualization security isolation strategy mechanism, proposes lightweight virtualization security isolation definition, formally describe container security isolation strategy; The third chapter certificates the strength of these container security isolation strategy; The forth chapter analyzes in detail the technical feasibility of above-mentioned lightweight virtualization security isolation strategy mechanism. the publisher
Summary
These Cloud computing generally adopt virtualization technology to support themselves, the traditional virtualization technologies include Xen hypervisor, VMWare, and Linux kernel Virtual Machine (KVM) and so on, these virtualization technology can achieve extension, control computing resources, and can securely isolate Virtual Machine (VM), while the resources they consume is large, and the performance and economic benefits they bring are relatively low. Innovation point of this article is: 1) based on the characteristics of lightweight virtualization, putting forward the address space division of lightweight virtualization storage resources and the definition of isolation; 2) adopting the trusted computing technology, turning it into the formal security isolation strategy, providing guidelines for developing container, and improving the user's confidence in lightweight virtualization technology. The first chapter introduces the research status of the related technology, including the current research status of the system trust and virtualization isolation mechanism; The second chapter embarks from dividing the address space of lightweight virtualization storage resources, researches lightweight virtualization security isolation strategy mechanism, proposes lightweight virtualization security isolation definition, formally describe container security isolation strategy; The third chapter certificates the strength of these container security isolation strategy; The forth chapter analyzes in detail the technical feasibility of above-mentioned lightweight virtualization security isolation strategy mechanism.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
