Docker安全性研究综述
A Review of Docker Security Research
DOI: 10.12677/CSA.2019.95105, PDF,  被引量   
作者: 余金键*, 贾 川, 蒲 东:成都信息工程大学,四川 成都
关键词: 虚拟化容器Docker安全Virtualization Container Docker Security
摘要: 在大数据时代的浪潮下,云计算平台得到了广泛应用。虚拟化技术作为云计算领域的核心技术飞速发展,Docker作为当前应用最为广泛的容器技术,凭借其轻量、快速和高效的优势从虚拟化技术中脱颖而出,获得了大量关注,成为了企业追捧的热门技术和研究者探讨的焦点话题。本文首先对Docker技术及其发展进行了简要介绍,再对现今Docker在安全性方面面临的各种问题进行了着重分析,并提出了一些解决方法,接着再提出了一些安全指南帮助预防Docker在安全方面的漏洞。最后进行总结,指出了Docker亟需解决的问题,展望了Docker研究的发展趋势。
Abstract: Under the wave of the era of big data, cloud computing platforms have been widely used. Virtualization technology is rapidly developing as the core technology in the field of cloud computing. As the current most widely used container technology, Docker emerges from virtualization technology with its lightweight, fast and efficient advantages. Docker has received a lot of attention and become a hot technology for companies and a focus topic for researchers. This article gives a brief introduction to Docker technology and its development, and then analyzes the various issues faced by Docker in terms of security, and proposes some solutions. Then it puts forward some security guidelines to help prevent security vulnerabilities of Docker. Finally, it summarizes the problems that Docker needs to solve and looks forward to the development trend of Docker research.
文章引用:余金键, 贾川, 蒲东. Docker安全性研究综述[J]. 计算机科学与应用, 2019, 9(5): 926-933. https://doi.org/10.12677/CSA.2019.95105

参考文献

[1] 刘景云. 浅析Docker虚拟化技术[J]. 网络安全和信息化, 2019(1): 73-81.
[2] 李娜. Docker容器技术的发展及应用研究[J]. 数字技术与应用, 2018, 36(11): 95-96.
[3] Shu, R., Gu, X. and Enck, W. (2017) A Study of Security Vulnerabilities on Docker Hub. Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, ACM, Scottsdale, 269-280. [Google Scholar] [CrossRef
[4] Anderson, C. (2015) Docker [Software Engineering]. IEEE Soft-ware, 32, 102-c3. [Google Scholar] [CrossRef
[5] Reshetova, E., Karhunen, J., Nyman, T. and Asokan, N. (2014) Security of OS-Level Virtualization Technologies. Nordic Conference on Secure IT Systems, Tromsø, 15-17 Oc-tober 2014, 77-93. [Google Scholar] [CrossRef
[6] Guo, Y., Rao, J., Cheng, D., et al. (2017) iShuffle: Improving Hadoop Performance with Shuffle-on-Write. IEEE Transactions on Parallel & Distributed Systems, 28, 1649-1662.
[7] Li, S.-H., Yen, D.C., Chen, S.-C., Chen, P.S., Lu, W.-H. and Cho, C.-C. (2015) Effects of Virtualiza-tion on Information Security. Computer Standards & Interfaces, 42, 1-8. [Google Scholar] [CrossRef
[8] 鲁涛, 陈杰, 史军. Docker安全性研究[J]. 计算机技术与发展, 2018, 28(6): 115-120.
[9] 华为Docker实践小组. Docker进阶与实战[M]. 北京: 机械工业出版社, 2016: 313-354.
[10] Combe, T., Martin, A. and Pietro, R.D. (2016) To Docker or Not to Docker: A Security Perspective. IEEE Cloud Computing, 3, 54-62. [Google Scholar] [CrossRef
[11] 肖微. ARP欺骗在网络中的应用及防范[J]. 通讯世界, 2017(5): 86-87.
[12] 张遥, 王森林. Docker安全性研究[J]. 网络安全技术与应用, 2017(8): 32-33.
[13] 莘建浦. 基于Docker容器的网络安全实训平台的研究与实现[D]: [硕士学位论文]. 北京: 邮电大学, 2018.
[14] 李志. Linux内核安全模块深入剖析[M]. 北京: 机械工业出版社, 2016.
[15] 张涛. Docker全攻略[M]. 北京: 电子工业出版社, 2016.
[16] 任为. 对基于Docker的虚拟化技术的几点探讨[J]. 电子制作, 2018(14): 42-43+52.
[17] 郭甲戌, 胡晓勤. 基于Docker的虚拟化技术研究[J]. 网络安全技术与应用, 2017(10): 28-29.
[18] 蔡志强. 基于Docker技术的容器隔离性分析[J]. 电子世界, 2017(17): 195.
[19] 李明, 郭洋, 蒋明. 基于Docker的虚拟化技术研究[J]. 中国新通信, 2017, 19(9): 73-74.
[20] 吴芦峰. 容器级虚拟化的安全审计与监控研究[D]: [硕士学位论文]. 北京: 北京邮电大学, 2018.
[21] Turnbull, J. (2014) Docker Container Breakout Proof-of-Concept Exploit.