Webhook-based cloud native trusted measurement method and system, and storage medium

The invention discloses a webhook-based cloud native trusted measurement method and system and a storage medium in the technical field of cloud security, a trusted measurement admission controller is dynamically deployed in a Kubernetes cluster, and the method comprises the following steps: obtainin...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: LIU WEI, WANG NING, SUN BAIYAN, CHEN YANXIA, QI LONGYUN, YOU FENG, LYU XIAOLIANG, ZHANG XIAO, WEI XINGSHEN, XU KAI, LI XIANGNAN, SUN LIANWEN, YU XIANGTAO
Format: Patent
Sprache:chi ; eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention discloses a webhook-based cloud native trusted measurement method and system and a storage medium in the technical field of cloud security, a trusted measurement admission controller is dynamically deployed in a Kubernetes cluster, and the method comprises the following steps: obtaining all mirror image deployment requests from a Kube interface service; obtaining a trusted measurement reference value matched with the mirror image deployment request from a trusted reference value security release and verification service; and verifying whether a mirror image requested to be deployed in the mirror image deployment request is credible by using the credible measurement reference value, and if so, allowing the mirror image deployment request. According to the method, a trusted measurement mechanism is added in Kubernetes for the first time, the method has the advantages of being high in universality, good in compatibility, high in flexibility and the like, cloud native trusted measurement can be achi