Research on Container-Oriented Isolation Control Technology

Container technology has a series of advantages such as low physical resource consumption, fast startup speed, high concurrency, and can run in a variety of environments. It is widely used in scenarios such as big data and cloud computing. Container technology has certain advantages in performance, but there are some shortcomings in security. The container technology shares the kernel with the host, and its security mainly depends on the host. Once the attacker breaks through the host’s defense, he can easily access the files deployed in the container, steal or tamper with the file data, and cause losses to users and users. In response to the above problems, this paper proposes a container-oriented isolation control technology, which realizes further isolation of files inside the container by adding domain names to programs and files. If the program domain name matches the file part, the files in the current container cannot be accessed, and the security of the files in the container can be effectively ensured after the host is compromised.