Container Security

Technical Report on Container Security (IV)-3

January 16, 2019

Container Security Protection – Host Security Host Security Hardening of Basic Host Security Containers share the operating system kernel with the host. Therefore, host configuration determines whether containers can be executed in a secure manner. For example, vulnerable software puts the host at risk of arbitrary code execution; opening ports at will exposes the host […]

Technical Report on Container Security (IV)-2

January 8, 2019

Container Security Protection – Container Service Security Container Service Security The security of the container management and orchestration service has a direct bearing on that of the container control plane. Take Docker for example. Whether the Docker daemon is properly configured determines the security of Docker to some extent. It is recommended that the following […]

Technical Report on Container Security (IV)-1

January 7, 2019

Container Security Protection—Linux Kernel Security Mechanism

As a lightweight virtualized implementation, the container technology took into account security factors at the time of design, which constitute an important basis for container security protection. This chapter describes security risks and threats facing containers and common protection ideas and methods. (more…)

Technical Report on Container Security (I)

October 31, 2018


In recent years, the cloud computing model has gradually been universally recognized and accepted in the industry. In China, sectors such as governments, finance, carriers, and energy as well as small and medium-size organizations, to varying degrees, have migrated their business to the cloud. However, just turning hosts, platforms, or applications into virtual form cannot solve their legacy issues such as slow upgrade, clumsy architecture, and no support for rapid iteration. Then the concept of cloud native comes into being. (more…)