Web servers are widely deployed on cloud computing platform represented by Docker containers and face serious security challenges.In order to improve the security and defense capability of such Web servers,a dynamic defense method of Web server based on Linux namespace was proposed.Firstly,the running environment of Web server was built by using namespace on the premise to ensure Web service working normally.Then,the dynamic transformation of Web server was realized by the alternate running of multiple environments to confuse intruder,which increased the difficulty of attacking Web server by the intruder.Finally,the running environment of Web server was periodically deleted and rebuilt to eliminate the impact of intrusion behavior on the Web server,and ultimately the dynamic defense capability of Web server was effectively improved.The experimental results show that,the proposed method can effectively enhance the security of Web server while it has little affect on system performance,and its response time of requesting 100 KB data is 0.02-0.07 ms.%Web服务器广泛部署在以Docker容器为代表的云计算平台上,面临着严峻的安全挑战.为了提高此类Web服务器的安全防御能力,提出一种基于Linux名字空间的Web服务器动态防御方法.该方法能够保证在Web服务正常工作的前提下,首先使用名字空间构建Web服务器运行环境;其次,通过多环境的交替运行来实现Web服务器的动态变换以迷惑入侵者,增加入侵者对Web服务器的攻击难度;最后,通过定期主动清除并重建Web服务器的运行环境来消除入侵行为对Web服务器的影响,最终实现有效提高Web服务器的动态防御能力.实验结果表明,所提方法能够有效增强Web服务器的安全性,同时对系统性能影响很小,请求响应100 KB数据的时间损耗为0.02~0.07 ms.
展开▼
