中国联通云原生安全实践白皮书(2022 )中国联通研究院20 22 年 12 月 中国联通云原生安全实践白皮书(2022)尊龙凯时人生就博的版权声明本报告尊龙凯时人生就博的版权属于中国联合网络通信有限公司研究院,并受法律保护。转载、摘编或利用其他方式使用本报告文字或者观点的,应注明“来源:中国联通研究院”。违反上述声明者,本院将追究其相关法律责任。 中国联通云原生安全实践白皮书(2022 )目 录一、背景概述............................................................................................................................3(一)云原生成为新常态....................................................................................................3(二)云原生安全建设需求迫切........................................................................................41云原生安全风险升级....................................................................................................42云原生安全事件频发....................................................................................................4二、云原生安全的发展............................................................................................................6(一)云原生安全理念........................................................................................................6(二)云原生安全典型模型................................................................................................81云原生安全防护责任共担模型....................................................................................82面向云原生的att&ck攻防矩阵模型.........................................................................93 devsecops开发安全运营一体化模型........................................................................11三、云原生安全防护体系......................................................................................................13(一)云原生安全原则与架构..........................................................................................131云原生安全原则..........................................................................................................132云原生安全架构..........................................................................................................15(二)云原生基础架构安全..............................................................................................171网络安全......................................................................................................................172编排及组件安全..........................................................................................................183镜像安全......................................................................................................................214容器运行时安全..........................................................................................................24(三)云原生应用安全......................................................................................................261 api安全........................................................................................................................262微服务架构下的应用安全..........................................................................................283 serverless安全.............................................................................................................29(四)云原生研发运营安全..............................................................................................331安全需求分析..............................................................................................................332安全开发......................................................................................................................343安全检测......................................................................................................................354安全运营......................................................................................................................37(五)云原生数据安全......................................................................................................40 中国联通云原生安全实践白皮书(2022 )-4-1数据安全保护..............................................................................................................402数据安全审计..............................................................................................................40(六)云原生安全管理......................................................................................................421云原生资产统一管理..................................................................................................422云原生安全事件统一管理..........................................................................................423多云安全能力协同及统一管理..................................................................................434智能化的云原生安全管理..........................................................................................43四、云原生安全防护体系建设实践......................................................................................45(一)云原生安全防御平台..............................................................................................461安全编码......................................................................................................................472软件成分分析..............................................................................................................483交互式安全检测..........................................................................................................484应用运行时自保护.............