中国联通云原生安全实践 白皮书（2022） 中国联通研究院 2022年12月 中国联通云原生安全实践白皮书（2022） 权声明 本报告版权属于中国联合网络通信有限公司研究院，并受法 律保护。转载、摘编或利用其他方式使用本报告文字或者观点的， 应注明“来源：中国联通研究院”。违反上述声明者，本院将追 究其相关法律责任。中国联通云原生安全实践白皮书（2022） 目录 一、背景概述............................................................................................................................3 （一）云原生成为新常态....................................................................................................3 （二）云原生安全建设需求迫切........................................................................................4 1云原生安全风险升级....................................................................................................4 2云原生安全事件频发....................................................................................................4 二、云原生安全的发展............................................................................................................6 （一）云原生安全理念........................................................................................................6 （二）云原生安全典型模型................................................................................................8 1云原生安全防护责任共担模型....................................................................................8 2面向云原生的ATT&CK攻防矩阵模型.........................................................................9 3DevSecOps开发安全运营一体化模型........................................................................11 三、云原生安全防护体系......................................................................................................13 （一）云原生安全原则与架构..........................................................................................13 1云原生安全原则..........................................................................................................13 2云原生安全架构..........................................................................................................15 （二）云原生基础架构安全..............................................................................................17 1网络安全......................................................................................................................17 2编排及组件安全..........................................................................................................18 3镜像安全......................................................................................................................21 4容器运行时安全..........................................................................................................24 （三）云原生应用安全......................................................................................................26 1API安全........................................................................................................................26 2微服务架构下的应用安全..........................................................................................28 3Serverless安全.............................................................................................................29 （四）云原生研发运营安全..............................................................................................33 1安全需求分析..............................................................................................................33 2安全开发......................................................................................................................34 3安全检测......................................................................................................................35 4安全运营......................................................................................................................37 （五）云原生数据安全......................................................................................................40中国联通云原生安全实践白皮书（2022） -4-1数据安全保护..............................................................................................................40 2数据安全审计..............................................................................................................40 （六）云原生安全管理........................................................................................