A Measurement Study on Linux Container Security

Lin, Xin; Lei, Lingguang; Wang, Yuewu; Jing, Jiwu; Sun, Kun; Zhou, Quan

doi:10.1145/3274694.3274720

Cited by 89 publications

(51 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The authors detailed some real-world scenarios for the vulnerabilities and how they could be exploited and proposed possible fixes. Lin et al [92] created a dataset of 223 exploits that are effective on container platforms. Then, they evaluated the security of different Linux containers using a subset of those exploits.…”

Section: A Vulnerabilities Exploits and Toolsmentioning

confidence: 99%

Container Security: Issues, Challenges, and the Road Ahead

2019

View full text Add to dashboard Cite

Containers emerged as a lightweight alternative to virtual machines (VMs) that offer better microservice architecture support. The value of the container market is expected to reach $2.7 billion in 2020 as compared to $762 million in 2016. Although they are considered the standardized method for microservices deployment, playing an important role in cloud computing emerging fields such as service meshes, market surveys show that container security is the main concern and adoption barrier for many companies. In this paper, we survey the literature on container security and solutions. We have derived four generalized use cases that should cover security requirements within the host-container threat landscape. The use cases include: (I) protecting a container from applications inside it, (II) inter-container protection, (III) protecting the host from containers, and (IV) protecting containers from a malicious or semi-honest host. We found that the first three use cases utilize a software-based solutions that mainly rely on Linux kernel features (e.g., namespaces, CGroups, capabilities, and seccomp) and Linux security modules (e.g., AppArmor). The last use case relies on hardware-based solutions such as trusted platform modules (TPMs) and trusted platform support (e.g., Intel SGX). We hope that our analysis will help researchers understand container security requirements and obtain a clearer picture of possible vulnerabilities and attacks. Finally, we highlight open research problems and future research directions that may spawn further research in this area.

show abstract

Section: A Vulnerabilities Exploits and Toolsmentioning

confidence: 99%

Container Security: Issues, Challenges, and the Road Ahead

2019

View full text Add to dashboard Cite

show abstract

“…They also propose possible fixes and discuss the adoption of Docker by platform-as-a-service (PaaS) providers. Lin et al [18] study 11 exploits that can successfully bypass the isolation provided by the container to achieve privilege escalation. The authors then propose a defense mechanism to defeat those identified privilege escalation exploits.…”

Section: Related Workmentioning

confidence: 99%

CDL: Classified Distributed Learning for Detecting Security Attacks in Containerized Applications

Lin

Tunde-Onadele

2020

Annual Computer Security Applications Conference

View full text Add to dashboard Cite

“…Os critérios utilizados foram baseados no guia de segurança de contêineres [NIST 2017], no modelo de ameaças [Sultan et al 2019] e na revisão de falhas de segurança em contêineres Linux [Lin et al 2018]. Uma análise visando restringir a quantidade de critérios foi realizada para definir um foco inicial na pesquisa deste artigo, que pode ser ampliado a medida que as análises de cada critério são finalizadas.…”

Section: Critérios De Análiseunclassified

Análise de segurança entre contêineres Docker implementados em Linux e Windows

Pennacchi

Miers

2020

Anais Da XVIII Escola Regional De Redes De Computadores (ERRC 2020)

View full text Add to dashboard Cite

O uso do contêineres recebeu uma maior atenção por ser uma solução baseada em virtualização alternativa às máquinas virtuais, realizando o encapsulamento de processos visando uma relação melhor de consumo de recursos computacionais e desempenho. Entre as soluções disponíveis de virtualização conteinerizadas, o Docker obteve uma maior preferência de uso. O Docker foi inicialmente um software de soluções de contêineres desenvolvido para o sistema operacional GNU/Linux. A Microsoft adentrou no mercado disponibilizando a o Docker Windows para as versões de servidores e as versões de uso pessoal do seu sistema operacional. Nas versões específicas para servidores há a possibilidade de execução do Docker Windows nativamente na plataforma. Neste sentido, este artigo apresenta os resultados iniciais de uma análise de alguns aspectos de controle de recursos, segurança de imagem de contêineres e segurança na comunicação entre contêineres.

show abstract

A Measurement Study on Linux Container Security

Cited by 89 publications

References 21 publications

Container Security: Issues, Challenges, and the Road Ahead

Container Security: Issues, Challenges, and the Road Ahead

CDL: Classified Distributed Learning for Detecting Security Attacks in Containerized Applications

Análise de segurança entre contêineres Docker implementados em Linux e Windows

Contact Info

Product

Resources

About