A Study on the Security Implications of Information Leakages in Container Clouds

Gao, Xing; Steenkamer, Benjamin P.; Gu, Zhongshu; Kayaalp, Mehmet; Pendarakis, Dimitrios; Wang, Haining

doi:10.1109/tdsc.2018.2879605

Cited by 38 publications

(5 citation statements)

References 35 publications

(48 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Gao et al [39] studied information leakage channels within containers (this study was expanded later in [40]). They address channels that could leak host information and allow adversaries to launch advanced attacks against the cloud service provider.…”

Section: Protecting the Host From Containers Using Namespaces (Use Camentioning

confidence: 99%

Container Security: Issues, Challenges, and the Road Ahead

2019

View full text Add to dashboard Cite

Containers emerged as a lightweight alternative to virtual machines (VMs) that offer better microservice architecture support. The value of the container market is expected to reach $2.7 billion in 2020 as compared to $762 million in 2016. Although they are considered the standardized method for microservices deployment, playing an important role in cloud computing emerging fields such as service meshes, market surveys show that container security is the main concern and adoption barrier for many companies. In this paper, we survey the literature on container security and solutions. We have derived four generalized use cases that should cover security requirements within the host-container threat landscape. The use cases include: (I) protecting a container from applications inside it, (II) inter-container protection, (III) protecting the host from containers, and (IV) protecting containers from a malicious or semi-honest host. We found that the first three use cases utilize a software-based solutions that mainly rely on Linux kernel features (e.g., namespaces, CGroups, capabilities, and seccomp) and Linux security modules (e.g., AppArmor). The last use case relies on hardware-based solutions such as trusted platform modules (TPMs) and trusted platform support (e.g., Intel SGX). We hope that our analysis will help researchers understand container security requirements and obtain a clearer picture of possible vulnerabilities and attacks. Finally, we highlight open research problems and future research directions that may spawn further research in this area.

show abstract

Section: Protecting the Host From Containers Using Namespaces (Use Camentioning

confidence: 99%

Container Security: Issues, Challenges, and the Road Ahead

2019

View full text Add to dashboard Cite

show abstract

“…Çalışmada [43], bulut güvenliğini ve kaynakların otomatik ölçeklenebilirliğin i sağlamak için izolasyon ağaçlarının kullanıldığı optimize edilmiş bir anomali tespiti yaklaşımından ve entropi tabanlı uyarlanabilir Krill sürü optimizasyonundan faydalanmıştır. Çok müşteriye hizmet veren bulut konteyner hizmetlerindeki Linux çekirdeği kaynaklı yaşanabilecek veri sızıntısı ele alındığı çalışmada [44], yaşanabilecek veri sızıntıları ve daha geniş kapsamlı s aldırıların önlenmesi maksadıyla iki kademeli bir savunma mekanizmas ı sunulmuştur. Bulut güvenliğinin sağlanması kapsamında donanım tabanlı güvenlik çözümlerinin ele alındığ ı çalışmada [45] Intel TXT, ARM TrustZone, AMD SEV ve Intel SGX teknolojileri incelenerek güvenlik ve fonksiyonellik gibi ana başlıklar altında karşılaştırılmışlard ır.…”

Section: Security)unclassified

A Review on Challenges in Cloud Computing Security and Recent Researchs

GÜLBURUN

Dener

2022

Bilişim Teknolojileri Dergisi

View full text Add to dashboard Cite

Bulut bilişim sistemleri, kişi ve organizasyonlar tarafından ihtiyaç duyulan farklı seviye ve nitelikteki bilg i sistemleri kaynaklarının, talebe bağlı olarak istenilen zaman ve miktarda ihtiyaç sahibine sunulabildiği, çoğunlukla internet üzerinden erişilebilir kılınan, özellikle değişken iş yüklerine sahip organizasyonların ihtiyaçlarına en iyi şekilde cevap verebilen sistemlerdir. Bulut bilişim sistemlerinin kullanımının artmasına paralel olarak hem bulut biliş im platformlarına hem de bu platformlardan servis alan organizasyonlara yönelik saldırılar artış göstermiştir. Çalışmad a, öncelikle, farklı kuruluşlar tarafından hazırlanan bulut bilişim güvenlik raporları incelenerek, bulut bilişim kapsamında karşılaşılan temel tehditler ortaya konmuştur. Daha sonra Web of Science veri tabanı temel alınarak bulut biliş im güvenliği kapsamında yapılan güncel çalışmalar incelenmiştir.

show abstract

“…In container-based systems, for security protection, an extensive security service such as Docker Trusted Registry will scan container images in advance to detect potential injections and then enforce access policies accordingly. However, according to [203], [204], the imperfection of resource isolation mechanism and shared kernel in multi-tenancy container-based systems can be the potential source of meltdown and spectre attacks that may lead to information leakage of co-resident containers. The authors of [203] introduced ContainerGuard, a non-intrusive variational autoencoders-based method to collect performance events data of processes to detect the attacks.…”

Section: G Liquid Software Security: a Step To 6g Platform-agnostic S...mentioning

confidence: 99%

Security and privacy for 6G: A survey on prospective technologies and challenges

Nguyen,

Lin,

Cheng

et al. 2021

Preprint

View full text Add to dashboard Cite

Sixth-generation (6G) mobile networks will have to cope with diverse threats on a space-air-ground integrated network environment, novel technologies, and an accessible user information explosion. However, for now, security and privacy issues for 6G remain largely in concept. This survey provides a systematic overview of security and privacy issues based on prospective technologies for 6G in the physical, connection, and service layers, as well as through lessons learned from the failures of existing security architectures and state-of-the-art defenses.Two key lessons learned are as follows. First, other than inheriting vulnerabilities from the previous generations, 6G has new threat vectors from new radio technologies, such as the exposed location of radio stripes in ultra-massive MIMO systems at Terahertz bands and attacks against pervasive intelligence. Second, physical layer protection, deep network slicing, quantum-safe communications, artificial intelligence (AI) security, platform-agnostic security, real-time adaptive security, and novel data protection mechanisms such as distributed ledgers and differential privacy are the top promising techniques to mitigate the attack magnitude and personal data breaches substantially.

show abstract

A Study on the Security Implications of Information Leakages in Container Clouds

Cited by 38 publications

References 35 publications

Container Security: Issues, Challenges, and the Road Ahead

Container Security: Issues, Challenges, and the Road Ahead

A Review on Challenges in Cloud Computing Security and Recent Researchs

Security and privacy for 6G: A survey on prospective technologies and challenges

Contact Info

Product

Resources

About