Secure Cloud Container: Runtime Behavior Monitoring Using Most Privileged Container (MPC)

Sarkale, Vivek Vijay; Rad, Paul; Lee, Wonjun

doi:10.1109/cscloud.2017.68

Cited by 12 publications

(3 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although the adoption of Docker has enabled numerous automated acceleration, security issues have been affecting the widespread use of Docker, [16] proposes security algorithms and methods to address the issues in Docker container technology related to DoS attack-related issues in Docker container technology. [17] proposes a new security layer called Most Privileged Container (MPC) to improve container security by implementing permission-based access control. This layer assigns resource access privileges based on policies and security profiles and monitors the runtime behavior of containers.…”

Section: Selinux-based Container Security Researchmentioning

confidence: 99%

SELinux-based operating system security research

Zhang,

He,

Wang

et al. 2023

Second International Conference on Applied Statistics, Computational Mathematics, and Software Engineering (ASCMSE 2023)

View full text Add to dashboard Cite

This thesis analyzes SELinux-based policies to implement Mandatory Access Control and improve the security and reliability of the system by verifying data integrity and trusted paths. In terms of attack detection and defense, this paper also proposes corresponding malicious behavior detection and defense techniques for side-channel attacks. By collating and analyzing domestic and international research on SELinux technology, we summarize the research progress of SELinux in virtualization, cloud computing, containers and Android security, which can provide some reference and support for the security of Kunpeng-based domestic server and desktop operating systems.

show abstract

Section: Selinux-based Container Security Researchmentioning

confidence: 99%

SELinux-based operating system security research

Zhang,

He,

Wang

et al. 2023

Second International Conference on Applied Statistics, Computational Mathematics, and Software Engineering (ASCMSE 2023)

View full text Add to dashboard Cite

show abstract

“…The lifetime of a container includes the service state and refactoring state, so the average lifetime of a container is 1/ . Assuming that the average number of service state containers is m, and the average number of reconstructed state containers is r c , there is r c m c =+ [8]. According to Little's law, we get:…”

Section: Dynamically Reconstruct Ctmc Modelmentioning

confidence: 99%

Mimic web application security technology based on DHR architecture

Wei

Liang²,

Shi³

et al. 2022

International Conference on Artificial Intelligence and Intelligent Information Processing (AIIIP 2022)

View full text Add to dashboard Cite

Traditional static defense methods based on threat detection, isolation and filtering are difficult to defend against increasingly complex and intelligent cloud network intrusions. New defense methods try to increase the uncertainty and complexity of the cloud environment. Aiming at the problems of increasing attack surface of web services and difficult security management and control, based on the mimetic web endogenous security system architecture, this paper presents the system physical frame and logical frame of Mimicloud, a web architecture of the DHR model based on the continuous time Markov chain Model and analyze the security mechanism, and finally conduct an evaluation test. This paper innovatively uses the DHR cloud endogenous security architecture to provide highly secure SaaS services, and then constructs a security mechanism with dynamic, random, diversity and other characteristics, which makes the attacker lose part of the latent resources and attack implementation conditions. It is difficult to maintain the continuous control and access to the successful attack. The mimic Web can also provide theoretical support for enhancing the endogenous security capabilities of the next-generation information cloud infrastructure and key technological breakthroughs of mimic security defense in the cloud environment.

show abstract

“…As a result of their ease-of-use and performance enhancements, such containers as Docker [15], OpenVZ [16], and Linux Container (LXC) [17], are being widely adopted in industry, academia, and other scientific communities. Undoubtedly, Container-based virtualization delivers a lightweight and efficient environment, but raises some security concerns as it allows an isolated process to utilize an underlying host kernel [18]. Moreover, Docker container is not suitable for IoT applications with frequent interaction of small data and resource-constrained IoT devices [19].…”

Section: Introductionmentioning

confidence: 99%

Evolving Container to Unikernel for Edge Computing and Applications in Process Industry

Chen

Zhou

2021

Processes

View full text Add to dashboard Cite

Industry 4.0 promotes manufacturing and process industry towards digitalization and intellectualization. Edge computing can provide delay-sensitive services in industrial processes to realize intelligent production. Lightweight virtualization technology is one of the key elements of edge computing, which can implement resource management, orchestration, and isolation services without considering heterogenous hardware. It has revolutionized software development and deployment. The scope of this review paper is to present an in-depth analysis of two such technologies, Container and Unikernel, for edge computing. We discuss and compare their applicability in terms of migration, security, and orchestration for edge computing and industrial applications. We describe their performance indexes, evaluation methods and related findings. We then discuss their applications in industrial processes. To promote further research, we present some open issues and challenges to serve as a road map for both researchers and practitioners in the areas of Industry 4.0, industrial process automation, and advanced computing.

show abstract

Secure Cloud Container: Runtime Behavior Monitoring Using Most Privileged Container (MPC)

Cited by 12 publications

References 12 publications

SELinux-based operating system security research

SELinux-based operating system security research

Mimic web application security technology based on DHR architecture

Evolving Container to Unikernel for Edge Computing and Applications in Process Industry

Contact Info

Product

Resources

About