{"title":"安全云容器:使用最特权容器(MPC)进行运行时行为监控","authors":"Vivek Vijay Sarkale, P. Rad, Wonjun Lee","doi":"10.1109/CSCloud.2017.68","DOIUrl":null,"url":null,"abstract":"Hypervisor-based virtualization rapidly becomes a commodity, and it turns valuable in many scenarios such as resource optimization, uptime maximization, and consolidation. Container-based application virtualization is an appropriate solution to develop a light weighted partitioning by providing application isolation with less overhead. Undoubtedly, container based virtualization delivers a lightweight and efficient environment, however raises some security concerns as it allows isolated processes to utilize an underlying host kernel. A new security layer with the Most Privileged Container (MPC) is proposed in this article. The proposed MPC layer exhibits three main functional blocks: Access policies, Black list database, and Runtime monitoring. The introduced MPC layer implements privilege based access control and assigns resource access permissions based on policies and the security profiles of containerized application user processes. Furthermore, the monitoring block examines the runtime behavior of containers and black list database is updated if the container violets its policies. The proposed MPC layer provides higher level of application container security against potential threats.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Secure Cloud Container: Runtime Behavior Monitoring Using Most Privileged Container (MPC)\",\"authors\":\"Vivek Vijay Sarkale, P. Rad, Wonjun Lee\",\"doi\":\"10.1109/CSCloud.2017.68\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Hypervisor-based virtualization rapidly becomes a commodity, and it turns valuable in many scenarios such as resource optimization, uptime maximization, and consolidation. Container-based application virtualization is an appropriate solution to develop a light weighted partitioning by providing application isolation with less overhead. Undoubtedly, container based virtualization delivers a lightweight and efficient environment, however raises some security concerns as it allows isolated processes to utilize an underlying host kernel. A new security layer with the Most Privileged Container (MPC) is proposed in this article. The proposed MPC layer exhibits three main functional blocks: Access policies, Black list database, and Runtime monitoring. The introduced MPC layer implements privilege based access control and assigns resource access permissions based on policies and the security profiles of containerized application user processes. Furthermore, the monitoring block examines the runtime behavior of containers and black list database is updated if the container violets its policies. The proposed MPC layer provides higher level of application container security against potential threats.\",\"PeriodicalId\":436299,\"journal\":{\"name\":\"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSCloud.2017.68\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCloud.2017.68","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Secure Cloud Container: Runtime Behavior Monitoring Using Most Privileged Container (MPC)
Hypervisor-based virtualization rapidly becomes a commodity, and it turns valuable in many scenarios such as resource optimization, uptime maximization, and consolidation. Container-based application virtualization is an appropriate solution to develop a light weighted partitioning by providing application isolation with less overhead. Undoubtedly, container based virtualization delivers a lightweight and efficient environment, however raises some security concerns as it allows isolated processes to utilize an underlying host kernel. A new security layer with the Most Privileged Container (MPC) is proposed in this article. The proposed MPC layer exhibits three main functional blocks: Access policies, Black list database, and Runtime monitoring. The introduced MPC layer implements privilege based access control and assigns resource access permissions based on policies and the security profiles of containerized application user processes. Furthermore, the monitoring block examines the runtime behavior of containers and black list database is updated if the container violets its policies. The proposed MPC layer provides higher level of application container security against potential threats.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
