Lic-Sec: An enhanced AppArmor Docker security profile generator
نویسندگان
چکیده
Along with the rapid development of cloud computing technology, containerization technology has drawn much attention from both industry and academia. In this paper, we perform a comparative measurement analysis Docker-sec, which is Linux Security Module proposed in 2018, new AppArmor profile generator called Lic-Sec, combines Docker-sec modified version LiCShield, also 2015. LiCShield can be used to enhance Docker container security based on mandatory access control allows protection without manual configurations. Lic-Sec brings together their strengths provides stronger protection. We evaluate effectiveness performance by testing them real-world attacks. generate an exploit database 40 exploits effective containers selected latest 400 Exploit-DB. launch these spawned separately. Our evaluations show that for demanding images, gives all privilege escalation attacks failed give
منابع مشابه
Analysis of Docker Security
Over the last few years, the use of virtualization technologies has increased dramatically. This makes the demand for efficient and secure virtualization solutions become more obvious. Container-based virtualization and hypervisor-based virtualization are two main types of virtualization technologies that have emerged to the market. Of these two classes, container-based virtualization is able t...
متن کاملSec-home: a Security-enhanced Framework for Smart Home Environments
Research on smart environments, such as smart homes and smart offices, have recently received increasing attention. In addition to the design and functionality of those devices, current research also focuses on usability and security (privacy). This paper describes a framework for smart homes, called Sec-Home, that supports flexibility, different communication media, as well as simple means to ...
متن کاملSA Forum Security Service (SEC): An use case study
Security has become an important requirement for HA systems. To address this, the SA Forum Security service (SEC) Specifications have been recently published [6]. This paper presents an use case of using SEC to enforce and improve the security of a GGSN node. The goal of the paper is not a detailed study of security in GGSN applications but rather show through a simple use case the place of SEC...
متن کاملSec ’ 13 : 22 nd USENIX Security Symposium
The Best Paper award went to “Control Flow Integrity for COTS Binaries,” by Mingwei Zhang and R. Sekar (Stony Brook Univer sity). The Best Student Paper award was presented to “Securing Computer Hardware Using 3D Integrated Circuit (IC) Technol ogy and Split Manufacturing for Obfuscation,” by Frank Imeson, Ariq Emtenan, Siddharth Garg, and Mahesh V. Tripunitara (University of Waterloo). Final...
متن کاملSmart Container: an Ontology Towards Conceptualizing Docker
Because of growing demand to preserve and share reproducible computational experiments in scientific community, there has been interest in using Docker Linux Containers as a preservation mechanism. However, this is insufficient to help researches to comprehend ”Dockerized” experiments and connect computational artifacts with concepts in peer-reviewed publications. We present here an ontology an...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Journal of information security and applications
سال: 2021
ISSN: ['2214-2134', '2214-2126']
DOI: https://doi.org/10.1016/j.jisa.2021.102924