Container hardening through automated seccomp profiling
Proceedings of the 2020 6th International Workshop on Container Technologies …, 2020•dl.acm.org
Nowadays the use of container technologies is ubiquitous and thus the need to make them
secure arises. Container technologies such as Docker provide several options to better
improve container security, one of those is the use of a Seccomp profile. A major problem
with these profiles is that they are hard to maintain because of two different factors: they
need to be updated quite often and present a complex and time consuming task to
determine exactly what to update, therefore not many people use them. The research goal of …
secure arises. Container technologies such as Docker provide several options to better
improve container security, one of those is the use of a Seccomp profile. A major problem
with these profiles is that they are hard to maintain because of two different factors: they
need to be updated quite often and present a complex and time consuming task to
determine exactly what to update, therefore not many people use them. The research goal of …
Nowadays the use of container technologies is ubiquitous and thus the need to make them secure arises. Container technologies such as Docker provide several options to better improve container security, one of those is the use of a Seccomp profile. A major problem with these profiles is that they are hard to maintain because of two different factors: they need to be updated quite often and present a complex and time consuming task to determine exactly what to update, therefore not many people use them.
The research goal of this paper is to make Seccomp profiles a viable technique in a production environment by proposing a reliable method to generate custom Seccomp profiles for arbitrary containerized application. This research focused on developing a solution with few requirements allowing for an easy integration with any environment with no human intervention.
Results show that using a custom Seccomp profile can mitigate several attacks and even some zero day vulnerabilities on containerized applications. This represents a big step forward on using Seccomp in a production environment, which would benefit users worldwide.
ACM Digital Library以上显示的是最相近的搜索结果。 查看全部搜索结果