Projects per year
Abstract
Along with the rapid development of cloud computing technology, containerization technology has drawn much attention from both industry and academia. In this paper, we perform a comparative measurement analysis of Docker-sec, which is a Linux Security Module proposed in 2018, and a new AppArmor profile generator called Lic-Sec, which combines Docker-sec with a modified version of LiCShield, which is also a Linux Security Module proposed in 2015. Docker-sec and LiCShield can be used to enhance Docker container security based on mandatory access control and allows protection of the container without manual configurations. Lic-Sec brings together their strengths and provides stronger protection. We evaluate the effectiveness and performance of Docker-sec and Lic-Sec by testing them with real-world attacks. We generate an exploit database with 40 exploits effective on Docker containers selected from the latest 400 exploits on Exploit-DB. We launch these exploits on containers spawned with Docker-sec and Lic-Sec separately. Our evaluations show that for demanding images, Lic-Sec gives protection for all privilege escalation attacks for which Docker-sec and LiCShield failed to give protection.
Original language | English |
---|---|
Article number | 102924 |
Journal | Journal of Information Security and Applications |
Volume | 61 |
Issue number | 0 |
DOIs | |
Publication status | Published - 2021 |
Subject classification (UKÄ)
- Computer Science
- Computer Systems
Free keywords
- Docker-sec
- LiCShield
- Lic-Sec
- Container
- Security evaluation
- Docker
Fingerprint
Dive into the research topics of 'Lic-Sec: An enhanced AppArmor Docker security profile generator'. Together they form a unique fingerprint.Projects
- 2 Finished
-
Sec4Factory: Cyber Security for Next Generation Factory (SEC4FACTORY)
Gehrmann, C. (PI), Kihl, M. (CoPI), Hell, M. (CoI), Fitzgerald, E. (Researcher), Toorani, M. (Researcher), Fitzgerald, E. (Researcher), Tärneberg, W. (Researcher) & Akbarian, F. (Researcher)
Swedish Foundation for Strategic Research, SSF
2018/04/01 → 2024/12/31
Project: Research
-
CloudiFacturing: Cloudification of Production Engineering for Predictive Digital Manufacturing
Gehrmann, C. (PI)
European Commission - Horizon 2020
2017/10/01 → 2021/03/31
Project: Research