DC Field | Value | Language |
---|---|---|
dc.contributor.author | Kang, Haney | ko |
dc.contributor.author | Kim, Jinwoo | ko |
dc.contributor.author | Shin, Seungwon | ko |
dc.date.accessioned | 2021-10-27T06:50:12Z | - |
dc.date.available | 2021-10-27T06:50:12Z | - |
dc.date.created | 2021-10-27 | - |
dc.date.issued | 2021-04 | - |
dc.identifier.citation | IEEE International IOT, Electronics and Mechatronics Conference (IEMTRONICS), pp.490 - 494 | - |
dc.identifier.uri | http://hdl.handle.net/10203/288347 | - |
dc.description.abstract | Nowadays, containers have been widely adopted not only for clouds but also for individual users. On the one hand, containers provide much more light-weight virtualized infrastructure, but on the other hand, it is unavoidable to handle security issues since the isolation of containers is relatively weak, compared to the legacy VMs. Under the container architecture, adversaries are able to exploit kernel vulnerabilities to escalate privilege to gain root privilege, and leak system, privacy critical information. Although previous solutions provide strong security protection, unfortunately, none of them do provide a way to apply policies. Therefore, in this paper, we present an eBPF-based capability enforcement system, MiniCon, that automatically generates and enforces a minimal capability set by using Seccomp Filter. It monitors capability requests from containers, merges those requests to create a minimal capability set, and enforces capability policies through Seccomp Filter. | - |
dc.language | English | - |
dc.publisher | IEEE | - |
dc.title | MiniCon: Automatic Enforcement of a Minimal Capability Set for Security-Enhanced Containers | - |
dc.type | Conference | - |
dc.identifier.wosid | 000675601600080 | - |
dc.identifier.scopusid | 2-s2.0-85106668570 | - |
dc.type.rims | CONF | - |
dc.citation.beginningpage | 490 | - |
dc.citation.endingpage | 494 | - |
dc.citation.publicationname | IEEE International IOT, Electronics and Mechatronics Conference (IEMTRONICS) | - |
dc.identifier.conferencecountry | US | - |
dc.identifier.conferencelocation | ELECTR NETWORK | - |
dc.identifier.doi | 10.1109/IEMTRONICS52119.2021.9422529 | - |
dc.contributor.localauthor | Shin, Seungwon | - |
dc.contributor.nonIdAuthor | Kang, Haney | - |
dc.contributor.nonIdAuthor | Kim, Jinwoo | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.