Skip to main content

Research Repository

Advanced Search

PROTECT: Container process isolation using system call interception

Win, Thu Yein; Tso, Fung Po; Mair, Quentin; Tianfield, Huaglory

Authors

Thu Yein Win

Fung Po Tso

Quentin Mair

Huaglory Tianfield



Abstract

Virtualization is the underpinning technology enabling cloud computing service provisioning, and container-based virtualization provides an efficient sharing of the underlying host kernel libraries amongst multiple guests. While there has been research on protecting the host against compromise by malicious guests, research on protecting the guests against a compromised host is limited. In this paper, we present an access control solution which prevents the host from gaining access into the guest containers and their data. Using system call interception together with the built-in AppArmor mandatory access control (MAC) approach the solution protects guest containers from a malicious host attempting to compromise the integrity of data stored therein. Evaluation of results have shown that it can effectively prevent hostile access from host to guest containers while ensuring minimal performance overhead.

Presentation Conference Type Conference Paper (published)
Start Date Jun 21, 2017
End Date Jun 23, 2017
Acceptance Date May 12, 2017
Online Publication Date Dec 1, 2017
Deposit Date May 12, 2021
Pages 191-196
Book Title 2017 14th International Symposium on Pervasive Systems, Algorithms and Networks \& 2017 11th International Conference on Frontier of Computer Science and Technology \& 2017 Third International Symposium of Creative Computing (ISPAN-FCST-ISCC)
ISBN 9781538608401
DOI https://doi.org/10.1109/ISPAN-FCST-ISCC.2017.24
Public URL https://uwe-repository.worktribe.com/output/7380720


You might also like



Downloadable Citations