2021
DOI: 10.1109/tdsc.2018.2879605
|View full text |Cite
|
Sign up to set email alerts
|

A Study on the Security Implications of Information Leakages in Container Clouds

Abstract: Container technology provides a lightweight operating system level virtual hosting environment. Its emergence profoundly changes the development and deployment paradigms of multi-tier distributed applications. However, due to the incomplete implementation of system resource isolation mechanisms in the Linux kernel, some security concerns still exist for multiple containers sharing an operating system kernel on a multi-tenancy container-based cloud service. In this paper, we first present the information leakag… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
4
0
1

Year Published

2021
2021
2025
2025

Publication Types

Select...
7
2
1

Relationship

0
10

Authors

Journals

citations
Cited by 44 publications
(5 citation statements)
references
References 35 publications
0
4
0
1
Order By: Relevance
“…Gao et al [39] studied information leakage channels within containers (this study was expanded later in [40]). They address channels that could leak host information and allow adversaries to launch advanced attacks against the cloud service provider.…”
Section: Protecting the Host From Containers Using Namespaces (Use Camentioning
confidence: 99%
“…Gao et al [39] studied information leakage channels within containers (this study was expanded later in [40]). They address channels that could leak host information and allow adversaries to launch advanced attacks against the cloud service provider.…”
Section: Protecting the Host From Containers Using Namespaces (Use Camentioning
confidence: 99%
“…Çalışmada [43], bulut güvenliğini ve kaynakların otomatik ölçeklenebilirliğin i sağlamak için izolasyon ağaçlarının kullanıldığı optimize edilmiş bir anomali tespiti yaklaşımından ve entropi tabanlı uyarlanabilir Krill sürü optimizasyonundan faydalanmıştır. Çok müşteriye hizmet veren bulut konteyner hizmetlerindeki Linux çekirdeği kaynaklı yaşanabilecek veri sızıntısı ele alındığı çalışmada [44], yaşanabilecek veri sızıntıları ve daha geniş kapsamlı s aldırıların önlenmesi maksadıyla iki kademeli bir savunma mekanizmas ı sunulmuştur. Bulut güvenliğinin sağlanması kapsamında donanım tabanlı güvenlik çözümlerinin ele alındığ ı çalışmada [45] Intel TXT, ARM TrustZone, AMD SEV ve Intel SGX teknolojileri incelenerek güvenlik ve fonksiyonellik gibi ana başlıklar altında karşılaştırılmışlard ır.…”
Section: Security)unclassified
“…In container-based systems, for security protection, an extensive security service such as Docker Trusted Registry will scan container images in advance to detect potential injections and then enforce access policies accordingly. However, according to [203], [204], the imperfection of resource isolation mechanism and shared kernel in multi-tenancy container-based systems can be the potential source of meltdown and spectre attacks that may lead to information leakage of co-resident containers. The authors of [203] introduced ContainerGuard, a non-intrusive variational autoencoders-based method to collect performance events data of processes to detect the attacks.…”
Section: G Liquid Software Security: a Step To 6g Platform-agnostic S...mentioning
confidence: 99%