摘要(英) |
In recent years, cloud computing has become more and more popular because of its low cost, high scalability, and easy maintenance. It has gradually replaced the limitation that the application can only be operated locally. In addition to virtualization, containers are also one of the important technologies for cloud computing. Containers do not need to have an independent operating system and can directly share the operating system of the host. Although it is convenient and cost-effective, the security isolation mechanism is not as complete as a virtual machine and is easier become the target of intruders.
Honeypot is an active defense that can attract intruders by emulating a network service or environment with flaws. Honeypots collect the intruder′s attack intentions, techniques, tools, etc., to understand what security problems exist in the existing system, what challenges the system are facing.
We propose a mechanism to dynamically transform a container into a honeypot. We integrate a warning backup system, anti-virus software and real-time monitoring to bring out DCH. When the container is invaded, our mechanism can protect important data, and also redirect network to a highly interactive honeypot for real-time monitoring. After experiments, we found that our system could perform well, and the overhead introduced by our system is neglectable. |
參考文獻 |
[1] Docker, https://www.docker.com/ , Last Accessed: June, 2020
[2] Kubernetes, https://kubernetes.io/ , Last Accessed: June, 2020
[3] Docker CVE details, https://reurl.cc/3aYdLj , Last Accessed: June, 2020
[4] Honeypot, https://www.fortinet.com/resources/cyberglossary/what-is-honeypot , Last Accessed: June, 2020
[5] Docker Overview, https://docs.docker.com/get-started/overview/ , Last Accessed: June, 2020
[6] Linux Namespace, https://man7.org/linux/manpages/man7/namespaces.7.html , Last Accessed: June, 2020
[7] Cgroups, https://man7.org/linux/man-pages/man7/cgroups.7.html , Last Accessed: June, 2020
[8] Capabilities, https://man7.org/linux/man-pages/man7/capabilities.7.html , Last Accessed: June, 2020
[9] MAC, https://www.linux.com/news/securing-linux-mandatory-access-controls/, Last Accessed: June, 2020
[10] Seccomp, https://man7.org/linux/man-pages/man2/seccomp.2.html , Last Accessed: June, 2020
[11] Volume, https://docs.docker.com/storage/volumes/ , Last Accessed: June, 2020
[12] X. Lin, L. Lei, Y. Wang, J. Jing, K. Sun, and Q. Zhou, “A measurement study on linux container security: Attacks and countermeasures,” in Proceedings of the 34thAnnual Computer Security Applications Conference, 2018
[13] F. Loukidis-Andreou, I. Giannakopoulos, K. Doka, and N. Koziris, “Docker-sec: A fully automated container security enhancement mechanism,” in 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS), IEEE, 2018
[14] W. Luo, Q. Shen, Y. Xia, and Z. Wu, “Container-ima: A privacy-preserving integrity measurement architecture for containers,” in 22nd International Symposium on Research in Attacks, Intrusions and Defenses , 2019
[15] RedHat “Atomic Scan - Container Vulnerability Detection”, https://developers.redhat.
com/ blog/2016/05/02/introducing-atomic-scancontainer-vulnerability-detection
[16] A. Mairh, D. Barik, K. Verma, and D. Jena, “Honeypot in network security: A
survey,” in Proceedings of the 2011 international conference on communication, computing & security, 2011
[17] I. Mokube and M. Adams, “Honeypots: Concepts, approaches, and challenges,”in Proceedings of the 45th annual southeast regional conference, 2007
[18] MuhammetBaykara and ResulDas, “A novel honeypot based security approach for real-time intrusion detection and prevention systems”, 2018
[19] Docker run reference - runtime privilege and linux capabilities, https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities, Last Accessed: June,2020
[20] Sysdig, https://sysdig.com/, Last Accessed: June,2020
[21] Falco, https://sysdig.com/blog/docker-falco-security/ , Last Accessed: June,2020
[22] High interaction honeypots with Sysdig and Falco, https://labs.f-secure.com/archive/high-interaction-honeypots-with-sysdig-and-falco/ |