博碩士論文 107522068 完整後設資料紀錄

DC 欄位 語言
DC.contributor資訊工程學系zh_TW
DC.creator李佳穎zh_TW
DC.creatorJia-Ing Leeen_US
dc.date.accessioned2020-7-21T07:39:07Z
dc.date.available2020-7-21T07:39:07Z
dc.date.issued2020
dc.identifier.urihttp://ir.lib.ncu.edu.tw:88/thesis/view_etd.asp?URN=107522068
dc.contributor.department資訊工程學系zh_TW
DC.description國立中央大學zh_TW
DC.descriptionNational Central Universityen_US
dc.description.abstract隨著雲端運算的發展及需求,虛擬化的技術日漸成熟,也越來越廣為人所運用。在虛擬化技術之中,除了傳統的虛擬機器(Virtual Machine)之外,還有一個較為輕量化的技術,即為容器(Container)。容器技術不像虛擬機器一樣需仰賴超管理器(Hypervisor)的幫助,既不需要模擬硬體架構,也不必跑在分別的系統核心(Kernel)之上,而是同一台主機(Host)上的所有容器共同享有主機的系統核心。然而,由於容器的隔離並沒有虛擬機器完善,容器也較虛擬機器來得易受攻擊,雖然大部分的漏洞都在被發現後就立刻做了補救,但是針對容器的攻擊手法實在過多,容器的安全防不勝防。 本研究針對這樣的特點,提出了一套偵測系統,以判斷針對容器之未授權特權檔案存取。如此一來,即便容器上的漏洞造成了非法檔案存取,我們還是可以利用此系統,直接從主機的系統核心中得知這樣的非法行為,並加以攔截。實驗後,結果顯示本系統的確可以達成理想的防禦效果,並且效能表現良好,幾乎不會對程序造成效能上的損失。 隨著虛擬技術的蓬勃發展,如何有效保護容器之安全勢必成為未來資安的議題。本研究的目的是從根本保護容器造成的非法檔案存取,即使容器上有漏洞也不會因此侵害到主機的安全。zh_TW
dc.description.abstractWith the development of cloud computing, virtualization technology is becoming more mature and widely used. In recent days, container technology has been increasingly adopted in various computation scenarios. Compared to virtual machines, the elimination of additional abstraction layers leads to better resource utilization and improved efficiency. However, since all containers share the same operating system kernel with their host, the container technology also introduced a number of security issues. We propose a detection system that detects unauthorized privileged file-accesses to protect the security of the host. Even if there are vulnerabilities in the container, our system can protect the illegal file-accesses from the host fundamentally and thus would not infringe the security of the host. After experiments, we found that our system could detect illegal file-accesses successfully and the overhead introduced by our system is neglectable.en_US
DC.subject容器zh_TW
DC.subject虛擬化zh_TW
DC.subjectLinux作業系統zh_TW
DC.subjectContaineren_US
DC.subjectVirtualizationen_US
DC.subjectLinuxOSen_US
DC.titleUPFAD: A Solution to Detect Unauthorized Privileged File-Access in Dockeren_US
dc.language.isoen_USen_US
DC.type博碩士論文zh_TW
DC.typethesisen_US
DC.publisherNational Central Universityen_US

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明