中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/83952
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 81570/81570 (100%)
Visitors : 47284975      Online Users : 409
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/83952


    Title: UPFAD: A Solution to Detect Unauthorized Privileged File-Access in Docker
    Authors: 李佳穎;Lee, Jia-Ing
    Contributors: 資訊工程學系
    Keywords: 容器;虛擬化;Linux作業系統;Container;Virtualization;LinuxOS
    Date: 2020-07-21
    Issue Date: 2020-09-02 17:45:09 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 隨著雲端運算的發展及需求,虛擬化的技術日漸成熟,也越來越廣為人所運用。在虛擬化技術之中,除了傳統的虛擬機器(Virtual Machine)之外,還有一個較為輕量化的技術,即為容器(Container)。容器技術不像虛擬機器一樣需仰賴超管理器(Hypervisor)的幫助,既不需要模擬硬體架構,也不必跑在分別的系統核心(Kernel)之上,而是同一台主機(Host)上的所有容器共同享有主機的系統核心。然而,由於容器的隔離並沒有虛擬機器完善,容器也較虛擬機器來得易受攻擊,雖然大部分的漏洞都在被發現後就立刻做了補救,但是針對容器的攻擊手法實在過多,容器的安全防不勝防。

    本研究針對這樣的特點,提出了一套偵測系統,以判斷針對容器之未授權特權檔案存取。如此一來,即便容器上的漏洞造成了非法檔案存取,我們還是可以利用此系統,直接從主機的系統核心中得知這樣的非法行為,並加以攔截。實驗後,結果顯示本系統的確可以達成理想的防禦效果,並且效能表現良好,幾乎不會對程序造成效能上的損失。

    隨著虛擬技術的蓬勃發展,如何有效保護容器之安全勢必成為未來資安的議題。本研究的目的是從根本保護容器造成的非法檔案存取,即使容器上有漏洞也不會因此侵害到主機的安全。;With the development of cloud computing, virtualization technology is becoming more mature and widely used. In recent days, container technology has been increasingly adopted in various computation scenarios. Compared to virtual machines, the elimination of additional abstraction layers leads to better resource utilization and improved efficiency. However, since all containers share the same operating system kernel with their host, the container technology also introduced a number of security issues.

    We propose a detection system that detects unauthorized privileged file-accesses to protect the security of the host. Even if there are vulnerabilities in the container, our system can protect the illegal file-accesses from the host fundamentally and thus would not infringe the security of the host. After experiments, we found that our system could detect illegal file-accesses successfully and the overhead introduced by our system is neglectable.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML186View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明