  • 邓启晴,宋晨,卢至彤,王利明,徐震.容器安全威胁及防护技术综述[J].信息安全学报,已采用    [点击复制]
  • DENG Qiqing,SONG Chen,LU Zhitong,WANG Liming,XU Zhen.A Survey on Threats and Countermeasures of Container[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 15064次   下载 10322  
邓启晴, 宋晨, 卢至彤, 王利明, 徐震
(中国科学院信息工程研究所 北京 中国)
关键词:  容器安全威胁  容器安全防护  容器技术  容器技术生态组件
A Survey on Threats and Countermeasures of Container
DENG Qiqing, SONG Chen, LU Zhitong, WANG Liming, XU Zhen
(Institute of Information Engineering,Chinese Academy of Sciences)
With the application of container technology and container ecosystem components, web services offer benefits from rapid deployment, cross-platform migration, continuous delivery to horizontal scaling, which has brought about a far-reaching impact on cloud computing. Subsequently, container technology has been widely used in the world, and related projects around container technology have been increasingly enriched and improved, further improving the functionality and usability of the container itself. However, the deployment of container and container ecosystem components could further weaken the isolation among traditional services and raise the exposure of the attack surface of applications, platforms, systems, and hardware, which places severe limitations on the growth of containers. Malware implantation, container escape, and unau-thorized access to orchestration platforms are just a few of the assaults that target containers. As a result, the harm degree and impact range of these attacks are expanding, and the security issue of containers has drawn more and more attention. In that case, valuable security mechanisms and solutions, including as intrusion detection, permission management, isolation optimization, and trusted hardware, have been proposed in both academic and industrial domains to safeguard containers and their ecological components. In this paper, we propose a framework for the study of container and container ecosystem components based on the previous existing research work. Given that framework, threats are analyzed from eight aspects: container instance, container image, container network, container core, orchestration platform, system kernel, hardware, and configuration management components. Furthermore, the countermeasures in response to the threats faced will be detailed and comparisons of the differences between various security protection schemes will be explained. By following this, our alignment analysis exposes the application trends of container technology in “multi-tenant” scenarios and potential research directions of multi-tenant container security. Specifically, we further discuss the security issues associated with the mul-ti-tenant container development trend and propose a more efficient solution for container-level security protection.
Key words:  container security threats  container security protection  container  container ecosystem components