PROTECT: Container Process Isolation Using System Call Interception

Win, Thu Yein ORCID: 0000-0002-4977-0511, Tso, Fung Po, Mair, Quentin and Tianfield, Huaglory (2017) PROTECT: Container Process Isolation Using System Call Interception. In: 14th International Symposium on Pervasive Systems, Algorithms and Networks (I-SPAN) / 11th International Conference on Frontier of Computer Science and Technology (FCST) / 3rd International Symposium of Creative Computing (ISCC), June 21 -23, Exeter, England. ISSN 2375-527X

[img]
Preview
Text (Peer reviewed version)
6964 Win (2017) PROTECT.pdf - Accepted Version
Available under License All Rights Reserved.

Download (184kB) | Preview

Abstract

Virtualization is the underpinning technology enabling cloud computing service provisioning, and container-based virtualization provides an efficient sharing of the underlying host kernel libraries amongst multiple guests. While there has been research on protecting the host against compromise by malicious guests, research on protecting the guests against a compromised host is limited. In this paper, we present an access control solution which prevents the host from gaining access into the guest containers and their data. Using system call interception together with the built-in AppArmor mandatory access control (MAC) approach the solution protects guest containers from a malicious host attempting to compromise the integrity of data stored therein. Evaluation of results have shown that it can effectively prevent hostile access from host to guest containers while ensuring minimal performance overhead.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Keywords: Virtualization Security; Cloud Security; Container Virtualization; Access Control; System Call Interception
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
Divisions: Schools and Research Institutes > School of Business and Technology > Technical & Applied Computing
Research Priority Areas: Applied Business & Technology
Depositing User: Susan Turner
Date Deposited: 28 Jun 2019 14:35
Last Modified: 03 Jul 2019 16:00
URI: http://eprints.glos.ac.uk/id/eprint/6964

University Staff: Request a correction | Repository Editors: Update this record

University Of Gloucestershire

Bookmark and Share

Find Us On Social Media:

Social Media Icons Facebook Twitter Google+ YouTube Pinterest Linkedin

Other University Web Sites

University of Gloucestershire, The Park, Cheltenham, Gloucestershire, GL50 2RH. Telephone +44 (0)844 8010001.