Litcius/Paper detail

Secure Namespaced Kernel Audit for Containers

Soo Yee Lim, Bogdan Stelea, Xueyuan Han, Thomas Pasquier

202119 citationsDOI

Abstract

Despite the wide usage of container-based cloud computing, container auditing for security analysis relies mostly on built-in host audit systems, which often lack the ability to capture high-fidelity container logs. State-of-the-art reference-monitor-based audit techniques greatly improve the quality of audit logs, but their system-wide architecture is too costly to be adapted for individual containers. Moreover, these techniques typically require extensive kernel modifications, making it difficult to deploy in practical settings.

Topics & Concepts

Container (type theory)AuditComputer scienceCloud computingFidelityKernel (algebra)ArchitectureComputer securityAudit trailOperating systemAccountingEngineeringBusinessTelecommunicationsCombinatoricsMathematicsVisual artsArtMechanical engineeringSoftware System Performance and ReliabilityCloud Computing and Resource ManagementNetwork Security and Intrusion Detection