Open AccessProceedings Article
Understanding Security Implications of Using Containers in the Cloud
Byung Chul Tak,Canturk Isci,Sastry S. Duri,Nilton Bila,Shripad Nadgowda,James R. Doran +5 more
- pp 313-319
Reads0
Chats0
TLDR
This study investigates containers deployed in a production cloud to derive a set of recommended approaches to address challenges and proposes practices that container users should adopt to limit the vulnerability of their containers.Abstract:
Container technology is being adopted as a mainstream platform for IT solutions because of high degree of agility, reusability and portability it offers. However, there are challenges to be addressed for successful adoption. First, it is difficult to establish the full pedigree of images downloaded from public registries. Some might have vulnerabilities introduced unintentionally through rounds of updates by different users. Second, non-conformance to the immutable software deployment policies, such as those promoted by the DevOps principles, introduces vulnerabilities and the loss of control over deployed software. In this study, we investigate containers deployed in a production cloud to derive a set of recommended approaches to address these challenges. Our analysis reveals evidences that (i), images of unresolved pedigree have introduced vulnerabilities to containers belonging to third parties; (ii), updates to live public containers are common, defying the tenet that deployed software is immutable; and (iii), scanning containers or images alone is insufficient to eradicate vulnerabilities from public containers. We advocate for better systems support for tracking image provenance and resolving disruptive changes to containers, and propose practices that container users should adopt to limit the vulnerability of their containers.read more
Citations
More filters
Proceedings ArticleDOI
Edge Computing Perspectives: Architectures, Technologies, and Open Security Issues
TL;DR: This paper introduces the main technologies supporting the Edge paradigm, survey existing issues, introduce relevant scenarios, and discusses benefits and caveats of the different existing solutions in the above introduced scenarios.
Proceedings ArticleDOI
Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs
TL;DR: It is shown that Winnower dramatically reduces storage and network overhead associated with aggregating system audit logs, by as much as 98%, without sacrificing the important information needed for attack investigation, and represents a significant step forward for security monitoring in distributed systems.
Journal ArticleDOI
Reliable and Secure Vehicular Fog Service Provision
TL;DR: This paper proposes a novel mechanism which consists of a VF construction method and a VFS access method to ensure VFS reliability and security without sacrificing performance and investigates the impact of the proposed mechanism on VF throughput.
Journal ArticleDOI
Exploring New Opportunities to Defeat Low-Rate DDoS Attack in Container-Based Cloud Environment
TL;DR: This paper proposes a dynamic DDoS mitigation strategy, which can dynamically regulate the number of container instances serving for different users and coordinate the resource allocation for these instances to maximize the quality of service.
Proceedings ArticleDOI
Automating Patching of Vulnerable Open-Source Software Versions in Application Binaries.
Ruian Duan,Ashish Bijlani,Yang Ji,Omar Alrawi,Yiyuan Xiong,Moses Ike,Brendan Saltaformaggio,Wenke Lee +7 more
TL;DR: This work addresses vulnerable mobile applications through automatic binary patching from source patches provided by the OSS maintainers and without involving the developers, and proposes novel techniques to overcome difficult challenges like patching feasibility analysis, source-code-to-binary-code matching, and in-memory patching.
References
More filters
Journal ArticleDOI
Pin: building customized program analysis tools with dynamic instrumentation
Chi-Keung Luk,Robert Cohn,Robert Muth,Harish Patil,Artur Klauser,Geoff Lowney,Steven Wallace,Vijay Janapa Reddi,Kim Hazelwood +8 more
TL;DR: The goals are to provide easy-to-use, portable, transparent, and efficient instrumentation, and to illustrate Pin's versatility, two Pintools in daily use to analyze production software are described.
Journal ArticleDOI
Adopting DevOps practices in quality assurance
TL;DR: Merging the art and science of software development with the aim of inspiring and inspiring the next generation of software developers.
Proceedings ArticleDOI
Holistic configuration management at Facebook
Chunqiang Tang,Thawan Kooburat,Pradeep Venkatachalam,Akshay Chander,Zhe Wen,Aravind Narayanan,Patrick Dowell,Robert Karl +7 more
TL;DR: This paper gives a comprehensive description of the use cases, design, implementation, and usage statistics of a suite of tools that manage Facebook's configuration end-to-end, including the frontend products, backend systems, and mobile apps.
Journal ArticleDOI
DevOps: Making It Easy to Do the Right Thing
Matt Callanan,Alexandra Spillane +1 more
TL;DR: Wotif Group used DevOps principles to recover from the downward spiral of manual release activity that many IT departments face and drastically improved the average release cycle time.
Proceedings ArticleDOI
ACMS: the Akamai configuration management system
TL;DR: The design and implementation of a configuration management system for the Akamai Network is discussed, which allows reliable yet highly asynchronous delivery of configuration information, is significantly fault-tolerant, and can scale if necessary to hundreds of thousands of servers.
Related Papers (5)
Top Threats to Cloud: A Three-Dimensional Model of Cloud Security Assurance
Rakesh Kumar,Rinkaj Goyal +1 more