Back to Search
Start Over
Lic-Sec: An enhanced AppArmor Docker security profile generator.
- Source :
-
Journal of Information Security & Applications . Sep2021, Vol. 61, pN.PAG-N.PAG. 1p. - Publication Year :
- 2021
-
Abstract
- Along with the rapid development of cloud computing technology, containerization technology has drawn much attention from both industry and academia. In this paper, we perform a comparative measurement analysis of Docker-sec, which is a Linux Security Module proposed in 2018, and a new AppArmor profile generator called Lic-Sec, which combines Docker-sec with a modified version of LiCShield, which is also a Linux Security Module proposed in 2015. Docker-sec and LiCShield can be used to enhance Docker container security based on mandatory access control and allows protection of the container without manual configurations. Lic-Sec brings together their strengths and provides stronger protection. We evaluate the effectiveness and performance of Docker-sec and Lic-Sec by testing them with real-world attacks. We generate an exploit database with 40 exploits effective on Docker containers selected from the latest 400 exploits on Exploit-DB. We launch these exploits on containers spawned with Docker-sec and Lic-Sec separately. Our evaluations show that for demanding images, Lic-Sec gives protection for all privilege escalation attacks for which Docker-sec and LiCShield failed to give protection. [ABSTRACT FROM AUTHOR]
Details
- Language :
- English
- ISSN :
- 22142126
- Volume :
- 61
- Database :
- Academic Search Index
- Journal :
- Journal of Information Security & Applications
- Publication Type :
- Academic Journal
- Accession number :
- 162180832
- Full Text :
- https://doi.org/10.1016/j.jisa.2021.102924