DockerPolicyModules: Mandatory Access Control for Docker Containers

被引:0
|
作者
Bacis, Enrico [1 ]
Mutti, Simone [1 ]
Capelli, Steven [1 ]
Paraboschi, Stefano [1 ]
机构
[1] Univ Bergamo, DIGIP, Bergamo, Italy
来源
2015 IEEE CONFERENCE ON COMMUNICATIONS AND NETWORK SECURITY (CNS) | 2015年
关键词
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The wide adoption of Docker and the ability to retrieve images from different sources impose strict security constraints. Docker leverages Linux kernel security facilities, such as namespaces, cgroups and Mandatory Access Control, to guarantee an effective isolation of containers. In order to increase Docker security and flexibility, we propose an extension to the Dockerfile format to let image maintainers ship a specific SELinux policy for the processes that run in a Docker image, enhancing the security of containers.
引用
收藏
页码:749 / 750
页数:2
相关论文
共 50 条
  • [21] ConHub: A Metadata Management System for Docker Containers
    Tian, Chris Xing
    Pan, Aditya
    Tay, Y. C.
    CIKM'16: PROCEEDINGS OF THE 2016 ACM CONFERENCE ON INFORMATION AND KNOWLEDGE MANAGEMENT, 2016, : 2453 - 2455
  • [22] Performance Analysis of Virtual Machines and Docker Containers
    Kavitha, Babu
    Varalakshmi, Perumal
    DATA SCIENCE ANALYTICS AND APPLICATIONS, DASAA 2017, 2018, 804 : 99 - 113
  • [23] Autonomic Vertical Elasticity of Docker Containers with ELASTICDOCKER
    Al-Dhuraibi, Yahya
    Paraiso, Fawaz
    Djarallah, Nabil
    Merle, Philippe
    2017 IEEE 10TH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING (CLOUD), 2017, : 472 - 479
  • [24] Model-Driven Management of Docker Containers
    Paraiso, Fawaz
    Challita, Stephanie
    Al-Dhuraibi, Yahya
    Merle, Philippe
    PROCEEDINGS OF 2016 IEEE 9TH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING (CLOUD), 2016, : 718 - 725
  • [25] Security Analysis of Docker Containers for ARM Architecture
    Haq, Md Sadun
    Tosun, Ali Saman
    Korkmaz, Turgay
    2022 IEEE/ACM 7TH SYMPOSIUM ON EDGE COMPUTING (SEC 2022), 2022, : 264 - 276
  • [26] Value-Based Allocation of Docker Containers
    Dziurzanski, Piotr
    Indrusiak, Leandro Soares
    2018 26TH EUROMICRO INTERNATIONAL CONFERENCE ON PARALLEL, DISTRIBUTED, AND NETWORK-BASED PROCESSING (PDP 2018), 2018, : 358 - 362
  • [27] A Holistic Evaluation of Docker Containers for Interfering Microservices
    Jha, Devki Nandan
    Garg, Saurabh
    Jayaraman, Prem Prakash
    Buyya, Rajkumar
    Li, Zheng
    Ranjan, Rajiv
    2018 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING (IEEE SCC 2018), 2018, : 33 - 40
  • [28] Research on Docker Role Access Control Mechanism Based on DRBAC
    Lang, Dapeng
    Jiang, Haochen
    Ding, Wei
    Bai, Yu
    2018 INTERNATIONAL CONFERENCE ON COMPUTER INFORMATION SCIENCE AND APPLICATION TECHNOLOGY, 2019, 1168
  • [29] Improving Mandatory Access Control for HPC clusters
    Blanc, M.
    Lalande, J. -F.
    FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE, 2013, 29 (03): : 876 - 885
  • [30] A Mandatory Access Control Model with Enhanced Flexibility
    Fan, Yanfang
    Han, Zhen
    Liu, Jiqiang
    Zhao, Yong
    MINES 2009: FIRST INTERNATIONAL CONFERENCE ON MULTIMEDIA INFORMATION NETWORKING AND SECURITY, VOL 1, PROCEEDINGS, 2009, : 120 - +
12345