DockerPolicyModules: Mandatory Access Control for Docker Containers

被引:0
|
作者
Bacis, Enrico [1 ]
Mutti, Simone [1 ]
Capelli, Steven [1 ]
Paraboschi, Stefano [1 ]
机构
[1] Univ Bergamo, DIGIP, Bergamo, Italy
来源
2015 IEEE CONFERENCE ON COMMUNICATIONS AND NETWORK SECURITY (CNS) | 2015年
关键词
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The wide adoption of Docker and the ability to retrieve images from different sources impose strict security constraints. Docker leverages Linux kernel security facilities, such as namespaces, cgroups and Mandatory Access Control, to guarantee an effective isolation of containers. In order to increase Docker security and flexibility, we propose an extension to the Dockerfile format to let image maintainers ship a specific SELinux policy for the processes that run in a Docker image, enhancing the security of containers.
引用
收藏
页码:749 / 750
页数:2
相关论文
共 50 条
  • [41] Collaboration supported mandatory access control model
    Fan, Yanfang
    Cai, Ying
    Jisuanji Yanjiu yu Fazhan/Computer Research and Development, 2015, 52 (10): : 2411 - 2421
  • [42] Information Leakages of Docker Containers: Characterization and Mitigation Strategies
    Zuppelli, Marco
    Repetto, Matteo
    Caviglione, Luca
    Cambiaso, Enrico
    2023 IEEE 9TH INTERNATIONAL CONFERENCE ON NETWORK SOFTWARIZATION, NETSOFT, 2023, : 462 - 467
  • [43] Checkpoint and Restoration of Micro-service in Docker Containers
    Yang, Chen
    PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON MECHATRONICS AND INDUSTRIAL INFORMATICS, 2015, 31 : 915 - 918
  • [44] Sarus: Highly Scalable Docker Containers for HPC Systems
    Benedicic, Lucas
    Cruz, Felipe A.
    Madonna, Alberto
    Mariotti, Kean
    HIGH PERFORMANCE COMPUTING: ISC HIGH PERFORMANCE 2019 INTERNATIONAL WORKSHOPS, 2020, 11887 : 46 - 60
  • [45] Emergency communication system with Docker Containers, OSM and Rsync
    Pentyala, Shiva Kumar
    PROCEEDINGS OF THE 2017 INTERNATIONAL CONFERENCE ON SMART TECHNOLOGIES FOR SMART NATION (SMARTTECHCON), 2017, : 1064 - 1069
  • [46] Building a Threshold Cryptographic Distributed HSM with Docker Containers
    Munoz, Caterina
    Montoto, Francisco
    Cifuentes, Francisco
    Bustos-Jimenez, Javier
    PROCEEDINGS OF THE 2018 APPLIED NETWORKING RESEARCH WORKSHOP (ANRW '18), 2018, : 66 - 66
  • [47] Koordinator: A Service Approach for Replicating Docker Containers in Kubernetes
    Netto, Hylson Vescovi
    Luiz, Aldelir Fernando
    Correiat, Miguel
    Recht, Luciana de Oliveira
    Oliveirat, Caio Pereira
    2018 IEEE SYMPOSIUM ON COMPUTERS AND COMMUNICATIONS (ISCC), 2018, : 58 - 63
  • [48] Docker Swarm and Kubernetes Containers for Smart Home Gateway
    Kang, Byungseok
    Jeong, Jaeyeop
    Choo, Hyunseung
    IT PROFESSIONAL, 2021, 23 (04) : 75 - 80
  • [49] Integrity verification of Docker containers for a lightweight cloud environment
    De Benedictis, Marco
    Lioy, Antonio
    FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE, 2019, 97 : 236 - 246
  • [50] Sledge : Towards Efficient Live Migration of Docker Containers
    Xu, Bo
    Wu, Song
    Xiao, Jiang
    Jin, Hai
    Zhang, Yingxi
    Shi, Guoqiang
    Lin, Tingyu
    Rao, Jia
    Yi, Li
    Jiang, Jizhong
    2020 IEEE 13TH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING (CLOUD 2020), 2020, : 321 - 328
12345