集装箱的安全名称速度内核审核
尽管基于容器的云计算的广泛应用,但用于安全分析的容器审计主要依赖于内置主机审核系统,而内置主机审核系统往往缺乏捕获高保真容器日志的能力。最先进的参考监测审计技术大大提高了审计日志的质量,但其全系统架构成本太高,无法适应单个容器。此外,这些技术通常需要广泛的内核修改,因此很难在实际设置中部署。 在本文中,我们介绍了 SABPF(安全审计 BPF),这是 eBPF 框架的延伸,能够在容器粒度上部署安全系统级审计机制。我们通过设计审计框架、入侵检测系统和轻量级访问控制机制,展示了 saBPF 在库伯内特斯的实用性。我们评估 SABPF,并表明它在性能和安全保证方面与直接在核心中实施的文献审计系统具有可比性。
原文题目:Secure Namespaced Kernel Audit for Containers
原文:Despite the wide usage of container-based cloud computing, container auditing for security analysis relies mostly on built-in host audit systems, which often lack the ability to capture high-fidelity container logs. State-of-the-art reference-monitor-based audit techniques greatly improve the quality of audit logs, but their system-wide architecture is too costly to be adapted for individual containers. Moreover, these techniques typically require extensive kernel modifications, making them difficult to deploy in practical settings. In this paper, we present saBPF (secure audit BPF), an extension of the eBPF framework capable of deploying secure system-level audit mechanisms at the container granularity. We demonstrate the practicality of saBPF in Kubernetes by designing an audit framework, an intrusion detection system, and a lightweight access control mechanism. We evaluate saBPF and show that it is comparable in performance and security guarantees to audit systems from the literature that are implemented directly in the kernel.
相关文章
- 语音陪玩源码如何做到不卡顿?
- ESP8266实现智能家居
- 阿里云服务器贵吗
- SAP QM 没录入检验结果就直接做UD,SAP系统是否会阻止?
- 买了阿里云服务器之后怎么用
- 阿里云服务器多少钱一台
- 如何进行供应链管理体系变革?SCM供应链管理系统助力企业采购流程高效运行,降低供应链风险
- 体验ecs服务器
- 微擎后台用户密码找回
- Sublime Text 3 使用过程中遇到的问题总结
- 哪个网站的域名便宜
- PHP,JavaScript 获取当前域名、判断网址协议是否为 HTTPS
- 买域名哪里最便宜
- 购买域名哪里便宜
- 顶级域名注册哪里便宜
- 微擎后台登陆:输入密码错误次数超过5次,请在1小时后再登录
- PHP 实现回退页面并刷新
- Flutter 图片库高燃新登场
- Linux 串口的基本用法
- 域名注册哪个便宜