• Title/Summary/Keyword: Container Security

Search Result 118, Processing Time 0.019 seconds

Security Assessment Technique of a Container Runtime Using System Call Weights

  • Yang, Jihyeok;Tak, Byungchul
    • Journal of the Korea Society of Computer and Information
    • /
    • v.25 no.9
    • /
    • pp.21-29
    • /
    • 2020
  • In this paper, we propose quantitative evaluation method that enable security comparison between Security Container Runtimes. security container runtime technologies have been developed to address security issues such as Container escape caused by containers sharing the host kernel. However, most literature provides only a analysis of the security of container technologies using rough metrics such as the number of available system calls, making it difficult to compare the secureness of container runtimes quantitatively. While the proposed model uses a new method of combining the degree of exposure of host system calls with various external vulnerability metrics. With the proposed technique, we measure and compare the security of runC (Docker default Runtime) and two representative Security Container Runtimes, gVisor, and Kata container.

Efficient container door Open/Closed detection mechanism for Container Security Device(ConTracer) (컨테이너 보안장치(ConTracer)를 위한 효율적인 컨테이너 도어 개폐감지 메커니즘)

  • Moon, Young-Sik;Lee, Eun-Kyu;Shin, Joong-Jo;Shon, Jung-Rock;Choi, Sung-Pill;Kim, Jae-Joong;Choi, Hyung-Rim
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2011.05a
    • /
    • pp.831-834
    • /
    • 2011
  • This paper is intended as performance verification of efficient container door Open/Closed detection mechanism for Container Security Device(ConTracer) to container cargo transportation. Container door Open/Closed detection mechanism using Reed sensor is important to satisfies the US Department of homeland security customs and border protections requirements to many types of container door. Also, Verify that the container door is configured correctly and that you can check the illegal opening. In this article, Performance valuation of this Contacer on reed sensor has been verified through field test for each other 30 containers. Once the improvement has been made, we are suggest that propose skills will meet the highest standards for container security safety.

  • PDF

A study on the trend of container security and its Countermeasures (컨테이너 보안동향과 대응방안에 관한 연구)

  • Kim, Tae-Woo
    • Journal of the Korea Safety Management & Science
    • /
    • v.11 no.2
    • /
    • pp.235-240
    • /
    • 2009
  • Approximately 95% of the world's trade moves by containers, primarily on large ships, but also on trains, trucks, and barges. The system is efficient and economical, but vulnerable. However, the rise of terrorism and the possibility that a container could be used to transport or actually be the delivery vehicle for weapons of mass destruction or high explosives have made it imperative that the security of shipping container system be greatly improved. This study proposed a trend of container security and its Countermeasures.

A Study on Security Container to Prevent Data Leaks (정보 유출 방지를 위한 보안 컨테이너의 효과성 연구)

  • Lee, Jong-Shik;Lee, Kyeong-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.6
    • /
    • pp.1225-1241
    • /
    • 2014
  • Recently, Financial companies implement DLP(Data Leaks Prevention) security products and enforce internal controls to prevent customer information leaks. Accidental data leaks in financial business increase more and more because internal controls are insufficient. Security officials and IT operation staffs struggle to plan countermeasures to respond to all kinds of accidental data leaks. It is difficult to prevent data leaks and to control information flow in business without research applications that handle business and privacy information. Therefore this paper describes business and privacy information flow on applications and how to plan and deploy security container based OS-level and Hypervisor virtualization technology to enforce internal controls for applications. After building security container, it was verified to implement internal controls and to prevent customer information leaks. With security policies additional security functions was implemented in security container and With recycling security container costs and time of response to security vulnerabilities was reduced.

A Study on the Evaluation of the Information Security Level in Major Container Terminals (주요 컨테이너 터미널의 정보보호 수준 평가에 관한 연구)

  • Lee, Hong-Girl
    • Journal of Navigation and Port Research
    • /
    • v.33 no.10
    • /
    • pp.735-742
    • /
    • 2009
  • Information security is an essential factor that enables terminal to be operated. However, despite of this importance of information security, there has hardly been any research related to this topic. And moreover, current level of information security performance in container terminals has not been analyzed so far. The objective of this study is to evaluate current level of information security in container terminals. Through survey from the four leading container terminal operators in Korea, The results firstly showed that average of information security level of major container terminals was 71.7%. And from the results of data analysis, it revealed that the weak point of information security in Korean container terminals was security management, and in detail, lack of expertise of support group.

Pilot Case for Container Security Device (CSD) Based on Active RFID

  • Lee, Eun-Kyu;Moon, Young-Sik;Shin, Joong-Jo;Shon, Jung-Rock;Choi, Sung-Pill;Kim, Chae-Soo;Kim, Jae-Joong;Choi, Hyung-Rim
    • Journal of information and communication convergence engineering
    • /
    • v.8 no.2
    • /
    • pp.238-243
    • /
    • 2010
  • CSD is Active RFID based Container Security Device which is proposed by the U.S Department of Home Security. It is mounted inside the container to sense opening of the container door. ConTracer is the CSD which is developed in this research whose major features are sensing door opening status as well as history inquiring on internal environment and shock to the container by mounting the temperature/ humidity/ shock sensors. Moreover, its RFID frequency bandwidth uses 433MHz and 2.4GHz to correspond actively to the frequency used by different countries. This paper introduces the development trend of CSD, compares the ConTracer which is developed thru this research and other company's CSD, and introduces CSD System which is designed and established using ConTracer. Finally, the implemented CSD System is verified by applying the demonstration service to container distribution between Korea and China.

Performance Evaluation of Advanced Container Security Device(ACSD) system based on IoT(Internet of Things) (IoT 기반 컨테이너 보안 장치 및 시스템 성능 평가)

  • Moon, Young-Sik;Choi, Sung-Pill;Lee, Eun-Kyu;Kim, Jae-Joong;Choi, Hyung-Rim
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.17 no.9
    • /
    • pp.2183-2190
    • /
    • 2013
  • Container Security Device (ConTracer) which is suggested in this study is to monitor temperature, humidity, and impact inside of the container while the container is transported. ConTracer could also give information to users when a door of the container is opened over 2 inch within 1 second. Additionally, GPS/GLONASS based global position and status information about container are transmitted to a remote server using IoT (Internet of Things) based communication. In this research, we are looking into the development trend of global container security devices; and applying ConTracer to real freight transport from domestic to overseas using Global Roaming Service which is offered for domestic Mobile Communication Companies as well. As a result, we estimate the performance of ConTracer and verify it.

Implementation of Opensource-Based Automatic Monitoring Service Deployment and Image Integrity Checkers for Cloud-Native Environment (클라우드 네이티브 환경을 위한 오픈소스 기반 모니터링 서비스 간편 배포 및 이미지 서명 검사기 구현)

  • Gwak, Songi;Nguyen-Vu, Long;Jung, Souhwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.4
    • /
    • pp.637-645
    • /
    • 2022
  • Cloud computing has been gaining popularity over decades, and container, a technology that is primarily used in cloud native applications, is also drawing attention. Although container technologies are lighter and more capable than conventional VMs, there are several security threats, such as sharing kernels with host systems or uploading/downloading images from the image registry. one of which can refer to the integrity of container images. In addition, runtime security while the container application is running is very important, and monitoring the behavior of the container application at runtime can help detect abnormal behavior occurring in the container. Therefore, in this paper, first, we implement a signing checker that automatically checks the signature of an image based on the existing Docker Content Trust (DCT) technology to ensure the integrity of the container image. Next, based on falco, an open source project of Cloud Native Computing Foundation(CNCF), we introduce newly created image for the convenience of existing falco image, and propose implementation of docker-compose and package configuration that easily builds a monitoring system.

Analysis of Network Security Policy Enforcement in Container Environments (컨테이너 환경에서의 네트워크 보안 정책 집행 분석)

  • Bom Kim;Seungsoo Lee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.6
    • /
    • pp.961-973
    • /
    • 2023
  • With the changes in the modern computing landscape, securing containerized workloads and addressing the complexities of container networking have become critical issues. In particular, the complexity of network policy settings and the lack of cloud security architecture cause various security issues. This paper focuses on the importance of network security and efficiency in containerized environments, and analyzes the security features and performance of various container network interface plugins. In particular, the features and functions of Cilium, Calico, Weave Net, and Kube-router were compared and evaluated, and the Layer 3/4 and Layer 7 network policies and performance features provided by each plugin were analyzed. We found that Cilium and Calico provide a wide range of security features, including Layer 7 protocols, while Weave Net and Kube-router focus on Layer 3/4. We also found a decrease in throughput when applying Layer 3/4 policies and an increase in latency due to complex processing when applying Layer 7 policies. Through this analysis, we expect to improve our understanding of network policy and security configuration and contribute to building a safer and more efficient container networking environment in the future.

Design and Implementation of Container Security Device(CSD) based on IEEE standards 802.15.4b (IEEE 표준 802.15.4b 기반컨테이너 보안장치(CSD) 시스템 구현 및 검증)

  • Lee, Eun-Kyu;Shon, Jung-Rock;Choi, Sung-Pill;Moon, Young-Sik;Kim, Jae-Joong;Choi, Hyung-Rim
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.15 no.7
    • /
    • pp.1613-1620
    • /
    • 2011
  • CSD is IEEE Stan없rd 802.15.4b based Container Security Device which is proposed by the U.S Department of Home Security. It is mounted inside the container to sense opening of the container door. ConTracer is the CSD which is developed in this research whose major features are sensing door opening status as well as history inquiring on internal environment and shock to the container by mounting the temperature/humidity/shock sensors. Moreover, its RFID frequency bandwidth uses 2.4GHz 10 correspond actively to the radio regulations used by different countries. This. paper introduces the development trend of CSD, compares the ConTracer which is developed thru this research and other company's CSD, and introduces CSD System which is designed and established using ConTracer. Finally, the implemented CSD System is verified by applying the demonstration service to container distribution between Korea and Japan.