• Title/Summary/Keyword: Container Security

Search Result 118, Processing Time 0.031 seconds

Container Vulnerability Intruder Detection Framework based on Memory Trap Technique (메모리 트랩기법을 활용한 컨테이너 취약점 침입 탐지 프레임워크)

  • Choi, Sang-Hoon;Jeon, Woo-Jin;Park, Ki-Woong
    • The Journal of Korean Institute of Next Generation Computing
    • /
    • v.13 no.3
    • /
    • pp.26-33
    • /
    • 2017
  • Recently container technologies have been receiving attention for efficient use of the cloud platform. Container virtualization technology has the advantage of a highly portable, high density when compared with the existing hypervisor. Container virtualization technology, however, uses a virtualization technology at the operating system level, which is shared by a single kernel to run multiple instances. For this reason, the feature of container is that the attacker can obtain the root privilege of the host operating system internal the container. Due to the characteristics of the container, the attacker can attack the root privilege of the host operating system in the container utilizing the vulnerability of the kernel. In this paper, we propose a framework for efficiently detecting and responding to root privilege attacks of a host operating system in a container. This framework uses a memory trap technique to detect changes in a specific memory area of a container and to suspend the operation of the container when it is detected.

Impact Assessment of the Damage by a Pool Fire in Yard Storage Facilities of a Container Terminal (컨테이너 터미널 옥외저장소에서의 액면화재에 대한 피해영향 평가)

  • Hwang, Man Woong;Lee, Ik Mo;Hwang, Yong Woo;Chun, Young Woo
    • Journal of Korean Society of Disaster and Security
    • /
    • v.9 no.2
    • /
    • pp.33-42
    • /
    • 2016
  • Domestic harbor yard storage facilities are a place specifically located in a container terminal for import and export of packaged dangerous goods, and due to the recent relaxed criteria for the secured open area, concerns for the extended damage upon accidents are increasing. In this study, the impact of damages by radiant heat was analyzed through a simulation of a pool fire caused by the leakage of flammable liquids from a tank container. As a result, it was analyzed that the distance of radiant heat according to threshold damage levels was beyond the current criteria of the secured open area, and the structural damage of adjacent containers could happen within a very short time if they were exposed to the early pool fire continuously. It is considered that this study will be helpful in preparing the proper criteria for the secured open area between yard storage facilities in a container terminal.

A Study on Integrity Protection of Edge Computing Application Based on Container Technology (컨테이너 기술을 활용한 엣지 컴퓨팅 환경 어플리케이션 무결성 보호에 대한 연구)

  • Lee, Changhoon;Shin, Youngjoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.6
    • /
    • pp.1205-1214
    • /
    • 2021
  • Edge Computing is used as a solution to the cost problem and transmission delay problem caused by network bandwidth consumption that occurs when IoT/CPS devices are integrated into the cloud by performing artificial intelligence (AI) in an environment close to the data source. Since edge computing runs on devices that provide high-performance computation and network connectivity located in the real world, it is necessary to consider application integrity so that it is not exploited by cyber terrorism that can cause human and material damage. In this paper, we propose a technique to protect the integrity of edge computing applications implemented in a script language that is vulnerable to tampering, such as Python, which is used for implementing artificial intelligence, as container images and then digitally signed. The proposed method is based on the integrity protection technology (Docker Contents Trust) provided by the open source container technology. The Docker Client was modified and used to utilize the whitelist for container signature information so that only containers allowed on edge computing devices can be operated.

A Basic Study on Foldable Container - Based on Toy-Foldable Container Product

  • Lin, Zhang;Lee, Sung-Pil;Hyoung, Sung-Eun
    • Proceedings of the Korean Society for Emotion and Sensibility Conference
    • /
    • 2008.10a
    • /
    • pp.114-117
    • /
    • 2008
  • The purpose of this study was to quantify the emotional design and designs a kind of toy-foldable container to create new market and occupy it.Through analyizing the characteristics of activities and behavior about the target using-crowd, we get the direction for this design.And design a kind of new container for loading toys, with the mat's function and can be folded convenient too.This will meet demand of the customers, and the most important point is to create new market.

  • PDF

The Main Substance and Some Problems of 24 hours Advance Cargo Manifest Declaration Rule (선적 24시간전 적하목록전송규칙(24 Hours Rules)의 주요내용과 문제점)

  • Han, Sang-Hyun;Eom, Kwang-Yeol
    • The Journal of Information Technology
    • /
    • v.8 no.1
    • /
    • pp.95-112
    • /
    • 2005
  • This paper will look into the Main Substance and Some Problems of 24 hours Advance Cargo Manifest Declaration Rule, focuses on the Policy implication of Korea's and counter measures of our parties concerned about 24-hour advance vessel manifest rule. The 24-hour rule requires cargo owners to submit cargo manifest information to U.S. Customs 24 hours before vessel sailing from the final foreign port to a U.S. port. Cargo manifest information must be complete, accurate, and timely. As of February 2, 2003 manifest information can be submitted by paper or electronically. Cargo descriptions must be at a level of detail consistent with Harmonized Tariff Schedule (HTS) codes used by U.S. Customs. HTS codes are 10 digits. Electronic submissions are made via the Automated Manifest System (AMS) run by U.S. Customs.

  • PDF

A Study of security improvements to access in port (Focus on Container Terminal) (항만보안 출입통제에 관한 연구 및 개선점 고찰 (컨테이너 터미널 중심으로))

  • Kwak, Kyu-Seok;Nam, Ki-Chan;Jeong, Su-Cheon;Min, Se-Hong;Park, Seung-Jae
    • Proceedings of the Korean Institute of Navigation and Port Research Conference
    • /
    • 2014.06a
    • /
    • pp.205-206
    • /
    • 2014
  • 세계화의 진전 및 시장 개방의 가속화로 인해 국내외 항만물류산업의 중요성이 높아지고 있다. 우리나라는 항만의 경쟁에서 살아남기 위해 첨단기술을 적용한 무인 자동화 컨테이너 터미널의 구축 등을 통해 생산성, 경제성, 보안성 및 서비스 수준을 향상을 위해 연구 하고 있다. 하지만 컨테이너터미널 내부 효율 및 생산성을 향상시키는 연구가 대부분이며 보안업무 등을 처리하는 연구는 미흡한 실정이다. 컨테이너 터미널 보안의 중요성은 갈수록 중요 ${\cdot}{\cdot}$(중략)${\cdots}{\cdot}$.

  • PDF

A Study on Performance Improvement of ConTracer Using Taguchi Method (다구찌법을 이용한 컨테이너화물 안전수송장치 ConTracer의 성능향상에 관한 연구)

  • Choi, Hyung-Rim;Kim, Jae-Joong;Kang, Moo-Hong;Shon, Jung-Rock;Shin, Joong-Jo;Lee, Ho-In;Kim, Gwang-Pil;Kim, Chae-Soo
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.14 no.2
    • /
    • pp.23-31
    • /
    • 2009
  • Since 9.11 terrorist attacks against the USA, the new paradigm for "supply chain security" has been established. And at the same time a lot of researches are being made on supply chain security by many foreign companies or research institutes. However, domestically the terms "supply chain security" themselves are not yet familiar, and the paradigm of security are not being used in the logistics, while little researches are being made on them But recently along with development of "ConTracer," a supply chain security technology, which is to be used as the equipment for container cargo transportation safety based on RF1D technology, related researches have begun to be activated. The key issues for the development of equipment for container transportation safety are to obtain both a high recognition rate and enough recognition distance. To this end, this study has tested the ConTracer (433 MHz type and 2.4 GHz type) by using Taguchi Method. According to our test results, in the case of 433 MHz type, it is a little more effective that the reader faces to the front-right side, and in the case of 2.4 GHz, reader direction does not make difference in the view of sensitivity. The test also has proved that it is better that antenna location, as expected, is to be installed on the outside for both types alike.

Development of Digital Signal Processing Board for Detection Array Module Signal Processing System (Array 검출 Module 신호처리 System의 Digital Signal Processing Board 개발)

  • Park, Ge-O;Sung, So-Young;Kim, Young-kil
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2017.05a
    • /
    • pp.375-378
    • /
    • 2017
  • Shipping and logistics safety, security system is strengthening worldwide, the development of shipping and logistics safety security core technology for national security logistics system construction has been carried out. In addition, it is necessary to localize the Array Detection System, which is a core component of the container search machine, to cope with the 100% pre-inspection of the container scheduled for 2018 in the United States. In this paper, we propose a study on a self-developed Digital Signal Processing Board among the array detection systems that replace foreign products.

  • PDF

Development of Test Software Program for Detection Array Module Signal Processing System (Array 검출모듈 신호처리 System의 Test Software Program 개발)

  • Park, Ge-O;Sung, So-Young;Kim, Young-kil
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2017.05a
    • /
    • pp.379-382
    • /
    • 2017
  • Shipping and logistics safety, security system is strengthening worldwide, the development of shipping and logistics safety security core technology for national security logistics system construction has been carried out. In addition, it is necessary to localize the Array Detection System, which is a core component of the container search machine, to cope with the 100% pre-inspection of the container scheduled for 2018 in the United States. In this paper, we propose a test software program developed by using TI-RTOS (Texas Instruments - Real Time Operating System) with a test digital signal processing board which is developed self development.

  • PDF

Reinforcement Learning-Based Resource exhaustion attack detection and response in Kubernetes (쿠버네티스 환경에서의 강화학습 기반 자원 고갈 탐지 및 대응 기술에 관한 연구)

  • Ri-Yeong Kim;Seongmin Kim
    • Convergence Security Journal
    • /
    • v.23 no.5
    • /
    • pp.81-89
    • /
    • 2023
  • Kubernetes is a representative open-source software for container orchestration, playing a crucial role in monitoring and managing resources allocated to containers. As container environments become prevalent, security threats targeting containers continue to rise, with resource exhaustion attacks being a prominent example. These attacks involve distributing malicious crypto-mining software in containerized form to hijack computing resources, thereby affecting the operation of the host and other containers that share resources. Previous research has focused on detecting resource depletion attacks, so technology to respond when attacks occur is lacking. This paper proposes a reinforcement learning-based dynamic resource management framework for detecting and responding to resource exhaustion attacks and malicious containers running in Kubernetes environments. To achieve this, we define the environment's state, actions, and rewards from the perspective of responding to resource exhaustion attacks using reinforcement learning. It is expected that the proposed methodology will contribute to establishing a robust defense against resource exhaustion attacks in container environments