BASTION: A Security Enforcement Network Stack for Container Networks.
作者: Vinod Yegneswaran , Seungsoo Lee , Seungwon Shin , Jaehyun Nam , Hyunmin Seo
DOI:
关键词: Protocol stack 、 Enforcement 、 Computer security 、 Computer science 、 Container (abstract data type)
摘要: … each container is implemented using eBPF [22] and XDP [19… the xdp_md structure provided by XDP. During the inspection, … Then, they use three types of XDP actions: ‘XDP_TX’ sends a …
参考文章(9)
Enrico Bacis, Simone Mutti, Steven Capelli, Stefano Paraboschi, DockerPolicyModules: Mandatory Access Control for Docker containers communications and networking symposium. pp. 749- 750 ,(2015) , 10.1109/CNS.2015.7346917
Wei Zhang, Guyue Liu, Wenhui Zhang, Neel Shah, Phillip Lopreiato, Gregoire Todeschi, K.K. Ramakrishnan, Timothy Wood, OpenNetVM: A Platform for High Performance Network Service Chains workshop on hot topics in middleboxes and network function virtualization. pp. 26- 31 ,(2016) , 10.1145/2940147.2940155
Theo Combe, Antony Martin, Roberto Di Pietro, To Docker or Not to Docker: A Security Perspective IEEE Cloud Computing. ,vol. 3, pp. 54- 62 ,(2016) , 10.1109/MCC.2016.100
Rui Shu, Xiaohui Gu, William Enck, A Study of Security Vulnerabilities on Docker Hub conference on data and application security and privacy. pp. 269- 280 ,(2017) , 10.1145/3029806.3029832
Zhiqiang Jian, Long Chen, A Defense Method against Docker Escape Attack international conference cryptography security and privacy. pp. 142- 146 ,(2017) , 10.1145/3058060.3058085
Dimitrios Pendarakis, Mimi Zohar, Yuqiong Sun, Trent Jaeger, David Safford, Zhongshu Gu, Security namespace: making Linux security frameworks available to containers usenix security symposium. pp. 1423- 1439 ,(2018)
Zhiming Shen, Zhen Sun, Gur-Eyal Sela, Eugene Bagdasaryan, Christina Delimitrou, Robbert Van Renesse, Hakim Weatherspoon, X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native Containers architectural support for programming languages and operating systems. pp. 121- 135 ,(2019) , 10.1145/3297858.3304016
Toke Høiland-Jørgensen, Jesper Dangaard Brouer, Daniel Borkmann, John Fastabend, Tom Herbert, David Ahern, David Miller, The eXpress data path: fast programmable packet processing in the operating system kernel conference on emerging network experiment and technology. pp. 54- 66 ,(2018) , 10.1145/3281411.3281443
Arvind Krishnamurthy, Thomas E. Anderson, Yibo Zhu, Hongqiang Harry Liu, Danyang Zhuo, Kaiyuan Zhang, Matthew Rockett, Slim: {OS} Kernel Support for a Low-Overhead Container Overlay Network networked systems design and implementation. pp. 331- 344 ,(2019)