Abstract
A container platform allows various applications to be deployed or run after installation. A user can download or execute a container image with the required application. To apply the configuration management system, a container image uses a union filesystem composed of multiple layers. To provide stability, important application files must be protected from unauthorized access. However, the container image used for distributing an application does not have its own protection function, and it is not protected by the container platform. The access control function provided by the operating system cannot protect the applications because the container environment is not considered. In this study, a container image access control architecture is proposed that can ensure a safe application operating environment by denying unauthorized direct access to container images. The proposed architecture enforces the access control function after the container image is downloaded, denying unauthorized access to the container image layer directory. Because the access control function is provided at the kernel level, there is a security advantage that users cannot bypass. To verify this approach, the functions and performance were determined empirically according to the proposed architecture. Functional verification confirmed that the proposed architecture denies unauthorized access to the container base image and allows access only to authorized users. It was also confirmed that the proposed architecture ensures the performance of the container platform in the same way as before, and that the proposed container image access control architecture is sufficiently effective.
Highlights
A container platform provides various functions necessary for information service building and operation, and its usage rate is increasing because it can reduce system costs
Improving the container platform according to the container image access control architecture proposed in this study provides the following benefits: 1) While maintaining the functionality of the container platform, direct access by unauthorized persons to the source directory of the container image can be denied
FUNCTION TEST 1) FUNCTION TEST SCENARIO The access control function proposed in this study only provides an access container using a container platform interface, with the default access denial policy applied to the container image layer directory
Summary
A container platform provides various functions necessary for information service building and operation, and its usage rate is increasing because it can reduce system costs. To overcome this security limitation, in this study, a container image access control architecture is proposed that can deny unauthorized access from the time the container image is downloaded. In this environment, unauthorized users can directly access the container image layer to change files or leak important information.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
