Abstract
Container platforms provide many functions for diverse applications and are used to build and operate various information services. They have been extended not only to Linux and Unix-based servers but also to Windows and macOS-based desktops and laptops. Many systems use anti-virus software to minimize damage caused by malware. Most anti-virus software provide real-time malware detection functions and block the execution of malware by enforcing access denial functions for malware that cannot be deleted or for original files that cannot be restored. However, current anti-virus technologies are not designed for container platforms. Therefore, they cannot detect malware in containers in real time; nor can they block malware execution or user access to malware owing to the isolation feature provided by container platforms. To resolve these issues, we propose a functionally-isolated anti-virus architecture for container platforms. The proposed anti-virus architecture separates the functions of a legacy anti-virus engine to ensure compatibility with the isolation features of a container platform. By implementation, it was confirmed that the proposed anti-virus architecture can detect in real-time the entry of malware in a container platform and block the execution of, and user access to unrecoverable malware-infected files. The performance of the proposed functionally-isolated anti-virus architecture is similar to that of legacy anti-virus technology and was verified to be sufficiently effective.
Highlights
ANTI-VIRUS ARCHITECTURE FOR CONTAINER PLATFORM In this study, we propose an anti-virus architecture for a container platform environment consisting of five components, as shown in Fig. 3, which can overcome the limitations of the current anti-virus technologies in a container environment
This study identified the problems of using legacy anti-virus technology on container platforms and proposed an anti-virus architecture that can overcome these issues
The proposed architecture was implemented on a Docker container platform in a Windows environment in which regression tests and performance measurements were conducted to verify both efficiency and effectiveness
Summary
Linux container (LXC) is an operating system design concept that combines paravirtualization with a Linux environment [1]. Is executed, none of the important files in the container can be used [3] To solve this problem, the present study proposes a functionally-isolated anti-virus architecture for container platforms that provide real-time malware analysis and deny user access to malware-infected files. B. SEQUENCE OF SECURITY FUNCTIONS Fig. 4 shows the sequence of providing real-time malware analysis function in the proposed anti-virus architecture for container platforms and the application of the access denial policy for malware. If user I/O occurs for this file, the corresponding IRP is deleted to deny access
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.