Abstract
Containers and microservices have become the most popular method for hosting IoT applications in cloud servers. However, one major security issue of this method is that if a container image contains software with security vulnerabilities, the associated microservices also become vulnerable at run-time. Existing works attempted to reduce this risk with vulnerability-scanning tools. They, however, demand an up-to-date database and may not work with unpublished vulnerabilities. In this paper, we propose a novel system to strengthen container security from unknown attack using the mimic defense framework. Specifically, we constructed a resource pool with variant images and observe the inconsistency in execution results, from which we can identify potential vulnerabilities. To avoid continuous attack, we created a graph-based scheduling strategy to maximize the randomness and heterogeneity of the images used to replace the current images. We implemented a prototype using Kubernetes. Experimental results show that our framework makes hackers have to send more random requests to complete the attack and increases the defence success rate by around over the baseline framework to avoid the continuous unknown attacks.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
