Smart Isolation in Large-Scale Production Computing Infrastructures - April 2017

Submitted by drwright on Mon, 03/20/2017 - 8:17pm

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s): Xiaohui (Helen) Gu, William Enck
Researchers: Rui Shu, Adwait Nadkarni

HARD PROBLEM(S) ADDRESSED

Resilient Architectures - Our current focus is the creation and validation of a classification system of existing security isolation techniques, through which we will identify underlying design principles and tradeoffs that will lead to the design of next generation smart isolation techniques to support resilient architectures.

PUBLICATIONS

Rui Shu, Xiaohui Gu, William Enck. 2017. A Study of Security Vulnerabilities on Docker Hub. Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY). doi: 10.1145/3029806.3029832
URL: http://dl.acm.org/citation.cfm?id=3029832

ACCOMPLISHMENT HIGHLIGHTS

Our stream-based docker image scanner reveals the widespread security vulnerabilities on the popular container image repository Docker Hub. We aim to develop runtime vulnerability detection techniques that can intelligently trigger strong isolations in a just-in-time manner. Particularly, we seek to prevent jailbreak exploits that can potentially compromise the host kernel from a compromised container.

Groups:

NCSU Science of Security Lablet Research Initiative