DMSCTS: Dynamic measurement scheme for the containers-hybrid-deployment based on trusted subsystem

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2024-10-16 DOI:10.1016/j.cose.2024.104158

Yufei Han , Chao Li , Jianbiao Zhang , Yifan Wang , Lehao Yu , Yihao Cao , Hong Shen , Weixing Hou , Hailin Luo

{"title":"DMSCTS: Dynamic measurement scheme for the containers-hybrid-deployment based on trusted subsystem","authors":"Yufei Han , Chao Li , Jianbiao Zhang , Yifan Wang , Lehao Yu , Yihao Cao , Hong Shen , Weixing Hou , Hailin Luo","doi":"10.1016/j.cose.2024.104158","DOIUrl":null,"url":null,"abstract":"<div><div>Hybrid deployment of containers with different kernel types offers a novel solution for cloud service providers. While extensive research has been conducted on shared kernel containers, the security risks associated with diverse kernel types in hybrid deployment scenarios present more complex challenges. Establishing trusted relationships from hardware to containers for hybrid deployment has become a primary concern. Additional challenges include the lack of measurement and communication methods for independent kernel containers and insufficient dynamic measurement capabilities for containers. To address these issues, we propose a novel approach of achieving secure hybrid deployment of containers through the provision of trusted assurance in three layers: container infrastructure, container application environment, and container runtime. We propose the corresponding measurement schemes for each trust layer. Through functional verification and performance evaluation, we demonstrate that our architecture exhibits improved feasibility and effectiveness.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824004632","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Hybrid deployment of containers with different kernel types offers a novel solution for cloud service providers. While extensive research has been conducted on shared kernel containers, the security risks associated with diverse kernel types in hybrid deployment scenarios present more complex challenges. Establishing trusted relationships from hardware to containers for hybrid deployment has become a primary concern. Additional challenges include the lack of measurement and communication methods for independent kernel containers and insufficient dynamic measurement capabilities for containers. To address these issues, we propose a novel approach of achieving secure hybrid deployment of containers through the provision of trusted assurance in three layers: container infrastructure, container application environment, and container runtime. We propose the corresponding measurement schemes for each trust layer. Through functional verification and performance evaluation, we demonstrate that our architecture exhibits improved feasibility and effectiveness.

查看原文本刊更多论文

DMSCTS：基于可信子系统的集装箱混合部署动态测量方案

不同内核类型容器的混合部署为云服务提供商提供了一种新颖的解决方案。虽然对共享内核容器进行了广泛的研究，但混合部署场景中与不同内核类型相关的安全风险带来了更复杂的挑战。为混合部署建立从硬件到容器的可信关系已成为首要问题。其他挑战还包括缺乏针对独立内核容器的测量和通信方法，以及容器的动态测量能力不足。为了解决这些问题，我们提出了一种新方法，通过在容器基础架构、容器应用环境和容器运行时这三层提供可信保证来实现容器的安全混合部署。我们为每个信任层提出了相应的测量方案。通过功能验证和性能评估，我们证明了我们的架构具有更高的可行性和有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.