自我补丁:容器化应用程序的补丁星期二之后

2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS) Pub Date : 2020-08-01 DOI:10.1109/ACSOS49614.2020.00022

Olufogorehan Tunde-Onadele, Yuhang Lin, Jingzhu He, Xiaohui Gu

{"title":"自我补丁:容器化应用程序的补丁星期二之后","authors":"Olufogorehan Tunde-Onadele, Yuhang Lin, Jingzhu He, Xiaohui Gu","doi":"10.1109/ACSOS49614.2020.00022","DOIUrl":null,"url":null,"abstract":"Containers have become increasingly popular in distributed computing environments. However, recent studies have shown that containerized applications are susceptible to various security attacks. Traditional periodically scheduled software update approaches not only become ineffective under dynamic container environments but also impose high overhead to containers. In this paper, we present Self-Patch, a new self-triggering patching framework for applications running inside containers. Self-Patch combines light-weight runtime attack detection and dynamic targeted patching to achieve more efficient and effective security protection for containerized applications. We evaluated our schemes over 31 real world vulnerability attacks in 23 commonly used server applications. Results show that Self-Patch can accurately detect and classify 81% of attacks and reduce patching overhead by up to 84%.","PeriodicalId":310362,"journal":{"name":"2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Self-Patch: Beyond Patch Tuesday for Containerized Applications\",\"authors\":\"Olufogorehan Tunde-Onadele, Yuhang Lin, Jingzhu He, Xiaohui Gu\",\"doi\":\"10.1109/ACSOS49614.2020.00022\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Containers have become increasingly popular in distributed computing environments. However, recent studies have shown that containerized applications are susceptible to various security attacks. Traditional periodically scheduled software update approaches not only become ineffective under dynamic container environments but also impose high overhead to containers. In this paper, we present Self-Patch, a new self-triggering patching framework for applications running inside containers. Self-Patch combines light-weight runtime attack detection and dynamic targeted patching to achieve more efficient and effective security protection for containerized applications. We evaluated our schemes over 31 real world vulnerability attacks in 23 commonly used server applications. Results show that Self-Patch can accurately detect and classify 81% of attacks and reduce patching overhead by up to 84%.\",\"PeriodicalId\":310362,\"journal\":{\"name\":\"2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS)\",\"volume\":\"33 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ACSOS49614.2020.00022\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ACSOS49614.2020.00022","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

摘要

容器在分布式计算环境中变得越来越流行。然而，最近的研究表明，容器化的应用程序容易受到各种安全攻击。传统的定期计划的软件更新方法不仅在动态容器环境下变得无效，而且给容器带来了很高的开销。在本文中，我们提出了Self-Patch，一个新的自触发补丁框架，用于运行在容器内的应用程序。Self-Patch将轻量级运行时攻击检测和动态目标补丁相结合，为容器化应用程序提供更高效、更有效的安全保护。我们对23个常用服务器应用程序中的31个真实世界漏洞攻击进行了评估。结果表明，Self-Patch可以准确地检测和分类81%的攻击，并减少高达84%的补丁开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Self-Patch: Beyond Patch Tuesday for Containerized Applications

Containers have become increasingly popular in distributed computing environments. However, recent studies have shown that containerized applications are susceptible to various security attacks. Traditional periodically scheduled software update approaches not only become ineffective under dynamic container environments but also impose high overhead to containers. In this paper, we present Self-Patch, a new self-triggering patching framework for applications running inside containers. Self-Patch combines light-weight runtime attack detection and dynamic targeted patching to achieve more efficient and effective security protection for containerized applications. We evaluated our schemes over 31 real world vulnerability attacks in 23 commonly used server applications. Results show that Self-Patch can accurately detect and classify 81% of attacks and reduce patching overhead by up to 84%.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS)

自引率

0.00%

发文量