Name
Abstract | ||
|---|---|---|
Container technology is an emerging virtualization technology that is more efficient and lightweight than virtual machines. This technology is becoming increasingly popular. However, containers are vulnerable to attackers due to various security issues. It is necessary to build trust between users and their containers, as well as between a remote party and the container in the untrusted container environment. The existing trusted computing technologies build a trust chain from hardware to the running operating system. In this paper, we extend the trust chain to containers and build trust in the container environment. We first boot the computer to a trusted operating system. The trusted OS then verifies programs running on the OS to improve security. We design the well-formed signature list to help users to authorize container executables and modify the Linux kernel to verify executables running in containers. Therefore, the user is able to control what programs can run in his containers and trust the containers. Our approach generates a measurement list and creates a vTPM for each container. A remote party can request the measurement list based on our container state challenge protocol. As a result, a remote party is able to know the container state and decide whether to trust the container. We also implement the executables measurement and verification mechanism and evaluate the performance. The results show the container start delay is no more than 3% of the normal container start time and the overhead to measure and verify executables is no more than 1 us in most cases, which is reasonably efficient. |
Year | DOI | Venue |
|---|---|---|
2019 | 10.1109/TrustCom/BigDataSE.2019.00011 | 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) |
Keywords | Field | DocType |
container, trusted computing, secure boot, measurement and verification, remote attestation | Virtualization,Trusted Computing,Virtual machine,Trusted operating system,Computer science,Computer network,Measurement and Verification,Linux kernel,Executable | Conference |
ISSN | ISBN | Citations |
2324-898X | 978-1-7281-2778-1 | 0 |
PageRank | References | Authors |
0.34 | 6 | 6 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Yunlong Guo | 1 | 0 | 0.34 |
| Aimin Yu | 2 | 4 | 4.80 |
| Xiaoli Gong | 3 | 12 | 7.75 |
| Lixin Zhao | 4 | 0 | 1.69 |
| Li-jun Cai | 5 | 37 | 13.57 |
| Dan Meng | 6 | 37 | 16.11 |