Security namespace: Making Linux security frameworks available to containers

Yuqiong Sun, David Safford, Mimi Zohar, Dimitrios Pendarakis, Zhongshu Gu, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Lightweight virtualization (i.e., containers) offers a virtual host environment for applications without the need for a separate kernel, enabling better resource utilization and improved efficiency. However, the shared kernel also prevents containers from taking advantage of security features that are available to traditional VMs and hosts. Containers cannot apply local policies to govern integrity measurement, code execution, mandatory access control, etc. to prevent application-specific security problems. Changes have been proposed to make kernel security mechanisms available to containers, but such changes are often adhoc and expose the challenges of trusting containers to make security decisions without compromising host system or other containers. In this paper, we propose security namespaces, a kernel abstraction that enables containers to have an autonomous control over their security. The security namespace relaxes the global and mandatory assumption of kernel security frameworks, thus enabling containers to independently define security policies and apply them to a limited scope of processes. To preserve security, we propose a routing mechanism that can dynamically dispatch an operation to a set of containers whose security might be affected by the operation, therefore ensuring the security decision made by one container cannot compromise the host or other containers. We demonstrate security namespace by developing namespaces for integrity measurement and mandatory access control in the Linux kernel for use by Docker containers. Results show that security namespaces can effectively mitigate security problems within containers (e.g., malicious code execution) with less than 0.7% additional latency to system call and almost identical application throughput. As a result, security namespaces enable containers to obtain autonomous control over their security without compromising the security of other containers or the host system.

Original languageEnglish (US)
Title of host publicationProceedings of the 27th USENIX Security Symposium
PublisherUSENIX Association
Pages1423-1439
Number of pages17
ISBN (Electronic)9781939133045
StatePublished - Jan 1 2018
Event27th USENIX Security Symposium - Baltimore, United States
Duration: Aug 15 2018Aug 17 2018

Publication series

NameProceedings of the 27th USENIX Security Symposium

Conference

Conference27th USENIX Security Symposium
Country/TerritoryUnited States
CityBaltimore
Period8/15/188/17/18

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Security namespace: Making Linux security frameworks available to containers'. Together they form a unique fingerprint.

Cite this