IMA Namespaces for Containers - Asier Gutierrez, Huawei

แชร์
ฝัง
  • เผยแพร่เมื่อ 28 ม.ค. 2025
  • IMA Namespaces for Containers - Asier Gutierrez, Huawei
    Containers are revolutionizing the way workloads are automated, deployed and scaled, and are widely used in Cloud scenarios.
    We focus on containers security enhancement based on Linux kernel namespaces. Linux kernel provides IMA (Integrity Measurement Architecture) for attesting files in the system.
    The current IMA implementation is not container aware. It doesn’t know when and which a container integrity failed. Our proposal compensates the lack of kernel-related features for container's security.
    Our proof of concept also integrates this implementation with Kubernetes orchestration system.
    We also have developed a remote attestation prototype, which can detect changes in files inside containers.

ความคิดเห็น •