A Fault and Intrusion Tolerance Framework for Containerized Environments: A Specification-Based Error Detection Approach

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Container-based virtualization has gained momentum over the past few years thanks to its lightweight nature and support for agility. However, its appealing features come at the price of a reduced isolation level compared to the traditional host-based virtualization techniques, exposing workloads to various faults, such as co-residency attacks like container escape. In this work, we propose to leverage the automated management capabilities of containerized environments to derive a Fault and Intrusion Tolerance (FIT) framework based on error detection-recovery and fault treatment. Namely, we aim at deriving a specification-based error detection mechanism at the host level to systematically and formally capture security state errors indicating breaches potentially caused by malicious containers. Although the paper focuses on security side use cases, results are logically extendable to accidental faults. Our aim is to immunize the target environments against accidental and malicious faults and preserve their core dependability and security properties.
Original languageEnglish (US)
Title of host publication2022 International Workshop on Secure and Reliable Microservices and Containers (SRMC)
PublisherIEEE
DOIs
StatePublished - Dec 12 2022

Bibliographical note

KAUST Repository Item: Exported on 2022-12-15

Fingerprint

Dive into the research topics of 'A Fault and Intrusion Tolerance Framework for Containerized Environments: A Specification-Based Error Detection Approach'. Together they form a unique fingerprint.

Cite this