TY - GEN
T1 - A Fault and Intrusion Tolerance Framework for Containerized Environments: A Specification-Based Error Detection Approach
AU - Madi, Taous
AU - Esteves-Verissimo, Paulo
N1 - KAUST Repository Item: Exported on 2022-12-15
PY - 2022/12/12
Y1 - 2022/12/12
N2 - Container-based virtualization has gained momentum over the past few years thanks to its lightweight nature and support for agility. However, its appealing features come at the price of a reduced isolation level compared to the traditional host-based virtualization techniques, exposing workloads to various faults, such as co-residency attacks like container escape. In this work, we propose to leverage the automated management capabilities of containerized environments to derive a Fault and Intrusion Tolerance (FIT) framework based on error detection-recovery and fault treatment. Namely, we aim at deriving a specification-based error detection mechanism at the host level to systematically and formally capture security state errors indicating breaches potentially caused by malicious containers. Although the paper focuses on security side use cases, results are logically extendable to accidental faults. Our aim is to immunize the target environments against accidental and malicious faults and preserve their core dependability and security properties.
AB - Container-based virtualization has gained momentum over the past few years thanks to its lightweight nature and support for agility. However, its appealing features come at the price of a reduced isolation level compared to the traditional host-based virtualization techniques, exposing workloads to various faults, such as co-residency attacks like container escape. In this work, we propose to leverage the automated management capabilities of containerized environments to derive a Fault and Intrusion Tolerance (FIT) framework based on error detection-recovery and fault treatment. Namely, we aim at deriving a specification-based error detection mechanism at the host level to systematically and formally capture security state errors indicating breaches potentially caused by malicious containers. Although the paper focuses on security side use cases, results are logically extendable to accidental faults. Our aim is to immunize the target environments against accidental and malicious faults and preserve their core dependability and security properties.
UR - http://hdl.handle.net/10754/686437
UR - https://ieeexplore.ieee.org/document/9973124/
U2 - 10.1109/srmc57347.2022.00005
DO - 10.1109/srmc57347.2022.00005
M3 - Conference contribution
BT - 2022 International Workshop on Secure and Reliable Microservices and Containers (SRMC)
PB - IEEE
ER -