SELinC : security evaluation of Linux containers
Access full-text files
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Operating System containers are key to the success of modern datacenters. Containers provide an easy way to encapsulate an application with its operating environment and deliver it seamlessly from development to test to production. Containers ensure consistency in loading the application across a variety of environments including physical servers, virtual machines, private or public clouds. Despite these benefits, containers often invite security concerns. Since containers share the Linux kernel on the host machine, a bug or a vulnerability in the kernel can compromise all the containers on the host machine. This thesis presents a novel model-driven fuzzing technique that can automatically analyze the kernel sources of containers. The proposed technique exposed two unknown bugs in the kernel implementation