An Insight into RSA 2023: Capabilities Utilization for Container Escape
June 23, 2023
At the RSA Conference this year, researchers from Cyberason shared the topic of Container Escape: All You Need Is Cap (Capabilities), detailing three methods of using Cap permissions for container escape, hoping to make users pay attention to the permission allocation of Capabilities when using containers and maintain best practices. This article will provide a […]
Technical Report on Container Security (V)-3
March 27, 2019
Security Tools – StackRox
-
About StackRox
StackRox features a distributed architecture that collects and analyzes data throughout the application lifecycle to detect and block malicious actors, and finally meet the requirement for protecting containerized cloud-native applications. StackRox delivers continuous detection through its unique combination of distributed sensors and centralized analysis and machine learning to provide context and correlation at the speed and scale of containers. (more…)
Technical Report on Container Security (V)-2
March 20, 2019
Security Tools – NeuVector
About NeuVector
NeuVector[I] is the first company to take up development of Docker/Kubernetes security products. With a commitment to assuring the security of enterprise-wide container platforms, the company provides products that are suitable for deployment across multi-cloud and on-premises production environments. (more…)
Technical Report on Container Security (V)-1
March 13, 2019
Security Tools—Open-Source Security Tool Kubernetes
In addition to commercial software, open-source software projects can also provide some security functions. This document describes several open-source projects that are usually used for protection of non-critical business. (more…)
Technical Report on Container Security (IV)
February 27, 2019
Container Security Protection – Application Security
- Application Security
The ecosystem of the container technology is gradually established and various solutions become available in specific segments of containers, both of which lay a solid foundation for the container deployment. On the basis of the enterprise container deployment, the emergence of business processes revolving around container applications, especially application logic-oriented microservice architecture, brings challenges to the application security. (more…)
Technical Report on Container Security (IV)-7
February 20, 2019
Container Security Protection – Orchestration Security
Orchestration Security
The maturity of the container technology pushes the development and implementation of microservices. More and more enterprises choose to adopt a mircoservice architecture to build their applications. Container orchestration tools are responsible for managing container clusters that carry various services. Arguably, it is container orchestration tools that support core services in a variety of projects adopting a mircoservice architecture. This document takes the most popular orchestration tool in the community, Kubernetes, as an example to describe security protection measures that container orchestration tools should take. (more…)
Technical Report on Container Security (IV)-6
February 14, 2019
Container Security Protection – Runtime Security
Runtime Security
- Security Configuration for Container Launch
A container runs on the host as a process. Running container processes are isolated from one another. Each has its own file system, networking, and isolated process tree separate from the host. The following sections detail how to use the docker run[1] command to define a container’s resources at runtime. (more…)
Technical Report on Container Security (IV)-5
January 30, 2019
Container Security Protection – Container Network Security
Container Network Security (more…)
Technical Report on Container Security (IV)-4
January 24, 2019
Container Security Protection – Image Security
Image Security
Images are the basis of containers. Therefore, their security speaks a lot for that of the entire container ecosystem. Container images are a series of images stacked layer by layer. They are distributed and updated through image repositories. The following sections describe how to secure images from the aspects of image build security, repository security, and image distribution security. (more…)
Technical Report on Container Security (IV)-3
January 16, 2019
Container Security Protection – Host Security Host Security Hardening of Basic Host Security Containers share the operating system kernel with the host. Therefore, host configuration determines whether containers can be executed in a secure manner. For example, vulnerable software puts the host at risk of arbitrary code execution; opening ports at will exposes the host […]