TITLE:
Enhanced Memory-Safe Linux Security Modules (eLSMs) for Improving Security of Docker Containers for Data Centers
AUTHORS:
Juan Martinez Delbugio, Vijay K. Madisetti
KEYWORDS:
Docker, LSM, MAC, Rust, Memory Safe Languages
JOURNAL NAME:
Journal of Software Engineering and Applications,
Vol.17 No.5,
May
28,
2024
ABSTRACT: The adoption of Docker containers has revolutionized software deployment by providing a lightweight and efficient way to isolate applications in data centers. However, securing these containers, especially when handling sensitive data, poses significant challenges. Traditional Linux Security Modules (LSMs) such as SELinux and AppArmor have limitations in providing fine-grained access control to files within containers. This paper presents a novel approach using eBPF (extended Berkeley Packet Filter) to implement a LSM that focuses on file-oriented access control within Docker containers. The module allows the specification of policies that determine which programs can access sensitive files, providing enhanced security without relying solely on the host operating system’s major LSM.