| Popis: |
Abstract A container provides an environment where applications are packaged and run with the supporting libraries and dependencies. Due to scalability and efficient software deployment, the popularity of container technology has increased and its services are also available on cloud platforms. The container environment is prone to a variety of threats and vulnerabilities that lead to security breaches and attacks. Investigation is required to analyze the attack and the digital forensics processes have also been implemented in the container environment. In this paper, we present a systematic evaluation of container artifacts. An interface named CONTAIN4n6 is developed to collect data from container environment that extracts the data using introspection libraries, container file systems, and is also capable to trace the system call of running container. The functionality of system calls traces is implemented in an open source containerization software, i.e, Moby project. Container’s artifacts are associated with environmental information, log files, directories, link files, repositories, etc. Data collected from multiple sources are stored in a database and created a hash values to maintain the integrity of collected data. A case study of privilege escalation attacks has been demonstrated which is used to validate the data collection tool, called, CONTAIN4n6. Research challenges associated with security and forensic investigations on containerized applications are also presented. |
Full text from SpringerLink