This Is AuburnElectronic Theses and Dissertations

Show simple item record

DevSecOps of Containerization


Metadata FieldValueLanguage
dc.contributor.advisorUmphress, David
dc.contributor.authorCui, Pinchen
dc.date.accessioned2020-08-03T13:44:47Z
dc.date.available2020-08-03T13:44:47Z
dc.date.issued2020-08-03
dc.identifier.urihttp://hdl.handle.net/10415/7425
dc.description.abstractContainerization is a new concept of virtualization, one that has attracted attention and occupied considerable amount of market size due to its inherent lightweight characteristics. However, the lightweight advantage is achieved at the price of security. The isolation of containers cannot be as strong as with traditional hypervisor-based virtualization. Attacks against weak isolation of the container have been reported, and the use of shared kernel is another targeted vulnerable point. This work focuses on providing security for the containerization. We aim to provide secure monitoring of containerized application, which can help the infrastructure owner ensure the running application is harmless. The monitoring is non-intrusive and lightweight with no user data privacy and performance overhead problems being incurred. We propose use of machine learning techniques combined with container introspection tools to perform intelligent monitoring. We establish an unique public dataset to provide better emulation of real application behaviors and better coverage of attacks with expanded feature space. Sufficient related work is surveyed, and a proof-of-concept monitoring system is implemented and evaluated. In addition, we also investigate the containerization of Hyperledger blockchain systems. Smart contract is one of the most important and promising feature of blockchain, and it relies on the use of virtualization. Hyperledger implements its chaincode (smart contract) based on containerization. Thus, the DevSecOps of containerization also determines the security of Hyperledger systems. The potential risk of Hyperledger containerization lifecycle have been illustrated and discussed.en_US
dc.rightsEMBARGO_NOT_AUBURNen_US
dc.subjectComputer Science and Software Engineeringen_US
dc.titleDevSecOps of Containerizationen_US
dc.typePhD Dissertationen_US
dc.embargo.lengthMONTHS_WITHHELD:3en_US
dc.embargo.statusEMBARGOEDen_US
dc.embargo.enddate2020-10-31en_US

Files in this item

Show simple item record