short-paper

Container Escape Detection for Edge Devices

Authors:

Francesco Raimondo,

Ryan McConville,

George Oikonomou,

Thomas Pasquier,

Ioannis Mavromatis,

Pietro Carnelli,

Adrian Sanchez-Mompo,

Theodoros Spyridopoulos,

Aftab KhanAuthors Info & Claims

SenSys '21: Proceedings of the 19th ACM Conference on Embedded Networked Sensor Systems

Pages 532 - 536

https://doi.org/10.1145/3485730.3494114

Published: 15 November 2021 Publication History

Abstract

Edge computing is rapidly changing the IoT-Cloud landscape. Various testbeds are now able to run multiple Docker-like containers developed and deployed by end-users on edge devices. However, this capability may allow an attacker to deploy a malicious container on the host and compromise it. This paper presents a dataset based on the Linux Auditing System, which contains malicious and benign container activity. We developed two malicious scenarios, a denial of service and a privilege escalation attack, where an adversary uses a container to compromise the edge device. Furthermore, we deployed benign user containers to run in parallel with the malicious containers. Container activity can be captured through the host system via system calls. Our time series auditd dataset contains partial labels for the benign and malicious related system calls. Generating the dataset is largely automated using a provided AutoCES framework. We also present a semi-supervised machine learning use case with the collected data to demonstrate its utility. The dataset and framework code are open-source and publicly available.

References

[1]

Fei Chen, Duming Luo, Tao Xiang, Ping Chen, Junfeng Fan, and Hong-Linh Truong. 2021. IoT Cloud Security Review: A Case Study Approach Using Emerging Consumer-Oriented Applications. ACM Comput. Surv. 54, 4, Article 75 (May 2021), 36 pages. https://doi.org/10.1145/3447625

Digital Library

[2]

Docker Community. [n.d.]. Docker Compose. https://github.com/docker/compose.

[3]

Docker Compose Community. 2021. Awesome Compose. https://github.com/docker/awesome-compose. Accessed: 2021-09-10.

[4]

Ademir F. da Silva, Ricardo L. Ohta, Marcelo N. dos Santos, and Alecio P.D. Binotto. 2016. A Cloud-based Architecture for the Internet of Things targeting Industrial Devices Remote Monitoring and Control. IFAC-PapersOnLine 49, 30 (2016), 108--113. https://doi.org/10.1016/j.ifacol.2016.11.137 4th IFAC Symposium on Telematics Applications TA 2016.

[5]

CSIRO's Data61. 2018. StellarGraph Machine Learning Library. https://github.com/stellargraph/stellargraph.

[6]

Tim Farnham, Simon Jones, Adnan Aijaz, Yichao Jin, Ioannis Mavromatis, Usman Raza, Anthony Portelli, Aleksandar Stanoev, and Mahesh Sooriyabandara. 2021. UMBRELLA Collaborative Robotics Testbed and IoT Platform. In 2021 IEEE 18th Annual Consumer Communications Networking Conference (CCNC). 1--7. https://doi.org/10.1109/CCNC49032.2021.9369615

Digital Library

[7]

FrankSpierings. 2021. Linux Container Escapes and Hardening. https://gist.github.com/FrankSpierings/5c79523ba693aaa38bc963083f48456c#escaping. Accessed: 2021-09-06.

[8]

Aditya Grover and Jure Leskovec. 2016. Node2vec: Scalable Feature Learning for Networks. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (San Francisco, California, USA) (KDD '16). Association for Computing Machinery, New York, NY, USA, 855--864. https://doi.org/10.1145/2939672.2939754

Digital Library

[9]

BRIL Toshiba Europe Ltd. 2021. UMBRELLA Node. https://www.umbrellaiot.com/what-is-umbrella/umbrella-node/. Accessed: 2021-09-06.

[10]

Dirk Merkel. 2014. Docker: Lightweight Linux Containers for Consistent Development and Deployment. Linux J. 2014, 239, Article 2 (March 2014).

Digital Library

[11]

Sadegh M. Milajerdi, Birhanu Eshete, Rigel Gjomemo, and V.N. Venkatakrishnan. 2019. POIROT: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (London, United Kingdom) (CCS '19). Association for Computing Machinery, New York, NY, USA, 1795--1812. https://doi.org/10.1145/3319535.3363217

Digital Library

[12]

NVIDIA. 2021. Jetson Nano Developer Kit. https://developer.nvidia.com/embedded/jetson-nano-developer-kit. Accessed: 2021-09-06.

[13]

James Pope and Francesco Raimondo. 2021. Container Escape Detection for Edge Devices. https://github.com/jpope8/container-escape-dataset. Accessed: 2021-09-10.

[14]

RaspberryPi. 2021. Compute Module 3+. https://www.raspberrypi.org/products/compute-module-3-plus/. Accessed: 2021-09-06.

[15]

RedHat. 2021. Defining Audit Rules. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-defining_audit_rules_and_controls.

[16]

Chin-Wei Tien, Tse-Yung Huang, Chia-Wei Tien, Ting-Chun Huang, and Sy-Yen Kuo. 2019. KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approaches. Engineering Reports 1, 5 (2019), e12080. https://doi.org/10.1002/eng2.12080 arXiv:https://onlinelibrary.wiley.com/doi/pdf/10.1002/eng2.12080

[17]

Felix Wilhelm. 2019. Understanding Docker container escapes. https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/. Accessed: 2021-09-10, https://twitter.com/_fel1x.

[18]

Andrea Zanella, Nicola Bui, Angelo Castellani, Lorenzo Vangelista, and Michele Zorzi. 2014. Internet of Things for Smart Cities. IEEE Internet of Things Journal 1, 1 (2014), 22--32. https://doi.org/10.1109/JIOT.2014.2306328

Cited By

Mavromatis ISpyridopoulos TCarnelli PChin WKhalil AChakravarty JCipolina Kun LPiechocki RRobbins CCunnington DChase LChiazor LPreston CRahul Khan A(2024)Cybersecurity in Motion: A Survey of Challenges and Requirements for Future Test Facilities of CAVsEAI Endorsed Transactions on Industrial Networks and Intelligent Systems10.4108/eetinis.v10i4.423710:4(e5)Online publication date: 2-Jan-2024
https://doi.org/10.4108/eetinis.v10i4.4237
Abouelkhair AMajdi KLimam NSalahuddin MBoutaba R(2024)5GProvGen: 5G Provenance Dataset Generation Framework2024 20th International Conference on Network and Service Management (CNSM)10.23919/CNSM62983.2024.10814296(1-9)Online publication date: 28-Oct-2024
https://doi.org/10.23919/CNSM62983.2024.10814296
Li PMavromatis IKhan A(2024)Past, Present, Future: A Comprehensive Exploration of AI Use Cases in the UMBRELLA IoT Testbed2024 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops)10.1109/PerComWorkshops59983.2024.10502658(787-792)Online publication date: 11-Mar-2024
https://doi.org/10.1109/PerComWorkshops59983.2024.10502658
Show More Cited By

Index Terms

Container Escape Detection for Edge Devices
1. Information systems
  1. Information systems applications
    1. Data mining
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation

Recommendations

A Defense Method against Docker Escape Attack
ICCSP '17: Proceedings of the 2017 International Conference on Cryptography, Security and Privacy

As one of the main technologies to support the virtualization of cloud computing, Docker has the characteristics of fast and lightweight virtualization on operating system-level,and is widely used in a variety of cloud platforms. Docker is faced with ...
Malware detection for container runtime based on virtual machine introspection
Abstract
The isolation technique of containers introduces uncertain security risks to malware detection in the current container environment. In this paper, we propose a framework called Malware Detection for Container Runtime based on Virtual Machine ...
Evaluation on the Security of Commercial Cloud Container Services
Information Security
Abstract
With the increasing adoption of the container mechanism in the industrial community, cloud vendors begin to provide cloud container services. Unfortunately, it lacks a concrete method to evaluate the security of cloud containers, whose security ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SenSys '21: Proceedings of the 19th ACM Conference on Embedded Networked Sensor Systems

November 2021

686 pages

ISBN:9781450390972

DOI:10.1145/3485730

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 November 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper
Research
Refereed limited

Funding Sources

Innovate UK

Conference

SenSys '21

Sponsor:

SenSys '21: The 19th ACM Conference on Embedded Networked Sensor Systems

November 15 - 17, 2021

Coimbra, Portugal

Acceptance Rates

SenSys '21 Paper Acceptance Rate 25 of 139 submissions, 18%;

Overall Acceptance Rate 198 of 990 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
401
Total Downloads

Downloads (Last 12 months)90
Downloads (Last 6 weeks)2

Reflects downloads up to 02 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mavromatis ISpyridopoulos TCarnelli PChin WKhalil AChakravarty JCipolina Kun LPiechocki RRobbins CCunnington DChase LChiazor LPreston CRahul Khan A(2024)Cybersecurity in Motion: A Survey of Challenges and Requirements for Future Test Facilities of CAVsEAI Endorsed Transactions on Industrial Networks and Intelligent Systems10.4108/eetinis.v10i4.423710:4(e5)Online publication date: 2-Jan-2024
https://doi.org/10.4108/eetinis.v10i4.4237
Abouelkhair AMajdi KLimam NSalahuddin MBoutaba R(2024)5GProvGen: 5G Provenance Dataset Generation Framework2024 20th International Conference on Network and Service Management (CNSM)10.23919/CNSM62983.2024.10814296(1-9)Online publication date: 28-Oct-2024
https://doi.org/10.23919/CNSM62983.2024.10814296
Li PMavromatis IKhan A(2024)Past, Present, Future: A Comprehensive Exploration of AI Use Cases in the UMBRELLA IoT Testbed2024 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops)10.1109/PerComWorkshops59983.2024.10502658(787-792)Online publication date: 11-Mar-2024
https://doi.org/10.1109/PerComWorkshops59983.2024.10502658
Zheng TQiu YZheng YWang QChen X(2024)Enhancing TinyML-Based Container Escape Detectors With Systemcall Semantic Association in UAVs NetworksIEEE Internet of Things Journal10.1109/JIOT.2024.336145211:12(21158-21169)Online publication date: 15-Jun-2024
https://doi.org/10.1109/JIOT.2024.3361452
Tang DXiao PZheng TLi XYang C(2024)Enhancing the security of edge-AI runtime environments: a fine-tuning method based on large language modelsWireless Networks10.1007/s11276-024-03833-yOnline publication date: 11-Nov-2024
https://doi.org/10.1007/s11276-024-03833-y
Pope JSpyridopoulos TKumar VRaimondo FGunner SOikonomou GPasquier TMcConville RCarnelli PSanchez-Mompo AMavromatis IKhan A(2024)Intrusion Detection at the IoT Edge Using Federated LearningSecurity and Privacy in Smart Environments10.1007/978-3-031-66708-4_5(98-119)Online publication date: 29-Oct-2024
https://doi.org/10.1007/978-3-031-66708-4_5
Black CScott-Hayward S(2022)Investigating the Vulnerability of Programmable Data Planes to Static Analysis-Guided Attacks2022 IEEE 8th International Conference on Network Softwarization (NetSoft)10.1109/NetSoft54395.2022.9844121(411-419)Online publication date: 27-Jun-2022
https://doi.org/10.1109/NetSoft54395.2022.9844121

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten