Attackers as Instructors: Using Container Isolation to Reduce Risk and Understand Vulnerabilities

Attackers as Instructors: Using Container Isolation to Reduce Risk and Understand Vulnerabilities

연구 분야: Strategies

학회: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment

To achieve economies of scale, popular Internet destinations concurrently serve hundreds or thousands of users on shared physical infrastructure. This resource sharing enables attacks that misuse permissions and affect other users. Our work uses containerization to create “single-use servers” which are dynamically instantiated and tailored for each user’s permissions. This isolates users and eliminates attacker persistence. Further, it simplifies analysis, allowing the fusion of logs to help defenders localize vulnerabilities associated with security incidents. We thus mitigate attacks and convert them into debugging traces to aid remediation. We evaluate the approach using three systems, including the popular WordPress content management system. It eliminates attacker persistence, propagation, and permission misuse. It has low CPU and latency costs and requires linear memory consumption, which we reduce with a customized page merging technique.