Titulo Estágio
Container-level Intrusion detection for multi-tenant environments
Local do Estágio
SSE-CISUC
Enquadramento
Operating system virtualization is a lighter alternative to traditional virtualization. Resource isolation through control groups allows for “software containers” that share the same kernel reducing the overhead.
However, as these containers share physical machines with other containers that can be owned by a different organization, their security is of utmost importance. In fact, although they promise security and reliability, it is clear that successful intrusions can be devastating for the infrastructure’s provider and for the containers’ owners.
Intrusion detection system allow to detect and avoid the intrusion of attackers. During the last two decades anomaly detection algorithms have been increasingly adopted in the detection and prevention of intrusions. This includes statistical methods, machine learning, and data mining, with a common purpose of building a model of what is considered normal behavior or activity, to then identify the deviations from this normal.
Although there are already some proposals of IDS for container environments, there is room for improvement, both in terms of features supported and also in the effectiveness.
Objetivo
The objective of this work is to develop new and improved intrusion detection systems for containers environment. Such IDSs will work at host level and take advantage of anomaly detection algorithms. The detectors will operate based on system calls information, but other types of information may also be included. To improve the effectiveness, we plan to consider a wider view of the system, and therefore monitor containers that are related in an integrated manner. As we are concerned with security, we will take advantage of the existing technologies to protect the integrity of the IDS (e.g. use trusted execution environments provided by SGX).
Plano de Trabalhos - Semestre 1
T1. [10/09/2018 to 31/10/2018] State of the art analysis, including to obtain and/or re-implement existing approaches.
T2. [21/10/2018 to 15/11/2018] Experimental evaluation and comparison of the existing intrusion detection approaches based on anomaly detection.
T3. [15/11/2018 to 15/12/2018] Design of a solution to overcome the identified limitations.
T4. [01/12/2018 to 21/01/2019] Write the Dissertation Plan.
Plano de Trabalhos - Semestre 2
T5. [01/02/2019 to 15/04/2019] Development of the proposed solution.
T6. [20/03/2019 to 30/04/2019] Experimentation and validation.
T7. [15/04/2019 to 31/05/2019] Write a scientific publication.
T8. [15/05/2019 to 01/07/2019] Write the thesis.
Condições
The work is to be executed at the laboratories of the CISUC’s Software and Systems Engineering Group. A work place will be provided as well as the required computational resources.
Orientador
Nuno Antunes
nmsa@dei.uc.pt 📩