Details
| DOI: | Pending |
|---|---|
| Publication type: | Article |
| Journal: | IEEE Transactions on Network and Service Management |
| Publisher: | Institute of Electrical and Electronics Engineers |
| Publication date: | Pending |
Abstract
The growing interest in Platform-as-a-Service and serverless environments for the implementation of Container Network Functions (CNFs) makes the monitoring and inspection of network services a challenging task. A major requirement in this respect concerns the agility of deploying security agents at runtime, especially to effectively address emerging and advanced attack patterns.
In this perspective, this work investigates a framework leveraging the extended Berkeley Packet Filter (eBPF) to create ad- hoc security layers in CNFs without the need of embedding additional agents. To prove the effectiveness of the proposed approach, we focus on the detection of network covert channels, i.e., hidden/parasitic network conversations difficult to spot with legacy mechanisms. Experimental results demonstrate that different types of covert channels can be revealed with a good accuracy. Moreover, our approach requires limited resources compared.
Authors
- Marco Zuppelli
This email address is being protected from spambots. You need JavaScript enabled to view it.
National Research Council of Italy
Genoa, Italy - Matteo Repetto
This email address is being protected from spambots. You need JavaScript enabled to view it.
National Research Council of Italy
Genoa, Italy - Andreas Schaffhauser
This email address is being protected from spambots. You need JavaScript enabled to view it.
FernUniversität in Hagen
Hagen, Germany - Wojciech Mazurczyk
This email address is being protected from spambots. You need JavaScript enabled to view it.
FernUniversität in Hagen | Warsaw University of Technology
Hagen, Germany | Warsaw, Poland - Luca Caviglione
This email address is being protected from spambots. You need JavaScript enabled to view it.
National Research Council of Italy
Genoa, Italy