Container runtime security detection and prevention techniques
Computer Science and Engineering, Jawaharlal Nehru Technological University, Hyderabad, India.
Research Article
World Journal of Advanced Research and Reviews, 2024, 24(03), 2626-2639
Article DOI: 10.30574/wjarr.2024.24.3.4003
Publication history:
Received on 17 November 2024; revised on 26 December 2024; accepted on 28 December 2024
Abstract:
Application control is a particular layer of cloud-native security that is aimed at protection during the application’s work in the container. This article provides a comprehension of container runtime security measures, including detection and prevention measures. It goes deeper into the importance of protecting container environments, mainly pointing out the outlook for dangers and risks that may occur at runtime. It also provides an overview of commodity detection techniques, such as container image analysis, runtime behavioral analysis, traffic analysis, Host and file integrity. Further, it dwells on the prevention measures involving image hardening, runtime security policies, the principle of least privilege, secure configurations and updates, patching, workload isolation and segmentation, secrets management, and using the immutable infrastructure. Also, this paper briefly discusses recent solutions such as kernel-level security features, runtime application self-protection (RASP), Sandboxing and unikernel solutions. It also goes further in explaining how automated security tools and platforms, especially open source and commercial tool platforms, can be used to improve the security of containers during runtime. In concluding the study, incident response and forensics need to be implemented across container objects, as it stipulates the need to take preventative measures for security threat detection and response.
Keywords:
Container Runtime Security; Behavioral Analysis; Vulnerability Detection; Multi-layered Defense; DevSecOps; Orchestration Platforms; Kubernetes
Full text article in PDF:
Copyright information:
Copyright © 2024 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0