Securing the Shared Kernel: Exploring Kernel Isolation and Emerging Challenges in Modern Cloud Computing
Containerization is a rapidly advancing technology in cloud computing, facilitating the seamless development, deployment, and management of applications across diverse computing environments. This technology offers lightweight operations, portability, efficiency, and scalability advantages, applicab...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2024-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10769445/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Containerization is a rapidly advancing technology in cloud computing, facilitating the seamless development, deployment, and management of applications across diverse computing environments. This technology offers lightweight operations, portability, efficiency, and scalability advantages, applicable to developer workstations, mission-critical web servers, and the public cloud. However, unlike Virtual Machines (VMs), containers share the underlying machine’s operating system (OS) kernel, which introduces unique security challenges alongside speed and efficiency benefits. These challenges include the risks of container escape attacks, privilege escalation, and exploitation of kernel vulnerabilities. This paper comprehensively reviews state-of-the-art containerization security solutions, focusing on various kernel isolation approaches. It proposes a thematic taxonomy of containerization security, highlighting essential parameters to help developers understand the security needs within a shared kernel environment. This paper describes the current landscape of container security by examining critical developments, challenges, and trends in the existing literature—from system calls to kernel isolation. Additionally, it identifies open research issues and discusses industry best practices and emerging developments in container security, aiming to guide future research and implementation strategies. |
|---|---|
| ISSN: | 2169-3536 |