Securing the Shared Kernel: Exploring Kernel Isolation and Emerging Challenges in Modern Cloud Computing
Containerization is a rapidly advancing technology in cloud computing, facilitating the seamless development, deployment, and management of applications across diverse computing environments. This technology offers lightweight operations, portability, efficiency, and scalability advantages, applicab...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2024-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10769445/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850123542351314944 |
|---|---|
| author | Sehar Zehra Hassan Jamil Syed Fahad Samad Ummay Faseeha Hamza Ahmed Muhammad Khurram Khan |
| author_facet | Sehar Zehra Hassan Jamil Syed Fahad Samad Ummay Faseeha Hamza Ahmed Muhammad Khurram Khan |
| author_sort | Sehar Zehra |
| collection | DOAJ |
| description | Containerization is a rapidly advancing technology in cloud computing, facilitating the seamless development, deployment, and management of applications across diverse computing environments. This technology offers lightweight operations, portability, efficiency, and scalability advantages, applicable to developer workstations, mission-critical web servers, and the public cloud. However, unlike Virtual Machines (VMs), containers share the underlying machine’s operating system (OS) kernel, which introduces unique security challenges alongside speed and efficiency benefits. These challenges include the risks of container escape attacks, privilege escalation, and exploitation of kernel vulnerabilities. This paper comprehensively reviews state-of-the-art containerization security solutions, focusing on various kernel isolation approaches. It proposes a thematic taxonomy of containerization security, highlighting essential parameters to help developers understand the security needs within a shared kernel environment. This paper describes the current landscape of container security by examining critical developments, challenges, and trends in the existing literature—from system calls to kernel isolation. Additionally, it identifies open research issues and discusses industry best practices and emerging developments in container security, aiming to guide future research and implementation strategies. |
| format | Article |
| id | doaj-art-4abdadfbd93147e4a9371379b171e5ee |
| institution | OA Journals |
| issn | 2169-3536 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-4abdadfbd93147e4a9371379b171e5ee2025-08-20T02:34:35ZengIEEEIEEE Access2169-35362024-01-011217928117931710.1109/ACCESS.2024.350721510769445Securing the Shared Kernel: Exploring Kernel Isolation and Emerging Challenges in Modern Cloud ComputingSehar Zehra0https://orcid.org/0009-0007-7595-1221Hassan Jamil Syed1https://orcid.org/0000-0002-1834-1810Fahad Samad2https://orcid.org/0000-0003-3833-2644Ummay Faseeha3https://orcid.org/0009-0000-5276-1504Hamza Ahmed4Muhammad Khurram Khan5https://orcid.org/0000-0001-6636-0533Department of Computer Science, National University of Computer and Emerging Sciences (FAST), Karachi, PakistanAsia Pacific University of Technology and Innovation (APU), Kuala Lumpur, MalaysiaDepartment of Cyber Security, National University of Computer and Emerging Sciences (FAST), Karachi, PakistanDepartment of Computer Science, National University of Computer and Emerging Sciences (FAST), Karachi, PakistanDepartment of Computer Science, National University of Computer and Emerging Sciences (FAST), Karachi, PakistanCenter of Excellence in Information Assurance (CoEIA), King Saud University, Riyadh, Saudi ArabiaContainerization is a rapidly advancing technology in cloud computing, facilitating the seamless development, deployment, and management of applications across diverse computing environments. This technology offers lightweight operations, portability, efficiency, and scalability advantages, applicable to developer workstations, mission-critical web servers, and the public cloud. However, unlike Virtual Machines (VMs), containers share the underlying machine’s operating system (OS) kernel, which introduces unique security challenges alongside speed and efficiency benefits. These challenges include the risks of container escape attacks, privilege escalation, and exploitation of kernel vulnerabilities. This paper comprehensively reviews state-of-the-art containerization security solutions, focusing on various kernel isolation approaches. It proposes a thematic taxonomy of containerization security, highlighting essential parameters to help developers understand the security needs within a shared kernel environment. This paper describes the current landscape of container security by examining critical developments, challenges, and trends in the existing literature—from system calls to kernel isolation. Additionally, it identifies open research issues and discusses industry best practices and emerging developments in container security, aiming to guide future research and implementation strategies.https://ieeexplore.ieee.org/document/10769445/Containerizationkernel isolation & securityshared kernel environmentcloud computing securitycontainer escape attacksprivilege escalation |
| spellingShingle | Sehar Zehra Hassan Jamil Syed Fahad Samad Ummay Faseeha Hamza Ahmed Muhammad Khurram Khan Securing the Shared Kernel: Exploring Kernel Isolation and Emerging Challenges in Modern Cloud Computing IEEE Access Containerization kernel isolation & security shared kernel environment cloud computing security container escape attacks privilege escalation |
| title | Securing the Shared Kernel: Exploring Kernel Isolation and Emerging Challenges in Modern Cloud Computing |
| title_full | Securing the Shared Kernel: Exploring Kernel Isolation and Emerging Challenges in Modern Cloud Computing |
| title_fullStr | Securing the Shared Kernel: Exploring Kernel Isolation and Emerging Challenges in Modern Cloud Computing |
| title_full_unstemmed | Securing the Shared Kernel: Exploring Kernel Isolation and Emerging Challenges in Modern Cloud Computing |
| title_short | Securing the Shared Kernel: Exploring Kernel Isolation and Emerging Challenges in Modern Cloud Computing |
| title_sort | securing the shared kernel exploring kernel isolation and emerging challenges in modern cloud computing |
| topic | Containerization kernel isolation & security shared kernel environment cloud computing security container escape attacks privilege escalation |
| url | https://ieeexplore.ieee.org/document/10769445/ |
| work_keys_str_mv | AT seharzehra securingthesharedkernelexploringkernelisolationandemergingchallengesinmoderncloudcomputing AT hassanjamilsyed securingthesharedkernelexploringkernelisolationandemergingchallengesinmoderncloudcomputing AT fahadsamad securingthesharedkernelexploringkernelisolationandemergingchallengesinmoderncloudcomputing AT ummayfaseeha securingthesharedkernelexploringkernelisolationandemergingchallengesinmoderncloudcomputing AT hamzaahmed securingthesharedkernelexploringkernelisolationandemergingchallengesinmoderncloudcomputing AT muhammadkhurramkhan securingthesharedkernelexploringkernelisolationandemergingchallengesinmoderncloudcomputing |