CNR Institutional Research Information System

Containers are core building blocks for creating applications based on the microservice paradigm. However, assessing their security is complex, especially when deployed in distributed and heterogeneous scenarios. Moreover, developers and IT operators should only focus on integration and delivery processes without dealing with tasks to guarantee securing requirements. To overcome such issues, in this paper, we introduce the ideas at the basis of Project SecCo (Securing Containers), i.e., an architecture for extending and improving current security assessment methodologies into the continuous integration and continuous delivery DevOps pipeline. To this end, SecCo proposes a framework able to orchestrate new automatic security services to prevent and reduce security vulnerabilities in the design, implementation, and deployment phases, and to identify and mitigate, at runtime, attempts to exploit them. The paper also showcases the main research challenges to be addressed for pursuing the vision of SecCo.

SecCo: Automated Services to Secure Containers in the DevOps Paradigm

Luca Caviglione;
2023

Abstract

Containers are core building blocks for creating applications based on the microservice paradigm. However, assessing their security is complex, especially when deployed in distributed and heterogeneous scenarios. Moreover, developers and IT operators should only focus on integration and delivery processes without dealing with tasks to guarantee securing requirements. To overcome such issues, in this paper, we introduce the ideas at the basis of Project SecCo (Securing Containers), i.e., an architecture for extending and improving current security assessment methodologies into the continuous integration and continuous delivery DevOps pipeline. To this end, SecCo proposes a framework able to orchestrate new automatic security services to prevent and reduce security vulnerabilities in the design, implementation, and deployment phases, and to identify and mitigate, at runtime, attempts to exploit them. The paper also showcases the main research challenges to be addressed for pursuing the vision of SecCo.
2023
Istituto di Matematica Applicata e Tecnologie Informatiche - IMATI -
Inglese
Proceedings of the 2023 International Conference on Research in Adaptive and Convergent Systems
1
6
https://dl.acm.org/doi/abs/10.1145/3599957.3606222
Sì, ma tipo non specificato
6-10/08/2023
Gdansk, Polonia
information hiding
covert channels
container security
cybersecurity
microservices
4
restricted
Verderame, Luca; Caviglione, Luca; Carbone, Roberto; Merlo, Alessio
273
info:eu-repo/semantics/conferenceObject
04 Contributo in convegno::04.01 Contributo in Atti di convegno
04.01 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
prod_486605-doc_201927.pdf

solo utenti autorizzati

Descrizione: SecCo: Automated Services to Secure Containers in the DevOps Paradigm
Tipologia: Versione Editoriale (PDF)
Dimensione 669.53 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
669.53 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/456642
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact