%0 Journal Article
%T Enhanced Memory-Safe Linux Security Modules (eLSMs) for Improving Security of Docker Containers for Data Centers
%A Juan Martinez Delbugio
%A Vijay K. Madisetti
%J Journal of Software Engineering and Applications
%P 259-269
%@ 1945-3124
%D 2024
%I Scientific Research Publishing
%R 10.4236/jsea.2024.175015
%X The adoption of Docker containers has revolutionized software deployment by providing a lightweight and efficient way to isolate applications in data centers. However, securing these containers, especially when handling sensitive data, poses significant challenges. Traditional Linux Security Modules (LSMs) such as SELinux and AppArmor have limitations in providing fine-grained access control to files within containers. This paper presents a novel approach using eBPF (extended Berkeley Packet Filter) to implement a LSM that focuses on file-oriented access control within Docker containers. The module allows the specification of policies that determine which programs can access sensitive files, providing enhanced security without relying solely on the host operating system’s major LSM.
%K Docker
%K LSM
%K MAC
%K Rust
%K Memory Safe Languages
%U http://www.scirp.org/journal/PaperInformation.aspx?PaperID=133409