CONSERVE: A framework for the selection of techniques for monitoring containers securityShow others and affiliations
2022 (English)In: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 186, article id 111158Article in journal (Refereed) Published
Abstract [en]
Context: Container-based virtualization is gaining popularity in different domains, as it supports continuous development and improves the efficiency and reliability of run-time environments. Problem: Different techniques are proposed for monitoring the security of containers. However, there are no guidelines supporting the selection of suitable techniques for the tasks at hand. Objective: We aim to support the selection and design of techniques for monitoring container-based virtualization environments. Approach:: First, we review the literature and identify techniques for monitoring containerized environments. Second, we classify these techniques according to a set of categories, such as technical characteristic, applicability, effectiveness, and evaluation. We further detail the pros and cons that are associated with each of the identified techniques. Result: As a result, we present CONSERVE, a multi-dimensional decision support framework for an informed and optimal selection of a suitable set of container monitoring techniques to be implemented in different application domains. Evaluation: A mix of eighteen researchers and practitioners evaluated the ease of use, understandability, usefulness, efficiency, applicability, and completeness of the framework. The evaluation shows a high level of interest, and points out to potential benefits. © 2021 The Authors
Place, publisher, year, edition, pages
Elsevier Inc. , 2022. Vol. 186, article id 111158
Keywords [en]
Attack analysis, Container monitoring, Intrusion detection, Security, Software and systems engineering, Virtualization, Containers, Decision support systems, Efficiency, Monitoring, Virtual reality, Continuous development, Different domains, Efficiency and reliability, Intrusion-Detection, It supports, Software and systems engineerings, Virtualizations
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:ri:diva-57895DOI: 10.1016/j.jss.2021.111158Scopus ID: 2-s2.0-85121691498OAI: oai:DiVA.org:ri-57895DiVA, id: diva2:1625994
Note
Funding details: 2019-03071; Funding text 1: We would like to thank the participants who took a part in the evaluation of CONSERVE. This research was partially supported by the Swedish VINNOVA FFI project CyReV: Cyber Resilience for Vehicles with diary numbers: 2018-05013 (1st phase) and 2019-03071 (2nd phase).
2022-01-102022-01-102023-04-28Bibliographically approved