TUHH Open Research
Help
  • Log In
    New user? Click here to register.Have you forgotten your password?
  • English
  • Deutsch
  • Communities & Collections
  • Publications
  • Research Data
  • People
  • Institutions
  • Projects
  • Statistics
  1. Home
  2. TUHH
  3. Publications
  4. Security analysis of user namespaces and rootless containers
 
Options

Security analysis of user namespaces and rootless containers

Citation Link: https://doi.org/10.15480/882.3089
Publikationstyp
Bachelor Thesis
Date Issued
2020-01
Sprache
English
Author(s)
Semjonov, Anton  
Advisor
Gollmann, Dieter
Referee
Kycler, Ann-Christine  
Title Granting Institution
Technische Universität Hamburg
Place of Title Granting Institution
Hamburg
Examination Date
2020-01-24
Institut
Sicherheit in verteilten Anwendungen E-15  
TORE-DOI
10.15480/882.3089
TORE-URI
http://hdl.handle.net/11420/7891
Citation
Technische Universität Hamburg (2020)
Linux namespaces are used for container-based operating-system-level virtualization today; the user namespace in particular enables a relatively recent development of so-called rootless containers. A brief overview of the technology is given and the underlying permissions model is explained. Two different threat models for application deployment are created. Using a reproducible testing environment and a number of existing vulnerabilities, associated risks and benefits of employing the user namespace are analysed. It is shown that user namespaces can provide significant improvements to a system's security but also pose risks of their own.
Subjects
Linux
User Namespace
Virtualization
Security in Distributed Applications
DDC Class
620: Ingenieurwissenschaften
Lizenz
https://creativecommons.org/licenses/by-sa/4.0/
Loading...
Thumbnail Image
Name

thesis-r231-g18e9edc.pdf

Size

856.37 KB

Format

Adobe PDF

TUHH
Weiterführende Links
  • Contact
  • Send Feedback
  • Cookie settings
  • Privacy policy
  • Impress
DSpace Software

Built with DSpace-CRIS software - Extension maintained and optimized by 4Science
Design by effective webwork GmbH

  • Deutsche NationalbibliothekDeutsche Nationalbibliothek
  • ORCiD Member OrganizationORCiD Member Organization
  • DataCiteDataCite
  • Re3DataRe3Data
  • OpenDOAROpenDOAR
  • OpenAireOpenAire
  • BASE Bielefeld Academic Search EngineBASE Bielefeld Academic Search Engine
Feedback