Skip to content

cybersecurity-cnr/docker-stego-protector

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 

Repository files navigation

docker-stego-protector

Description

This repository includes a Docker container able to mitigate covert channels exploiting the memory of the host to create malicious container-to-container communications. For an example of such malevolent application, refer to YehudaCorsia/Docker-Covert-channel. In order to disturb the covert channel, a random amount of memory is periodically allocated by the container.

This repository represent an outcome of a joint research by CNR-IMATI and CNR-IEIIT. In case of exploitation for research purposes, please cite the following paper:

M. Zuppelli, M. Repetto, L. Caviglione, E. Cambiaso, Information Leakages of Docker Containers: Characterization and Mitigation Strategies, 9th International Conference on Network Softwarization, Madrid, Spain, 19 - 23 June 2023.

Installation

For a manual installation, follow the steps reported below.

  • Clone the repository:
git clone https://github.com/cybersecurity-cnr/docker-stego-protector
  • cd into the cloned repository:
cd docker-stego-protector
  • Build the Docker image:
docker build -t docker-stego-protector .
  • Optionally, save the Docker image to file:
docker save docker-stego-protector:latest|gzip > docker-stego-protector.tar.gz

Usage

Just run the Docker container, with a command similar to the following one:

docker run -e SIZEFROM=1000000000 -e SIZETO=2000000000 -e TIMEOUTFROM=1 -e TIMEOUTFROM=5 -t docker-stego-protector

where:

  • SIZEFROM identifies the minimum size of memory to allocate at each round, in bytes
  • SIZETO identifies the maximum size of memory to allocate at each round, in bytes
  • TIMEOUTFROM identifies the minimum duration of each round, in seconds
  • TIMEOUTTO identifies the maximum duration of each round, in seconds

Credits

Acknowledgement

This work was partially supported by project SERICS (PE00000014) under the NRRP MUR program funded by the EU - NGEU.

About

Protect your system from RAM based covert channels over Docker

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •