Skip to main content
SpringerLink
Log in
Book cover

Computational Intelligence in Security for Information Systems Conference

CISIS 2019: 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020) pp 132–141Cite as

Cybersecurity Overview of a Robot as a Service Platform

  • Conference paper
  • First Online:

  • 844 Accesses

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1267))

Abstract

Containerization solutions have spread widely in the industry due to their ease of deployment, agility, and portability. However, its adoption is not without challenges and difficulties in the field of security. This paper presents an overview of the vulnerabilities present in the application containerization solutions, paying special attention to the security aspects related to them. Applying the conclusions of the above analysis, a containerization system focused on offering AI and robotics services in the cloud is also proposed.

The research described in this article has been partially funded by addendum 4 to the framework convention between the University of León and Instituto Nacional de Ciberseguridad (INCIBE).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Chapter 8. Linux Capabilities and Seccomp Red Hat Enterprise Linux Atomic Host 7 | Red Hat Customer Portal. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html/container_security_guide/linux_capabilities_and_seccomp

  2. Introducción a AppArmor. https://debian-handbook.info/browse/es-ES/stable/sect.apparmor.html

  3. Linux Capabilities. http://man7.org/linux/man-pages/man7/capabilities.7.html

  4. SELinux y control de acceso obligatorio | INCIBE-CERT. https://www.incibe-cert.es/blog/selinux-y-control-de-acceso-obligatorio

  5. Espacios de nombres. https://lwn.net/Articles/531114/(2013). Accessed 30 Nov 2019

  6. Grupos de control. http://man7.org/linux/man-pages/man7/cgroups.7.html(2013). Accessed 09 Dec 2019

  7. Arnautov, S., Trach, B., Gregor, F., Knauth, T., Martin, A., Priebe, C., Lind, J., Muthukumaran, D., O’keeffe, D., Stillwell, M.L., Goltzsche, D., Eyers, D., Kapitza, R., Pietzuch, P., Fetzer, C.: This paper is included in the Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2016). Open access to the Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation is sponsored by USENIX. SCONE: Secure Linux Containers with Intel SGX SCONE: Secure Linux Containers with Intel SGX (2016). https://www.usenix.org/conference/osdi16/technical-sessions/presentation/arnautov

  8. Babar, M.A.: Understanding container isolation mechanisms for building security-sensitive private cloud data exfiltration incident analysis view project (2017). https://doi.org/10.13140/RG.2.2.34040.85769. https://www.researchgate.net/publication/316602321

  9. Bui, T.: Analysis of docker security. Tech. rep., Aalto University (2015). https://arxiv.org/pdf/1501.02967.pdf

  10. Chelladhurai, J., Chelliah, P.R., Kumar, S.A.: Securing docker containers from denial of service (DoS) attacks. In: 2016 IEEE International Conference on Services Computing (SCC), pp. 856–859. IEEE (June 2016). https://doi.org/10.1109/SCC.2016.123. http://ieeexplore.ieee.org/document/7557545/

  11. Combe, T., Martin, A., Di Pietro, R.: To docker or not to docker: a security perspective. IEEE Cloud Comput. 3(5), 54–62 (2016). https://doi.org/10.1109/MCC.2016.100. http://ieeexplore.ieee.org/document/7742298/

    Article  Google Scholar 

  12. Corbi, A., Burgos, D.: OERaaS: open educational resources as a service with the help of virtual containers. IEEE Lat. Am. Trans. 14(6), 2927–2933 (2016). https://doi.org/10.1109/TLA.2016.7555277

    Article  Google Scholar 

  13. Felter, W., Ferreira, A., Rajamony, R., Rubio, J.: An updated performance comparison of virtual machines and Linux containers. In: 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), pp. 171–172. IEEE (March 2015). https://doi.org/10.1109/ISPASS.2015.7095802. http://ieeexplore.ieee.org/document/7095802/

  14. Gao, X., Gu, Z., Kayaalp, M., Pendarakis, D., Wang, H.: ContainerLeaks: emerging security threats of information leakages in container clouds. In: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 237–248. IEEE (June 2017). https://doi.org/10.1109/DSN.2017.49. http://ieeexplore.ieee.org/document/8023126/

  15. Godlove, D.: Singularity. In: ACM International Conference Proceeding Series. Association for Computing Machinery (July 2019). https://doi.org/10.1145/3332186.3332192

  16. Grattafiori, A.: Understanding and hardening Linux containers. NCC Group (2016). https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/april/ncc_group_understanding_hardening_linux_containers-1-1.pdf

  17. Hertz, J.: Abusing privileged and unprivileged Linux containers (2016). https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/june/abusing-privileged-and-unprivileged-linux-containers.pdf

  18. Hofmann, S.: Docker container images with “headless” VNC session (2019). https://github.com/ConSol/docker-headless-vnc-container

  19. Jian, Z., Chen, L.: A defense method against docker escape attack. In: Proceedings of the 2017 International Conference on Cryptography, Security and Privacy - ICCSP 2017, pp. 142–146. ACM Press, New York (2017). https://doi.org/10.1145/3058060.3058085. http://dl.acm.org/citation.cfm?doid=3058060.3058085

  20. Kang, H., Le, M., Tao, S.: Container and microservice driven design for cloud infrastructure DevOps. In: Proceedings - 2016 IEEE International Conference on Cloud Engineering, IC2E 2016: Co-Located with the 1st IEEE International Conference on Internet-of-Things Design and Implementation, IoTDI 2016, pp. 202–211. Institute of Electrical and Electronics Engineers Inc. (June 2016). https://doi.org/10.1109/IC2E.2016.26

  21. Lin, X., Lei, L., Wang, Y., Jing, J., Sun, K., Zhou, Q.: A measurement study on Linux container security: attacks and countermeasures. In: Proceedings of the 34th Annual Computer Security Applications Conference on - ACSAC 2018, pp. 418–429. ACM Press, New York (2018). https://doi.org/10.1145/3274694.3274720. http://dl.acm.org/citation.cfm?doid=3274694.3274720

  22. Martin, A., Raponi, S., Combe, T., Di Pietro, R.: Docker ecosystem-vulnerability analysis. Comput. Commun. 122, 30–43 (2018). https://doi.org/10.1016/j.comcom.2018.03.011

    Article  Google Scholar 

  23. Martin, J.P., Kandasamy, A., Chandrasekaran, K.: Exploring the support for high performance applications in the container runtime environment. Hum.-Centric Comput. Inf. Sci. (2018). https://doi.org/10.1186/s13673-017-0124-3

    Article  Google Scholar 

  24. Morabito, R., Kjällman, J., Komu, M.: Hypervisors vs. lightweight virtualization: a performance comparison. In: Proceedings - 2015 IEEE International Conference on Cloud Engineering, IC2E 2015, pp. 386–393. Institute of Electrical and Electronics Engineers Inc. (2015). https://doi.org/10.1109/IC2E.2015.74

  25. Mouat, A.: Docker Security. O’Reilly Media Inc., Sebastopol (2015)

    Google Scholar 

  26. Quigley, M., Conley, K., Gerkey, B., Faust, J., Foote, T., Leibs, J., Wheeler, R., Ng, A.Y.: ROS: an open-source robot operating system. In: ICRA Workshop on Open Source Software, vol. 3, p. 5, Kobe, Japan (2009)

    Google Scholar 

  27. Reshetova, E., Karhunen, J., Nyman, T., Asokan, N.: Security of OS-level virtualization technologies. Technical report (July 2014). http://arxiv.org/abs/1407.4245

  28. Shu, R., Gu, X., Enck, W.: A study of security vulnerabilities on docker hub. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy - CODASPY 2017, pp. 269–280. ACM Press, New York (2017). https://doi.org/10.1145/3029806.3029832. http://dl.acm.org/citation.cfm?doid=3029806.3029832

  29. Wetter, D.: Docker threat modeling and top 10 (2018). https://owasp.org/www-chapter-belgium/assets/2018/2018-09-07/Dirk_Wetter_-_Docker_Security_Brussels.pdf. Accessed 12 Feb 2020

  30. Younge, A.J., Pedretti, K., Grant, R.E., Brightwell, R.: A tale of two systems: using containers to deploy HPC applications on supercomputers and clouds. In: 2017 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), pp. 74–81. IEEE (December 2017). https://doi.org/10.1109/CloudCom.2017.40. http://ieeexplore.ieee.org/document/8241093/

  31. Zerouali, A., Mens, T., Robles, G., Gonzalez-Barahona, J.M.: On the relation between outdated docker containers, severity vulnerabilities, and bugs. In: SANER 2019 - Proceedings of the 2019 IEEE 26th International Conference on Software Analysis, Evolution, and Reengineering, pp. 491–501. Institute of Electrical and Electronics Engineers Inc. (March 2019). https://doi.org/10.1109/SANER.2019.8668013

Download references

Author information

Authors and Affiliations

  1. Robotics Group, University of León, Campus de Vegazana S/N, 24071, León, Spain

    Laura Fernández-Becerra, David Fernández González, Ángel Manuel Guerrero-Higueras, Francisco Javier Rodríguez Lera & Camino Fernández-Llamas

Authors
  1. Laura Fernández-Becerra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Fernández González
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ángel Manuel Guerrero-Higueras
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Francisco Javier Rodríguez Lera
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Camino Fernández-Llamas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ángel Manuel Guerrero-Higueras .

Editor information

Editors and Affiliations

  1. Grupo de Inteligencia Computacional Aplicada (GICAP), Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad de Burgos, Burgos, Spain

    Álvaro Herrero

  2. Grupo de Inteligencia Computacional Aplicada (GICAP), Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad de Burgos, Burgos, Spain

    Carlos Cambra

  3. Grupo de Inteligencia Computacional Aplicada (GICAP), Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad de Burgos, Burgos, Spain

    Daniel Urda

  4. Technological Institute of Castilla y León, Burgos, Spain

    Javier Sedano

  5. Department of Industrial Engineering, University of A Coruña, La Coruña, Spain

    Héctor Quintián

  6. University of Salamanca, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fernández-Becerra, L., Fernández González, D., Guerrero-Higueras, Á.M., Rodríguez Lera, F.J., Fernández-Llamas, C. (2021). Cybersecurity Overview of a Robot as a Service Platform. In: Herrero, Á., Cambra, C., Urda, D., Sedano, J., Quintián, H., Corchado, E. (eds) 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020). CISIS 2019. Advances in Intelligent Systems and Computing, vol 1267. Springer, Cham. https://doi.org/10.1007/978-3-030-57805-3_13

Download citation

Publish with us

Policies and ethics

Search

Navigation