Android applications are associated with a large amount of sensitive data,therefore application developers use encryption algorithms to provide user data encryption,authentication and data integrity protection.However...Android applications are associated with a large amount of sensitive data,therefore application developers use encryption algorithms to provide user data encryption,authentication and data integrity protection.However,application developers do not have the knowledge of cryptography,thus the cryptographic algorithm may not be used correctly.As a result,security vulnerabilities are generated.Based on the previous studies,this paper summarizes the characteristics of password misuse vulnerability of Android application software,establishes an evaluation model to rate the security level of the risk of password misuse vulnerability and develops a repair strategy for password misuse vulnerability.And on this basis,this paper designs and implements a secure container for Android application software password misuse vulnerability:CM-Droid.展开更多
As containerized environments become increasingly prevalent in cloud-native infrastructures,the need for effective monitoring and detection of malicious behaviors has become critical.Malicious containers pose signific...As containerized environments become increasingly prevalent in cloud-native infrastructures,the need for effective monitoring and detection of malicious behaviors has become critical.Malicious containers pose significant risks by exploiting shared host resources,enabling privilege escalation,or launching large-scale attacks such as cryptomining and botnet activities.Therefore,developing accurate and efficient detection mechanisms is essential for ensuring the security and stability of containerized systems.To this end,we propose a hybrid detection framework that leverages the extended Berkeley Packet Filter(eBPF)to monitor container activities directly within the Linux kernel.The framework simultaneously collects flow-based network metadata and host-based system-call traces,transforms them into machine-learning features,and applies multi-class classification models to distinguish malicious containers from benign ones.Using six malicious and four benign container scenarios,our evaluation shows that runtime detection is feasible with high accuracy:flow-based detection achieved 87.49%,while host-based detection using system-call sequences reached 98.39%.The performance difference is largely due to similar communication patterns exhibited by certain malware families which limit the discriminative power of flow-level features.Host-level monitoring,by contrast,exposes fine-grained behavioral characteristics,such as file-system access patterns,persistence mechanisms,and resource-management calls that do not appear in network metadata.Our results further demonstrate that both monitoring modality and preprocessing strategy directly influence model performance.More importantly,combining flow-based and host-based telemetry in a complementary hybrid approach resolves classification ambiguities that arise when relying on a single data source.These findings underscore the potential of eBPF-based hybrid analysis for achieving accurate,low-overhead,and behavior-aware runtime security in containerized environments,and they establish a practical foundation for developing adaptive and scalable detection mechanisms in modern cloud systems.展开更多
Container technology plays an essential role in many Information and Communications Technology(ICT)systems.However,containers face a diversity of threats caused by vulnerable packages within container images.Previous ...Container technology plays an essential role in many Information and Communications Technology(ICT)systems.However,containers face a diversity of threats caused by vulnerable packages within container images.Previous vulnerability scanning solutions for container images are inadequate.These solutions entirely depend on the information extracted from package managers.As a result,packages installed directly from the source code compilation,or packages downloaded from the repository,etc.,are ignored.We introduce DAVS–A Dockerfile analysis-based vulnerability scanning framework for OCI-based container images to deal with the limitations of existing solutions.DAVS performs static analysis using file extraction based on Dockerfile information to obtain the list of Potentially Vulnerable Files(PVFs).The PVFs are then scanned to figure out the vulnerabilities in the target container image.The experimental shows the outperform of DAVS on detecting Common Vulnerabilities and Exposures(CVE)of 10 known vulnerable images compared to Clair–the most popular container image scanning project.Moreover,DAVS found that 68%of real-world container images are vulnerable from different image registries.展开更多
基金This work is supported by The National Natural Science Foundation of China (Nos.U1536121,61370195).
文摘Android applications are associated with a large amount of sensitive data,therefore application developers use encryption algorithms to provide user data encryption,authentication and data integrity protection.However,application developers do not have the knowledge of cryptography,thus the cryptographic algorithm may not be used correctly.As a result,security vulnerabilities are generated.Based on the previous studies,this paper summarizes the characteristics of password misuse vulnerability of Android application software,establishes an evaluation model to rate the security level of the risk of password misuse vulnerability and develops a repair strategy for password misuse vulnerability.And on this basis,this paper designs and implements a secure container for Android application software password misuse vulnerability:CM-Droid.
基金supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(No.RS-2024-00351898 and No.RS-2025-02263915)the MOTIE under Training Industrial Security Specialist forHigh-Tech Industry(RS-2024-00415520)supervised by theKorea Institute for Advancement of Technology(KIAT)+1 种基金the MSIT under the ICAN(ICT Challenge and Advanced Network of HRD)program(No.IITP-2022-RS-2022-00156310)supervised by the Institute of Information&Communication Technology Planning&Evaluation(IITP).
文摘As containerized environments become increasingly prevalent in cloud-native infrastructures,the need for effective monitoring and detection of malicious behaviors has become critical.Malicious containers pose significant risks by exploiting shared host resources,enabling privilege escalation,or launching large-scale attacks such as cryptomining and botnet activities.Therefore,developing accurate and efficient detection mechanisms is essential for ensuring the security and stability of containerized systems.To this end,we propose a hybrid detection framework that leverages the extended Berkeley Packet Filter(eBPF)to monitor container activities directly within the Linux kernel.The framework simultaneously collects flow-based network metadata and host-based system-call traces,transforms them into machine-learning features,and applies multi-class classification models to distinguish malicious containers from benign ones.Using six malicious and four benign container scenarios,our evaluation shows that runtime detection is feasible with high accuracy:flow-based detection achieved 87.49%,while host-based detection using system-call sequences reached 98.39%.The performance difference is largely due to similar communication patterns exhibited by certain malware families which limit the discriminative power of flow-level features.Host-level monitoring,by contrast,exposes fine-grained behavioral characteristics,such as file-system access patterns,persistence mechanisms,and resource-management calls that do not appear in network metadata.Our results further demonstrate that both monitoring modality and preprocessing strategy directly influence model performance.More importantly,combining flow-based and host-based telemetry in a complementary hybrid approach resolves classification ambiguities that arise when relying on a single data source.These findings underscore the potential of eBPF-based hybrid analysis for achieving accurate,low-overhead,and behavior-aware runtime security in containerized environments,and they establish a practical foundation for developing adaptive and scalable detection mechanisms in modern cloud systems.
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea Government(MSIT)(No.2020-0-00952)Development of 5G edge security technology for ensuring 5G+service stability and availability.
文摘Container technology plays an essential role in many Information and Communications Technology(ICT)systems.However,containers face a diversity of threats caused by vulnerable packages within container images.Previous vulnerability scanning solutions for container images are inadequate.These solutions entirely depend on the information extracted from package managers.As a result,packages installed directly from the source code compilation,or packages downloaded from the repository,etc.,are ignored.We introduce DAVS–A Dockerfile analysis-based vulnerability scanning framework for OCI-based container images to deal with the limitations of existing solutions.DAVS performs static analysis using file extraction based on Dockerfile information to obtain the list of Potentially Vulnerable Files(PVFs).The PVFs are then scanned to figure out the vulnerabilities in the target container image.The experimental shows the outperform of DAVS on detecting Common Vulnerabilities and Exposures(CVE)of 10 known vulnerable images compared to Clair–the most popular container image scanning project.Moreover,DAVS found that 68%of real-world container images are vulnerable from different image registries.
