•  About
    • About the Lab
    • Director’s Note
    • Our Vision
    • Founding Donor
    • Advisory Board
    • Principal Investigators
  • People
    • Associated Faculty
    • Executive Committee
    • Students
    • Program Directorate
  • TrustNet
  •  Projects
  •  Resources
    • Pre-Doctoral Program
    • Internships
    • Early Career Award
    • Trust Lab Grant
    • Trust Lab Fellowship
  •  News
    • Trust Matters
    • Quick Updates
  •  Events
    • Talks
    • Trust Summit
    • TL CTF
    • Schools
    • All Events
  •  Engage
  •  About
    • About the Lab
    • Director’s Note
    • Our Vision
    • Founding Donor
    • Advisory Board
    • Principal Investigators
  • People
    • Associated Faculty
    • Executive Committee
    • Students
    • Program Directorate
  • TrustNet
  •  Projects
  •  Resources
    • Pre-Doctoral Program
    • Internships
    • Early Career Award
    • Trust Lab Grant
    • Trust Lab Fellowship
  •  News
    • Trust Matters
    • Quick Updates
  •  Events
    • Talks
    • Trust Summit
    • TL CTF
    • Schools
    • All Events
  •  Engage

Container Honeypots: Collecting Threat Intelligence to Testing Software Vulnerabilities

Overview
People
Outcome
Overview

In cloud systems, the importance of containers is rising. For large-scale enterprise workloads, containers are increasingly being preferred over virtual machines (VMs). As organizations migrate their computing resources to cloud and container environments, we see attackers following them there, and the focus has turned to how to keep them secure. If key parts of the container are compromised, root access could be obtained on the host OS. Thus it is important to monitor the process within containers to detect malicious activities.We aim to deploy containers with known vulnerable applications (honeypots) and study the attacks on them. To understand container attacks, we need tools to distinguish processes running within a container and the host machine. Our first objective is to develop a tool to distinguish container and host processes. The existing tools like Auditd in Linux do not support such a feature. Our container honeypots can also help test containerized software for any vulnerabilities. In summary, the objectives are as follows: 1. Deploy containerized honeypots to gather threat intelligence on large public networks like IIT Bombay 2. Develop a framework to analyze vulnerabilities in production-ready software before deployment. This done by running the software in container honeypots.
Active from 2023
Funding: Trust Lab Grant 2023

People

Manjesh Kumar Hanawal

Outcome
Twitter Facebook-f Linkedin Youtube
  • trustlabcse.iitb.ac.in
  • +91-22-2159-6725
  • First Floor, New CSE Building
    Department of Computer Science and Engineering,
    Indian Institute of Technology Bombay,
    Powai, Mumbai 400076
IITB logo