In cloud systems, the importance of containers is rising. For large-scale enterprise workloads, containers are increasingly being preferred over virtual machines (VMs). As organizations migrate their computing resources to cloud and container environments, we see attackers following them there, and the focus has turned to how to keep them secure. If key parts of the container are compromised, root access could be obtained on the host OS. Thus it is important to monitor the process within containers to detect malicious activities.We aim to deploy containers with known vulnerable applications (honeypots) and study the attacks on them. To understand container attacks, we need tools to distinguish processes running within a container and the host machine. Our first objective is to develop a tool to distinguish container and host processes. The existing tools like Auditd in Linux do not support such a feature. Our container honeypots can also help test containerized software for any vulnerabilities. In summary, the objectives are as follows:
1. Deploy containerized honeypots to gather threat intelligence on large public networks like IIT
Bombay
2. Develop a framework to analyze vulnerabilities in production-ready software before deployment.
This done by running the software in container honeypots.