About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
IBM J. Res. Dev
Paper
Secure yet usable: Protecting servers and Linux containers
Abstract
Many computer security systems are considered a burden. Their inherent intrusiveness may often have an impact on the overall system stability and may conflict with a continuous stream of updates to a server operating system and components. Additionally, their complexity, and the lack of sufficient understanding of how to operate them efficiently, leads to subpar utilization of their full potential. We claim that a computer security system must make usability one of its top priorities, arguably the first, to have any chance of being correctly and fully used. In this paper, we describe Starlight, a protection tool that has usability as its core trait. We discuss the tradeoffs between security and usability and how we addressed them. Starlight monitors the behavior of a running system and creates a customized security policy, a set of operating system execution rules that accurately defines the execution boundaries of the system. We demonstrate the capabilities of our system to protect the runtime environments of servers with Linux® containers, which addkernel exploits risks via exposure to vulnerable or rogue applications.