Monitoring and Controlling Internal Container Activity Using LSM + eBPF in a Multi-Container Environment

Key Points

• This research aims to enhance the monitoring and control of container activities in multi-container environments using eBPF and LSM.
• Utilized eBPF for real-time monitoring at the kernel level.
• Implemented mechanisms to block specific container behaviors.
• Evaluated security policy application in Kubernetes environments.
• Conducted experiments on policy management at namespace, pod, and label levels.
• Confirmed effective monitoring and control in multi-container environments with minimal performance degradation.
• Demonstrated flexibility and scalability of security policies in orchestration environments like Kubernetes.