Runtime user-space-based protection of containers against unpatched vulnerabilities

Mobile networks are critical infrastructure and essential in our daily lives. Containerization is the go-to solution for deploying mobile services over cloud managed by third parties. Containerized applications might suffer from unpatched software vulnerabilities resulting in impact on the security and privacy of the end users and the operations, potentially leading to financial and reputation losses. This can be exasperated by the fact that time between vulnerability discovery and patching can be counted in weeks and more often in months, leaving a large attack time window to the perform more damage. The main objective of this project is to develop and demonstrate a runtime and non-disruptive tenant-level scalable and efficient solution to temporarily patch vulnerable containerized applications. The main benefit is to offer telecom operators an efficient solution for handling unpatched vulnerabilities to support their service continuing while avoiding security risks and damages related to vulnerabilities exploits. This will allow economical benefits to both the telecom vendor (who will be able to develop security patch) and the operators, who can provide secure mobile networks solution while waiting for the official patch.

Faculty Supervisor:

Suryadipta Majumdar;Lingyu Wang

Student:

Partner:

Ericsson Canada Inc (Quebec)

Discipline:

Computer science

Sector:

Professional, scientific and technical services

University:

Concordia University

Program: