Containers are widely deployed on cloud platforms because of their low resource footprint, fast start-up time, and high performance, especially compared with its counterpart virtual machines. However, the Achilles’ heel of container technology is its weak isolation. For an attacker, jailbreaking into a host OS from a container is relatively easier than attacking a hypervisor from a virtual machine, because of its notably larger attack surface and larger trusted computing base (TCB). Researchers have proposed various solutions to protect applications from untrusted OS; yet, few of them focus on protecting containers, especially those hosting multiple applications and shared by multiple users. In this paper, we first identify several new attacks that cannot be prevented using the existing solutions. Furthermore, we systematically analyze the security properties that should be maintained to defend against these attacks and protect a full-fledged container from a malicious host OS. We then present the TZ-Container, a TrustZone-based secure container mechanism that can keep all these security properties. The TZ-Container specifically leverages TrustZone to construct multiple isolated execution environments (IEEs). Each IEE has a memory space isolated from the underlying OS and any other processes. By interposing switching between the user and the kernel modes, IEEs enforce security checks on each system call according to its semantics. We have implemented TZ-Container on the Hikey development board ensuring that it can support running unmodified Docker images downloaded from existing repositories such as https://hub.docker.com/. The evaluation results demonstrate that the TZ-Container has a performance overhead of approximately 5%.

容器因其资源占用少、启动速度快、性能高而被广泛部署在云平台上，尤其是与其对应的虚拟机相比。然而，容器技术的阿喀琉斯之踵在于其隔离性差。对于攻击者来说，从容器越狱到主机操作系统比从虚拟机攻击虚拟机管理程序相对容易，因为它的攻击面和可信计算基础（TCB）明显更大。研究人员提出了各种解决方案来保护应用程序免受不受信任的操作系统的侵害；然而，很少有人关注保护容器，尤其是那些托管多个应用程序并由多个用户共享的容器。在本文中，我们首先确定了使用现有解决方案无法阻止的几种新攻击。此外，我们系统地分析了应该维护的安全属性，以抵御这些攻击并保护成熟的容器免受恶意主机操作系统的侵害。然后我们介绍 TZ-Container，这是一种基于 TrustZone 的安全容器机制，可以保留所有这些安全属性。TZ-Container 专门利用 TrustZone 来构建多个隔离的执行环境 (IEE)。每个 IEE 都有一个与底层操作系统和任何其他进程隔离的内存空间。通过在用户模式和内核模式之间进行切换，IEE 根据其语义对每个系统调用实施安全检查。我们在 Hikey 开发板上实现了 TZ-Container，确保它可以支持运行从现有存储库（例如 https://hub.docker.com/）下载的未经修改的 Docker 镜像。