BIO Web of Conferences (Jan 2024)
Designing a system call analyser for system calls used inside Linux containers
Abstract
This paper examines the development of a system call analyzer used within Linux containers, aiming to ensure security and enhance the performance of containerized applications. Containerization has become a vital aspect of modern software development and operations, enabling efficient isolation of applications and their dependencies. However, selecting a reliable image and analyzing vulnerabilities remain crucial tasks. The focus is on utilizing the ptrace system call and Berkeley Packet Filter technology to monitor and analyze system calls within containers. The developed system call detector interacts with the operating system kernel and the Podman container management tool, ensuring interception and filtration of system calls with minimal impact on container performance. The system’s architecture comprises a detector, server, and client components, ensuring modularity, testability, extensibility, and flexible development. The server component processes requests from clients and detectors, manages data, and provides appropriate responses. The client component is a web interface for system interaction. The paper also discusses the functional and non-functional requirements of the system, the implementation tools in Go and JavaScript languages using ReactJS and TypeScript libraries, and the advantages of a multi-layered architecture. The developed system call analyzer contributes to the improved security and performance of containerized applications, as evidenced by testing and system operation results.
