ESX: A Self-Generated Control Policy for Remote Access With SSH Based on eBPF
Cloud systems that provide remote data and computational access through networks face significant security challenges. Secure Shell (SSH) is one of the most popular methods for remote access, but the leakage of login information presents a substantial security threat, enabling attackers to exploit i...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10649557/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841542590046928896 |
|---|---|
| author | Yuan Zhong Pengfei Chen Huxing Zhang |
| author_facet | Yuan Zhong Pengfei Chen Huxing Zhang |
| author_sort | Yuan Zhong |
| collection | DOAJ |
| description | Cloud systems that provide remote data and computational access through networks face significant security challenges. Secure Shell (SSH) is one of the most popular methods for remote access, but the leakage of login information presents a substantial security threat, enabling attackers to exploit identities and disrupt systems. Consequently, ensuring robust security in cloud-system operations is paramount. Access control, a crucial security mechanism in operating systems, is becoming increasingly complex due to the intricate nature of control mechanisms and the difficulty in developing precise Access Control Lists (ACLs). Traditional ACLs require extensive resources for each user or role, struggle in complex scenarios, and risk system vulnerability by granting excessive privileges. To mitigate these issues, we introduce Extend Security boX (ESX), a novel solution that combines a lightweight system call restriction system with machine learning method. ESX utilizes rule learning through itemset mining to analyze user behavior and generate system call control lists, thereby significantly reducing system vulnerability. By employing extended Berkeley Packet Filter (eBPF) program hooks, ESX effectively audits and restricts remote user behavior at the system call level. Our results show that ESX’s rule-mining algorithm achieves over 99% accuracy in generating access control policies, using only 40% of the log entries for mining. Additionally, ESX presents a lower overhead compared to established security solutions, such as AppArmor, enhancing the overall operating system security. |
| format | Article |
| id | doaj-art-e3355a0bcd514fde849fea16bba6f599 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-e3355a0bcd514fde849fea16bba6f5992025-01-14T00:02:21ZengIEEEIEEE Access2169-35362025-01-01136487650610.1109/ACCESS.2024.345049610649557ESX: A Self-Generated Control Policy for Remote Access With SSH Based on eBPFYuan Zhong0https://orcid.org/0009-0009-5422-7407Pengfei Chen1https://orcid.org/0000-0003-0972-6900Huxing Zhang2https://orcid.org/0009-0007-1761-9044School of Computer Science and Engineering, Sun Yat-sen University, Guangzhou, ChinaSchool of Computer Science and Engineering, Sun Yat-sen University, Guangzhou, ChinaAlibaba Group, Hangzhou, ChinaCloud systems that provide remote data and computational access through networks face significant security challenges. Secure Shell (SSH) is one of the most popular methods for remote access, but the leakage of login information presents a substantial security threat, enabling attackers to exploit identities and disrupt systems. Consequently, ensuring robust security in cloud-system operations is paramount. Access control, a crucial security mechanism in operating systems, is becoming increasingly complex due to the intricate nature of control mechanisms and the difficulty in developing precise Access Control Lists (ACLs). Traditional ACLs require extensive resources for each user or role, struggle in complex scenarios, and risk system vulnerability by granting excessive privileges. To mitigate these issues, we introduce Extend Security boX (ESX), a novel solution that combines a lightweight system call restriction system with machine learning method. ESX utilizes rule learning through itemset mining to analyze user behavior and generate system call control lists, thereby significantly reducing system vulnerability. By employing extended Berkeley Packet Filter (eBPF) program hooks, ESX effectively audits and restricts remote user behavior at the system call level. Our results show that ESX’s rule-mining algorithm achieves over 99% accuracy in generating access control policies, using only 40% of the log entries for mining. Additionally, ESX presents a lower overhead compared to established security solutions, such as AppArmor, enhancing the overall operating system security.https://ieeexplore.ieee.org/document/10649557/Access controlsecurityeBPFitemset minningsystem call |
| spellingShingle | Yuan Zhong Pengfei Chen Huxing Zhang ESX: A Self-Generated Control Policy for Remote Access With SSH Based on eBPF IEEE Access Access control security eBPF itemset minning system call |
| title | ESX: A Self-Generated Control Policy for Remote Access With SSH Based on eBPF |
| title_full | ESX: A Self-Generated Control Policy for Remote Access With SSH Based on eBPF |
| title_fullStr | ESX: A Self-Generated Control Policy for Remote Access With SSH Based on eBPF |
| title_full_unstemmed | ESX: A Self-Generated Control Policy for Remote Access With SSH Based on eBPF |
| title_short | ESX: A Self-Generated Control Policy for Remote Access With SSH Based on eBPF |
| title_sort | esx a self generated control policy for remote access with ssh based on ebpf |
| topic | Access control security eBPF itemset minning system call |
| url | https://ieeexplore.ieee.org/document/10649557/ |
| work_keys_str_mv | AT yuanzhong esxaselfgeneratedcontrolpolicyforremoteaccesswithsshbasedonebpf AT pengfeichen esxaselfgeneratedcontrolpolicyforremoteaccesswithsshbasedonebpf AT huxingzhang esxaselfgeneratedcontrolpolicyforremoteaccesswithsshbasedonebpf |