Monitoring and Controlling Internal Container Activity Using LSM + eBPF in a Multi-Container Environment 


Vol. 53,  No. 1, pp. 1-7, Jan.  2026
10.5626/JOK.2026.53.1.1


PDF

  Abstract

This paper explores real-time monitoring and control techniques utilizing an eBPF (extended Berkeley Packet Filter) and the LSM (Linux Security Module) in multi-container environments and Kubernetes-based orchestration systems. Traditional security methods struggle to maintain consistent policies due to the dynamic nature of container creation and termination, limiting fine-grained control at the individual container level. In this study, we employ eBPF to monitor system calls, network activities, and file accesses at the kernel level, while also implementing mechanisms to restrict specific container behaviors. Furthermore, we assess the feasibility of applying consistent security policies in Kubernetes environments, experimentally validating policy management and monitoring techniques at the namespace, pod, and label levels. Our experimental results indicate that eBPF-based monitoring and control functions efficiently in multi-container environments with minimal performance overhead, allowing for flexible and scalable security policy enforcement in orchestration systems like Kubernetes. This research advances the development of cloud-native security solutions that leverage utilizing eBPF.


  Statistics
Cumulative Counts from November, 2022
Multiple requests among the same browser session are counted as one view. If you mouse over a chart, the values of data points will be shown.


  Cite this article

[IEEE Style]

Y. Ko, H. Kim, M. Jeong, C. Lee, H. Lim, S. Jeon, "Monitoring and Controlling Internal Container Activity Using LSM + eBPF in a Multi-Container Environment," Journal of KIISE, JOK, vol. 53, no. 1, pp. 1-7, 2026. DOI: 10.5626/JOK.2026.53.1.1.


[ACM Style]

Yejune Ko, Hyeonseok Kim, Mingyu Jeong, Changhyun Lee, Harksu Lim, and Sunghyun Jeon. 2026. Monitoring and Controlling Internal Container Activity Using LSM + eBPF in a Multi-Container Environment. Journal of KIISE, JOK, 53, 1, (2026), 1-7. DOI: 10.5626/JOK.2026.53.1.1.


[KCI Style]

고예준, 김현석, 정민규, 이창현, 임학수, 전성현, "다중 컨테이너 환경에서 LSM + eBPF를 활용한 컨테이너별 내부 활동 모니터링 및 제어," 한국정보과학회 논문지, 제53권, 제1호, 1~7쪽, 2026. DOI: 10.5626/JOK.2026.53.1.1.


[Endnote/Zotero/Mendeley (RIS)]  Download


[BibTeX]  Download



Search




Journal of KIISE

  • ISSN : 2383-630X(Print)
  • ISSN : 2383-6296(Electronic)
  • KCI Accredited Journal

Editorial Office

  • Tel. +82-2-588-9240
  • Fax. +82-2-521-1352
  • E-mail. chwoo@kiise.or.kr