ASPGen-D: Automatically Generating Fine-grained Apparmor Policies for Docker.

With the development of virtualization technology, Docker has became the most popular containerization technology. Due to its shared kernel characteristics, it is lighter and more effi-ciently than traditional virtualization methods, but it also brings security issues to Docker. Applying Mandatory Access Control (MAC) framework to Docker containers is a common way to enhance Docker. However, it is a highly professional and complex task to generate MAC security policies for Docker containers. In this article, we aim to further optimize Docker's AppArmor security policy generating process and propose ASPGen-D, which is a novel framework for automatically generating Docker's Ap-pArmor security policies. It achieves three benefits: 1) ASPGen-D is able to generate security policies for each Docker automatically based on an Expert System. 2) The security policies generated by the framework are more in line with the characteristics of Docker. 3) The security policies can be dynamically updated according to the runtime status of Docker. Our current experimental results show that ASPGen-D is an efficient and effective security solution for Docker.