Timeloops: System Call Policy Learning for Containerized Microservices. (arXiv:2204.06131v1 [cs.CR])

In this paper we introduce TIMELOOPS a novel technique for automatically
learning system call filtering policies for containerized microservices
applications. At run-time, TIMELOOPS automatically learns which system calls a
program should be allowed to invoke while rejecting attempts to call spurious
system calls. Further, TIMELOOPS addresses many of the shortcomings of
state-of-the-art static analysis-based techniques, such as the ability to
generate tight filters for programs written in interpreted languages such as
PHP, Python, and JavaScript. TIMELOOPS has a simple and …

call containerized microservices microservices policy system