Treffer: DYNTRACE-SEC: adaptive security for containerized environments via load-aware segmentation and trust-driven policy specification and enforcement.

Containerization has become fundamental to modern cloud-native systems, but it introduces new security challenges due to shared kernel architectures and rapidly evolving workloads. Static security policies often prove inadequate in such dynamic environments. This paper presents Dynamic Trust-Based Adaptive Container Segmentation, Policy Specification, and Enforcement (DYNTRACE-SEC), a novel framework for delivering resilient, intelligent, and adaptive security in containerized settings. DYNTRACE-SEC integrates three tightly coupled mechanisms: (1) dynamic affinity propagation with load-sensitive pruning, which autonomously segments containers based on behavioral patterns and dynamically adjusts segment granularity in response to system and network loads; (2) trust-score weighted adaptive policy specification, which computes a multi-dimensional trust score—capturing behavioral cohesion, vulnerability exposure, and historical reputation—to guide segment-level security decisions; and (3) trust-score weighted adaptive policy enforcement, which applies proportionate security responses to inter-segment interactions based on assessed risk. Evaluation on a Kubernetes cluster with a mix of benign and malicious workloads shows that DYNTRACE-SEC effectively isolates malicious containers, adapts security segmentation to workload dynamics, and achieves superior detection and prevention rates with notably low false positives and negatives. In addition, the framework has a low overhead in terms of performance, proving that it is useful for protecting large-scale containerized deployments in the real world, especially in real-time and performance-sensitive supercomputing settings where dynamic security is unable to harm computational efficiency. [ABSTRACT FROM AUTHOR]