Container runtime security is crucial because containers share the host operating system kernel. A single vulnerability in one container can escalate and compromise the entire host or adjacent containers. Static analysis at build time is valuable but insufficient to defend against zero-day exploits or runtime attacks. Effective protection requires real-time observability and monitoring of container behavior. Traditional security frameworks such as SELinux and AppArmor rely on predefined static policies, which are difficult to adapt dynamically to novel runtime threats. We leverages eBPF to bridge this gap and achieve dynamic runtime enforcement within the kernel.

• Real-time observability and threat detection for live containers

• Cross-domain behavior analysis across file, process, and network activities

• Dynamic runtime enforcement and kernel-level observability using eBPF  

  Attack surface reduction is vital for securing rapidly evolving microservices. In production environments, traditional security policies often retain overly broad system call permissions, enabling privilege escalation, breakout, and lateral movement. Once deployed, these excessive privileges remain active, exposing the kernel without an effective mechanism for removal. Our goal is to automatically learn each workload’s legitimate behavior and enforce least-privilege policies back into production environments continuously, without requiring developers to manually craft security rules.

• Runtime system call monitoring in kernel space for each container

• Behavior graph construction and modeling using graph-based ML

• Automatic whitelist policy generation per container role

• Policy enforcement at the kernel boundary via BPF-LSM and seccomp

  Modern cloud infrastructure must achieve both high performance and strong security in increasingly dynamic environments. Traditional systems often struggle to balance throughput, latency, and security, resulting in inefficiencies or vulnerabilities during deployment and operation. To address this, our research focuses on integrating performance optimization, runtime security enforcement, and automated deployment into a unified framework. We explore systems that accelerate network-intensive workloads, enforce adaptive security controls at runtime, and automate the provisioning of optimized and protected environments. By bridging infrastructure-as-code methodologies with in-kernel performance and security mechanisms, this research enables scalable, resilient, and secure infrastructure operations.

• High-performance networking for cloud infrastructure

• Runtime behavioral security control

• Automated infrastructure optimization through IaC

  Modern cloud infrastructures must ensure secure communication and compliance while adapting to evolving cryptographic standards. Traditional service mesh architectures rely on static configurations and single-library dependencies, limiting flexibility in adopting new algorithms or meeting regulatory mandates. As quantum computing emerges, seamless cryptographic transition without downtime becomes essential. Our research enables cryptographic agility in cloud-native service mesh environments through dynamic encryption policy management and transparent library switching across workloads, providing hierarchical control and post-quantum readiness while maintaining compliance and service continuity.

• Fine-grained encryption policy management

• Dynamic cryptographic library switching

• Transparent post-quantum cryptography (PQC) integration 

• Zero-downtime cryptographic reconfiguration

  As AI-driven services proliferate, new threats such as unauthorized data access, model extraction, and prompt injection have emerged across the MLOps lifecycle. Traditional controls lack the adaptability required to protect dynamic training and inference pipelines. Our research aims to build an automated, policy-driven framework that unifies data and model protection without developer intervention. The system embeds runtime monitoring and adaptive defense into MLOps workflows to ensure secure, autonomous operation of AI pipelines.

• Automated runtime protection for data and model pipelines

• Sidecar-based inference monitoring and adaptive defense

• Policy-driven security automation for MLOps environments