AppPACK: A Packaging Model for Single-Purpose Lightweight Virtualization Environment

In recent years, container technology has caught the attention of the communities by its performance and compactness. Although the design of modern container tools (e.g., Docker and podman) serves as a single-purpose application provider, existing deployed containers still contain extra tools that are unnecessary for a single-purpose process. The existence of unnecessary files and tools is directly proportional to higher security risk. Besides, extraneous files often make the container heavier and slow down its performance. This paper introduces a novel Lightweight Virtualization packaging model for creating profiles for a single-purpose application from an existing multi-purpose container environment, called AppPACK. Specifically, the model can generate a package containing minified versions of images, kernel, and virtual machine profiles from a target application. The experiment results show that AppPACK can provide an image of 1.1 to 37 times smaller in size compared to the original version. The experiment on execution shows that using AppPACK profiles could fasten the booting process from 1.1 to 6 times compared to the non-AppPACK version. The comparison between AppPACK and previous approaches shows that proposed model can provide more compatible and smaller versions in most cases.

[1]  Miika Komu,et al.  Hypervisors vs. Lightweight Virtualization: A Performance Comparison , 2015, 2015 IEEE International Conference on Cloud Engineering.

[2]  Xin Lin,et al.  A Measurement Study on Linux Container Security: Attacks and Countermeasures , 2018, ACSAC.

[3]  Timothy Wood,et al.  A component-based performance comparison of four hypervisors , 2013, 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013).

[4]  Tassos Dimitriou,et al.  Container Security: Issues, Challenges, and the Road Ahead , 2019, IEEE Access.

[5]  Gerald J. Popek,et al.  Formal requirements for virtualizable third generation architectures , 1974, SOSP '73.

[6]  Dirk Merkel,et al.  Docker: lightweight Linux containers for consistent development and deployment , 2014 .

[7]  William Enck,et al.  A Study of Security Vulnerabilities on Docker Hub , 2017, CODASPY.

[8]  Yuqiong Sun,et al.  Security Namespace: Making Linux Security Frameworks Available to Containers , 2018, USENIX Security Symposium.

[9]  Rakesh Kumar,et al.  On cloud security requirements, threats, vulnerabilities and countermeasures: A survey , 2019, Comput. Sci. Rev..

[10]  Krishan Kumar,et al.  Economically Efficient Virtualization over Cloud Using Docker Containers , 2016, 2016 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM).

[11]  David J. Scott,et al.  Unikernels: the rise of the virtual library operating system , 2013, CACM.

[12]  Jon Crowcroft,et al.  Unikernels: library operating systems for the cloud , 2013, ASPLOS '13.

[13]  Crispin Cowan,et al.  Linux security modules: general security support for the linux kernel , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[14]  Albert Y. Zomaya,et al.  A Survey of Mobile Device Virtualization , 2016, ACM Comput. Surv..

[15]  Pramod Bhatotia,et al.  Cntr: Lightweight OS Containers , 2018, USENIX Annual Technical Conference.

[16]  Roberto Di Pietro,et al.  To Docker or Not to Docker: A Security Perspective , 2016, IEEE Cloud Computing.

[17]  Thanh Bui,et al.  Analysis of Docker Security , 2015, ArXiv.

[18]  Kirill Kolyshkin,et al.  VIRTUALIZATION IN LINUX , 2006 .

[19]  Shivananda R. Poojara,et al.  Performance Analysis of Linux Container and Hypervisor for Application Deployment on Clouds , 2018, 2018 International Conference on Computational Techniques, Electronics and Mechanical Systems (CTEMS).

[20]  Paco Hope,et al.  Using Jails in FreeBSD for Fun and Profit , 2002, Login: The Usenix Magazine.

[21]  Florian Schmidt,et al.  My VM is Lighter (and Safer) than your Container , 2017, SOSP.

[22]  M. Eder,et al.  Hypervisor-vs . Container-based Virtualization , 2016 .

[23]  Roberto Di Pietro,et al.  Docker ecosystem - Vulnerability Analysis , 2018, Comput. Commun..

[24]  Xiaoqiang Ma,et al.  Enhancing Performance and Energy Efficiency for Hybrid Workloads in Virtualized Cloud Environment , 2018 .

[25]  Idit Levine Unik: A Platform for Automating Unikernels Compilation and Deployment , 2016 .

[26]  Krishan Kumar,et al.  3E-VMC: An Experimental Energy Efficient Model for VMs scheduling over Cloud , 2018, 2018 First International Conference on Secure Cyber Computing and Communication (ICSCCC).

[27]  Maria Kihl,et al.  Performance Overhead Comparison between Hypervisor and Container Based Virtualization , 2017, 2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA).

[28]  Lucas Chaufournier,et al.  Containers and Virtual Machines at Scale: A Comparative Study , 2016, Middleware.

[29]  Antonio Puliafito,et al.  Exploring Container Virtualization in IoT Clouds , 2016, 2016 IEEE International Conference on Smart Computing (SMARTCOMP).

[30]  Johan Tordsson,et al.  Virtualization Techniques Compared: Performance, Resource, and Power Usage Overheads in Clouds , 2018, ICPE.

[31]  Jyh-Cheng Chen,et al.  Performance evaluation of Open5GCore over KVM and Docker by using Open5GMTC , 2018, NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium.