论文信息 - Providing Security in Container-Based HPC Runtime Environments

Providing Security in Container-Based HPC Runtime Environments

Virtualization at the operating system level utilizing container technologies provides reduced performance overhead over Type-1 hypervisors for HPC and also adds many possibilities to significantly improve the often demanded flexibility of such an installation. This paper discusses technologies and concepts on several layers that can be applied to securely integrate container-based virtualization in a multitenant HPC environment, requiring both security and high performance.

Martin Knahl | Nathan L. Clarke | Christoph Reich | Holger Gantikow

[1] Christoph Reich,et al. Container-based Virtualization for HPC , 2015, CLOSER.

[2] T. Charles Clancy,et al. Intrusion Detection System for Applications Using Linux Containers , 2015, STM.

[3] Ramakrishnan Rajamony,et al. An updated performance comparison of virtual machines and Linux containers , 2015, 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS).

[4] Douglas Thain,et al. Integrating Containers into Workflows: A Case Study Using Makeflow, Work Queue, and Docker , 2015, VTDC@HPDC.

[5] T. Charles Clancy,et al. Applying Bag of System Calls for Anomalous Behavior Detection of Applications in Linux Containers , 2015, 2015 IEEE Globecom Workshops (GC Wkshps).

[6] Pablo Prieto,et al. The impact of Docker containers on the performance of genomic pipelines , 2015, PeerJ.

[7] Mohammad Kazem Akbari,et al. Performance analysis of virtualized environments using HPC Challenge benchmark suite and Analytic Hierarchy Process , 2014, 2014 Iranian Conference on Intelligent Systems (ICIS).

[8] Thanh Bui,et al. Analysis of Docker Security , 2015, ArXiv.

[9] Ryousei Takano,et al. Exploring the Performance Impact of Virtualization on an HPC Cloud , 2014, 2014 IEEE 6th International Conference on Cloud Computing Technology and Science.

[10] Carl Boettiger,et al. An introduction to Docker for reproducible research , 2014, OPSR.