Container Performance and Vulnerability Management for Container Security Using Docker Engine

Containers have evolved to support microservice architecture as a low-cost alternative to virtual machines. Containers are increasingly prevalent in the virtualization landscape because of better working; containers can bear considerably less overhead than the conventional hypervisor-based component virtual machines. However, containers directly communicate with the host kernel, and attackers can co-locate containers in the host system quicker than virtual machines. This causes significant security issues in container technology. The security hardening system is currently targeted at implementing universal access management regulations that make it difficult to assess the required procedure for accessing containers. Security mechanisms include an explicit awareness of the purpose and actions of the container and entail manual interaction and configuration. A user-friendly container protection scheme implemented an access policy to comply with its anticipated and legitimate application performance. In this study, container technology constraints have been overcome by proposing a unique Docker-sec mechanism. Docker-sec uses four mechanisms; the original collection has been improved during container runtime by additional rules that constrain the capacity of the container, further representing the applications in practice, file system, processes, network isolation, and vulnerability scanning of Docker images over different workload. Different vulnerabilities have been scanned with a CVE severity level. Results showed that inter-container communication with the system is more secure containers from zero vulnerabilities with an overhead of 3.45%.

[1]  Igor V. Kotenko,et al.  CPE and CVE based Technique for Software Security Risk Assessment , 2021, 2021 11th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS).

[2]  Jinjun Chen,et al.  A Multicloud-Model-Based Many-Objective Intelligent Algorithm for Efficient Task Scheduling in Internet of Things , 2021, IEEE Internet of Things Journal.

[3]  Weizhong Qiang,et al.  Optimizing the copy-on-write mechanism of docker by dynamic prefetching , 2021 .

[4]  Guilherme Piegas Koslovski,et al.  Time-constrained and network-aware containers scheduling in GPU era , 2021, Future Gener. Comput. Syst..

[5]  Priteshkumar Prajapati,et al.  A Review on Secure Data Deduplication: Cloud Storage Security Issue , 2020, J. King Saud Univ. Comput. Inf. Sci..

[6]  Eduardo Lalla-Ruiz,et al.  Modeling and solving cloud service purchasing in multi-cloud environments , 2020, Expert Syst. Appl..

[7]  JONG-HYOUK LEE,et al.  DIVDS: Docker Image Vulnerability Diagnostic System , 2020, IEEE Access.

[8]  Piotr Dziurzanski,et al.  Scalable distributed evolutionary algorithm orchestration using Docker containers , 2020, J. Comput. Sci..

[9]  Mikhail M. Rovnyagin,et al.  ML-based Heterogeneous Container Orchestration Architecture , 2020, 2020 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus).

[10]  Corrado Santoro,et al.  Wale: A solution to share libraries in Docker containers , 2019, Future Gener. Comput. Syst..

[11]  Fernando M. V. Ramos,et al.  Secure Multi-Cloud Network Virtualization , 2019, Comput. Networks.

[12]  Antonio Lioy,et al.  Integrity verification of Docker containers for a lightweight cloud environment , 2019, Future Gener. Comput. Syst..

[13]  Germán Moltó,et al.  A framework and a performance assessment for serverless MapReduce on AWS Lambda , 2019, Future Gener. Comput. Syst..

[14]  Mohamed Mohamed,et al.  Extensible persistence as a service for containers , 2019, Future Gener. Comput. Syst..

[15]  Xiaohui Gu,et al.  A Study on Container Vulnerability Exploit Detection , 2019, 2019 IEEE International Conference on Cloud Engineering (IC2E).

[16]  Tassos Dimitriou,et al.  Container Security: Issues, Challenges, and the Road Ahead , 2019, IEEE Access.

[17]  Zhan Xu,et al.  Implementation of NRF in the Docker‐based NFV platform , 2019, The Journal of Engineering.

[18]  Tahir Alyas,et al.  Intelligent reliability management in hyper-convergence cloud infrastructure using fuzzy inference system , 2018, EAI Endorsed Trans. Scalable Inf. Syst..

[19]  Roberto Di Pietro,et al.  Docker ecosystem - Vulnerability Analysis , 2018, Comput. Commun..

[20]  Alfonso Pérez,et al.  Serverless computing for container-based architectures , 2018, Future Gener. Comput. Syst..

[21]  Omer F. Rana,et al.  Characterising resource management performance in Kubernetes , 2018, Comput. Electr. Eng..

[22]  Roberto Morabito,et al.  Virtualization on Internet of Things Edge Devices With Container Technologies: A Performance Evaluation , 2017, IEEE Access.

[23]  William Enck,et al.  A Study of Security Vulnerabilities on Docker Hub , 2017, CODASPY.

[24]  Jiafeng Zhu,et al.  Application Oriented Dynamic Resource Allocation for Data Centers Using Docker Containers , 2017, IEEE Communications Letters.

[25]  Roberto Di Pietro,et al.  To Docker or Not to Docker: A Security Perspective , 2016, IEEE Cloud Computing.

[26]  Pirawat Watanapongse,et al.  Time-related vulnerability lookahead extension to the CVE , 2016, 2016 13th International Joint Conference on Computer Science and Software Engineering (JCSSE).

[27]  Bukhary Ikhwan Ismail,et al.  Evaluation of Docker as Edge computing platform , 2015, 2015 IEEE Conference on Open Systems (ICOS).

[28]  João Pedro Dias,et al.  Developing Docker and Docker-Compose Specifications: A Developers’ Survey , 2022, IEEE Access.

[29]  Ali Tufail,et al.  Live Migration of Virtual Machines Using a Mamdani Fuzzy Inference System , 2022, Computers, Materials & Continua.

[30]  Tahir Alyas,et al.  QoS Based Cloud Security Evaluation Using Neuro Fuzzy Model , 2022, Computers, Materials & Continua.

[31]  Tahir Alyas,et al.  Hyper-Convergence Storage Framework for EcoCloud Correlates , 2022, Computers, Materials & Continua.

[32]  Tahir Alyas,et al.  Prediction of Cloud Ranking in a Hyperconverged Cloud Ecosystem Using Machine Learning , 2021 .

[33]  Harrison John Bhatti,et al.  An Introduction to Docker and Analysis of its Performance , 2017 .

[34]  T. Alyas,et al.  Resource Based Automatic Calibration System (RBACS) Using Kubernetes Framework , 2022, Intelligent Automation & Soft Computing.