论文信息 - Querying Container Provenance

Querying Container Provenance

Containers are lightweight mechanisms for the isolation of operating system resources. They are realized by activating a set of namespaces. Given the use of containers in scientific computing, tracking and managing provenance within and across containers is becoming essential for debugging and reproducibility. In this work, we examine the properties of container provenance graphs that result from auditing containerized applications. We observe that the generated container provenance graphs are hypergraphs because one resource may belong to one or more namespaces. We examine the hierarchical behavior of PID, mount, and user namespaces, that are more commonly activated and show that even when represented as hypergraphs, the resulting container provenance graphs are acyclic. We experiment with recently published container logs and identify hypergraph properties.

A. Gehani | T. Malik | Moaz Reyad | A. Modi

[1] V. Yegneswaran,et al. PACED: Provenance-based Automated Container Escape Detection , 2022, 2022 IEEE International Conference on Cloud Engineering (IC2E).

[2] David M. Eyers,et al. Practical whole-system provenance capture , 2017, SoCC.

[3] Vanessa Sochat,et al. Singularity: Scientific containers for mobility of compute , 2017, PloS one.

[4] Garth N. Wells,et al. Containers for Portable, Productive, and Performant Scientific Computing , 2016, Computing in Science & Engineering.

[5] Blesson Varghese,et al. DocLite: A Docker-Based Lightweight Cloud Benchmarking Tool , 2016, 2016 16th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid).

[6] Paul T. Groth,et al. Provenance: An Introduction to PROV , 2013, Provenance.

[7] Ashish Gehani,et al. SPADE: Support for Provenance Auditing in Distributed Environments , 2012, Middleware.

[8] Amit P. Sheth,et al. Provenance Context Entity (PaCE): Scalable Provenance Tracking for Scientific RDF Data , 2010, SSDBM.

[9] Frank van Harmelen,et al. C-OWL: Contextualizing Ontologies , 2003, SEMWEB.

[10] Vinod Yegneswaran,et al. CLARION: Sound and Clear Provenance Tracking for Microservice Deployments , 2021, USENIX Security Symposium.

[11] A. Gehani,et al. Efficient Provenance Alignment in Reproduced Executions , 2020, TaPP.