• Title/Summary/Keyword: Container Runtime

Search Result 9, Processing Time 0.02 seconds

Security Assessment Technique of a Container Runtime Using System Call Weights

  • Yang, Jihyeok;Tak, Byungchul
    • Journal of the Korea Society of Computer and Information
    • /
    • v.25 no.9
    • /
    • pp.21-29
    • /
    • 2020
  • In this paper, we propose quantitative evaluation method that enable security comparison between Security Container Runtimes. security container runtime technologies have been developed to address security issues such as Container escape caused by containers sharing the host kernel. However, most literature provides only a analysis of the security of container technologies using rough metrics such as the number of available system calls, making it difficult to compare the secureness of container runtimes quantitatively. While the proposed model uses a new method of combining the degree of exposure of host system calls with various external vulnerability metrics. With the proposed technique, we measure and compare the security of runC (Docker default Runtime) and two representative Security Container Runtimes, gVisor, and Kata container.

Open Cloud Platform Ecosystem Strategy Using the Container Orchestration Platform (컨테이너 자동편성 플랫폼을 활용한 개방형 클라우드 플랫폼 생태계 전략)

  • Jung, Ki-Bong;Hyun, Jae-Uk;Yoon, Hee-Geun;Kim, Eun-Ju
    • Informatization Policy
    • /
    • v.26 no.3
    • /
    • pp.90-106
    • /
    • 2019
  • The cloud services market is growing rapidly from the on-premises environment to the cloud computing environment and the domestic cloud software market in Korea is expected to grow at a CAGR of around 15%. In Korea, research teams are providing open cloud platforms using open source software under the government taking the initiative, which intends to enhance the reliability and functionality of open cloud platforms, provide users with a world-class open cloud platform-based and developer-friendly environment that is managed on heterogeneous cloud infrastructure and supported by full-lifecycle management of application software. In this paper, we propose a method to utilize CaaS in the open cloud platform, through incorporating the platform with the container orchestration platform. Finally, by providing users with the application runtime and container runtime, it presents how the two platforms can coexist and cooperate in the same ecosystem.

Implementation of Opensource-Based Automatic Monitoring Service Deployment and Image Integrity Checkers for Cloud-Native Environment (클라우드 네이티브 환경을 위한 오픈소스 기반 모니터링 서비스 간편 배포 및 이미지 서명 검사기 구현)

  • Gwak, Songi;Nguyen-Vu, Long;Jung, Souhwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.4
    • /
    • pp.637-645
    • /
    • 2022
  • Cloud computing has been gaining popularity over decades, and container, a technology that is primarily used in cloud native applications, is also drawing attention. Although container technologies are lighter and more capable than conventional VMs, there are several security threats, such as sharing kernels with host systems or uploading/downloading images from the image registry. one of which can refer to the integrity of container images. In addition, runtime security while the container application is running is very important, and monitoring the behavior of the container application at runtime can help detect abnormal behavior occurring in the container. Therefore, in this paper, first, we implement a signing checker that automatically checks the signature of an image based on the existing Docker Content Trust (DCT) technology to ensure the integrity of the container image. Next, based on falco, an open source project of Cloud Native Computing Foundation(CNCF), we introduce newly created image for the convenience of existing falco image, and propose implementation of docker-compose and package configuration that easily builds a monitoring system.

A Novel Design of Cloud-based Management Solution for Android Containers

  • Xuan, Nam Pham Nguyen;Chun, Hojin;Jung, Souhwan
    • Journal of Internet Computing and Services
    • /
    • v.20 no.1
    • /
    • pp.67-75
    • /
    • 2019
  • The Android container is used for various purposes such as Bring Your Own Device (BYOD) solution and Android malware analysis. The strong point of android container than other technologies is it can simulate an android device like a real android phone on a hardware layer. Therefore, automatic management solutions for android container are necessary. This paper introduces a new design of cloud-based management solution for android containers. Through the proposal, android containers are managed automatically from a cloud platform - OpenStack with various tasks like: container configuration, deployment, destroy, android version, hardware device. In addition, the system monitoring and system statistics for android containers and hardware devices are also provided.

Continuous Migration Container System for Upgrading Object

  • Yoosanthiah, N.;Khunkitti, A.
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2004.08a
    • /
    • pp.960-964
    • /
    • 2004
  • During system resource improvement process that based on Object-Oriented technology could be affect to the continuous system performance if lack appropriate management and control objects mechanism. This paper proposes a methodology to support continuous system performance and its stability. The adoption is based on Java Container Framework and Collections Framework for object collection. Also includes Software Engineering, Object Migration and Multiple Class Loaders mechanism accommodate to construct Continuous Migration Container (CMC). CMC is a runtime environment provides interfaces for management and control to support upgrading object process. Upgrade object methodology of CMC can be divided into two phase are object equivalence checking and object migration process. Object equivalence checking include object behavior verification and functional conformance verification before object migration process. In addition, CMC use Multiple Class Loaders mechanism to support reload effected classes instead of state transfer in migration process while upgrading object. These operations are crucial for system stability and enhancement efficiency.

  • PDF

AutoScale: Adaptive QoS-Aware Container-based Cloud Applications Scheduling Framework

  • Sun, Yao;Meng, Lun;Song, Yunkui
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.6
    • /
    • pp.2824-2837
    • /
    • 2019
  • Container technologies are widely used in infrastructures to deploy and manage applications in cloud computing environment. As containers are light-weight software, the cluster of cloud applications can easily scale up or down to provide Internet-based services. Container-based applications can well deal with fluctuate workloads by dynamically adjusting physical resources. Current works of scheduling applications often construct applications' performance models with collected historical training data, but these works with static models cannot self-adjust physical resources to meet the dynamic requirements of cloud computing. Thus, we propose a self-adaptive automatic container scheduling framework AutoScale for cloud applications, which uses a feedback-based approach to adjust physical resources by extending, contracting and migrating containers. First, a queue-based performance model for cloud applications is proposed to correlate performance and workloads. Second, a fuzzy Kalman filter is used to adjust the performance model's parameters to accurately predict applications' response time. Third, extension, contraction and migration strategies based on predicted response time are designed to schedule containers at runtime. Furthermore, we have implemented a framework AutoScale with container scheduling strategies. By comparing with current approaches in an experiment environment deployed with typical applications, we observe that AutoScale has advantages in predicting response time, and scheduling containers to guarantee that response time keeps stable in fluctuant workloads.

Database PasS web service system using Docker

  • Hur, Tai-Sung
    • Journal of the Korea Society of Computer and Information
    • /
    • v.25 no.11
    • /
    • pp.51-58
    • /
    • 2020
  • Most of the students in computer-related departments work on projects, and it is essential to use a database for project execution. To use such a database, it is necessary to install a Database Management System. However, it takes several minutes (hours) to install a DBMS, and some DBMS require a difficult installation process. Therefore, in order to solve this problem, this study proposed a system that can easily install DBMS using Docker. Docker is an open source project that automates the deployment of Linux applications into software containers. Docker Container is wrapped in a complete file system that includes everything necessary for the execution of software, and includes code, runtime, system tools, system libraries, and anything that is installed on the server. This guarantees that they will always run the same regardless of the environment in which they are running. After creating a database using this proposed system, you can check the database access information on the web and check the server status in minutes. As a result of of implementing this proposed system and applying it to the projects of 10 teams, the installation time was reduced by 94.5% for Maria DBMS and 98.3% for Oracle DBMS than individual installation, confirming improved efficiency.

A Performance Analysis on HPC Task Using cgroups in Singularity Container Runtime Environment (Singularity 컨테이너 런타임 환경에서 cgroups 지정에 따른 HPC 작업의 성능 분석)

  • Song, ChungGeon;Gil, JoonMin;Lim, JongBeom
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2022.05a
    • /
    • pp.25-27
    • /
    • 2022
  • 컨테이너 런타임 환경에서 HPC 작업을 실행하는 수요가 증가하고 있으며, 이에 따라 컨테이너 자원 관리의 중요성이 높아지고 있다. 본 연구에서는 HPC 작업 실행에 최적화된 컨테이너 런타임 환경인 Singularity를 대상으로 cgroups 지정 여부에 따른 실행시간을 측정하는 실험을 진행하고 결과를 분석하였다. 이러한 결과는 Singularity 컨테이너 런타임 환경에서 다양한 HPC 작업을 운영할 시 성능 효율을 높일 수 있는 자원 관리 방향을 제시한다.

Performance Analysis of Sharing Library in Various Container Runtime Environments for Serverless Computing (서버리스 컴퓨팅을 위한 다양한 컨테이너 런타임 환경에서 라이브러리 공유 성능 분석)

  • Kim, Sejin;Yu, Heonchang
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2020.11a
    • /
    • pp.113-115
    • /
    • 2020
  • 서버리스 컴퓨팅에는 가상머신보다 가벼운 장점을 지닌 컨테이너 기술이 많이 사용되었다. 하지만 여러 사용자들의 어플리케이션이 하나의 서버 인스턴스를 공유해서 사용하기 때문에, 취약점으로 인해서 여러 문제점이 생길 수 있다. 이에 서버리스 컴퓨팅 제공자들은 서버리스 컴퓨팅에 적합하며 보안을 강조한 기술들을 발표하고 있다. 대표적으로 구글에서 개발한 샌드박스 형태의 컨테이너 런타임을 제공하는 gVisor 와 오픈스택 재단에서 개발한 Kata Containers 가 있다. 본 논문에서는 미리 준비된 라이브러리를 공유하여 서버리스 컴퓨팅의 콜드 스타트를 완화시키는 관점에서, gVisor와 Kata Containers 환경에서 라이브러리를 불러올 때 기존의 도커 컨테이너 환경과의 차이를 비교하고 분석한다.