• Title/Summary/Keyword: Linux container

Search Result 16, Processing Time 0.024 seconds

Design and Implementation of I/O Performance Benchmarking Framework for Linux Container

  • Oh, Gijun;Son, Suho;Yang, Junseok;Ahn, Sungyong
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.13 no.1
    • /
    • pp.180-186
    • /
    • 2021
  • In cloud computing service it is important to share the system resource among multiple instances according to user requirements. In particular, the issue of efficiently distributing I/O resources across multiple instances is paid attention due to the rise of emerging data-centric technologies such as big data and deep learning. However, it is difficult to evaluate the I/O resource distribution of a Linux container, which is one of the core technologies of cloud computing, since conventional I/O benchmarks does not support features related to container management. In this paper, we propose a new I/O performance benchmarking framework that can easily evaluate the resource distribution of Linux containers using existing I/O benchmarks by supporting container-related features and integrated user interface. According to the performance evaluation result with trace-replay benchmark, the proposed benchmark framework has induced negligible performance overhead while providing convenience in evaluating the I/O performance of multiple Linux containers.

Performance Comparison and Analysis of Container-based Host Operating Systems for sending and receiving High-capacity data on Server Systems

  • Kim, Sungho;Kwon, Oeon;Kim, Jung Han;Byeon, JiHyeon;Hwang, Sang-Ho
    • Journal of the Korea Society of Computer and Information
    • /
    • v.27 no.7
    • /
    • pp.65-73
    • /
    • 2022
  • Recently, as the Windows system supports the Windows subsystem for Linux (WSL), various researchers have studied to apply a docker container on various systems such as server systems, workstation system and so on. However, in various existing researchers, there is a lack of performance-related indicators to apply the system to each operating system (linux system and windows system). In this paper, we compared a performance comparison and analysis of container-based host operating systems. We configured experimental environments of operating systems for microsoft windows systems and linux systems based on a docker container support. In experimental results, the containers of linux systems reduced the average data latency of dataset 1-6 by 3.9%, 62.16%, 1552.38%, 7.27%, 60.83%, and 1567.2%, compared to the containers on microsoft windows systems.

Building Software Research Environment using Linux Container and Version Control System (리눅스 컨테이너와 버전 관리 시스템을 이용한 소프트웨어 연구 환경 구축)

  • Ha, Wansoo
    • Geophysics and Geophysical Exploration
    • /
    • v.24 no.2
    • /
    • pp.45-52
    • /
    • 2021
  • With advancements in software technology, more scientists and engineers are employing computer software and programming tools for research. However, several issues can arise in software-based research: environment setting, reproducibility, and loss of source codes. This study investigates the use of Linux containers and version control systems to prevent these problems. Managing research projects using a cloud source-code repository and building a research environment in a Linux container can prevent the abovementioned problems and make research collaboration easier. For researchers with no experience with Linux containers, a repository of project template containing shell scripts for building and running containers has been released.

Access Control using Secured Container-based Virtualization (보안 컨테이너 가상화 기반 접근 제어)

  • Jeong, Dong-hwa;Lee, Sunggyu;Shin, Youngsang;Park, Hyuncheol
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2017.10a
    • /
    • pp.330-334
    • /
    • 2017
  • Container-based virtualization reduces performance overhead compared with other virtualization technologies and guarantees an isolation of each virtual execution environment. So, it is being studied to block access to host resources or container resources for sandboxing in restricted system resource like embedded devices. However, because security threats which are caused by security vulnerabilities of the host OS or the security issues of the host environment exist, the needs of the technology to prevent an illegal accesses and unauthorized behaviors by malware has to be increased. In this paper, we define additional access permissions to access a virtual execution environment newly and control them in kernel space to protect attacks from illegal access and unauthorized behaviors by malware and suggest the Container Access Control to control them. Also, we suggest a way to block a loading of unauthenticated kernel driver to disable the Container Access Control running in host OS by malware. We implement and verify proposed technologies on Linux Kernel.

  • PDF

A Study on the Software Simulation Test of the Joint Tactical Data Link System Using the Linux Container Environment (LXC 환경을 이용한 한국형 합동 전술데이터링크체계의 소프트웨어 모의시험에 관한 연구)

  • Hyeong-Seok Ham;Young-Hoon Goo;Dae-Young Song
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.18 no.6
    • /
    • pp.1125-1132
    • /
    • 2023
  • The importance of networks is gradually expanding in the battlefield environment. As time goes by, the types of tactical data links used in the Korean JTDLS are increasing, and the military's weapon systems equipped with tactical data link systems are increasing. Thorough quality verification is required to provide stable software to the wider battlefield. This study examines how to prepare an environment in which various simulation tests to verify the stability of the Korean JTDLS project can be conducted as diverse as possible using minimal physical space and Hardware resources. Through this, it is possible to improve the completeness of the project and secure the stability of the program, and it is intended to contribute to securing higher stability and reliability by securing maximum test capabilities in a limited test environment even in Linux based system project of a similar environment.

Dynamic Bandwidth Distribution Method for High Performance Non-volatile Memory in Cloud Computing Environment (클라우드 환경에서 고성능 저장장치를 위한 동적 대역폭 분배 기법)

  • Kwon, Piljin;Ahn, Sungyong
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.20 no.3
    • /
    • pp.97-103
    • /
    • 2020
  • Linux Cgroups takes a fundamental role for sharing system resources among multiple containers on container-based cloud computing environment. Especially for I/O resource, Linux Cgroups supports a mechanism for sharing I/O bandwidth in proportion to I/O weight. However, the current mechanism of Linux Cgroups using BFQ I/O scheduler seriously degrades the I/O performance with high bandwidth storage device such as NVMe SSDs. In this paper, we proposed a new feedback based I/O bandwidth sharing scheme for Linux Cgroups which allocates I/O credits to containers according to I/O weights and adjusts the amount of credits to performance fluctuation of NVMe SSDs. The proposed scheme is implemented on Linux kernel 5.3 and evaluated. The evaluation results show that it can share the I/O bandwidth among multiple containers proportionally to I/O weights while improving I/O performance more than twice as high as the existing scheme.

Kubernetes of cloud computing based on STRIDE threat modeling (STRIDE 위협 모델링에 기반한 클라우드 컴퓨팅의 쿠버네티스(Kubernetes)의 보안 요구사항에 관한 연구)

  • Lee, Seungwook;Lee, Jaewoo
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.26 no.7
    • /
    • pp.1047-1059
    • /
    • 2022
  • With the development of cloud computing technology, container technology that provides services based on a virtual environment is also developing. Container orchestration technology is a key element for cloud services, and it has become an important core technology for building, deploying, and testing large-scale containers with automation. Originally designed by Google and now managed by the Linux Foundation, Kubernetes is one of the container orchestrations and has become the de facto standard. However, despite the increasing use of Kubernetes in container orchestration, the number of incidents due to security vulnerabilities is also increasing. Therefore, in this paper, we study the vulnerabilities of Kubernetes and propose a security policy that can consider security from the initial development or design stage through threat analysis. In particular, we intend to present a specific security guide by classifying security threats by applying STRIDE threat modeling.

Analysis of the Impact of Host Resource Exhaustion Attacks in a Container Environment (컨테이너 환경에서의 호스트 자원 고갈 공격 영향 분석)

  • Jun-hee Lee;Jae-hyun Nam;Jin-woo Kim
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.1
    • /
    • pp.87-97
    • /
    • 2023
  • Containers are an emerging virtualization technology that can build an isolated environment more lightweight and faster than existing virtual machines. For that reason, many organizations have recently adopted them for their services. Yet, the container architecture has also exposed many security problems since all containers share the same OS kernel. In this work, we focus on the fact that an attacker can abuse host resources to make them unavailable to benign containers-also known as host resource exhaustion attacks. Then, we analyze the impact of host resource exhaustion attacks through real attack scenarios exhausting critical host resources, such as CPU, memory, disk space, process ID, and sockets in Docker, the most popular container platform. We propose five attack scenarios performed in several different host environments and container images. The result shows that three of them put other containers in denial of service.

A Study on A Web-Based DevOps Platform Using Linux Container (리눅스 컨테이너를 이용한 웹기반의 DevOps 플랫폼 연구)

  • Chung, Geunhoon;Park, Junseok;Lee, Geuk
    • Journal of the Korea Convergence Society
    • /
    • v.10 no.12
    • /
    • pp.71-80
    • /
    • 2019
  • DevOps is a combining which means giving a diverse environments for software development and operations through whole software lifecycle. The key value of the proposed DevOps platform is the fast and stable service capability for a software development and operation environment. To do this, the DevOps gives pre-embedded 7 programming languages-Java, C/C++, Python, PHP, Ruby, Node.js, goLang and 7 service frameworks - Korea eGov Framework, Spring, Struts, Django, Laravel, Rails, Express. With the DevOps platform, it is possible to develop a software and also to build and distribute operation packages directly with the Linux containers. In this paper, the performance evaluation for a compile time, a distribution time and a processing capability is will be also proved. Though the performance evaluation, this paper shows capabilities of the proposed DevOps for Cloud services with commercial service level, prospectively.

Comparative Analysis of the Virtual Machine and Containers Methods through the Web Server Configuration (웹 서버 구성을 통한 가상머신과 컨테이너 방식 비교 분석)

  • Bae, Yu-Mi;Jung, Sung-Jae;Soh, Woo-Young
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.18 no.11
    • /
    • pp.2670-2677
    • /
    • 2014
  • The technique of virtual machine construction using hypervisor such as Xen and KVM is mainly used for implementation of cloud computing infrastructure. This technique is efficient in allocating and managing resources compared to the existing operation methods. However it requires high resource usage when constructing virtual machines and results in wasting of resources when not using the allocated resources. Docker is a technique based on the container method to resolve such a problem. This paper shows the container method such as Docker is efficient as a web construction technique by comparing virtual machine method to container method. It is shown to be especially useful when storing data into DB or storage devices in such environments of web server or program development. In the upcoming cloud computing environment the container method such as Docker is expected to improve the resource efficiency and the convenience of management.