Building the IBM Containers cloud service (original) (raw)
Related papers
Security Best Practices for Containerized Applications
Containerized applications have revolutionized software development by enabling consistent, scalable, and efficient deployment. However, the security of these applications is paramount to prevent vulnerabilities and breaches. This paper explores the best practices for securing containerized applications, addressing image security, runtime security, network security, access control, configuration management, monitoring, and compliance. Through detailed analysis and real-world case studies, this paper provides a comprehensive guide to enhancing the security posture of containerized environments. [1]
A review of native container security for running applications
Procedia Computer Science, 2020
Containers offer an efficient solution allowing the application's isolation. Most of the papers dealing with the container's isolation focus on benchmarking container's solutions. However, in this study, we focus on a static comparison of different features proposed by container solutions. First, we will focus on the container's runtimes, then, we present the different solutions used in the study. The most common container solutions are compared, such as LXC, LXD, Singularity, Docker, Kata-containers, and gVisor. We consider container features as isolation, storage, network, and security capabilities. For each container feature, all container solutions will be compared to find the most efficient one. Finally, this paper compares the different default container configurations and attempts to find the most efficient container solution based on all compared features.
The implementation of Container as a Service (CaaS) cloud using openSUSE kubic
Global Journal of Engineering and Technology Advances, 2021
Currently, software development based on Development and Operations (DevOps) generally uses containers and Cloud Computing to support portability, reliability, scalability, and security. One combination of these two technologies is Container as a Service (CaaS) Cloud. From a number of previous researches, no one has studied the technical implementation and deployment of CaaS using openSUSE Kubic based on the Linux kernel and Linux operating system, as well as testing in it using Pods from the service and replication side. The test results prove that openSUSE Kubic is very easy and reliable to use for CaaS implementation and deployment, so it is very helpful for software developers in realizing software development more scalable and faster.
Container Performance and Vulnerability Management for Container Security Using Docker Engine
Security and Communication Networks
Containers have evolved to support microservice architecture as a low-cost alternative to virtual machines. Containers are increasingly prevalent in the virtualization landscape because of better working; containers can bear considerably less overhead than the conventional hypervisor-based component virtual machines. However, containers directly communicate with the host kernel, and attackers can co-locate containers in the host system quicker than virtual machines. This causes significant security issues in container technology. The security hardening system is currently targeted at implementing universal access management regulations that make it difficult to assess the required procedure for accessing containers. Security mechanisms include an explicit awareness of the purpose and actions of the container and entail manual interaction and configuration. A user-friendly container protection scheme implemented an access policy to comply with its anticipated and legitimate applicati...
ArXiv, 2018
Container technologies, like Docker, are becoming increasingly popular. Containers provide exceptional developer experience because containers offer lightweight isolation and ease of software distribution. Containers are also widely used in production environments, where a different set of challenges arise such as security, networking, service discovery and load balancing. Container cluster management tools, such as Kubernetes, attempt to solve these problems by introducing a new control layer with the container as the unit of deployment. However, adding a new control layer is an extra configuration step and an additional potential source of runtime errors. The virtual machine technology offered by cloud providers is more mature and proven in terms of security, networking, service discovery and load balancing. However, virtual machines are heavier than containers for local development, are less flexible for resource allocation, and suffer longer boot times. This paper presents an al...
Multilevel Secure Container Deployment Framework in Edge Computing
Communications in Computer and Information Science, 2021
Large scale distributed IOT applications like smart city, smart building etc. are becoming a reality. The microservice architectural pattern is now becoming common for its ease of development and is also used in edge systems. In order to secure containers, the gVisor container framework is emerging as an alternative to the standard Docker container, but has increased performance overheads in the network stack and file system processing. In this paper, we first characterize the performance of gVisor containers running real programs and demonstrate the loss in performance. Next, we propose a multi-level container deployment framework that chooses the right container framework trading off between performance and security based on the containers use in a microservice application. We demonstrate that using our framework, it is possible to ensure security with a relatively lower impact on performance.
CONTAINERIZED WEB APPLICATION AND DEPLOYMENT ON CLOUD
ijetrm journal , 2020
Over the last few years, Cloud has gradually earned the reputation of being the holy grail of application delivery. Anyone who enters the cloud today would find it tough to choose between the plurality of cloud service providers and face the issue of lock-in.Virtualization based on containers improves the performance and reliability in contrast with traditional hypervisors, since additional resources are removed for operating system. The virtualization based on container fits in a situation where a single operating system is required.It is better to deploy the applications on redundant infrastructure across several zones and spread the workload using load balancing option to secure cloud services against failures and natural disasters. Kubernetes is an open source framework that helps in deployment, maintenance and scaling of container based applications across a host cluster. INTRODUCTION Cloud computing is a digital model that develops and makes the use of IT simpler for customers every day. It provides consumers streamlined applications remotely and in a way that can be accessed on a daily basis. This software can be accessed by as many people as allowed within an entity without having to bother with the maintenance of such an application. It also offers a platform for developing and installing user applications like their storage space and database without disrupting the operating system underlying it.
Containers-Based Network Services Deployment: A Practical Approach
Enfoque UTE, 2024
1-In recent years, virtualizing network services and functions has enabled optimizing hardware resources on resource-constrained devices, such as CPU, memory, and storage. Traditional virtualization is achieved through virtual machines using a layer known as a hypervisor. While this form of virtualization offers advantages such as scalability and portability, it has disadvantages in terms of performance compared to nonvirtualized deployments. In this context, alternative virtualization technologies (like containers) allow virtualization on the same physical infrastructure, improving overall performance, portability, and service scalability. This paper implements the deployment of network services on the Raspberry Pi development platform, which has limited resources. This is achieved through a multi-container virtualization solution using the Docker Compose tool, based on Docker containerization technology. Finally, a performance analysis of the implemented virtualization solution is conducted in terms of resource utilization by each service. pp. 36-44
Cryptology and Network Security, 2016
With the advancements in multi-core CPU architectures, it is now possible for a server operating system (OS) such as Linux to handle a large number of concurrent application services on a single server instance. Individual service components of such services may run in different isolated environments, such as chrooted jails or application containers, and may need controlled access to system resources and the ability to collaborate and coordinate with each other in a regulated and secure manner. In an earlier work, we motivated the need for an access control framework that is based on the principle of least privilege for formulation, management, and enforcement of policies that allows controlled access to system resources and also permits controlled collaboration and coordination for service components deployed in disjoint containerized environments under a single OS instance. The current work provides a more in-depth treatment of secure inter-component communication in such environments. We show the policies needed for such communication and demonstrate how they can be enforced through a Linux Policy Machine that acts as the centralized reference monitor. The inter-component interaction occurs through the persistent layer using a tuple space abstraction. We implemented a tuple space library that provides operations on the tuple space. We present preliminary experimental results of its implementation that discuss the resource usage and performance. Keywords: Access control • Data and application security • Denial of service protection • Distributed systems security • Security architectures This work was supported by a grant from NIST under award no. 70NANB15H264, 60NANB16D249 and 60NANB16D250.