IRJET- A Comprehensive Review on Security Issues and Challenges in Lightweight Container Communication (original) (raw)
Related papers
Container Performance and Vulnerability Management for Container Security Using Docker Engine
Security and Communication Networks
Containers have evolved to support microservice architecture as a low-cost alternative to virtual machines. Containers are increasingly prevalent in the virtualization landscape because of better working; containers can bear considerably less overhead than the conventional hypervisor-based component virtual machines. However, containers directly communicate with the host kernel, and attackers can co-locate containers in the host system quicker than virtual machines. This causes significant security issues in container technology. The security hardening system is currently targeted at implementing universal access management regulations that make it difficult to assess the required procedure for accessing containers. Security mechanisms include an explicit awareness of the purpose and actions of the container and entail manual interaction and configuration. A user-friendly container protection scheme implemented an access policy to comply with its anticipated and legitimate applicati...
Comparison between security majors in virtual machine and linux containers
ArXiv, 2015
Virtualization started to gain traction in the domain of information technology in the early 2000s when managing resource distribution was becoming an uphill task for developers. As a result, tools like VMWare, Hyper V (hypervisor) started making inroads into the software repository on different operating systems. VMWare and Hyper V could support multiple virtual machines running on them with each having their own isolated environment. Due to this isolation, the security aspects of virtual machines (VMs) did not differ much from that of physical machines (having a dedicated operating system on hardware). The advancement made in the domain of linux containers (LXC) has taken virtualization to an altogether different level where resource utilization by various applications has been further optimized. But the container security has assumed primary importance amongst the researchers today and this paper is inclined towards providing a brief overview about comparisons between security of...
A review of native container security for running applications
Procedia Computer Science, 2020
Containers offer an efficient solution allowing the application's isolation. Most of the papers dealing with the container's isolation focus on benchmarking container's solutions. However, in this study, we focus on a static comparison of different features proposed by container solutions. First, we will focus on the container's runtimes, then, we present the different solutions used in the study. The most common container solutions are compared, such as LXC, LXD, Singularity, Docker, Kata-containers, and gVisor. We consider container features as isolation, storage, network, and security capabilities. For each container feature, all container solutions will be compared to find the most efficient one. Finally, this paper compares the different default container configurations and attempts to find the most efficient container solution based on all compared features.
AN APPROACH OF EXPLOITING DOCKER CONTAINER SECURITY
IAEME PUBLICATION, 2020
Docker is an open-source platform that can be used for shipping, developing, and running the applications for quick delivery and easy management of the application. Docker improves the performance and efficiency as it uses a single kernel. By pulling the image from the Docker repository, the user can create multiple instances of the same image in the local machine. Hence, Docker containers have become very popular nowadays with its ease of use. However, the Docker containers are also prone to several security attacks due to the absence of hypervisor. This paper focuses on the process of running the application by creating the container. As the Docker, containers are prone to security attacks the paper also focuses on the security misconfiguration present in the Docker containers by considering an example of an elastic search container. The process of exploiting the elastic search container is also presented in this paper. The security vulnerabilities in the Docker occurs because of the configuration or the usage of insecure versions of the packages in the Docker images. Hence, the developer needs to be aware of the packages and need to use the non-vulnerable packages to build a secure image
CORE CONTAINER SECURITY FRAMEWORKS
IAEME PUBLICATION, 2020
With the introduction of Docker and Kubernetes, the container environment, along with DevOps, is evolving rapidly. The importance of container security has been highlighted by the discovery of new security vulnerabilities in container environments such as DIRTY COW (CVE-2016-5195) and RunC Container Escape (CVE-2019- 5736). Further, in February 2018, the system that used to be serviced in Amazon's AWS environment and that mined the cryptocurrency after Tesla's Kubernetes environment was hacked has become a significant issue. Despite these security threats, however, research into the container security framework is still in its early stages. Thus, the authors intend to analyze the existing container security framework to find deficiencies and to suggest the actual applicable container security framework by supplementing the items that need to be newly added. To this end, the security framework and solutions of three (3) Korean banks and one (1) credit card company collected between January and March of 2020 were analyzed to derive forty-four (44) solutions in five (5) areas to be migrated from the traditional security framework, while eight (8) criteria for analysis were prepared through an attack vector analysis of the container environment. Based on the above, finally, 20 solutions in 6 areas were derived and the core container security framework was presented.
2015
Over the last few years, the use of virtualization technologies has increased dramatically. This makes the demand for efficient and secure virtualization solutions become more obvious. Container-based virtualization and hypervisor-based virtualization are two main types of virtualization technologies that have emerged to the market. Of these two classes, container-based virtualization is able to provide a more lightweight and efficient virtual environment, but not without security concerns. In this paper, we analyze the security level of Docker, a well-known representative of container-based approaches. The analysis considers two areas: (1) the internal security of Docker, and (2) how Docker interacts with the security features of the Linux kernel, such as SELinux and AppArmor, in order to harden the host system. Furthermore, the paper also discusses and identifies what could be done when using Docker to increase its level of security.
Securing Vulnerabilities in Docker Images
International Journal of Innovative Engineering Applications, 2020
Review Paper Docker is an alternative application development and publishing infrastructure tool to various virtualization environments such as Virtual box and the like. The most popular containerization platform is Docker which is the area where Docker images are run. Container is a lightweight contrasting option to full machine virtualization that includes exemplifying an application in a container with its own working condition. These two concepts, virtualization and containerization are competing in the cloud-based environments. When virtualization became the mainstream, VM security concerns was common. IT Security experts are discussing the potential weaknesses of a virtualized environment for a long time. In this paper, focusing on Docker container, its vulnerabilities and possible measurements against security concerns, we have provided information about assessment of risks and vulnerabilities of containerization and the main differences between these two concepts via vulnerability analysis.
RESEARCH ON SECURITY OF DOCKER CONTAINERS & KUBERNETS CLUSTERS
2018
Docker is a tool designed to make it easier to create, deploy, and run applications by using containers (OpenSource,2017). Containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and ship it all out as one package. The Docker ecosystem has come a long way in 2017. Especially in security, we saw new features being launched, new products entering the market, and new best practices emerge. All this point to a 2018 that’s set to build on this progress and enable running extremely secure container workloads. A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings. Though a relative new technology there are very few articles and research as to how can we secure the docker container that are coming in the market. With the sudden increase in DevOps technology there is a need to explore the security concerns related to Docker container and shipping of them in a proper fashion. In this research we will discover the possible issues and how to mitigate them.
Containers-Based Network Services Deployment: A Practical Approach
Enfoque UTE, 2024
1-In recent years, virtualizing network services and functions has enabled optimizing hardware resources on resource-constrained devices, such as CPU, memory, and storage. Traditional virtualization is achieved through virtual machines using a layer known as a hypervisor. While this form of virtualization offers advantages such as scalability and portability, it has disadvantages in terms of performance compared to nonvirtualized deployments. In this context, alternative virtualization technologies (like containers) allow virtualization on the same physical infrastructure, improving overall performance, portability, and service scalability. This paper implements the deployment of network services on the Raspberry Pi development platform, which has limited resources. This is achieved through a multi-container virtualization solution using the Docker Compose tool, based on Docker containerization technology. Finally, a performance analysis of the implemented virtualization solution is conducted in terms of resource utilization by each service. pp. 36-44