Global ETD Search

51	A Security Evaluation Methodology for Container Images Abbott, Brendan Michael 01 March 2017 (has links) The goal of this research is to create a methodology that evaluates the security posture of container images and helps improve container security. This was done by first searching for any guidelines or standards that focus on container images and security. After finding none, I decided to create an evaluative methodology. The methodology is composed of actions that users should take to evaluate the security of a container image. The methodology was created through in-depth research on container images and the build instructions used to create them and is referred to as the Security Evaluation Methodology for Container Images. The entire Methodology was reviewed by experts in containers, information technology, and security; updated based on their feedback; and then reviewed again for further feedback. Four of the most popular container images—nginx, redis, mbabineau/cfn-bootstrap, and google/cadvisor—were evaluated using the Methodology. The evaluation revealed security issues in each image and provided direction on how to resolve each issue. Based on the positive feedback of experts and the performance of the Methodology, I propose that the Methodology be used to evaluate all container images, as it provides valuable security insights about, and suggestions for, an image. container image methodology security static analysis docker rkt rocket dockerfile build instructions Systems Engineering
52	Moving Target Defense Using Live Migration of Docker Containers January 2017 (has links) abstract: Today the information technology systems have addresses, software stacks and other configuration remaining unchanged for a long period of time. This paves way for malicious attacks in the system from unknown vulnerabilities. The attacker can take advantage of this situation and plan their attacks with sufficient time. To protect our system from this threat, Moving Target Defense is required where the attack surface is dynamically changed, making it difficult to strike. In this thesis, I incorporate live migration of Docker container using CRIU (checkpoint restore) for moving target defense. There are 460K Dockerized applications, a 3100% growth over 2 years[1]. Over 4 billion containers have been pulled so far from Docker hub. Docker is supported by a large and fast growing community of contributors and users. As an example, there are 125K Docker Meetup members worldwide. As we see industry adapting to Docker rapidly, a moving target defense solution involving containers is beneficial for being robust and fast. A proof of concept implementation is included for studying performance attributes of Docker migration. The detection of attack is using a scenario involving definitions of normal events on servers. By defining system activities, and extracting syslog in centralized server, attack can be detected via extracting abnormal activates and this detection can be a trigger for the Docker migration. / Dissertation/Thesis / Masters Thesis Computer Science 2017 Computer science containers criu docker moving target defense proof of concept security
53	Distributed Checkpointing with Docker Containers in High Performance Computing Berg, Gustaf, Brattlöf, Magnus January 2017 (has links) Container-virtualisering har blivit mer och mer använt efter att uppdateringar till cgroups och namespace-funktionerna släpptes i Linuxkärnan. Samtidigt så lider industrins högpresterande beräkningskluster av dyra licenskostnader som skulle kunna hanteras av virtualisering. I den här uppsatsen utformades experiment för att ta reda på om Dockers funktion checkpoint, som fortfarande är under utveckling, skulle kunna utnyttjas i industrins beräkningskluster. Genom att demonstrera detta koncept och dess möjligheter att pausa distribuerade containrar, som kör parallella processer inuti, användes den välkända NAS Parallel Benchmarken (NPB) fördelad över två test-maskiner. Sedan så pausades containrar i olika ordningar och Docker lyckas återuppta benchmarken utan problem både lokalt och distribuerat. Om man försiktigt överväger ordningen som man skriver ner containers till disk (checkpoint) så går det utan problem att återuppta benchmarken lokalt på samma maskin. Slutligen så visar vi även att distribuerade containrar kan återupptas på en annan maskin än där den startade med hög framgång. Dockers prestanda, möjligheter och flexibilitet lämpar sig i framtidens industriella högpresterande kluster där man mycket väl kan köra sina applikationer i containrar istället för att köra dom på det traditionella sättet, direkt på hårdvaran. Genom användning av Docker-containers kan man hantera problemet med dyra licenskostnader och prioriteringar. / Lightweight container virtualization has gained widespread adoption in recent years after updates to namespace and cgroups features in the Linux kernel. At the same time the Industrial High Performance community suffers from expensive licensing costs that could be managed with virtualization. To demonstrate that Docker could be used for suspending distributed containers with parallel processes, experiments were designed to find out if the experimental checkpoint feature is ready for this community. We run the well-known NAS Parallel Benchmark (NPB) inside containers spread over two systems under test to prove this concept. Then, pausing containers and unpausing them in different sequence orders we were able resume the benchmark. After that, we further demonstrate that if you carefully consider the order in which you Checkpoint/Restore containers, then the checkpoint feature is also able to resume the benchmark successfully. Finally, the concept of restoring distributed containers, running the benchmark, on a different system from where it started was proven to be working with a high success rate. Our tests demonstrate the performance, possibilities and flexibilities of Dockers future in the industrial HPC community. This might very well tip the community over to running their simulations and virtual engineering-applications inside containers instead of running them on native hardware. Industrial HPC HPCC Suspend Pause Checkpoint Docker CRIU Elektroteknik och elektronik
54	Clustered Data Management in Virtual Docker Networks Spanning Geo-Redundant Data Centers : A Performance Evaluation Study of Docker Networking Alansari, Hayder January 2017 (has links) Software containers in general and Docker in particular is becoming more popular both in software development and deployment. Software containers are intended to be a lightweight virtualization that provides the isolation of virtual machines with a performance that is close to native. Docker does not only provide virtual isolation but also virtual networking to connect the isolated containers in the desired way. Many alternatives exist when it comes to the virtual networking provided by Docker such as Host, Macvlan, Bridge, and Overlay networks. Each of these networking solutions has its own advantages and disadvantages. One application that can be developed and deployed in software containers is data grid system. The purpose of this thesis is to measure the impact of various Docker networks on the performance of Oracle Coherence data grid system. Therefore, the performance metrics are measured and compared between native deployment and Docker built-in networking solutions. A scaled-down model of a data grid system is used along with benchmarking tools to measure the performance metrics. The obtained results show that changing the Docker networking has an impact on performance. In fact, some results suggested that some Docker networks can outperform native deployment. The conclusion of the thesis suggests that if performance is the only consideration, then Docker networks that showed high performance can be used. However, real applications require more aspects than performance such as security, availability, and simplicity. Therefore Docker network should be carefully selected based on the requirements of the application. Docker Container Performance Networking Data grid Benchmarking Virtualization Computer Sciences Datavetenskap (datalogi)
55	Lightweight Environment for Cyber Security Education Oliparambil Shanmughan, Vivek 09 August 2017 (has links) The use of physical systems and Virtual Machines has become inefficient and expensive for creating tailored, hands-on exercises for providing cyber security training. The main purpose of this project is to directly address these issues faced in cyber security education with the help of Docker containers. Using Docker, a lightweight and automated platform was developed for creating, sharing, and managing hands-on exercises. With the help of orchestration tools, this platform provides a centralized point to monitor and control the systems and exercises with a high degree of automation. In a classroom/lab environment, this infrastructure enables instructors and students not only to share exercises but also helps create and deploy exercises more easily. By streamlining the end to end delivery and deployment of the exercises, instructors can now efficiently make use of the class/lab hours in educating the students rather than performing system administration tasks. Information Security
56	Remote robot control from Docker Campo Prieto, Irene January 2020 (has links) Currently, we witness a new phase of digitization which is fueled by the development of Internet-connected smart sensors (Internet of Things - IoT). Also, about the processing of large data volumes that they create using Big Data analytics, leveraging the compute resources from the Cloud and Edge-based systems. For data exchange in the IoT world, typically lightweight communication protocols such as Message Queuing Telemetry Transport (MQTT) are used which are based on publisher/subscriber communication pattern where a broker mediates data among interested parties. In order to provide reliable communication, MQTT provides different Quality of Service (QoS) mechanisms. MQTT publishers, subscribers and brokers can be deployed inside containers on virtualized infrastructure to facilitate large-scale virtualized compute frameworks from the cloud for scalable data analytics. However, each docker containers requires a specific amount of resources to provide the required response time.In this thesis, we evaluate the impact of resource sharing due to the virtualized deployment of MQTT components on latency and response time of IoT applications. We deploy a testbed of Arduino and Raspberry Pi devices that host MQTT clients to pull sensor data towards MQTT clients inside the cloud. We also evaluate the impact of different QoS levels at the MQTT protocol on latency. Our results indicate that proper resource allocation and QoS parametrization is important for maintaining low and stable latency. IoT MQTT Docker Engineering and Technology Teknik och teknologier Computer and Information Sciences Data- och informationsvetenskap
57	Network Virtualization and Emulation using Docker, OpenvSwitch and Mininet-based Link Emulation Prabhu, Narendra 18 December 2020 (has links) With the advent of virtualization and artificial intelligence, research on networked systems has progressed substantially. As the technology progresses, we expect a boom in not only the systems research but also in the network of systems domain. It is paramount that we understand and develop methodologies to connect and communicate among the plethora of devices and systems that exist today. One such area is mobile ad-hoc and space communication, which further complicates the task of networking due to myriad of environmental and physical conditions. Developing and testing such systems is an important step considering the large investment required to build such gigantic communication arrangements. We address two important aspects of network emulation in this work. We propose a network emulation framework, which emulates the functioning of a hierarchical software defined network. One such use-case is described using a mobile ad-hoc network (MANET) topology within a single system by leveraging contemporary network virtualization technologies. We present various aspects of the network, such as the dynamic communication in the software domain and provide a novel approach to build upon existing emulation techniques. The second part of the thesis presents a dynamic network link emulator. This emulator enables suitable link property re-configurations such as bandwidth, delay and packet loss for networked systems using simulation software. We characterize the results of tests for the link emulation using a hardware and software testbed. Through this thesis, we aim to make a small yet crucial contribution to the niche area of software defined networks. Network Virtualization Docker Containers SDN Emulator Mobile area Network Computer and Systems Architecture Digital Communications and Networking
58	Containerizing WebAssembly : Considering WebAssembly Containers on IoT Devices as Edge Solution Eriksson, Fredrik, Grunditz, Sebastian January 2021 (has links) This paper will explore the speed of execution, memory foot-print and the maturity of WebAssembly Runtimes (WasmRT).For this study, the WasmRT will be Wasmer1and Wasmtime.2Initially, benchmarks were run on a Raspberry Pi 3 model Bto simulate a more hardware capable IoT-device. Tests per-formed on a Raspberry Pi shows that there are many instanceswhere a WasmRT outperforms a similar Docker+C solution.WasmRT has a very clear use case for IoT devices, specifi-cally short jobs, the results from our research will show thatWasmRT can be up to almost 70 times as fast as a similarDocker solution. WasmRT has a very strong use case thatother container solutions can not contend with. This paperwill show how effective a lightweight, portable, and fast Was-merRT can be, but also to highlight its pain points and whenother container solutions may make more sense WebAssembly WASI Wasmer WasmTime native benchmark IoT Docker Edge Containerization Computer Sciences Datavetenskap (datalogi)
59	Aplikace pro monitorování sítí / Application for Monitoring of IP Networks Šmalec, Ondřej January 2019 (has links) Diplomová práce popisuje vytvoření aplikace pro monitorování síťových zařízení. Výsledky jsou zobrazené jako grafické uživatelské rozhraní společně s vykreslenou topologií. Aplikace je z velké části napsána v jazyce Python. Pro získávání informací z topologie jsou využity protokoly SNMP a SSH. Hlavní cíl je vytvořit aplikaci, která monitoruje síťová zařízení a vykresluje tuhle topologii do grafického uživatelského rozhraní. Tato aplikace reaguje dynamicky na změny v monitorovací topologii.
60	Návrh auditního systému pro kontrolu systémů a služeb v počítačové síti / Design of an audit system for the control of systems and services in a computer network. Šimkovič, Peter January 2021 (has links) This diploma thesis deals with the design of an audit system with which it will be possible to detect security gaps in a computer network. Detection will take place on the basis of checking predefined ports and services running on them. Based on the output of the audit system, possible measures and rules necessary to correct security gaps will be proposed. The system itself will be designed to ensure its easy implementation for any customer.

Search results