Global ETD Search

91	Availability-Aware Resource Allocation for Containerized Network Functions Huang, Zhuonan 31 May 2021 (has links) Deploying virtual network functions (VNFs) such as WAN accelerators, network address translators (NATs) and 5G functions at the network edge (NE) can significantly reduce the experienced latency of delay-ultrasensitive applications (e.g., autonomous vehicles and Internet of things). Nonetheless, a major challenge to their anticipated large-scale deployment is the ability to efficiently allocate and manage the scarce NE resources hosting these functions. In this thesis, we describe a novel containerized infrastructure manager (cIM) that extends current managers, such as Kubernetes, with the necessary building blocks to provide an accurate yet elastic resource allocation service to containerized VNFs at scale. The proposed cIM treats the main modules of the VNFs, i.e., the containerized VNF components (cNFCs), as atomic special-purpose functions that can be rapidly deployed to form complex network services. The main component of the proposed cIM, the resource reservation manager (RRM), employs concepts of risk pooling in the insurance industry to accurately reserve the needed resources for the hosting containers. More precisely, to meet anticipated cNFCs demand fluctuation, the RRM accurately reserves a quota of additional resources that are shared by the containerized functions collected together in clusters. The reserved quota of resources ensures the desired availability level of the cNFCs without over-provisioning the scarce resources of the NE. The RRM considers three different situations namely that of a cNFC instance, a cluster of cNFCs or multiple cNFC clusters sharing the reserved resources. Different allocation approaches are then presented for each of these three situations. Simulation experiments are conducted to evaluate the performance of our reservation schemes from different aspects. The corresponding experimental results demonstrate that our proposed cIM can significantly improve the performance of the cNFCs and guarantee their desired availability with minimal resource reservation. Optimal allocation solutions of the resource pools are further proposed considering the desired availability level and the limit of resource pools. The evaluation results demonstrate that our optimization models and solutions obtain the best performance of relevant testing parameters, e.g., availability. Virtual network functions Containers Resource reservation Statistical modelling Availability
92	Security implications for docker container environments deploying images from public repositories : A systematic literature review Tyresson, Dennis January 2020 (has links) Because of the ease of use and effectiveness, Docker containers have become immensely popular among system administrators worldwide. Docker elegantly packages entire applications within a single software entity called images, allowing fast and consistent deployment over different host systems. However, it is not without drawbacks, as the close interaction with the operating system kernel gives rise to security concerns. The conducted systematic literature review aims to address concerns regarding the use of images from unknown sources. Multiple search terms were applied to a set of four scientific databases in order to find peer-reviewed articles that fulfill certain selection criteria. A final amount of 13 articles were selected and evaluated by using means of thematic coding. Analysis showed that users need to be wary of what images are used to deploy containers, as they might contain malicious code or other weaknesses. The use of automatic vulnerability detection using static and dynamic detection could help protect the user from bad images. Docker containers virtualization security Information Systems
93	Implementation of Distributed Cloud System Architecture using AdvancedContainer Orchestration, Cloud Storage, and Centralized Database for a Web-based Platform Karkera, Sohan Sadanand January 2020 (has links) No description available. Computer Science Containers Container orchestration Cloud technology Distributed systems
94	A study of oscillatory thermocapillary convection in circular containers with carbon dioxide laser heating Lee, Jung Hyun January 1994 (has links) No description available. oscillatory thermocapillary convection circular containers carbon dioxide laser heating
95	Scaling analysis of thermocapillary flows in cylindrical containers Chang, Anzhong January 1994 (has links) No description available. Engineering, Mechanical
96	The establishment and evaluation of safe processes involved in the flame sterilization of peas Ice, James Richard January 1975 (has links) No description available. PEAS containers Flame Sterilizer FLAME Retort Heat Penetration Sterilizer
97	Torpedo: A Fuzzing Framework for Discovering Adversarial Container Workloads McDonough, Kenton Robert 13 July 2021 (has links) Over the last decade, container technology has fundamentally changed the landscape of commercial cloud computing services. In contrast to traditional VM technologies, containers theoretically provide the same process isolation guarantees with less overhead and additionally introduce finer grained options for resource allocation. Cloud providers have widely adopted container based architectures as the standard for multi-tenant hosting services and rely on underlying security guarantees to ensure that adversarial workloads cannot disrupt the activities of coresident containers on a given host. Unfortunately, recent work has shown that the isolation guarantees provided by containers are not absolute. Due to inconsistencies in the way cgroups have been added to the Linux kernel, there exist vulnerabilities that allow containerized processes to generate "out of band" workloads and negatively impact the performance of the entire host without being appropriately charged. Because of the relative complexity of the kernel, discovering these vulnerabilities through traditional static analysis tools may be very challenging. In this work, we present TORPEDO, a set of modifications to the SYZKALLER fuzzing framework that creates containerized workloads and searches for sequences of system calls that break process isolation boundaries. TORPEDO combines traditional code coverage feedback with resource utilization measurements to motivate the generation of "adversarial" programs based on user-defined criteria. Experiments conducted on the default docker runtime runC as well as the virtualized runtime gVisor independently reconfirm several known vulnerabilities and discover interesting new results and bugs, giving us a promising framework to conduct more research. / Master of Science / Over the last decade, container technology has fundamentally changed the landscape of commercial cloud computing services. By abstracting away many of the system details required to deploy software, developers can rapidly prototype, deploy, and take advantage of massive distributed frameworks when deploying new software products. These paradigms are supported with corresponding business models offered by cloud providers, who allocate space on powerful physical hardware among many potentially competing services. Unfortunately, recent work has shown that the isolation guarantees provided by containers are not absolute. Due to inconsistencies in the way containers have been implemented by the Linux kernel, there exist vulnerabilities that allow containerized programs to generate "out of band" workloads and negatively impact the performance of other containers. In general, these vulnerabilities are difficult to identify, but can be very severe. In this work, we present TORPEDO, a set of modifications to the SYZKALLER fuzzing framework that creates containerized workloads and searches for programs that negatively impact other containers. TORPEDO uses a novel technique that combines resource monitoring with code coverage approximations, and initial testing on common container software has revealed new interesting vulnerabilities and bugs. Computer Systems Containers Container Security Fuzzing Fuzz Testing Syzkaller gVisor
98	Containers and Breakaway Security : Evaluating Vulnerabilities and Safeguarding Strategies Grisin, Nikita, Ross, Hayden January 2024 (has links) This bachelor thesis investigates how well popular container runtimes, hosted on CSCloud, can resist common attacks by observing their configurations. Experiments were conducted on Docker, Podman, containerd, Kata, and gVisor runtimes, subjecting them to a set of escape techniques such as privilege escalation through PID namespace, host filesystem mounting, and kernel modules. Initial findings revealed variations in vulnerability across runtimes, with some being unable to fully isolate containers. Further research showed that proper configuration can significantly enhance container security, successfully preventing most attacks. Additionally, an automated assessment script was developed to allow easier management of Docker and Podman containers. This study provides important information for container users who want to reduce the risk of unauthorised access to their systems or breaches of privileged containers. It also offers guidance to developers on how to make isolation mechanisms stronger. containers virtualisation vulnerabilities security assessment Computer Sciences Datavetenskap (datalogi)
99	Modeling the impact of wood and fiber traits on the production costs of corrugated containers Fernández Olivares, Jacobo Luis 05 1900 (has links) No description available. Paper box industry Costs Paperboard industry Costs Boxes Design and construction Containers Design and construction Corrugated paperboard Containers Industrial costs
100	The Massachusetts bottle bill, 1967-1979 : a study of policy failure from the perspective of interest-group liberalism Ross, David M. (David Michael) January 1982 (has links) No description available. Beverage containers -- Massachusetts. Environmental policy -- Massachusetts.

Search results