Spelling suggestions: "subject:"cria"" "subject:"cru""
1 |
Moving Target Defense Using Live Migration of Docker ContainersJanuary 2017 (has links)
abstract: Today the information technology systems have addresses, software stacks and other configuration remaining unchanged for a long period of time. This paves way for malicious attacks in the system from unknown vulnerabilities. The attacker can take advantage of this situation and plan their attacks with sufficient time. To protect our system from this threat, Moving Target Defense is required where the attack surface is dynamically changed, making it difficult to strike.
In this thesis, I incorporate live migration of Docker container using CRIU (checkpoint restore) for moving target defense. There are 460K Dockerized applications, a 3100% growth over 2 years[1]. Over 4 billion containers have been pulled so far from Docker hub. Docker is supported by a large and fast growing community of contributors and users. As an example, there are 125K Docker Meetup members worldwide. As we see industry adapting to Docker rapidly, a moving target defense solution involving containers is beneficial for being robust and fast. A proof of concept implementation is included for studying performance attributes of Docker migration.
The detection of attack is using a scenario involving definitions of normal events on servers. By defining system activities, and extracting syslog in centralized server, attack can be detected via extracting abnormal activates and this detection can be a trigger for the Docker migration. / Dissertation/Thesis / Masters Thesis Computer Science 2017
|
2 |
Distributed Checkpointing with Docker Containers in High Performance ComputingBerg, Gustaf, Brattlöf, Magnus January 2017 (has links)
Container-virtualisering har blivit mer och mer använt efter att uppdateringar till cgroups och namespace-funktionerna släpptes i Linuxkärnan. Samtidigt så lider industrins högpresterande beräkningskluster av dyra licenskostnader som skulle kunna hanteras av virtualisering. I den här uppsatsen utformades experiment för att ta reda på om Dockers funktion checkpoint, som fortfarande är under utveckling, skulle kunna utnyttjas i industrins beräkningskluster. Genom att demonstrera detta koncept och dess möjligheter att pausa distribuerade containrar, som kör parallella processer inuti, användes den välkända NAS Parallel Benchmarken (NPB) fördelad över två test-maskiner. Sedan så pausades containrar i olika ordningar och Docker lyckas återuppta benchmarken utan problem både lokalt och distribuerat. Om man försiktigt överväger ordningen som man skriver ner containers till disk (checkpoint) så går det utan problem att återuppta benchmarken lokalt på samma maskin. Slutligen så visar vi även att distribuerade containrar kan återupptas på en annan maskin än där den startade med hög framgång. Dockers prestanda, möjligheter och flexibilitet lämpar sig i framtidens industriella högpresterande kluster där man mycket väl kan köra sina applikationer i containrar istället för att köra dom på det traditionella sättet, direkt på hårdvaran. Genom användning av Docker-containers kan man hantera problemet med dyra licenskostnader och prioriteringar. / Lightweight container virtualization has gained widespread adoption in recent years after updates to namespace and cgroups features in the Linux kernel. At the same time the Industrial High Performance community suffers from expensive licensing costs that could be managed with virtualization. To demonstrate that Docker could be used for suspending distributed containers with parallel processes, experiments were designed to find out if the experimental checkpoint feature is ready for this community. We run the well-known NAS Parallel Benchmark (NPB) inside containers spread over two systems under test to prove this concept. Then, pausing containers and unpausing them in different sequence orders we were able resume the benchmark. After that, we further demonstrate that if you carefully consider the order in which you Checkpoint/Restore containers, then the checkpoint feature is also able to resume the benchmark successfully. Finally, the concept of restoring distributed containers, running the benchmark, on a different system from where it started was proven to be working with a high success rate. Our tests demonstrate the performance, possibilities and flexibilities of Dockers future in the industrial HPC community. This might very well tip the community over to running their simulations and virtual engineering-applications inside containers instead of running them on native hardware.
|
Page generated in 0.0412 seconds