Providing Security in Container-Based HPC Runtime Environments

  • Holger Gantikow
  • Christoph Reich
  • Martin Knahl
  • Nathan Clarke
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9945)

Abstract

Virtualization at the operating system level utilizing container technologies provides reduced performance overhead over Type-1 hypervisors for HPC and also adds many possibilities to significantly improve the often demanded flexibility of such an installation. This paper discusses technologies and concepts on several layers that can be applied to securely integrate container-based virtualization in a multitenant HPC environment, requiring both security and high performance.

Keywords

Virtualization Container Docker HPC Security 

References

  1. 1.
    Abed, A.S., Clancy, T.C., Levy, D.S.: Applying bag of system calls for anomalous behavior detection of applications in linux containers (2015)Google Scholar
  2. 2.
    Abed, A.S., Clancy, C., Levy, D.S.: Intrusion detection system for applications using linux containers. In: Foresti, S. (ed.) STM 2015. LNCS, vol. 9331, pp. 123–135. Springer, Heidelberg (2015). doi:10.1007/978-3-319-24858-5_8 CrossRefGoogle Scholar
  3. 3.
    Bakhshayeshi, R., Akbari, M., Javan, M.: Performance analysis of virtualized environments using HPC challenge benchmark suite and analytic hierarchy process. In: 2014 Iranian Conference on Intelligent Systems (ICIS), pp. 1–6, February 2014Google Scholar
  4. 4.
    Bettini, A.: Vulnerability exploitation in docker container environments, pp. 1–13 (2015). https://www.blackhat.com/docs/eu-15/materials/eu-15-Bettini-Vulnerability-Exploitation-In-Docker-Container-Environments-wp.pdf
  5. 5.
    Boettiger, C.: An introduction to docker for reproducible research. SIGOPS Oper. Syst. Rev. 49(1), 71–79 (2015)CrossRefGoogle Scholar
  6. 6.
    Bui, T.: Analysis of Docker security. CoRR abs/1501.02967 (2015). http://arxiv.org/abs/1501.02967
  7. 7.
    Center of Internet Security: CIS Docker 1.11.0 Benchmark. Technical report, Center of Internet Security (2016). https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.11.0_Benchmark_v1.0.0.pdf
  8. 8.
    Chakthranont, N., Khunphet, P., Takano, R., Ikegami, T.: Exploring the performance impact of virtualization on an HPC cloud. In: 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom) (2014)Google Scholar
  9. 9.
    ClusterHQ, DevOps.com: The Current State of Container Usage-Identifying and Eliminating Barriers to Adoption. Technical report (2015). https://clusterhq.com/assets/pdfs/state-of-container-usage-june-2015.pdf
  10. 10.
    Di Tommaso, P., Palumbo, E., Chatzou, M., Prieto, P., Heuer, M.L., Notredame, C.: The impact of Docker containers on the performance of genomic pipelines. PeerJ 3, e1273 (2015)CrossRefGoogle Scholar
  11. 11.
    Felter, W., Ferreira, A., Rajamony, R., Rubio, J.: An updated performance comparison of virtual machines and linux containers (2014)Google Scholar
  12. 12.
    Gantikow, H., Klingberg, S., Reich, C.: Container-based virtualization for HPC. In: Proceedings of CLOSER 2015, March 2015Google Scholar
  13. 13.
    Jackson, I.: Surviving the Zombie apocalypse-security in the cloud containers, KVM and Xen (2015). http://xenbits.xen.org/people/iwj/2015/fosdem-security/slides.pdf
  14. 14.
    NCC Group: Whitepaper Understanding and Hardening Linux Containers. Technical report, NCC Group (2016). https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/april/ncc_group_understanding_hardening_linux_containers-10pdf
  15. 15.
    Zheng, C., Thain, D.: Integrating containers into workflows: a case study using makeflow, work queue, and Docker, vol. 2, pp. 31–38 (2015)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Holger Gantikow
    • 1
  • Christoph Reich
    • 2
  • Martin Knahl
    • 2
  • Nathan Clarke
    • 3
  1. 1.science + computing agTübingenGermany
  2. 2.Hochschule FurtwangenFurtwangenGermany
  3. 3.Plymouth UniversityPlymouthUK

Personalised recommendations