Secure model for efficient live migration of containers

Download
2019
Mavuş, Zeynep
Cloud services have become increasingly widespread in the past decade due to their ability to reduce the complexity and cost of managing computers and networks. Cloud applications are run in virtualized environments such as virtual machines and containers to be able to allocate resources in an inexpensive manner. Both of these approaches require effective resource utilization, for which an important enabling technology is live migration, which involves moving a service from one host to another with the minimum possible downtime. Live migration is also required for system maintenance, load balancing, and protecting services from attacks through moving target defense. While migrating a service, the system should not be vulnerable to attacks. In this work, we propose a secure model for efficient live migration of containers. Because the applications are isolated from each other while running in Docker containers, checkpointing was used to generate the required migration data. In our proposed model, we provide security of the migration data using secure authentication, and ensuring all connections between the nodes are protected to provide communication security, making the system protected against migration attacks. The efficiency of the migration system designed based on the proposed model has been proven on stateless and stateful sample applications. Experiments with sample applications running on the Docker container platform demonstrate that the proposed approach achieves significantly better performance than its virtual machine live migration counterpart.

Suggestions

A secure model for efficient live migration of containers
Mavus, Zeynep; Angın, Pelin (2019-09-01)
Cloud services have become increasingly widespread in the past decade due to their ability to reduce the complexity and the cost of managing computers and networks. Cloud applications are run in virtualized environments such as virtual machines and containers to be able to allocate resources in an inexpensive manner. Both of these approaches require effective resource utilization, for which an important enabling technology is live migration, which involves moving a service from one host to another with the ...
A Joint resource allocation system for cloud computing /
Dikbayır, Hüseyin Seçkin; Bazlamaçcı, Cüneyt Fehmi; Department of Electrical and Electronics Engineering (2014)
Cloud computing is a new trend in computing, where resources such as servers, storage devices and software applications are provided to customers over the Internet. It is typically based on a pay-per-use model similar to renting a car or taking a taxi in our daily life. The primary purpose of a cloud system is to utilize available resources effectively to provide an economic benefit to customers. To succeed in this, jobs initiated by consumers are allocated to a set of virtual machines (VM) that run in big ...
EPICS: A Framework for Enforcing Security Policies in Composite Web Services
Ranchal, Rohit; Bhargava, Bharat; Angın, Pelin; ben Othmane, Lotfi (Institute of Electrical and Electronics Engineers (IEEE), 2019-05-01)
With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of...
A Distributed Monitoring and Reconfiguration Approach for Adaptive Network Computing
Bhargava, Bharat; Angın, Pelin; Ranchal, Rohit; Lingayat, Sunil (2015-01-01)
The past decade has witnessed immense developments in the field of network computing thanks to the rise of the cloud computing paradigm, which enables shared access to a wealth of computing and storage resources without needing to own them. While cloud computing facilitates on-demand deployment, mobility and collaboration of services, mechanisms for enforcing security and performance constraints when accessing cloud services are still at an immature state. The highly dynamic nature of networks and clouds ma...
An MTD-Based Self-Adaptive Resilience Approach for Cloud Systems
VİLLARREAL VASQUEZ, Miguel; BHARGAVA, Bharat; Angın, Pelin; AHMED, Norman; GOODWİN, Daniel; BRİN, Kory; KOBES, Jason (2017-06-30)
Advances in cloud computing have made it a feasible and cost-effective solution to improve the resiliency of enterprise systems. However, the replication approach taken by cloud computing to provide resiliency leads to an increase in the number of ways an attacker can exploit or penetrate the systems. This calls for designing cloud systems that can accurately detect anomalies and dynamically adapt themselves to keep performing mission-critical functions even under attacks and failures. In this paper, we pro...
Citation Formats
Z. Mavuş, “Secure model for efficient live migration of containers,” Thesis (M.S.) -- Graduate School of Natural and Applied Sciences. Computer Engineering., Middle East Technical University, 2019.