Authors: K´evin Fernagut, Olivier Flauzac, Erick M. Gallegos R, Florent Nolot

Abstract:

The adoption of modern lightweight virtualization often comes with new threats and network vulnerabilities. This paper seeks to assess this with a different approach studying the behavior of a testbed built with tools such as Kernel-based Virtual Machine (KVM), LinuX Containers (LXC) and Docker, by performing stress tests within a platform where students experiment simultaneously with cyber-attacks, and thus observe the impact on the campus network and also find the best solution for cyber-security learning. Interesting outcomes can be found in the literature comparing these technologies. It is, however, difficult to find results of the effects on the global network where experiments are carried out. Our work shows that other physical hosts and the faculty network were impacted while performing these trials. The problems found are discussed, as well as security solutions and the adoption of new network policies.

Keywords: Containerization, containers, cyber-security, cyber-attacks, isolation, performance, security, virtualization, virtual machines.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 492

References:

[1] K. Suo, Y. Zhao, W. Chen and J. Rao, ”An Analysis and Empirical Study of Container Networks,” IEEE INFOCOM 2018 - IEEE Conference on Computer Communications, Honolulu, HI, 2018, pp. 189-197.
[2] A. A. Semnanian, J. Pham, B. Englert and X. Wu, ”Virtualization Technology and its Impact on Computer Hardware Architecture,” 2011 Eighth International Conference on Information Technology: New Generations, Las Vegas, NV, 2011, pp. 719-724.
[3] ”The state-of-the-art in container technologies: Application, orchestration and security” E. Casalicchio S. Iannucci. Concurrency and Computation: Practice and Experience pp 5668, 2020-01-19
[4] R.J. Creasy, “The Origin of the VM/370 Time-Sharing System”, IBM Journal of Research and Development, IBM, 1981, vol. 25, no. 5, pp. 483.
[5] J. E. Smith and Ravi Nair, ”The architecture of virtual machines,” in Computer, vol. 38, no. 5, pp. 32-38, May 2005.
[6] Roy, A., Yocum, K., and Snoeren, ”Challenges in the emulation of large scale software defined networks”. A. C. APSYS 2013.
[7] Pahl, Claus Brogi, Antonio Soldani, Jacopo Jamshidi, Pooyan. (2017). Cloud Container Technologies: a State-of-the-Art Review. IEEE Transactions on Cloud Computing. PP. 1-1. 10.1109/TCC.2017.2702586.
[8] Lubomski P., Kalinowski A., Krawczyk H. (2016) Multi-level Virtualization and Its Impact on System Performance in Cloud Computing. In: Gaj P., Kwiecie´n A., Stera P. (eds) Computer Networks. CN 2016. Communications in Computer and Information Science, vol 608. Springer, Cham
[9] A. M. Joy, ”Performance comparison between Linux containers and virtual machines,” 2015 International Conference on Advances in Computer Engineering and Applications, Ghaziabad, 2015, pp. 342-346.
[10] A Babu , Hareesh M J, J. Martin, S Cherian, Y Sastri. ”System Performance evaluation of Para virtualization, Container virtualization and Full virtualization using Xen, OpenVZ and XenServer”. 2014 Fourth International Conference on Advances in Computing and Communications.
[11] Y. Huang, B. Chen, M. Shih and C. Lai, ”Security Impacts of Virtualization on a Network Testbed,” 2012 IEEE Sixth International Conference on Software Security and Reliability, Gaithersburg, MD, 2012, pp. 71-77.
[12] S. Siraj, A. K. Gupta, I. Badgujar ”Network Simulation Tools Survey”, International Journal of Advanced Research in Computer and Communication Engineering Vol. 1, Issue 4, June 2012.
[13] ”The comparison of network simulations for SDN”. Y. Kondratyuk,University Poltava National Technical
[14] ”Type 1 and Type 2 hypervisors”.
[Online]. Available: https://searchservervirtualization.techtarget.com/feature/Whats-thedifferencebetween- Type-1-and-Type-2-hypervisors.
[15] T. Kurek, ”Unikernel Network Functions: A Journey Beyond the Containers,” in IEEE Communications Magazine, vol. 57, no. 12, pp. 15-19, December 2019.
[16] ”Remotelabz”, project DUNE Eole (ANR-16-DUNE-0001-EOLE, PIA 3), CReSTIC laboratory (EA 3804), University of Reims Champagne-Ardenne.
[17] VMware
[Online]. Available: https://www.vmware.com/
[18] hping - ”Active Network Security Tool”
[Online]. Available: www.hping.org
[19] iPerf - ”The ultimate speed test tool for TCP, UDP and SCTP”
[Online]. Available: www.iperf.fr
[20] Open vSwitch - ”An open virtual switch”
[Online]. Available: http://openvswitch.org/
[21] A. Kivity, Y. Kamay, D.Laor, U. Lublin, and A. Liguori. ”KVM: the Linux virtual machine monitor”. In OLS ’07: The 2007 Ottawa Linux Symposium, Jul. 2007, pp. 225-230
[22] M. Uehara, ”Performance Evaluations of LXC Based Educational Cloud in Amazon EC2,” 2016 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA), Crans-Montana, 2016, pp. 638-643.
[23] A. Lingayat, R. R. Badre and A. Kumar Gupta, ”Performance Evaluation for Deploying Docker Containers On Baremetal and Virtual Machine,” 2018 3rd International Conference on Communication and Electronics Systems (ICCES), Coimbatore, India, 2018, pp. 1019-1023.
[24] S. Sultan, I. Ahmad and T. Dimitriou, ”Container Security: Issues, Challenges, and the Road Ahead,” in IEEE Access, vol. 7, pp. 52976-52996, 2019.