Skip to main content
SpringerLink
Log in

Providing Security in Container-Based HPC Runtime Environments

  • Conference paper
  • First Online:
High Performance Computing (ISC High Performance 2016)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9945))

Included in the following conference series:

Abstract

Virtualization at the operating system level utilizing container technologies provides reduced performance overhead over Type-1 hypervisors for HPC and also adds many possibilities to significantly improve the often demanded flexibility of such an installation. This paper discusses technologies and concepts on several layers that can be applied to securely integrate container-based virtualization in a multitenant HPC environment, requiring both security and high performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Docker - https://www.docker.com/.

  2. 2.

    Linux Containers - https://linuxcontainers.org/.

  3. 3.

    Rkt - https://coreos.com/rkt/.

  4. 4.

    GPU-Enabled Docker Container - http://www.nvidia.com/object/docker-container.html.

  5. 5.

    Docker Hub - https://hub.docker.com/.

  6. 6.

    Quay - https://quay.io/.

  7. 7.

    Notary - https://github.com/docker/notary.

  8. 8.

    The Update Framework - https://theupdateframework.github.io/.

  9. 9.

    Clair - https://github.com/coreos/clair.

  10. 10.

    Common Vulnerabilities and Exposures - http://cve.mitre.org/.

  11. 11.

    Docker Security Scanning safeguards the container content lifecycle - https://blog.docker.com/2016/05/docker-security-scanning/.

  12. 12.

    CoreOS Introduces Clair: Open Source Vulnerability Analysis for your Containers - https://coreos.com/blog/vulnerability-analysis-for-containers/.

  13. 13.

    Resource Management with Linux Control Groups in HPC Clusters - http://slurm.schedmd.com/pdfs/LCS_cgroups_BULL.pdf.

  14. 14.

    Grsecurity - https://grsecurity.net.

  15. 15.

    Pax - https://pax.grsecurity.net.

  16. 16.

    Tuning Docker with the newest security enhancements - https://opensource.com/business/15/3/docker-security-tuning.

  17. 17.

    Bane - https://github.com/jfrazelle/bane.

  18. 18.

    OpenSCAP - https://www.open-scap.org.

  19. 19.

    Container-Compliance - https://github.com/OpenSCAP/container-compliance.

  20. 20.

    Docker-Bench-Security - https://github.com/docker/docker-bench-security.

  21. 21.

    Alternative: Actuary - https://github.com/diogomonica/actuary.

  22. 22.

    Docker AuthZ Plugins - https://www.twistlock.com/2016/02/18/docker-authz-plugins-twistlocks-contribution-to-the-docker-community/.

  23. 23.

    Fork bomb prevention - https://github.com/docker/docker/issues/6479.

References

  1. Abed, A.S., Clancy, T.C., Levy, D.S.: Applying bag of system calls for anomalous behavior detection of applications in linux containers (2015)

    Google Scholar 

  2. Abed, A.S., Clancy, C., Levy, D.S.: Intrusion detection system for applications using linux containers. In: Foresti, S. (ed.) STM 2015. LNCS, vol. 9331, pp. 123–135. Springer, Heidelberg (2015). doi:10.1007/978-3-319-24858-5_8

    Chapter  Google Scholar 

  3. Bakhshayeshi, R., Akbari, M., Javan, M.: Performance analysis of virtualized environments using HPC challenge benchmark suite and analytic hierarchy process. In: 2014 Iranian Conference on Intelligent Systems (ICIS), pp. 1–6, February 2014

    Google Scholar 

  4. Bettini, A.: Vulnerability exploitation in docker container environments, pp. 1–13 (2015). https://www.blackhat.com/docs/eu-15/materials/eu-15-Bettini-Vulnerability-Exploitation-In-Docker-Container-Environments-wp.pdf

  5. Boettiger, C.: An introduction to docker for reproducible research. SIGOPS Oper. Syst. Rev. 49(1), 71–79 (2015)

    Article  Google Scholar 

  6. Bui, T.: Analysis of Docker security. CoRR abs/1501.02967 (2015). http://arxiv.org/abs/1501.02967

  7. Center of Internet Security: CIS Docker 1.11.0 Benchmark. Technical report, Center of Internet Security (2016). https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.11.0_Benchmark_v1.0.0.pdf

  8. Chakthranont, N., Khunphet, P., Takano, R., Ikegami, T.: Exploring the performance impact of virtualization on an HPC cloud. In: 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom) (2014)

    Google Scholar 

  9. ClusterHQ, DevOps.com: The Current State of Container Usage-Identifying and Eliminating Barriers to Adoption. Technical report (2015). https://clusterhq.com/assets/pdfs/state-of-container-usage-june-2015.pdf

  10. Di Tommaso, P., Palumbo, E., Chatzou, M., Prieto, P., Heuer, M.L., Notredame, C.: The impact of Docker containers on the performance of genomic pipelines. PeerJ 3, e1273 (2015)

    Article  Google Scholar 

  11. Felter, W., Ferreira, A., Rajamony, R., Rubio, J.: An updated performance comparison of virtual machines and linux containers (2014)

    Google Scholar 

  12. Gantikow, H., Klingberg, S., Reich, C.: Container-based virtualization for HPC. In: Proceedings of CLOSER 2015, March 2015

    Google Scholar 

  13. Jackson, I.: Surviving the Zombie apocalypse-security in the cloud containers, KVM and Xen (2015). http://xenbits.xen.org/people/iwj/2015/fosdem-security/slides.pdf

  14. NCC Group: Whitepaper Understanding and Hardening Linux Containers. Technical report, NCC Group (2016). https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/april/ncc_group_understanding_hardening_linux_containers-10pdf

  15. Zheng, C., Thain, D.: Integrating containers into workflows: a case study using makeflow, work queue, and Docker, vol. 2, pp. 31–38 (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. science + computing ag, Tübingen, Germany

    Holger Gantikow

  2. Hochschule Furtwangen, Furtwangen, Germany

    Christoph Reich & Martin Knahl

  3. Plymouth University, Plymouth, UK

    Nathan Clarke

Authors
  1. Holger Gantikow
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christoph Reich
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Martin Knahl
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nathan Clarke
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Holger Gantikow .

Editor information

Editors and Affiliations

  1. University of Delaware, Newark, Delaware, USA

    Michela Taufer

  2. Forschungszentrum Jülich, Jülich, Germany

    Bernd Mohr

  3. DKRZ, Hamburg, Germany

    Julian M. Kunkel

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Gantikow, H., Reich, C., Knahl, M., Clarke, N. (2016). Providing Security in Container-Based HPC Runtime Environments. In: Taufer, M., Mohr, B., Kunkel, J. (eds) High Performance Computing. ISC High Performance 2016. Lecture Notes in Computer Science(), vol 9945. Springer, Cham. https://doi.org/10.1007/978-3-319-46079-6_48

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-46079-6_48

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-46078-9

  • Online ISBN: 978-3-319-46079-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation