Managed Containers: A Framework for Resilient Containerized Mission Critical Systems

Traditional defense mechanisms are insufficient for protecting containerized mission critical systems. These systems are mostly based on cloud-based images (e.g., Docker) that need to be always-on-always-connected. High availability and data integrity become crucial to deliver their mission. Unable...

Full description

Saved in:
Bibliographic Details
Published in2018 IEEE 11th International Conference on Cloud Computing (CLOUD) pp. 946 - 949
Main Authors Merino Aguilera, Xavier, Otero, Carlos, Ridley, Matthew, Elliott, David
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.07.2018
Subjects
Online AccessGet full text

Cover

Loading…
More Information
Summary:Traditional defense mechanisms are insufficient for protecting containerized mission critical systems. These systems are mostly based on cloud-based images (e.g., Docker) that need to be always-on-always-connected. High availability and data integrity become crucial to deliver their mission. Unable to guarantee uncompromisable security and given that systems will inevitably be attacked, we must change our goals to emphasize resiliency and mission survivability. This paper presents work-in-progress to create a framework for cloud-based container resiliency. Our resilient framework makes use of Linux containers to provide resiliency to services. It is designed to orchestrate and manage the container lifecycle while enforcing security and returning a service to a previous secure state in case of a cyber-attack. It achieves this by expanding upon the generic container model with additional layers that enhance security and increase auditability. We coin the term "managed containers" to refer to the enhanced containers managed by our resilient framework. In case of an anomaly, it generates a report and allows the operator to choose a resiliency strategy. In our tests, our framework is able to securely recover from a fault in less time than a pure Docker solution while protecting against the most common container vulnerabilities.
ISSN:2159-6190
DOI:10.1109/CLOUD.2018.00142