|
A Secure Model For Efficient Live
Migration of Containers Zeynep Mavuş and Pelin Angın+ Middle East Technical University, Ankara, Turkey {e1670157, pangin}@ceng.metu.edu.tr Abstract Cloud services have become increasingly widespread
in the past decade due to their ability to reduce the complexity and the cost
of managing computers and networks. Cloud applications are run in virtualized
environments such as virtual machines and containers to be able to allocate resources
in an inexpensive manner. Both of these approaches require effective resource
utilization, for which an important enabling technology is live migration,
which involves moving a service from one host to another with the minimum
possible downtime. Live migration is also required for system maintenance,
load balancing, and protecting services from attacks through moving target
defense. While migrating a service, the system should not be vulnerable to
attacks. In this work, we propose a secure model for efficient live migration
of containers. Because the applications are isolated from each other while
running in Docker containers, checkpointing method was used to generate
required migration data. In our proposed model, we provide security of the
migration data using secure authentication, and ensuring all connections
between the nodes are protected to provide communication security, making the
system protected against migration attacks. The efficiency of the migration
system designed based on the proposed model has been proven on stateless and
stateful sample applications. Experiments with applications running on the
Docker container platform demonstrate that the proposed approach achieves
significantly better performance than its virtual machine live migration
counterpart. Keywords: Containers, live migration, security. +: Corresponding
author: Pelin Angın Journal
of Wireless Mobile Networks, Ubiquitous Computing, and Dependable
Applications (JoWUA) Received: August 3, 2019; Accepted:
September 2, 2019; Published: September 30, 2019 DOI: 10.22667/JOWUA.2019.09.30.021 |