Docker's security analysis of using control group to enhance container resistance to pressure

Tianshuo Yang, Zhongxuan Luo, Zheliang Shen, Yican Zhong, Xin Huang

Research output: Chapter in Book or Report/Conference proceedingConference Proceedingpeer-review

3 Citations (Scopus)

Abstract

Docker is a container technology to create lightweight virtual system framework in the cloud computing environment. Massive users exploit it on systems of Linux, Mac, and Windows to simplify configuration or test large-scale operations and isolate applications. However, considering the security of Docker container, Distributed Denial of Service (DDoS) attacks have been a severe problem which needs to be solved. Therefore, this paper aims to analyze the compressive ability of Docker container and reduce the influence of DDoS by using Control group (Cgroup). Furthermore, an experiment will be designed to detect the effects of Cgroup under three kinds of pressure: run out Central Process Unit (CPU), run out bandwidth and DDoS attack. In addition, limiting CPU, limiting Network (Net) I/O and limiting both of them will be considered as the method to use Cgroup to restrict containers' resources. In a result, it is shown that the attacks would be limited in a certain scope after restricting the resources of containers by Cgroup. Therefore, the method of imposing restrictions on CPU and Net I/O resources of Docker containers by using Cgroup can effectively reduce the impact of DDoS attacks.

Original languageEnglish
Title of host publicationProceedings - 10th International Conference on Information Technology in Medicine and Education, ITME 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages655-660
Number of pages6
ISBN (Electronic)9781728139173
DOIs
Publication statusPublished - Aug 2019
Event10th International Conference on Information Technology in Medicine and Education, ITME 2019 - Qingdao, Shandong, China
Duration: 23 Aug 201925 Aug 2019

Publication series

NameProceedings - 10th International Conference on Information Technology in Medicine and Education, ITME 2019

Conference

Conference10th International Conference on Information Technology in Medicine and Education, ITME 2019
Country/TerritoryChina
CityQingdao, Shandong
Period23/08/1925/08/19

Keywords

  • Control Groups
  • DDoS
  • Docker
  • Security

Fingerprint

Dive into the research topics of 'Docker's security analysis of using control group to enhance container resistance to pressure'. Together they form a unique fingerprint.

Cite this