Date of Award
5-2020
Culminating Project Type
Thesis
Degree Name
Information Assurance: M.S.
Department
Information Assurance and Information Systems
College
Herberger School of Business
First Advisor
Dennis Guster
Second Advisor
Erich Rich
Third Advisor
Balasubramanian Kasi
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.
Keywords and Subject Headings
Operating System Kernel Memory Protection Docker Container Host
Abstract
Object oriented programming concepts have been widely adopted by the modern design of enterprise applications, which relies on heap memory mapping, and re-use of pre-coded class libraries. Computing resource sharing such as containerization, is a popular way to effectively reduce operation overhead by enlarging the scale of kernel accessibility among distributed computer systems. Thus, proper isolation between processes, containers and host operating systems is a critical task to assure system wide information security. This is a study designed to compare kernel level memory management and protection effectiveness for Docker container systems maintained on top of Ubuntu Linux and Microsoft Windows as the host operating system. Literature research aims to study the fundamentals of kernel memory management designs, policies and modules in place for enforcement. As well as container architectures based on the variation of the host operating systems. The experimental design focuses on whether the discovery of unauthorized access is possible between containers, kernel spaces and file systems. Research results are targeted to determine a better approach for securing Docker container system implementations and code deployment.
Recommended Citation
Dai, Li, "A Comparison of Kernel Memory Protection for Docker Containers Across Host Operating Systems" (2020). Culminating Projects in Information Assurance. 101.
https://repository.stcloudstate.edu/msia_etds/101
Comments/Acknowledgements
Object oriented programming concepts have been widely adopted by the modern design of enterprise applications, which relies on heap memory mapping, and re-use of pre-coded class libraries. Computing resource sharing such as containerization, is a popular way to effectively reduce operation overhead by enlarging the scale of kernel accessibility among distributed computer systems. Thus, proper isolation between processes, containers and host operating systems is a critical task to assure system wide information security. This is a study designed to compare kernel level memory management and protection effectiveness for Docker container systems maintained on top of Ubuntu Linux and Microsoft Windows as the host operating system. Literature research aims to study the fundamentals of kernel memory management designs, policies and modules in place for enforcement. As well as container architectures based on the variation of the host operating systems. The experimental design focuses on whether the discovery of unauthorized access is possible between containers, kernel spaces and file systems. Research results are targeted to determine a better approach for securing Docker container system implementations and code deployment.