Call for Paper - November 2022 Edition
IJCA solicits original research papers for the November 2022 Edition. Last date of manuscript submission is October 20, 2022. Read More

Access Control Model for Container based Virtual Environments

Print
PDF
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2021
Authors:
Titus Murithi Rugendo, Andrew Mwaura Kahonge
10.5120/ijca2021921091

Titus Murithi Rugendo and Andrew Mwaura Kahonge. Access Control Model for Container based Virtual Environments. International Journal of Computer Applications 174(20):21-29, February 2021. BibTeX

@article{10.5120/ijca2021921091,
	author = {Titus Murithi Rugendo and Andrew Mwaura Kahonge},
	title = {Access Control Model for Container based Virtual Environments},
	journal = {International Journal of Computer Applications},
	issue_date = {February 2021},
	volume = {174},
	number = {20},
	month = {Feb},
	year = {2021},
	issn = {0975-8887},
	pages = {21-29},
	numpages = {9},
	url = {http://www.ijcaonline.org/archives/volume174/number20/31792-2021921091},
	doi = {10.5120/ijca2021921091},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

With rapid development and adoption of virtualization technology, security concerns have become more prominent. Access control is the focal point when it comes to security. Since, it determines if a user can access a system and perform the action they intend to. Containers provide an all or nothing access control mechanism. Where if a host machine user has privileged access then they can access the containers as root user, with all privileges and perform any desired action. All unprivileged users on the host machine are denied access to the container environment. This research focuses on the concept of access control in container environment. It is geared more towards Docker container environment since it is the most widely adopted containerization technology. The study also analyses existing container authorization plugins to determine how they make access decisions. Additionally, this study led to the design and development of an effective access control plugin that makes access decisions to containers based on container users.

References

  1. T. Bui, "Analysis of Docker Security," 2015.
  2. H. Jain, "LXC and LXD: Explaining Linux Containers," 2 June 2016. [Online]. Available: https://www.sumologic.com/blog/lxc-lxd-linux-containers/. [Accessed 27 April 2020].
  3. J. Chelladhurai, P. R. Chelliah and S. A. Kumar, "Securing Docker Containers from Denial of Service," in IEEE International Conference on Services Computing, San Francisco, CA, USA, 2016.
  4. C. Pahl, B. Antonio, J. Soldani and P. Jamshidi, "Cloud Container Technologies: a State-of-the-Art Review," IEEE Transactions on Cloud Computing, p. 1, May 2017.
  5. Z. H. Shoeb and A. Sobhan, "Authentication and Authorization: Security Issues for Institutional Digital Repositories," Library Philosophy and Practice, pp. 1-8, 2010.
  6. F. Hauser, M. Schmidt and M. Menth, "xRAC: Execution and Access Control for Restricted Application Containers on Managed Hosts," ArXiv, vol. abs/1907.03544, pp. 1-9, 2019.
  7. K. Kuusik, "Docker Security – Admin Controls," 19 June 2015. [Online]. Available: https://blog.container-solutions.com/docker-security-admin-controls-2. [Accessed 12 January 2020].
  8. docker Inc, "docker docs," 2019. [Online]. Available: https://docs.docker.com/engine/extend/plugins_authorization/. [Accessed 04 February 2020].
  9. L. Levin, "Docker AuthZ Plugins: Twistlock’s Contribution to Docker Security," 18 February 2016. [Online]. Available: https://www.twistlock.com/2016/02/18/docker-authz-plugins/. [Accessed 29 December 2019].
  10. A. Nosek, "Open Policy Agent, Part I - The Introduction," 14 October 2019. [Online]. Available: https://dzone.com/articles/open-policy-agent-part-i-the-introduction. [Accessed 31 December 2019].
  11. E. Toews, "Develop a Docker Authorization Plugin in Python," 30 July 2016. [Online]. Available: https://etoews.github.io/blog/2016/07/30/develop-a-docker-authz-plugin-in-python/. [Accessed 20 February 2020].
  12. D. Lang, H. Jiang, W. Ding and Y. Bai, "Research on Docker Role Access Control Mechanism Based on DRBAC," in Jwenal of Physics: Conference Series, Beijin, 2019.

Keywords

Virtualization, Container, Docker, Access Control, Authorization