Go to CSCWD 2022 homepageA Secure Container Placement Strategy Using Deep Reinforcement Learning in Cloud
Abstract: Lightweight virtualization technology represented by the container is developing rapidly and plays an increasingly important role in cloud computing. Container technology is efficient and flexible, but the kernel-sharing property also means its isolation is incomplete, making multi-tenancy container clouds vulnerable to co-resident attacks. The existing placement strategy either only considers the resource allocation problem or only considers the co-resident security problem of the virtualization technology on the same host. In this paper, we present SecCPS, a Secure Container Placement Strategy using deep reinforcement learning in a typical cloud scene. SecCPS learns to find the optimal placement to mitigate co-resident threats between containers running on virtual machines. In the design of SecCPS, we (1) present the challenges of securely placing containers running on virtual machines and establish metrics to describe co-residence in container clouds; (2) develop a secure container placement strategy using deep reinforcement learning as a preventive measure for co-residence; (3) implement the strategy and evaluate its effectiveness and scalability. The results show that SecCPS can effectively reduce co-residence compared with existing strategies and is scalable and flexible to large-scale container deployment scenarios.
0 Replies
Loading