CFP last date
20 January 2025
Reseach Article

Access Control Model for Container based Virtual Environments

by Titus Murithi Rugendo, Andrew Mwaura Kahonge
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 174 - Number 20
Year of Publication: 2021
Authors: Titus Murithi Rugendo, Andrew Mwaura Kahonge
10.5120/ijca2021921091

Titus Murithi Rugendo, Andrew Mwaura Kahonge . Access Control Model for Container based Virtual Environments. International Journal of Computer Applications. 174, 20 ( Feb 2021), 21-29. DOI=10.5120/ijca2021921091

@article{ 10.5120/ijca2021921091,
author = { Titus Murithi Rugendo, Andrew Mwaura Kahonge },
title = { Access Control Model for Container based Virtual Environments },
journal = { International Journal of Computer Applications },
issue_date = { Feb 2021 },
volume = { 174 },
number = { 20 },
month = { Feb },
year = { 2021 },
issn = { 0975-8887 },
pages = { 21-29 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume174/number20/31792-2021921091/ },
doi = { 10.5120/ijca2021921091 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:22:39.221461+05:30
%A Titus Murithi Rugendo
%A Andrew Mwaura Kahonge
%T Access Control Model for Container based Virtual Environments
%J International Journal of Computer Applications
%@ 0975-8887
%V 174
%N 20
%P 21-29
%D 2021
%I Foundation of Computer Science (FCS), NY, USA
Abstract

With rapid development and adoption of virtualization technology, security concerns have become more prominent. Access control is the focal point when it comes to security. Since, it determines if a user can access a system and perform the action they intend to. Containers provide an all or nothing access control mechanism. Where if a host machine user has privileged access then they can access the containers as root user, with all privileges and perform any desired action. All unprivileged users on the host machine are denied access to the container environment. This research focuses on the concept of access control in container environment. It is geared more towards Docker container environment since it is the most widely adopted containerization technology. The study also analyses existing container authorization plugins to determine how they make access decisions. Additionally, this study led to the design and development of an effective access control plugin that makes access decisions to containers based on container users.

References
  1. T. Bui, "Analysis of Docker Security," 2015.
  2. H. Jain, "LXC and LXD: Explaining Linux Containers," 2 June 2016. [Online]. Available: https://www.sumologic.com/blog/lxc-lxd-linux-containers/. [Accessed 27 April 2020].
  3. J. Chelladhurai, P. R. Chelliah and S. A. Kumar, "Securing Docker Containers from Denial of Service," in IEEE International Conference on Services Computing, San Francisco, CA, USA, 2016.
  4. C. Pahl, B. Antonio, J. Soldani and P. Jamshidi, "Cloud Container Technologies: a State-of-the-Art Review," IEEE Transactions on Cloud Computing, p. 1, May 2017.
  5. Z. H. Shoeb and A. Sobhan, "Authentication and Authorization: Security Issues for Institutional Digital Repositories," Library Philosophy and Practice, pp. 1-8, 2010.
  6. F. Hauser, M. Schmidt and M. Menth, "xRAC: Execution and Access Control for Restricted Application Containers on Managed Hosts," ArXiv, vol. abs/1907.03544, pp. 1-9, 2019.
  7. K. Kuusik, "Docker Security – Admin Controls," 19 June 2015. [Online]. Available: https://blog.container-solutions.com/docker-security-admin-controls-2. [Accessed 12 January 2020].
  8. docker Inc, "docker docs," 2019. [Online]. Available: https://docs.docker.com/engine/extend/plugins_authorization/. [Accessed 04 February 2020].
  9. L. Levin, "Docker AuthZ Plugins: Twistlock’s Contribution to Docker Security," 18 February 2016. [Online]. Available: https://www.twistlock.com/2016/02/18/docker-authz-plugins/. [Accessed 29 December 2019].
  10. A. Nosek, "Open Policy Agent, Part I - The Introduction," 14 October 2019. [Online]. Available: https://dzone.com/articles/open-policy-agent-part-i-the-introduction. [Accessed 31 December 2019].
  11. E. Toews, "Develop a Docker Authorization Plugin in Python," 30 July 2016. [Online]. Available: https://etoews.github.io/blog/2016/07/30/develop-a-docker-authz-plugin-in-python/. [Accessed 20 February 2020].
  12. D. Lang, H. Jiang, W. Ding and Y. Bai, "Research on Docker Role Access Control Mechanism Based on DRBAC," in Jwenal of Physics: Conference Series, Beijin, 2019.
Index Terms

Computer Science
Information Sciences

Keywords

Virtualization Container Docker Access Control Authorization