NCI WEBSITE
NORMA eResearch @NCI Library

Performance Evaluation of Various Container Runtimes and Process ID Based Escape Detection

Tools

Ramani, Jogindersingh (2023) Performance Evaluation of Various Container Runtimes and Process ID Based Escape Detection. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (1MB) | Preview
[thumbnail of Configuration Manual]
Preview
 PDF (Configuration Manual)
Download (1MB) | Preview

Abstract

Due to various benefits like portability and resource efficiency, containers have become a fundamental technology for cloud-native applications. However, vulnerabilities like a shared host kernel and potential image flaws still pose security risks. This research focuses on evaluating leading open-source container runtimes like Docker, Kata Containers, Gvisor, Quark Containers, and Youki across metrics like performance and container lifecycle management. Its data-driven evaluation will help organizations with detailed insights to select container runtimes based on their workload. Along with that, a novel method is proposed to detect container escape by analyzing process ID namespaces and process IDs to identify unauthorized access attempts from containers to hosts. Multiple test cases validate the proposed technique to detect escapes in the container environment. The results will contribute to detecting container escapes even before deployment, as the proposed approach can also be integrated with Jenkins. Overall examination shows that quark containers demonstrate excellent lifecycle speed despite heightened isolation, while the proposed methodology accurately captures the containers that have escaped to the host. Lastly, the organization should balance performance security and complexity when choosing optimal runtimes for cloud deployments.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Mijumbi, Rashid
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Cloud computing
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cloud Computing
Depositing User: Ciara O'Brien
Date Deposited: 10 Apr 2025 11:45
Last Modified: 10 Apr 2025 11:45
URI: https://norma.ncirl.ie/id/eprint/7407

Actions (login required)

View Item View Item