My VM is lighter (and safer) than your container

My VM is lighter (and safer) than your container Manco et al., SOSP’17 Can we have the improved isolation of VMs, with the efficiency of containers? In today’s paper choice the authors investigate the boundaries of Xen-based VM performance. They find and eliminate bottlenecks when launching large numbers of lightweight VMs (both unikernels and minimal … Continue reading My VM is lighter (and safer) than your container

Paracloud: bringing application insight into cloud operations

Paracloud: bringing application insight into cloud operations Nadgowda et al., HotCloud'17 We'll be looking at a selection of papers from HotCloud'17 this week. The HotCloud workshop focuses on new and emerging trends in cloud computing, and the CfP particularly encourages position papers that describe novel research directions and work that is in its formative stages. … Continue reading Paracloud: bringing application insight into cloud operations

A study of security vulnerabilities on Docker Hub

A study of security vulnerabilities on Docker Hub Shu et al., CODASPY '17 This is the first of five papers we'll be looking at this week from the ACM Conference on Data and Application Security and Privacy which took place earlier this month. Today's choice is a study looking at image vulnerabilities for container images … Continue reading A study of security vulnerabilities on Docker Hub

SCONE: Secure Linux containers with Intel SGX

SCONE: Secure Linux Containers with Intel SGX Arnautov et al., OSDI 2016 We looked at Haven earlier this year, which demonstrated how Intel’s SGX could be used to shield an application from an untrusted cloud provider. Today’s paper choice, SCONE, looks at how to employ similar ideas in the context of containers. …existing container isolation … Continue reading SCONE: Secure Linux containers with Intel SGX