Solving security issues in Docker using Stackelberg Games

Abstract

Container technology has taken the world by storm and is replacing virtual machines rapidly. Docker is an open source tool that has implemented containers based on the linux ecosystem. Being lightweight and scalable, Docker has made data scaling very simple. Despite the obvious success of Dockerized applications, certain faults hold it back when it comes to usage in organizations that work with distributed teams. From a security standpoint, it is essential to be aware of scenarios that could cause the downfall of a company's entire network ecosystem with a single command. The study begins with a deep dive into Docker's code base and stress tests that have unearthed some more security issues. Taking into account one such issue related to networking in a multi-container environment gives rise to play on the trade off between efficiency of resource usage in a container, to its security. Using the backward induction technique of a stackelberg competition model, the efficiency of the distributed system can be made a function of its security and functionality. Solutions for both the scenarios where the attacker's type is known and unknown have been proposed using game theoretic approaches. A comparison on Machine Learning and Linear Programming based approaches give rise to the most optimal method for adopting a defense strategy in case of attacks in such distributed systems. International Science Press.