Managed Containers: A Framework For Resilient Containerized Mission Critical Systems

Traditional defense mechanisms are insufficient for protecting containerized mission critical systems. These systems are mostly based on cloud-based images (e.g., Docker) that need to be always-on-always-connected. High availability and data integrity become crucial to deliver their mission. Unable to guarantee uncompromisable security and given that systems will inevitably be attacked, we must change our goals to emphasize resiliency and mission survivability. This paper presents work-in-progress to create a framework for cloud-based container resiliency. Our resilient framework makes use of Linux containers to provide resiliency to services. It is designed to orchestrate and manage the container lifecycle while enforcing security and returning a service to a previous secure state in case of a cyber-attack. It achieves this by expanding upon the generic container model with additional layers that enhance security and increase auditability. We coin the term "managed containers" to refer to the enhanced containers managed by our resilient framework. In case of an anomaly, it generates a report and allows the operator to choose a resiliency strategy. In our tests, our framework is able to securely recover from a fault in less time than a pure Docker solution while protecting against the most common container vulnerabilities.