Dice Question Streamline Icon: https://streamlinehq.com

Unanswered research questions in container technologies for cloud computing

Establish containerization approaches that (i) provide security isolation comparable to virtual machines despite shared kernels, (ii) optimize container performance, and (iii) mitigate unpredictable co‑tenant interference and side‑channel leakage in multi‑tenant environments such as Kubernetes and Docker-based clouds.

Information Square Streamline Icon: https://streamlinehq.com

Background

The paper reviews how Docker and container orchestration (e.g., Kubernetes, Swarm) underpin modern cloud deployments but emphasizes unresolved issues, notably weaker isolation relative to VMs, performance optimization challenges, and unpredictable interference and side-channel risks under co-location.

These concerns complicate QoS delivery and multi‑tenant security in large‑scale production environments.

References

Recent investigations into container technology reveal unanswered research questions. Firstly, containers are less secure than VMs since they share the kernel, but this is something that may be fixed in future versions with the help of Unikernel. Secondly, optimizing container performance is a time-consuming endeavor that requires buffer space. Thirdly, because containers share the same computing/hardware resources, co-located tenants can suffer from unpredictable performance interference when the CPU Shares algorithm is used, and even worse, they can leak information enabling side-channel attacks to be performed by a malicious tenant.

Modern Computing: Vision and Challenges (2401.02469 - Gill et al., 4 Jan 2024) in Section 4.3 (Centralized Computing → Technologies/Impact Areas) — Container Technologies