ABSTRACT
Containers are lightweight mechanisms for the isolation of operating system resources. They are realized by activating a set of namespaces. Given the use of containers in scientific computing, tracking and managing provenance within and across containers is becoming essential for debugging and reproducibility. In this work, we examine the properties of container provenance graphs that result from auditing containerized applications. We observe that the generated container provenance graphs are hypergraphs because one resource may belong to one or more namespaces. We examine the hierarchical behavior of PID, mount, and user namespaces, that are more commonly activated and show that even when represented as hypergraphs, the resulting container provenance graphs are acyclic. We experiment with recently published container logs and identify hypergraph properties.
- [n. d.]. Apache Mesos. https://mesos.apache.org/. Accessed: 2023-02-05.Google Scholar
- [n. d.]. Binder. https://mybinder.org/. Accessed: 2023-02-05.Google Scholar
- [n. d.]. Docker. https://www.docker.com/. Accessed: 2023-02-05.Google Scholar
- [n. d.]. Figshare. https://figshare.com/. Accessed: 2023-02-05.Google Scholar
- [n. d.]. Hydroshare. https://www.hydroshare.org/. Accessed: 2023-02-05.Google Scholar
- [n. d.]. Linux Audit. https://github.com/linux-audit. Accessed: 2023-02-05.Google Scholar
- [n. d.]. Linux Containers. https://linuxcontainers.org/. Accessed: 2023-02-05.Google Scholar
- [n. d.]. rkt. https://github.com/rkt. Accessed: 2023-02-05.Google Scholar
- Mashal Abbas, Shahpar Khan, and et. al.2022. PACED: Provenance-based Automated Container Escape Detection. In IC2E. IEEE, 261–272.Google Scholar
- Paolo Bouquet, Fausto Giunchiglia, and et. al. 2003. C-owl: Contextualizing ontologies. In The Semantic Web-ISWC 2003. Springer, 164–179.Google Scholar
- Xutong Chen, Hassaan Irshad, and et. al.2021. { CLARION} : Sound and Clear Provenance Tracking for Microservice Deployments. In USENIX Security 21.Google Scholar
- Ashish Gehani and Dawood Tariq. 2012. SPADE: Support for Provenance Auditing in Distributed Environments. Middleware (2012). http://www.csl.sri.com/users/gehani/papers/MW-2012.SPADE.pdfGoogle Scholar
- Jack S. Hale, Lizao Li, and et. al.2017. Containers for Portable, Productive, and Performant Scientific Computing. CiSE 19, 6 (2017), 40–50. https://doi.org/10.1109/MCSE.2017.2421459Google ScholarCross Ref
- Michael Kerrisk. 2010. The Linux programming interface: a Linux and UNIX system programming handbook. No Starch Press.Google Scholar
- Gregory M Kurtzer, Vanessa Sochat, and Michael W Bauer. 2017. Singularity: Scientific containers for mobility of compute. PloS one 12, 5 (2017), e0177459.Google ScholarCross Ref
- Luc Moreau and Paul Groth. 2013. Provenance: an introduction to PROV. Synthesis lectures on the semantic web: theory and technology 3, 4 (2013), 1–129.Google ScholarDigital Library
- Yuta Nakamura, Tanu Malik, and Ashish Gehani. 2020. Efficient Provenance Alignment in Reproduced Executions. In TaPP. 6–12.Google Scholar
- Thomas Pasquier, Xueyuan Han, and et. al.2017. Practical Whole-System Provenance Capture. In SoCC. ACM.Google Scholar
- Satya S Sahoo, Olivier Bodenreider, and et. al.2010. Provenance Context Entity (PaCE): Scalable provenance tracking for scientific RDF data. In SSDBM.Google Scholar
- Blesson Varghese, Lawan Thamsuhang Subba, Long Thai, and Adam Barker. 2016. DocLite: A Docker-Based Lightweight Cloud Benchmarking Tool. In CCGrid. https://doi.org/10.1109/CCGrid.2016.14Google ScholarDigital Library
Recommendations
Analysis on container port capacity: a Markovian modeling approach
Container ports handle outbound, inbound, and transshipment containers plying between the area for vessels on the quay and the storage space in the yard. Port operators typically concentrate their efforts on the container handling process with the aims ...
Container stowage pre-planning: using search to generate solutions, a case study
Container-ships are vessels possessing an internal structure that facilitates the handling of containerised cargo. At each port along the vessel's journey, containers destined for those ports are unloaded and additional containers destined for ...
Container retrieval and wagon assignment planning at container rail terminals
Highlights- First work to minimize cranes’ handling time for loading double-stack container trains.
AbstractEfficient use of handling equipment at container terminals is important for improving operational efficiency amidst the increasing intermodal traffic and environmental concerns. This paper discusses a complex planning problem of ...
Comments