A Lightweight Security Protection Method for Container on Big Data Platform
Container is a lightweight solution to deploy complex big-data application.Especially when Kubernetes,a novel con-tainer orchestrator,is involved,it makes possible to run a distributed big data application in a lightweight fashion.However,the security of containerized application becomes the focus of public,especially a set of container-targeted attacks have e-merged.These attacks include container escape,privilege escalation and remote exploits.It poses great challenges for all secur-ity practitioners.In this paper,we discuss the real-world challenges in deploying security tools along with big data application,and the method to make these tools run lightly in our production system.In particular,we design a lightweight container image scanning technique which reduces the scanning time to seconds-level.Also,we deploy a system monitoring scheme which limits the CPU usage down to~10%.Lastly,we propose a scheme for lightweight traffic monitoring.
container securitysecurity practice in big data systemintrusion detectioncontainer image security