Container-based virtualization is increasingly popular in cloud computing due to its efficiency and flexibility.Isolation is a fundamental property of containers and weak isolation could cause significant performance ...Container-based virtualization is increasingly popular in cloud computing due to its efficiency and flexibility.Isolation is a fundamental property of containers and weak isolation could cause significant performance degradation and security vulnerability.However,existing works have almost not discussed the isolation problems of system log which is critical for monitoring and maintenance of containerized applications.In this paper,we present a detailed isolation analysis of system log in current container environment.First,we find several system log isolation problems which can cause significant impacts on system usability,security,and efficiency.For example,system log accidentally exposes information of host and co-resident containers to one container,causing information leakage.Second,we reveal that the root cause of these isolation problems is that containers share the global log configuration,the same log storage,and the global log view.To address these problems,we design and implement a system named private logs(POGs).POGs provides each container with its own log configuration and stores logs individually for each container,avoiding log configuration and storage sharing,respectively.In addition,POGs enables private log view to help distinguish which container the logs belong to.The experimental results show that POGs can effectively enhance system log isolation for containers with negligible performance overhead.展开更多
Dear Editor,Aquareovirus(ARV,Reoviridae)causes hemorrhagic disease in the economically important golden shiner and grass carp of America and China,respectively(Nason et al.,2000;Fang et al.,2005).Reoviridae members ar...Dear Editor,Aquareovirus(ARV,Reoviridae)causes hemorrhagic disease in the economically important golden shiner and grass carp of America and China,respectively(Nason et al.,2000;Fang et al.,2005).Reoviridae members are characterized by endogenous transcription of their multipartite genomes within capsids of 1-3 layers and are further classified based on the presence(Spinareovirinae subfamily,9 genera)or absence(Sedoreovirinae subfamily,6 genera)of mRNA-capping turrets along the innermost layer(King et al.,2012).展开更多
基金supported by the National Key R&D Program(2022YFB4500704)the National Natural Science Foundation of China(Grant No.62032008).
文摘Container-based virtualization is increasingly popular in cloud computing due to its efficiency and flexibility.Isolation is a fundamental property of containers and weak isolation could cause significant performance degradation and security vulnerability.However,existing works have almost not discussed the isolation problems of system log which is critical for monitoring and maintenance of containerized applications.In this paper,we present a detailed isolation analysis of system log in current container environment.First,we find several system log isolation problems which can cause significant impacts on system usability,security,and efficiency.For example,system log accidentally exposes information of host and co-resident containers to one container,causing information leakage.Second,we reveal that the root cause of these isolation problems is that containers share the global log configuration,the same log storage,and the global log view.To address these problems,we design and implement a system named private logs(POGs).POGs provides each container with its own log configuration and stores logs individually for each container,avoiding log configuration and storage sharing,respectively.In addition,POGs enables private log view to help distinguish which container the logs belong to.The experimental results show that POGs can effectively enhance system log isolation for containers with negligible performance overhead.
基金supported in part by grants from the National Institutes of Health(AI094386 to Z.H.Z.)A.S.received support from NIH Ruth L.Kirschtein National Research Service Award A1007323+2 种基金We acknowledge the use of resource at the Electron Imaging Center for Nanomachines supported by UCLA and by instrumentation grants from NIH(1S10RR23057,1S100D018111 and U24GM116792)NSF(DBI-1338135 and DMR-1548924)at the UCLA AIDS Institute supported in part by UCLA-CDU CFAR(NIH AI152501)。
文摘Dear Editor,Aquareovirus(ARV,Reoviridae)causes hemorrhagic disease in the economically important golden shiner and grass carp of America and China,respectively(Nason et al.,2000;Fang et al.,2005).Reoviridae members are characterized by endogenous transcription of their multipartite genomes within capsids of 1-3 layers and are further classified based on the presence(Spinareovirinae subfamily,9 genera)or absence(Sedoreovirinae subfamily,6 genera)of mRNA-capping turrets along the innermost layer(King et al.,2012).
