Impact of Network Workload between Virtualization Solutions on a Testbed Environment for Cybersecurity Learning

The adoption of modern lightweight virtualization often comes with new threats and network vulnerabilities. This paper seeks to assess this with a different approach studying the behavior of a testbed built with tools such as Kernel-based Virtual Machine (KVM), LinuX Containers (LXC) and Docker, by performing stress tests within a platform where students experiment simultaneously with cyber-attacks, and thus observe the impact on the campus network and also find the best solution for cyber-security learning. Interesting outcomes can be found in the literature comparing these technologies. It is, however, difficult to find results of the effects on the global network where experiments are carried out. Our work shows that other physical hosts and the faculty network were impacted while performing these trials. The problems found are discussed, as well as security solutions and the adoption of new network policies.

• K´evin Fernagut
• Olivier Flauzac
• Erick M. Gallegos R
• Florent Nolot

• Containerization
• containers
• cyber-security
• cyber-attacks
• isolation
• performance
• security
• virtualization
• virtual machines.

[1] K. Suo, Y. Zhao, W. Chen and J. Rao, ”An Analysis and Empirical Study
of Container Networks,” IEEE INFOCOM 2018 - IEEE Conference on
Computer Communications, Honolulu, HI, 2018, pp. 189-197.
[2] A. A. Semnanian, J. Pham, B. Englert and X. Wu, ”Virtualization
Technology and its Impact on Computer Hardware Architecture,”
2011 Eighth International Conference on Information Technology: New
Generations, Las Vegas, NV, 2011, pp. 719-724.
[3] ”The state-of-the-art in container technologies: Application,
orchestration and security” E. Casalicchio S. Iannucci. Concurrency
and Computation: Practice and Experience pp 5668, 2020-01-19
[4] R.J. Creasy, “The Origin of the VM/370 Time-Sharing System”, IBM
Journal of Research and Development, IBM, 1981, vol. 25, no. 5, pp.
483.
[5] J. E. Smith and Ravi Nair, ”The architecture of virtual machines,” in
Computer, vol. 38, no. 5, pp. 32-38, May 2005.
[6] Roy, A., Yocum, K., and Snoeren, ”Challenges in the emulation of large
scale software defined networks”. A. C. APSYS 2013.
[7] Pahl, Claus Brogi, Antonio Soldani, Jacopo Jamshidi, Pooyan. (2017).
Cloud Container Technologies: a State-of-the-Art Review. IEEE
Transactions on Cloud Computing. PP. 1-1. 10.1109/TCC.2017.2702586.
[8] Lubomski P., Kalinowski A., Krawczyk H. (2016) Multi-level
Virtualization and Its Impact on System Performance in Cloud
Computing. In: Gaj P., Kwiecie´n A., Stera P. (eds) Computer Networks.
CN 2016. Communications in Computer and Information Science, vol
608. Springer, Cham
[9] A. M. Joy, ”Performance comparison between Linux containers and
virtual machines,” 2015 International Conference on Advances in
Computer Engineering and Applications, Ghaziabad, 2015, pp. 342-346.
[10] A Babu , Hareesh M J, J. Martin, S Cherian, Y Sastri. ”System
Performance evaluation of Para virtualization, Container virtualization
and Full virtualization using Xen, OpenVZ and XenServer”. 2014
Fourth International Conference on Advances in Computing and
Communications.
[11] Y. Huang, B. Chen, M. Shih and C. Lai, ”Security Impacts of
Virtualization on a Network Testbed,” 2012 IEEE Sixth International
Conference on Software Security and Reliability, Gaithersburg, MD,
2012, pp. 71-77.
[12] S. Siraj, A. K. Gupta, I. Badgujar ”Network Simulation Tools
Survey”, International Journal of Advanced Research in Computer and
Communication Engineering Vol. 1, Issue 4, June 2012.
[13] ”The comparison of network simulations for SDN”. Y.
Kondratyuk,University Poltava National Technical
[14] ”Type 1 and Type 2 hypervisors”. [Online]. Available:
https://searchservervirtualization.techtarget.com/feature/Whats-thedifferencebetween-
Type-1-and-Type-2-hypervisors.
[15] T. Kurek, ”Unikernel Network Functions: A Journey Beyond the
Containers,” in IEEE Communications Magazine, vol. 57, no. 12, pp.
15-19, December 2019.
[16] ”Remotelabz”, project DUNE Eole (ANR-16-DUNE-0001-EOLE,
PIA 3), CReSTIC laboratory (EA 3804), University of Reims
Champagne-Ardenne.
[17] VMware [Online]. Available: https://www.vmware.com/
[18] hping - ”Active Network Security Tool” [Online]. Available:
www.hping.org
[19] iPerf - ”The ultimate speed test tool for TCP, UDP and SCTP” [Online].
Available: www.iperf.fr
[20] Open vSwitch - ”An open virtual switch” [Online]. Available:
http://openvswitch.org/
[21] A. Kivity, Y. Kamay, D.Laor, U. Lublin, and A. Liguori. ”KVM: the
Linux virtual machine monitor”. In OLS ’07: The 2007 Ottawa Linux
Symposium, Jul. 2007, pp. 225-230
[22] M. Uehara, ”Performance Evaluations of LXC Based Educational Cloud
in Amazon EC2,” 2016 30th International Conference on Advanced
Information Networking and Applications Workshops (WAINA),
Crans-Montana, 2016, pp. 638-643.
[23] A. Lingayat, R. R. Badre and A. Kumar Gupta, ”Performance Evaluation
for Deploying Docker Containers On Baremetal and Virtual Machine,”
2018 3rd International Conference on Communication and Electronics
Systems (ICCES), Coimbatore, India, 2018, pp. 1019-1023.
[24] S. Sultan, I. Ahmad and T. Dimitriou, ”Container Security: Issues,
Challenges, and the Road Ahead,” in IEEE Access, vol. 7, pp.
52976-52996, 2019.