Field of the Invention
This invention relates to a method for implementing a host as a Container or Virtual Machine (VM).
Description of the Related Art
A modern trend of virtualization presents some challenges with regard to isolation of host which creates Virtual Machines (VMs) or Containers. In conventional systems, a host has some security vulnerabilities. This is illustrated by an example depicted in FIG. 1. A host 110 has Linux™ OS 160 running on it. A dispatcher module 170 is configured to create VMs 130 or Containers 120. An administrator can connect to the dispatcher and send commands for creation/deletion of VMs and Containers. The dispatcher can also route requests to a web server 140 or use it for providing an interface to the dispatcher module 170.
However, if an intruder gains access to the host 110 through a remote shell access point and launches an application 150, this application can compromise the entire host 110, because it can see all of the VMs 130 and the Containers 120. Furthermore, the application 150 can operate at a root privilege level, which means it can perform any actions on the host 110. Additionally, an intrusion can occur through the web server 140 interface, which is even more vulnerable. This security vulnerability of the conventional Linux™ host, which hosts a dispatcher module, needs to be addressed.
Accordingly, a method for implementing a host as secure container is desired.