Converting Hardware to a Container Solution and its Security Implication

Abstract: Hardware today can be inaccessible to users due to cost or the customer’s desire for flexibility. By using virtualization one can reduce customer costs while increasing flexibility. To do this, companies might need to redesign or migrate their hardware to suit a virtualized environment. However, migration from custom to virtual hardware introduces security risks. This thesis, therefore, explores the possibility to transform a hardware solution into a container solution while retaining sufficient security. The execution was divided into two steps, to gain knowledge on how one can protect the container and implementing the container. Two tools were considered to increase security: SCONE and Lic-Sec. The former one utilizes Intel SGX on the container to mitigate attacks from the host machine, while the latter is a tool that generates a profile for AppArmor that can shield it from other containers. The container was developed with Podman as its container engine since it enforces user namespace and allows the container to use systemd which was a requirement for the container to function. The development of the container was a success, however, due to the structure of the container, neither tool could be used to enhance its security. Nevertheless, the thesis shows that systems can run on a container, although modifications to the hardware running the container or other tools are needed to obtain sufficient security for public use. Future research is needed to deduce if it is possible to replace a single container with a cluster which could increase security.