Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Towards a Secure IoT Computing Platform Using Linux-Based Containers
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering.
2017 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

The Internet of Things (IoT) are small, sensing, network enabled computing devices which can extend smart behaviour into resource constrained domains. This thesis focus on evaluating the viability of Linux containers in relation to IoT devices. Three research questions are posed to investigate various aspects of this. (1) Can any guidelines and best practices be derived from creating a Linux container based security enhanced IoT platform? (2) Can the LiCShield project be extended to build dynamic, default deny seccomp configurations? (3) Are Linux containers viable on IoT platforms in regards to operational performance impact? To answer these questions, a literature review was conducted, research gaps identified and a research methodology selected. A Linux-based container platform was then created in which applications could be run. Experimentation was conducted on the platform and operational measurements collected. A number of interesting results was produced during the project. In relation to the first research question, it was discovered that the LXC templating code created could probably benefit other Linux container projects as well as the LXC project itself. Secondly, it was found that a robust, layered containerized security architecture could be created by utilizing basic container configurations and by drawing from best practices from LXC and docker. In relation to the second research question, a proof of concept system was created to profile and build dynamic, default deny seccomp configurations. Analysis of the system shows that the developed method is viable. In relation to the final research question; Container overhead with regards to CPU, memory, network I/O and storage was measured. In this project, there were no CPU overhead and only a slight performance decrease of 0.1 % on memory operations. With regards to network I/O, a speed decrease of 0.2 % was observed when a container received data and utilized NAT. On the other hand, while the container was sending data, a speed increase of 1.4 % was observed while the container was operating in bridge mode and an increase of 0.9 % was observed while utilizing NAT. Regarding storage overhead, a total of 508 KB base overhead was added to each container on creation. Due to these findings, the overhead containers introduce are considered negligible and thus deemed viable on IoT devices.

Place, publisher, year, edition, pages
2017. , p. 94
Keywords [en]
IoT, Security, Linux Containers, LXC
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:ltu:diva-66809OAI: oai:DiVA.org:ltu-66809DiVA, id: diva2:1161012
Educational program
Information Security, master's level (120 credits)
Supervisors
Examiners
Available from: 2017-12-01 Created: 2017-11-28 Last updated: 2018-03-09Bibliographically approved

Open Access in DiVA

fulltext(1363 kB)165 downloads
File information
File name FULLTEXT01.pdfFile size 1363 kBChecksum SHA-512
bf4c53a469a018161a8589886da4fe55c1a0261870325a75b4fd083de3d08955711ed3289f540f29a9fb99c560b0462e4239aa8201625340d9ab6a6c88ddbbc4
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Hufvudsson, Marcus
By organisation
Department of Computer Science, Electrical and Space Engineering
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 165 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 385 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf