28 Docker Design and Implementation of Program Evaluation System Using Docker Virtualized Environment 1170288 2017 2 28
Docker,.,,.,,.,,.,. Docker.,..,., Web, Web.,.,.,, CPU,,. i
., OS..,, OS, VirtualBox,., VirtualBox. OS,. Docker,,, ii
Abstract Design and Implementation of Program Evaluation System Using Docker Virtualized Environment Michiko IWAMOTO Teachers often assign programming tasks to students in computer science classes. Students write programs and submit them to the teacher. However, if a student submits a malicious program to the teacher, the teacher s computer infects the malicious program when the teacher execute the program to evaluate it. In this research, in order to prevent teacher s computers from infection of such malicious programs, we developed a program evaluation system that execute programs in virtualized environment. By executing programs in virtualized environment, we can enclose the effect of the malware in virtualized environment. We used Docker to construct the virtualized environment. To make requirements to our program evaluation system clear, we developed a prototype system. This prototype system simply has a function to evaluate programs in a virtualized environment. Using this prototype, we evaluated programs that are submitted from students in a real class. We also developed a web application with this prototype system and provided it to the students of the class. Afterward, we surveyed by questioning the students usefulness of this system and malicious behaviors of programs that the students could submit. After considering the result of the preliminary research, we developed a program iii
evaluation system that does not only executes programs in a virtualized environment but also restricts usage of computational resources, namely memory and CPU and execution time, and restricts network access. We evaluated the system to make sure that these limiting functions work properly. As a result, we confirmed that the system limits resource usage, CPU, and execution time and prevents programs from rewriting files on the host. We also confirmed that the system prevented programs from accessing to the external network. In addition, we compared the elapsed time taken to evaluate programs using our system with the time taken to evaluate on VirtualBox and the time taken to evaluate directly on the host OS. We found that our system was faster than VirtualBox. However, our system was slower than the host OS. key words Docker, virtualized environment, program test, security iv
1 1 1.1.............................. 1 1.2.................................. 2 2 Docker 3 2.1 Docker................................ 3 2.2 Docker............................... 3 2.3 Docker....................... 4 3 7 3.1........................ 7 3.1.1..................... 7 3.1.2................ 9 3.1.3......... 10 3.2................... 11 3.2.1................................ 11 3.2.2................................ 12 3.3............................ 13 4 15 4.1...................................... 15 4.2.................... 16 4.3................. 17 5 20 v
5.1................................. 21 5.1.1 OS.................... 21 5.1.2............................ 21 5.1.3.......................... 22 5.1.4 CPU.......................... 22 5.1.5................ 23 5.2.................................. 24 6 27 6.1...................... 27 6.2 Java................... 27 6.3 Docker............ 28 7 29 7.1.................................... 29 7.2.................................. 29 30 31 vi
2.1 Docker,..................... 5 2.2 Dockerfile................................ 5 3.1......................... 9 5.1.......................... 26 vii
3.1 5..................... 12 5.1.................................... 20 5.2................. 21 5.3............ 22 5.4 CPU CPU................. 23 5.5................... 23 5.6.................... 25 5.7 OS......................... 25 5.8 VirtualBox.................... 25 viii
1 1.1,.,.,.,.,.,.,.,.,. CPU 1
1.2 1.2,.,., Docker. Docker [1]. Docker,,..,.,.,. 2
2 Docker, Docker. 2.1 Docker Docker. OS,. OS, OS. 2.2 Docker Docker. [2]. namespace cgroups Union File System namespace,. Linux, OS. 3
2.3 Docker cgroups, CPU. cgroups namespace Linux,. Union File System,, [1]. 2.3 Docker Docker,.. 1. 2. 3. Dockerfile. Dockerfile.,. Dockerfile,.,, Docker Hub[3] Dockerfile. Docker Hub, [4]. Docker, OS test.txt Docker. test.txt HelloWorld!. 1, 2, 3 2.1. 2.2 Dockerfile. 1 Ubuntu. 2 OS test.txt. 3. 2.1, test.txt. 4
2.3 Docker 2.1 Docker, FROM ubuntu : latest COPY./ text. txt. CMD cat test. txt 2.2 Dockerfile Dockerfile.. $docker build.,., Dockerfile 3, test.txt. $docker run Hello World! 5
2.3 Docker,. 6
3,,.. 3.1 2.,. 3.1.1. 1. 2. 3. 4. 7
3.1,. OS, OS,., 2. 3.1.,,.,.. compile prepare run validate 8
3.1 3.1 4,. compile, prepare, run, validate 4, 3.1. 3.1,,,.,. 3.1.2,.... 9
3.1 1. 2. 3. Dockerfile.,.,. 4. 1 Dockerfile.,. 1 Dockerfile,,.,. 3.1.3,,.,.. 1. 2. Dockerfile.,. 3. 4. 5... 1 Dockerfile. 10
3.2 3.2 3.2.1, 3., Web,.,. Web. 19.. 1. 2. 3. Web, CGI 4. 5. 3 6. 11
3.2 3.1 5 ( ) CGI 3 3 8 9 6 8 0 1, 2, 4,, 2., 2, 3, 4, 5., 3, 4, 5. 3.2.2 2.,.,,., Web.,, 3.1.,,, 3. 12
3.3 3.3 3.2,,. 1. 2. 3. 4. CPU,,. 1,. 3.1,, 3.,., 2., CPU, 3., 2..,. 4,.,., 13
3.3. 14
4, 3,. 4.1, 3.1., 2. 3.3,. 1. 2. 3. 4. CPU 1, error. error,,. 2, 3, 4,.. 15
4.2 1.. 2.. 3. CPU CPU. 4. CPU CPU. 2 CPU. CPU. CP U = CP U CP U 100 5.,.,. 4.2,.,. 1. 2. 3.. 16
4.3 1. Dockerfile. Dockerfile,,. 2... 3..,. 4. 1 Dockerfile. Dockerfile. 5.. 4.3,.. 1. 10. 2. 50MB. 3. CPU 0. 4. CPU 0. 17
4.3 5.,. 6.,. 7.. 8. 7,.. 6 7, 8 error.. 1. Dockerfile. Dockerfile,,. 2.,.,. 3..,.,,. 4. 2.. 18
4.3 5. 1 Dockerfile. Dockerfile. 4.1 1,,., 3. 1. 2. 3. 4. 5... error.. Dockerfile. 19
5,. OS CPU,,,. 5.1. 5.1 Ubuntu 16.04 Docker 1.12.1 VirtualBox 5.1.12 javac 1.8.0 111 20
5.1 5.1 5.2 1 (s) 2 (s) 3 (s) 14.84 14.25 15.05 180 180 180,,. 5.1.1 OS,.,, OS. OS,., OS.,. 5.1.2,. 10.,, 2. 5.2.,., 180 21
5.1 5.3 1 (MB) 2 (MB) 3 (MB) 40.53 49.12 43.16 51.99 52.23 56.01, 14.7,. 5.1.3,.,.,, 2. 5.3., 50MB, 50MB.,. 5.1.4 CPU CPU,., CPU 20% CPU CPU. CPU,., CPU, 2. 5.4. 22
5.1 5.4 CPU CPU CPU 1 (%) 2 (%) 3 (%) 19.86 20.29 20.00 108.83 131.38 118.38 5.5, 20% CPU, 20% CPU. 5.1.5,. IP ping,.,,. 5.5., ping.,,. 23
5.2 5.2, OS, VirtualBox[5],,. VurtualBox.,. 5.. 1. 2. 3.,, 1 1., 1 3.,. 1. 2. 3. 4. Docker, 2 4., 1 4., VirtualBox,. VirtualBox, OS 2.,,. 24
5.2 5.6 (s) 22.15 5.7 OS (s) 3.88 1. 2. 3. VirtualBox,, 1 3.,. OS,. 1. 5.6, 5.8, 5.7. 5.1 5.6, 5.8, 5.7. 5.1 VirtualBox, 5.8 VirtualBox (s) (s) (s) OS OS OS 1 62.45 3.9 134.53 43.41 18.02 14.37 2 49.19 3.71 109.92 36.51 17.20 23.87 3 49.73 3.88 82.69 41.99 15.49 14.41 4 46.75 3.88 100.91 37.88 15.50 26.33 5 46.60 3.92 57.88 36.24 18.88 23.68 25
5.2 5.1,., VirtualBox, 4. OS, OS 18. 26
6. 6.1, Linux [6]., 2.,,.,. 6.2 Java, Java [7].,, API,., JavaVM.,., Java,, 27
6.3 Docker Java. 6.3 Docker paiza.io[9],. Java C 26,. paiza.io Docker, [8]. paiza.io Docker, Docker., CPU,,. 28
7 7.1, Docker,.,.,, CPU,.,.,.,, OS. 7.2,,., CPU,. OS, OS,. 29
,.,,.,. 30
[1]. Docker,, 2016. [2] Adrian Mouat. Docker,, 2016. [3] Docker Hub, https://hub.docker.com/(2017/2/10 ). [4]. Docker &,, 2016. [5] Oracle VM VirtualBox, https://www.virtualbox.org/(2017/1/27 ). [6],,,,,. Linux, 2014, pp. 1007-1014, 2014. [7],,., CE, pp. 41-45, 2008. [8]. Docker,, 2016. [9] paiza.io, https://paiza.io/(2017/1/12 ). 31