A Case Study of Docker Containers
After a successful installation of Docker in your Kali Linux in the virtual machine, log into the Kali using the default username is “root” and password as “toor” or what you will have set. Then, navigate to the terminal where you will open terminal and run “docker run hello-world” command, as shown below in Figure 1.
Figure 1
Next, to run the pull command, the Busy box container which fetches the busybox images from the Docker registry and saves it to the virtual machine using the command “Docker pull busybox” as shown in Figure 2 below.
Figure 2
Now, to find the available docker images in the virtual machine, use the ” docker images” command, as shown in Figure 3 below.
Figure 3
When you run the docker container busybox using the ” docker run busybox ” command, it loads up the container then runs up the command in the container. So when we run the command above, it will find nothing and do nothing and exit, as shown in Figure 4 below.
Figure 4
Now when you provide a command after docker run busybox, it will be executed. For instance, use any name where the command will be ” docker run busybox echo “hello world from Kings” The production will be as shown in Figure 5 below.
Figure 5
After that, we can now run the “docker ps” command to check if the containers are currently running, as shown in Figure 6 below.
Figure 6
Use “docker ps -a” command to see a list of all containers that we ran, and you will notice that the containers existed a few minutes ago, as shown in Figure 7 below.
Figure 7
After that, use “ps -a” command to see the difference with and without the Docker, as shown below.
Figure 8
Same Operating System As Host Operating system
virtual machines can run the operating system as the one being hosted. For instance, a user can run both Windows 10 in the virtual machine and the host machine. On the contrary, you can not run containers inside a container the same as the sandbox.
Data Remains When The Virtual Machines/Containers/Sandbox is closed
When using Sandbox under Windows, anything created or changed by the sandboxed application is not visible outside of the sandbox, and other Windows do not see it (Prevelakis & Spinellis,2001). They are not saved when the sandboxed application exists. At the same time, in virtual machines, the host operating system can see what is in the other operating system can be able to change by the host operating system because the other one is considered guest through the virtual machine folder.
Storage Space
Sandbox does not require much RAM size or disk space and is relatively easy to set up and use while the virtual box requires allocated disk space to the virtual hard drive and allocated RAM when it is running. The virtual storage machines have one or more virtual disks for storage, while containers use sandboxing to isolate any drive writes from the host.
Additional OS Overhead
Virtual machines are capable of holding more than one operating system. They can run Windows operating system and Kali Linux operating system simultaneously and correctly. On the other hand, sandbox and containers can not have a new operating system.
Security Level
The security level in virtual machines is higher as compared to containers due to the use of physical hardware level to individual kernels, which limits the attack surface to the hypervisor(Combe, Martin & Di Pietro,2016).
Performance
In performance, boxes are abstraction when running in an operating system while virtual machines use a whole complete operating system; thus, no concept to the operating system. The container is more efficient and has better application development as compared to both Virtual Machines and Sandbox.
Share Data With Host
Sandbox and container applications can both run in Windows, so all files on-disk resources in a sandbox and a container can be accessed by the host windows machines. In contrast, virtual machines files are entirely different for it is not installed in the host operating system but a different one.
Communication among the applications and the host
Sandbox and container communicate with applications and hosts for them to function well. For instance, Docker, which is a container in Kali Linux, uses some of its dependencies from other apps like python. On the other hand, virtual machines do not communicate with the host or any other form outside the operating system currently on because it considers this is another virtual environment which is not connected to any other operating system.
Examples of Applications
Some of the Sandbox applications include Linux application sandboxing, built on Seccop, Linux namespace, and cgroups. Container examples include Docker, container Linux which was formerly called CoreOS Linux and RanchersOS while models of virtual machines applications are VirtualBox, Hyper-V, Workstation, Vmware Fusion, Virtual PC and parallels Workstation
Advantages of Containers, Virtual machines, and Sandbox
In containers sandboxing is used in the detection method, which scans malicious files. They run on servers to denote malicious files by allowing first scanning when files are opened. Containers require fewer system resources because they do not include operating system images. There is increased portability when using containers. They are more efficient and have better application development. Virtual machines are essential because they act as the second operating system, and they can manage other operating systems that run correctly simultaneously.
Disadvantages of Containers, Virtual machines, and Sandbox
Containers are disadvantageous because not all applications benefit from them. They also require persistent data storage, and the graphical form does not work well in containers(Gansner & North,2000). Virtual machines are slower in usability because of the need to access the running software on top of a host operating system, which is less effective because of the access of hardware from the second priority. The sandbox may do more harm to the security of an application than the right due to the additional attack surface to the underlying surface.
References
Combe, T., Martin, A., & Di Pietro, R. (2016). To Docker or not to Docker: A security perspective. IEEE Cloud Computing, 3(5), 54-62.
Gansner, E. R., & North, S. C. (2000). An open graph visualization system and its applications to software engineering. Software: practice and experience, 30(11), 1203-1233.
Prevelakis, V., & Spinellis, D. (2001, June). Sandboxing Applications. In USENIX Annual Technical Conference, FREENIX Track (pp. 119-126).