# xRAC: Execution and Access Control for Restricted Application Containers   on Managed Hosts

**Authors:** Frederik Hauser, Mark Schmidt, Michael Menth

arXiv: 1907.03544 · 2023-01-25

## TL;DR

xRAC introduces a secure, container-based approach for running restricted applications on managed hosts, enabling controlled access to network resources while maintaining compatibility with existing infrastructure.

## Contribution

The paper presents xRAC, a novel system using standard virtualization and network protocols to enhance security and access control for restricted application containers.

## Key findings

- xRAC effectively isolates applications with unique IPv6 addresses.
- The implementation requires minimal modifications to existing infrastructure.
- Experimental validation confirms performance and security benefits.

## Abstract

We propose xRAC to permit users to run special applications on managed hosts and to grant them access to protected network resources. We use restricted application containers (RACs) for that purpose. A RAC is a virtualization container with only a selected set of applications. Authentication verifies the RAC user's identity and the integrity of the RAC image. If the user is permitted to use the RAC on a managed host, launching the RAC is authorized and access to protected network resources may be given, e.g., to internal networks, servers, or the Internet. xRAC simplifies traffic control as the traffic of a RAC has a unique IPv6 address so that it can be easily identified in the network. The architecture of xRAC reuses standard technologies, protocols, and infrastructure. Those are the Docker virtualization platform and 802.1X including EAP-over-UDP and RADIUS. Thus, xRAC improves network security without modifying core parts of applications, hosts, and infrastructure. In this paper, we review the technological background of xRAC, explain its architecture, discuss selected use cases, and investigate on the performance. To demonstrate the feasibility of xRAC, we implement it based on standard components with only a few modifications. Finally, we validate xRAC through experiments.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1907.03544/full.md

## Figures

14 figures with captions in the complete paper: https://tomesphere.com/paper/1907.03544/full.md

## References

56 references — full list in the complete paper: https://tomesphere.com/paper/1907.03544/full.md

---
Source: https://tomesphere.com/paper/1907.03544