Heterogeneous Hardware Support in Docker Images

Docker images are commonly used to package, distribute and deploy complex cloud-native applications in containerised form. A container engine executes these applications with separated privileges according to namespaces. Recent studies have investigated security vulnerabilities and runtime characteristics of Docker images. 
In contrast, little is known about the extent of hardware-dependent features in these images such as processor-specific trusted execution environments, graphics acceleration or extension boards. 
This problem can be generalised to missing knowledge about the extent of any hardware-specific instructions within the images that may require elevated privileges.
In this study, we contribute to increasing this knowledge by a systematic long-term analysis of a sample of Docker images concerning their use of hardware-specific features, including those for virtualisation, acceleration and security. 
We contribute a Docker registry metadata collector along with augmented metadata covering one-year long of top (i.e., official images and those from the same developers) Docker Hub images, also releasing those as open dataset. 
Moreover, we provide a heuristic hardware dependency analysis framework and a hardware-aware Docker executor that gives early warnings upon missing hardware dependencies instead of leading to silent or untimely failures. 
We demonstrate the usefulness of our work for heterogeneous cloud and fog computing environments.