@article{alam_mifthak_purohit_shadab_byrd_harfoush_2026, title={VirtShield: A Security Evaluation Framework for Virtualized and Containerized Systems}, volume={1}, DOI={10.1109/ccnc65079.2026.11366513}, abstractNote={Virtualization is a foundational technology in modern cloud computing. However, it is subject to security threats such as malicious co-located tenants, hypervisor vulnerabilities, and side-channel attacks. Such a threat is countered by deploying advanced and complex security solutions that have significant performance overhead.Prior work on VMs and containers has mainly evaluated basic security solutions, such as firewalls, using narrow performance metrics and synthetic models within limited evaluation frameworks. These studies often overlook advanced security modules in both user and kernel space, lack flexibility to incorporate emerging features, and fail to capture detailed system-level impacts. To address these gaps, we present VirtShield, an open-source framework for unified security testing in VMs and containers that mimics realistic cloud infrastructures. VirtShield supports advanced security modules across user and kernel space, providing rich, system-level performance metrics for comprehensive evaluation.Our evaluation shows that containers generally outperform VMs due to their lower virtualization overhead, achieving a throughput of 9.38 Gb/s compared to 1.98 Gb/s for VMs. However, VMs are comparable for kernel-space deployments, as Docker utilizes the shared kernel space Docker bridge, which can result in packet congestion. In latency-sensitive workloads, VM access latency (14.91 ms) is comparable to Docker (12.86 ms). In storage benchmarks (FIO), however, VMs outperform Docker due to the overhead of Docker’s layered, copy-on-write file system, whereas VMs leverage optimized virtual block devices with near-native I/O performance. These results highlight essential trade-offs in partitioning security workloads between user and kernel space, as well as across containerized and virtualized environments.}, author={Alam, Faiz and Mifthak, Mohammed Mubeen and Purohit, Sahil and Shadab, Md and Byrd, Gregory T. and Harfoush, Khaled}, year={2026}, month={Jan} }