Feature/lab12

[AidarSarvartdinov]

Goal

Run OWASP Juice Shop under Kata Containers to experience VM-backed container isolation, compare it with the default runc runtime, and document security/operational trade-offs.

Changes

Completed labs/submission12.md for Lab 12 with required evidence and concise analysis for Tasks 1–4.
Added runtime comparison (runc vs io.containerd.kata.v2) with kernel/CPU differences and isolation implications.
Documented isolation test outcomes (dmesg, /proc, network interfaces, kernel modules) and security impact of escape scenarios.
Added performance snapshot (startup times and HTTP latency baseline) with short usage recommendations for runc vs Kata.

Testing

Verified Kata shim version output is recorded.
Verified Kata runtime test container runs successfully with --runtime io.containerd.kata.v2.
Verified Juice Shop health check returns HTTP 200 on port 3012.
Verified startup timing and latency outputs are captured from generated lab files.

Artifacts & Screenshots

labs/submission12.md
labs/lab12/runc/health.txt
labs/lab12/kata/test1.txt
labs/lab12/kata/kernel.txt
labs/lab12/kata/cpu.txt
labs/lab12/analysis/kernel-comparison.txt
labs/lab12/analysis/cpu-comparison.txt
labs/lab12/isolation/dmesg.txt
labs/lab12/isolation/proc.txt
labs/lab12/isolation/network.txt
labs/lab12/isolation/modules.txt
labs/lab12/bench/startup.txt
labs/lab12/bench/http-latency.txt
labs/lab12/bench/curl-3012.txt

Checklist

• clear title
• docs updated if needed
• no secrets/large temp files
• Task 1 — Kata install + runtime config
• Task 2 — runc vs kata runtime comparison
• Task 3 — Isolation tests
• Task 4 — Basic performance snapshot