When AM calls NM via ContainerManagementProtocol, the NMToken is suppied for authentication. The RPC server will verify the password of NMToken (originally generated by RM) so that we know the content of NMTokenIdentifier is geniune.
Next, for stopContainers() and getContainerStatus(), method authorizeGetAndStopContainerRequest() is used to verify that the requsted containers do belong to the AM by comparing them against the AppId in NMTokenIdentifier. However, right now when the appId doesn't match, authorizeGetAndStopContainerRequest() only log a warning message and continues to kill the container... Overall a malicious AM can kill containers of other apps running in any node its containers are running.