Docker ecosystem - Vulnerability Analysis

@article{Martin2018DockerE,
  title={Docker ecosystem - Vulnerability Analysis},
  author={Antony Martin and Simone Raponi and Th{\'e}o Combe and R. D. Pietro},
  journal={Comput. Commun.},
  year={2018},
  volume={122},
  pages={30-43}
}
Abstract Cloud based infrastructures have typically leveraged virtualization. However, the need for always shorter development cycles, continuous delivery and cost savings in infrastructures, led to the rise of containers. Indeed, containers provide faster deployment than virtual machines and near-native performance. In this paper, we study the security implications of the use of containers in typical use-cases, through a vulnerability-oriented analysis of the Docker ecosystem. Indeed, among… Expand
Container Security: Issues, Challenges, and the Road Ahead
TLDR
This paper has derived four generalized use cases that should cover security requirements within the host-container threat landscape and hopes that this analysis will help researchers understand container security requirements and obtain a clearer picture of possible vulnerabilities and attacks. Expand
An Empirical Study of Docker Vulnerabilities and of Static Code Analysis Applicability
  • Ana Duarte, Nuno Antunes
  • Computer Science
  • 2018 Eighth Latin-American Symposium on Dependable Computing (LADC)
  • 2018
TLDR
This paper performed a detailed analysis of the security reports and respective vulnerabilities, systematizing them according to causes, effects, and consequences, and analyzed the applicability of static code analyzers in Docker codebase, trying to understand, in hindsight, the usefulness of tools reports. Expand
Container Based On-Premises Cloud Security Framework
TLDR
The aim in this research work is to explore container based on-premise cloud orchestration, analyse its security scenario, study current research efforts, and propose a secure framework for container based cloud Orchestration to minimize the vulnerability if any. Expand
ConPan: A Tool to Analyze Packages in Software Containers
TLDR
ConPan is presented, an automated tool to inspect the characteristics of packages in Docker containers, such as their outdatedness and other possible flaws (e.g., bugs and security vulnerabilities). Expand
Understanding the Quality of Container Security Vulnerability Detection Tools
TLDR
This study investigates the quality of existing container scanning tools by proposing two metrics that reflects coverage and accuracy and demonstrates quality of Docker images for Java applications hosted on DockerHub by assessing complete vulnerability landscape i.e., number of vulnerabilities detected in images. Expand
Network Virtualization: Proof of Concept for Remote Management of Multi-Tenant Infrastructure
  • S. Ugwuanyi, R. Asif, J. Irvine
  • Computer Science
  • 2020 IEEE 6th International Conference on Dependability in Sensor, Cloud and Big Data Systems and Application (DependSys)
  • 2020
TLDR
This study performed a comprehensive study of the requirements and strategies in a Containerized Docker Swarm Orchestration Framework (CDSOF) as an efficient, cost-effective, secure and resilience device management tool for remote administration, configuration and supervision of virtualized large-scale Ethernet connected multi-tenanted assets. Expand
Containers in Software Development: A Systematic Mapping Study
TLDR
Containers are most often discussed in the context of cloud computing, performance and DevOps, and it is found that what is currently missing is more deeply focused research. Expand
Evaluation on the Security of Commercial Cloud Container Services
TLDR
A metric checklist is derived that identifies the critical factors associated with the security of cloud container services against the two most severe threats, i.e., the privilege escalation and container escaping attacks. Expand
Understanding the Security Risks of Docker Hub
TLDR
The first large-scale and in-depth security analysis against Docker images is conducted, uncovering multiple security-critical aspects of Docker images with an empirical but comprehensive analysis, covering sensitive parameters in run-commands, the executed programs in Docker images, and vulnerabilities in contained software. Expand
Lic-Sec: an enhanced AppArmor Docker security profile generator
TLDR
Evaluations show that for demanding images, Lic-Sec gives protection for all privilege escalation attacks for which Docker-sec failed to give protection, and brings together their strengths and provides stronger protection. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 34 REFERENCES
To Docker or Not to Docker: A Security Perspective
TLDR
An adversary model is defined, several vulnerabilities affecting current Docker usage are pointed out, and further research directions are discussed on the Docker environment's security implications through realistic use cases. Expand
Securing Docker Containers from Denial of Service (DoS) Attacks
TLDR
Important security issues of the Docker containers are discussed as well as the related work that is being carried out in this area and proposed security algorithms and methods to address DoS attacks related issues in the Docker container technology are proposed. Expand
Virtualization vs Containerization to Support PaaS
TLDR
This paper explores how PaaS vendors are using containers as a means of hosting Apps and explores various container implementations - Linux Containers, Docker, Warden Container, lmctfy and OpenVZ. Expand
Virtualization and Cloud Security: Benefits, Caveats, and Future Developments
TLDR
The objective of this chapter is to shed light on virtualization technologies that empower the Cloud and that will be increasingly relevant for the evolution of Cloud services, together with the associated frameworks and principles. Expand
Integrating Containers into Workflows: A Case Study Using Makeflow, Work Queue, and Docker
TLDR
This paper considers how to best integrate container technology into an existing workflow system, using Makeflow, Work Queue, and Docker as examples of current technology. Expand
A Study of Security Vulnerabilities on Docker Hub
TLDR
A scalable Docker image vulnerability analysis (DIVA) framework that automatically discovers, downloads, and analyzes both official and community images on Docker Hub, which shows a strong need for more automated and systematic methods of applying security updates to Docker images. Expand
Research of Penetration Testing Technology in Docker Environment
With the increasing use of cloud computing, virtualization has developed rapidly as the key technology. Especially, Docker container technology has become the focus of attention of researchersExpand
A Defense Method against Docker Escape Attack
TLDR
This paper discusses the existing security mechanism and security issues of Docker, the methods and characteristics of Docker escape attack, and proposes a defense method based on status inspection of namespaces, which is proved to be able to detect anomalous processes and prevent escape behaviors. Expand
Secure virtualization for cloud computing
TLDR
It is shown how virtualization can increase the security of cloud computing, by protecting both the integrity of guest virtual machines and the cloud infrastructure components and a novel architecture, Advanced Cloud Protection System, aimed at guaranteeing increased security to cloud resources. Expand
Security of Cloud Computing
TLDR
This paper investigates some prime security attacks on clouds: Wrapping attacks, MalwareInjection attacks and Flooding attacks, and the accountability needed due to these attacks and the theoretical solutions needed to integrate these solutions. Expand
...
1
2
3
4
...