Securing Vulnerabilities in Docker Images

Ahmet Efe; Ulaş Aslan; Aytekin Mutlu Kara

doi:10.46460/ijiea.617181

EN

Securing Vulnerabilities in Docker Images

Abstract

Docker is an alternative application development and publishing infrastructure tool to various virtualization environments such as Virtual box and the like. The most popular containerization platform is Docker which is the area where Docker images are run. Container is a lightweight contrasting option to full machine virtualization that includes exemplifying an application in a container with its own working condition. These two concepts, virtualization and containerization are competing in the cloud-based environments. When virtualization became the mainstream, VM security concerns was common. IT Security experts are discussing the potential weaknesses of a virtualized environment for a long time. In this paper, focusing on Docker container, its vulnerabilities and possible measurements against security concerns, we have provided information about assessment of risks and vulnerabilities of containerization and the main differences between these two concepts via vulnerability analysis.

Keywords

Technology,Vulnerabilities,Dockers,Containers

References

[1] Wikipadiea Docker. (n.d.). Retrieved from Wikipedia: https://en.wikipedia.org/wiki/Docker_(software)
[2] What is Docker? (n.d.). Retrieved from opensource.com: https://opensource.com/resources/what-docker
[3] Docker Security Vulnerabilities. (n.d.). Retrieved from Sysdig: https://sysdig.com/blog/7-docker-security-vulnerabilities/
[4] Five Security concerns when using docker. (n.d.). Retrieved from Oreilly: https://www.oreilly.com/ideas/five-security-concerns-when-using-docker
[5] Rui, S., Xiaohui, G., & William, E. (March 22 - 24, 2017). A Study of Security Vulnerabilities on Docker Hub. CODASPY '17 Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (pp. 269-280). Scottsdale, Arizona, USA: ACM.
[6] ISACA, Understanding the Enterprise Advantages of Application Containerization. (n.d.). USA.
[7] Docker Website. (n.d.). Retrieved from Docker Website: https://www.docker.com/
[8] Twistlock. (n.d.). Retrieved from 5 Best Practices to Container Image Security: https://www.twistlock.com/2017/08/31/container-image-security-best-practices/
[9] Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities. (n.d.). Retrieved from banyanops: https://banyanops.com/blog/analyzing-docker-hub/Advantages-of-Application-Containerization.aspx
[10] Federacy. (n.d.). Retrieved from Container Scanning Specification: https://www.federacy.org/docker_image_vulnerabilities

[11] Docker 1.3.3 Security Advisor. Retrieved from Security focus Website: https://www.securityfocus.com/archive/1/archive/1/534215/100/0/threaded
[12] Bug 1167505 - (CVE-2014-6407) CVE-2014-6407 docker: symbolic and hardlink issues leading to privilege escalation. Retrieved from bugzilla.redhat Website: https://bugzilla.redhat.com/show_bug.cgi?id=1167505
[13] SUSE-SU-2015:0984-1: moderate: Security update for docker.Retrieved from Suse Website: http://lists.suse.com/pipermail/sle-security-updates/2015-June/001419.html
[14] RHSA-2014:0820 - Security Advisory. Retrieved from redhat Website: https://access.redhat.com/errata/RHSA-2014:0820
[15] Docker 1.6.1 - Security Advisory [150507]. Retrieved from Seclists Website: http://seclists.org/fulldisclosure/2015/May/28https://www.cvedetails.com/vulnerability-list/vendor_id-13534/product_id- 28125/Docker-Docker.html
[16] Ayaz Ö., Aydın G., “Uygulama Sanallaştırmada Yeni Bir Yaklaşım: Docker”, https://ab.org.tr/ab15/bildiri/312.pdf
[17] B. I. Ismail et al., "Evaluation of Docker as Edge computing platform," 2015 IEEE Conference on Open Systems (ICOS), Bandar Melaka, 2015, pp. 130-135.doi: 10.1109/ICOS.2015.7377291
[18] W. Felter, A. Ferreira, R. Rajamony and J. Rubio, "An updated performance comparison of virtual machines and Linux containers," 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), Philadelphia, PA, 2015, pp. 171-172. doi: 10.1109/ISPASS.2015.7095802
[19] Preeth E N, F. J. P. Mulerickal, B. Paul and Y. Sastri, "Evaluation of Docker containers based on hardware utilization," 2015 International Conference on Control Communication & Computing India (ICCC), Trivandrum, 2015, pp. 697-700.doi: 10.1109/ICCC.2015.7432984
[20] W. Wei, “Docker Hub Suffers a Data Breach, Asks Users to Reset Password” 2019
[21] Morgan, T. P. “Docker Completes Its Platform Wıth Dıy Lınux” 2017
[22] Bui, T., “Analysis of Docker Security” Aalto University T-110.5291 Seminar on Network Security, 2014
[23] Combe, T., Martin, A., Pietro, R.D. “To Docker or not to Docker: a security perspective” IEEE Cloud Computing, 2016
[24] Bacis E., Mutti, S. Capelli, S. Paraboschi, S. “DockerPolicyModules: Mandatory Access Control for Docker containers” IEEE Publishing, 2015
[25] Shu, R., Gu X., Enck, W., “A Study of Security Vulnerabilities on Docker Hub” CODASPY '17 Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, 2017
[26] Manu, A R, Patel, J. K., Akhtar S., Agrawal, V. K., Murthy K N, “Docker container security via heuristics-based multilateral security-conceptual and pragmatic study”, IEEE Publishing, 2016
[27] Manu, A R, Patel, J. K., Akhtar S., Agrawal, V. K., Murthy K N, “A study, analysis and deep dive on cloud PAAS security in terms of Docker container security”, International Conference on Circuit, Power and Computing Technologies (ICCPCT), 2016
[28] Chelladhurai, J., Chelliah, P., Kumar, S. A., “Securing Docker Containers from Denial of Service (DoS) Attacks” International Conference on Services Computing (SCC),2016
[29] Gao X., Gu, Z. Kayaalp, M., Pendarakis, D., Wang, H., “ContainerLeaks: Emerging Security Threats of Information Leakages in Container Clouds” 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2017
[30] Jian, Z., Chen, L.,“A Defense Method against Docker Escape Attack” ICCSP '17 Proceedings of the 2017 International Conference on Cryptography, Security and Privacy, 2016

Details

Primary Language

English

Subjects

Engineering

Journal Section

Review

Authors

Ahmet Efe
Türkiye

Ulaş Aslan This is me

Aytekin Mutlu Kara This is me

Publication Date

June 29, 2020

Submission Date

September 9, 2019

Acceptance Date

April 30, 2020

Published in Issue

Year 2020 Volume: 4 Number: 1

DOI

https://doi.org/10.46460/ijiea.617181

IZ

https://izlik.org/JA69UW23TC

APA

Efe, A., Aslan, U., & Kara, A. M. (2020). Securing Vulnerabilities in Docker Images. International Journal of Innovative Engineering Applications, 4(1), 31-39. https://doi.org/10.46460/ijiea.617181

AMA

1.Efe A, Aslan U, Kara AM. Securing Vulnerabilities in Docker Images. IJIEA. 2020;4(1):31-39. doi:10.46460/ijiea.617181

Chicago

Efe, Ahmet, Ulaş Aslan, and Aytekin Mutlu Kara. 2020. “Securing Vulnerabilities in Docker Images”. International Journal of Innovative Engineering Applications 4 (1): 31-39. https://doi.org/10.46460/ijiea.617181.

EndNote

Efe A, Aslan U, Kara AM (June 1, 2020) Securing Vulnerabilities in Docker Images. International Journal of Innovative Engineering Applications 4 1 31–39.

IEEE

[1]A. Efe, U. Aslan, and A. M. Kara, “Securing Vulnerabilities in Docker Images”, IJIEA, vol. 4, no. 1, pp. 31–39, June 2020, doi: 10.46460/ijiea.617181.

ISNAD

Efe, Ahmet - Aslan, Ulaş - Kara, Aytekin Mutlu. “Securing Vulnerabilities in Docker Images”. International Journal of Innovative Engineering Applications 4/1 (June 1, 2020): 31-39. https://doi.org/10.46460/ijiea.617181.

JAMA

1.Efe A, Aslan U, Kara AM. Securing Vulnerabilities in Docker Images. IJIEA. 2020;4:31–39.

MLA

Efe, Ahmet, et al. “Securing Vulnerabilities in Docker Images”. International Journal of Innovative Engineering Applications, vol. 4, no. 1, June 2020, pp. 31-39, doi:10.46460/ijiea.617181.

Vancouver

1.Ahmet Efe, Ulaş Aslan, Aytekin Mutlu Kara. Securing Vulnerabilities in Docker Images. IJIEA. 2020 Jun. 1;4(1):31-9. doi:10.46460/ijiea.617181

This work is licensed under CC BY-NC 4.0

Securing Vulnerabilities in Docker Images

Abstract

Securing Vulnerabilities in Docker Images

Abstract

Keywords

References

Details

Primary Language

Subjects

Journal Section

Authors

Publication Date

Submission Date

Acceptance Date

Published in Issue

DOI

IZ

Cite

Cited By

An Empirical Investigation of Docker Sockets for Privilege Escalation and Defensive Strategies

DOCKER CONTAINER IMAGE SCANNING METHODS

DOCKER CONTAINER IMAGE SCANNING METHODS