Review
BibTex RIS Cite
Year 2020, , 31 - 39, 29.06.2020
https://doi.org/10.46460/ijiea.617181

Abstract

References

  • [1] Wikipadiea Docker. (n.d.). Retrieved from Wikipedia: https://en.wikipedia.org/wiki/Docker_(software)
  • [2] What is Docker? (n.d.). Retrieved from opensource.com: https://opensource.com/resources/what-docker
  • [3] Docker Security Vulnerabilities. (n.d.). Retrieved from Sysdig: https://sysdig.com/blog/7-docker-security-vulnerabilities/
  • [4] Five Security concerns when using docker. (n.d.). Retrieved from Oreilly: https://www.oreilly.com/ideas/five-security-concerns-when-using-docker
  • [5] Rui, S., Xiaohui, G., & William, E. (March 22 - 24, 2017). A Study of Security Vulnerabilities on Docker Hub. CODASPY '17 Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (pp. 269-280). Scottsdale, Arizona, USA: ACM.
  • [6] ISACA, Understanding the Enterprise Advantages of Application Containerization. (n.d.). USA.
  • [7] Docker Website. (n.d.). Retrieved from Docker Website: https://www.docker.com/
  • [8] Twistlock. (n.d.). Retrieved from 5 Best Practices to Container Image Security: https://www.twistlock.com/2017/08/31/container-image-security-best-practices/
  • [9] Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities. (n.d.). Retrieved from banyanops: https://banyanops.com/blog/analyzing-docker-hub/Advantages-of-Application-Containerization.aspx
  • [10] Federacy. (n.d.). Retrieved from Container Scanning Specification: https://www.federacy.org/docker_image_vulnerabilities
  • [11] Docker 1.3.3 Security Advisor. Retrieved from Security focus Website: https://www.securityfocus.com/archive/1/archive/1/534215/100/0/threaded
  • [12] Bug 1167505 - (CVE-2014-6407) CVE-2014-6407 docker: symbolic and hardlink issues leading to privilege escalation. Retrieved from bugzilla.redhat Website: https://bugzilla.redhat.com/show_bug.cgi?id=1167505
  • [13] SUSE-SU-2015:0984-1: moderate: Security update for docker.Retrieved from Suse Website: http://lists.suse.com/pipermail/sle-security-updates/2015-June/001419.html
  • [14] RHSA-2014:0820 - Security Advisory. Retrieved from redhat Website: https://access.redhat.com/errata/RHSA-2014:0820
  • [15] Docker 1.6.1 - Security Advisory [150507]. Retrieved from Seclists Website: http://seclists.org/fulldisclosure/2015/May/28https://www.cvedetails.com/vulnerability-list/vendor_id-13534/product_id- 28125/Docker-Docker.html
  • [16] Ayaz Ö., Aydın G., “Uygulama Sanallaştırmada Yeni Bir Yaklaşım: Docker”, https://ab.org.tr/ab15/bildiri/312.pdf
  • [17] B. I. Ismail et al., "Evaluation of Docker as Edge computing platform," 2015 IEEE Conference on Open Systems (ICOS), Bandar Melaka, 2015, pp. 130-135.doi: 10.1109/ICOS.2015.7377291
  • [18] W. Felter, A. Ferreira, R. Rajamony and J. Rubio, "An updated performance comparison of virtual machines and Linux containers," 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), Philadelphia, PA, 2015, pp. 171-172. doi: 10.1109/ISPASS.2015.7095802
  • [19] Preeth E N, F. J. P. Mulerickal, B. Paul and Y. Sastri, "Evaluation of Docker containers based on hardware utilization," 2015 International Conference on Control Communication & Computing India (ICCC), Trivandrum, 2015, pp. 697-700.doi: 10.1109/ICCC.2015.7432984
  • [20] W. Wei, “Docker Hub Suffers a Data Breach, Asks Users to Reset Password” 2019
  • [21] Morgan, T. P. “Docker Completes Its Platform Wıth Dıy Lınux” 2017
  • [22] Bui, T., “Analysis of Docker Security” Aalto University T-110.5291 Seminar on Network Security, 2014
  • [23] Combe, T., Martin, A., Pietro, R.D. “To Docker or not to Docker: a security perspective” IEEE Cloud Computing, 2016
  • [24] Bacis E., Mutti, S. Capelli, S. Paraboschi, S. “DockerPolicyModules: Mandatory Access Control for Docker containers” IEEE Publishing, 2015
  • [25] Shu, R., Gu X., Enck, W., “A Study of Security Vulnerabilities on Docker Hub” CODASPY '17 Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, 2017
  • [26] Manu, A R, Patel, J. K., Akhtar S., Agrawal, V. K., Murthy K N, “Docker container security via heuristics-based multilateral security-conceptual and pragmatic study”, IEEE Publishing, 2016
  • [27] Manu, A R, Patel, J. K., Akhtar S., Agrawal, V. K., Murthy K N, “A study, analysis and deep dive on cloud PAAS security in terms of Docker container security”, International Conference on Circuit, Power and Computing Technologies (ICCPCT), 2016
  • [28] Chelladhurai, J., Chelliah, P., Kumar, S. A., “Securing Docker Containers from Denial of Service (DoS) Attacks” International Conference on Services Computing (SCC),2016
  • [29] Gao X., Gu, Z. Kayaalp, M., Pendarakis, D., Wang, H., “ContainerLeaks: Emerging Security Threats of Information Leakages in Container Clouds” 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2017
  • [30] Jian, Z., Chen, L.,“A Defense Method against Docker Escape Attack” ICCSP '17 Proceedings of the 2017 International Conference on Cryptography, Security and Privacy, 2016

Securing Vulnerabilities in Docker Images

Year 2020, , 31 - 39, 29.06.2020
https://doi.org/10.46460/ijiea.617181

Abstract

Docker is an alternative application development and publishing infrastructure tool to various virtualization environments such as Virtual box and the like. The most popular containerization platform is Docker which is the area where Docker images are run. Container is a lightweight contrasting option to full machine virtualization that includes exemplifying an application in a container with its own working condition. These two concepts, virtualization and containerization are competing in the cloud-based environments. When virtualization became the mainstream, VM security concerns was common. IT Security experts are discussing the potential weaknesses of a virtualized environment for a long time. In this paper, focusing on Docker container, its vulnerabilities and possible measurements against security concerns, we have provided information about assessment of risks and vulnerabilities of containerization and the main differences between these two concepts via vulnerability analysis. 

References

  • [1] Wikipadiea Docker. (n.d.). Retrieved from Wikipedia: https://en.wikipedia.org/wiki/Docker_(software)
  • [2] What is Docker? (n.d.). Retrieved from opensource.com: https://opensource.com/resources/what-docker
  • [3] Docker Security Vulnerabilities. (n.d.). Retrieved from Sysdig: https://sysdig.com/blog/7-docker-security-vulnerabilities/
  • [4] Five Security concerns when using docker. (n.d.). Retrieved from Oreilly: https://www.oreilly.com/ideas/five-security-concerns-when-using-docker
  • [5] Rui, S., Xiaohui, G., & William, E. (March 22 - 24, 2017). A Study of Security Vulnerabilities on Docker Hub. CODASPY '17 Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (pp. 269-280). Scottsdale, Arizona, USA: ACM.
  • [6] ISACA, Understanding the Enterprise Advantages of Application Containerization. (n.d.). USA.
  • [7] Docker Website. (n.d.). Retrieved from Docker Website: https://www.docker.com/
  • [8] Twistlock. (n.d.). Retrieved from 5 Best Practices to Container Image Security: https://www.twistlock.com/2017/08/31/container-image-security-best-practices/
  • [9] Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities. (n.d.). Retrieved from banyanops: https://banyanops.com/blog/analyzing-docker-hub/Advantages-of-Application-Containerization.aspx
  • [10] Federacy. (n.d.). Retrieved from Container Scanning Specification: https://www.federacy.org/docker_image_vulnerabilities
  • [11] Docker 1.3.3 Security Advisor. Retrieved from Security focus Website: https://www.securityfocus.com/archive/1/archive/1/534215/100/0/threaded
  • [12] Bug 1167505 - (CVE-2014-6407) CVE-2014-6407 docker: symbolic and hardlink issues leading to privilege escalation. Retrieved from bugzilla.redhat Website: https://bugzilla.redhat.com/show_bug.cgi?id=1167505
  • [13] SUSE-SU-2015:0984-1: moderate: Security update for docker.Retrieved from Suse Website: http://lists.suse.com/pipermail/sle-security-updates/2015-June/001419.html
  • [14] RHSA-2014:0820 - Security Advisory. Retrieved from redhat Website: https://access.redhat.com/errata/RHSA-2014:0820
  • [15] Docker 1.6.1 - Security Advisory [150507]. Retrieved from Seclists Website: http://seclists.org/fulldisclosure/2015/May/28https://www.cvedetails.com/vulnerability-list/vendor_id-13534/product_id- 28125/Docker-Docker.html
  • [16] Ayaz Ö., Aydın G., “Uygulama Sanallaştırmada Yeni Bir Yaklaşım: Docker”, https://ab.org.tr/ab15/bildiri/312.pdf
  • [17] B. I. Ismail et al., "Evaluation of Docker as Edge computing platform," 2015 IEEE Conference on Open Systems (ICOS), Bandar Melaka, 2015, pp. 130-135.doi: 10.1109/ICOS.2015.7377291
  • [18] W. Felter, A. Ferreira, R. Rajamony and J. Rubio, "An updated performance comparison of virtual machines and Linux containers," 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), Philadelphia, PA, 2015, pp. 171-172. doi: 10.1109/ISPASS.2015.7095802
  • [19] Preeth E N, F. J. P. Mulerickal, B. Paul and Y. Sastri, "Evaluation of Docker containers based on hardware utilization," 2015 International Conference on Control Communication & Computing India (ICCC), Trivandrum, 2015, pp. 697-700.doi: 10.1109/ICCC.2015.7432984
  • [20] W. Wei, “Docker Hub Suffers a Data Breach, Asks Users to Reset Password” 2019
  • [21] Morgan, T. P. “Docker Completes Its Platform Wıth Dıy Lınux” 2017
  • [22] Bui, T., “Analysis of Docker Security” Aalto University T-110.5291 Seminar on Network Security, 2014
  • [23] Combe, T., Martin, A., Pietro, R.D. “To Docker or not to Docker: a security perspective” IEEE Cloud Computing, 2016
  • [24] Bacis E., Mutti, S. Capelli, S. Paraboschi, S. “DockerPolicyModules: Mandatory Access Control for Docker containers” IEEE Publishing, 2015
  • [25] Shu, R., Gu X., Enck, W., “A Study of Security Vulnerabilities on Docker Hub” CODASPY '17 Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, 2017
  • [26] Manu, A R, Patel, J. K., Akhtar S., Agrawal, V. K., Murthy K N, “Docker container security via heuristics-based multilateral security-conceptual and pragmatic study”, IEEE Publishing, 2016
  • [27] Manu, A R, Patel, J. K., Akhtar S., Agrawal, V. K., Murthy K N, “A study, analysis and deep dive on cloud PAAS security in terms of Docker container security”, International Conference on Circuit, Power and Computing Technologies (ICCPCT), 2016
  • [28] Chelladhurai, J., Chelliah, P., Kumar, S. A., “Securing Docker Containers from Denial of Service (DoS) Attacks” International Conference on Services Computing (SCC),2016
  • [29] Gao X., Gu, Z. Kayaalp, M., Pendarakis, D., Wang, H., “ContainerLeaks: Emerging Security Threats of Information Leakages in Container Clouds” 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2017
  • [30] Jian, Z., Chen, L.,“A Defense Method against Docker Escape Attack” ICCSP '17 Proceedings of the 2017 International Conference on Cryptography, Security and Privacy, 2016
There are 30 citations in total.

Details

Primary Language English
Subjects Engineering
Journal Section Review
Authors

Ahmet Efe

Ulaş Aslan This is me

Aytekin Mutlu Kara This is me

Publication Date June 29, 2020
Submission Date September 9, 2019
Published in Issue Year 2020

Cite

APA Efe, A., Aslan, U., & Kara, A. M. (2020). Securing Vulnerabilities in Docker Images. International Journal of Innovative Engineering Applications, 4(1), 31-39. https://doi.org/10.46460/ijiea.617181
AMA Efe A, Aslan U, Kara AM. Securing Vulnerabilities in Docker Images. ijiea, IJIEA. June 2020;4(1):31-39. doi:10.46460/ijiea.617181
Chicago Efe, Ahmet, Ulaş Aslan, and Aytekin Mutlu Kara. “Securing Vulnerabilities in Docker Images”. International Journal of Innovative Engineering Applications 4, no. 1 (June 2020): 31-39. https://doi.org/10.46460/ijiea.617181.
EndNote Efe A, Aslan U, Kara AM (June 1, 2020) Securing Vulnerabilities in Docker Images. International Journal of Innovative Engineering Applications 4 1 31–39.
IEEE A. Efe, U. Aslan, and A. M. Kara, “Securing Vulnerabilities in Docker Images”, ijiea, IJIEA, vol. 4, no. 1, pp. 31–39, 2020, doi: 10.46460/ijiea.617181.
ISNAD Efe, Ahmet et al. “Securing Vulnerabilities in Docker Images”. International Journal of Innovative Engineering Applications 4/1 (June 2020), 31-39. https://doi.org/10.46460/ijiea.617181.
JAMA Efe A, Aslan U, Kara AM. Securing Vulnerabilities in Docker Images. ijiea, IJIEA. 2020;4:31–39.
MLA Efe, Ahmet et al. “Securing Vulnerabilities in Docker Images”. International Journal of Innovative Engineering Applications, vol. 4, no. 1, 2020, pp. 31-39, doi:10.46460/ijiea.617181.
Vancouver Efe A, Aslan U, Kara AM. Securing Vulnerabilities in Docker Images. ijiea, IJIEA. 2020;4(1):31-9.