Securing Vulnerabilities in Docker Images

Ahmet Efe; Ulaş Aslan; Aytekin Mutlu Kara

doi:10.46460/ijiea.617181

EN

Securing Vulnerabilities in Docker Images

Öz

Docker is an alternative application development and publishing infrastructure tool to various virtualization environments such as Virtual box and the like. The most popular containerization platform is Docker which is the area where Docker images are run. Container is a lightweight contrasting option to full machine virtualization that includes exemplifying an application in a container with its own working condition. These two concepts, virtualization and containerization are competing in the cloud-based environments. When virtualization became the mainstream, VM security concerns was common. IT Security experts are discussing the potential weaknesses of a virtualized environment for a long time. In this paper, focusing on Docker container, its vulnerabilities and possible measurements against security concerns, we have provided information about assessment of risks and vulnerabilities of containerization and the main differences between these two concepts via vulnerability analysis.

Anahtar Kelimeler

Technology,Vulnerabilities,Dockers,Containers

Kaynakça

[1] Wikipadiea Docker. (n.d.). Retrieved from Wikipedia: https://en.wikipedia.org/wiki/Docker_(software)
[2] What is Docker? (n.d.). Retrieved from opensource.com: https://opensource.com/resources/what-docker
[3] Docker Security Vulnerabilities. (n.d.). Retrieved from Sysdig: https://sysdig.com/blog/7-docker-security-vulnerabilities/
[4] Five Security concerns when using docker. (n.d.). Retrieved from Oreilly: https://www.oreilly.com/ideas/five-security-concerns-when-using-docker
[5] Rui, S., Xiaohui, G., & William, E. (March 22 - 24, 2017). A Study of Security Vulnerabilities on Docker Hub. CODASPY '17 Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (pp. 269-280). Scottsdale, Arizona, USA: ACM.
[6] ISACA, Understanding the Enterprise Advantages of Application Containerization. (n.d.). USA.
[7] Docker Website. (n.d.). Retrieved from Docker Website: https://www.docker.com/
[8] Twistlock. (n.d.). Retrieved from 5 Best Practices to Container Image Security: https://www.twistlock.com/2017/08/31/container-image-security-best-practices/
[9] Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities. (n.d.). Retrieved from banyanops: https://banyanops.com/blog/analyzing-docker-hub/Advantages-of-Application-Containerization.aspx
[10] Federacy. (n.d.). Retrieved from Container Scanning Specification: https://www.federacy.org/docker_image_vulnerabilities

[11] Docker 1.3.3 Security Advisor. Retrieved from Security focus Website: https://www.securityfocus.com/archive/1/archive/1/534215/100/0/threaded
[12] Bug 1167505 - (CVE-2014-6407) CVE-2014-6407 docker: symbolic and hardlink issues leading to privilege escalation. Retrieved from bugzilla.redhat Website: https://bugzilla.redhat.com/show_bug.cgi?id=1167505
[13] SUSE-SU-2015:0984-1: moderate: Security update for docker.Retrieved from Suse Website: http://lists.suse.com/pipermail/sle-security-updates/2015-June/001419.html
[14] RHSA-2014:0820 - Security Advisory. Retrieved from redhat Website: https://access.redhat.com/errata/RHSA-2014:0820
[15] Docker 1.6.1 - Security Advisory [150507]. Retrieved from Seclists Website: http://seclists.org/fulldisclosure/2015/May/28https://www.cvedetails.com/vulnerability-list/vendor_id-13534/product_id- 28125/Docker-Docker.html
[16] Ayaz Ö., Aydın G., “Uygulama Sanallaştırmada Yeni Bir Yaklaşım: Docker”, https://ab.org.tr/ab15/bildiri/312.pdf
[17] B. I. Ismail et al., "Evaluation of Docker as Edge computing platform," 2015 IEEE Conference on Open Systems (ICOS), Bandar Melaka, 2015, pp. 130-135.doi: 10.1109/ICOS.2015.7377291
[18] W. Felter, A. Ferreira, R. Rajamony and J. Rubio, "An updated performance comparison of virtual machines and Linux containers," 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), Philadelphia, PA, 2015, pp. 171-172. doi: 10.1109/ISPASS.2015.7095802
[19] Preeth E N, F. J. P. Mulerickal, B. Paul and Y. Sastri, "Evaluation of Docker containers based on hardware utilization," 2015 International Conference on Control Communication & Computing India (ICCC), Trivandrum, 2015, pp. 697-700.doi: 10.1109/ICCC.2015.7432984
[20] W. Wei, “Docker Hub Suffers a Data Breach, Asks Users to Reset Password” 2019
[21] Morgan, T. P. “Docker Completes Its Platform Wıth Dıy Lınux” 2017
[22] Bui, T., “Analysis of Docker Security” Aalto University T-110.5291 Seminar on Network Security, 2014
[23] Combe, T., Martin, A., Pietro, R.D. “To Docker or not to Docker: a security perspective” IEEE Cloud Computing, 2016
[24] Bacis E., Mutti, S. Capelli, S. Paraboschi, S. “DockerPolicyModules: Mandatory Access Control for Docker containers” IEEE Publishing, 2015
[25] Shu, R., Gu X., Enck, W., “A Study of Security Vulnerabilities on Docker Hub” CODASPY '17 Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, 2017
[26] Manu, A R, Patel, J. K., Akhtar S., Agrawal, V. K., Murthy K N, “Docker container security via heuristics-based multilateral security-conceptual and pragmatic study”, IEEE Publishing, 2016
[27] Manu, A R, Patel, J. K., Akhtar S., Agrawal, V. K., Murthy K N, “A study, analysis and deep dive on cloud PAAS security in terms of Docker container security”, International Conference on Circuit, Power and Computing Technologies (ICCPCT), 2016
[28] Chelladhurai, J., Chelliah, P., Kumar, S. A., “Securing Docker Containers from Denial of Service (DoS) Attacks” International Conference on Services Computing (SCC),2016
[29] Gao X., Gu, Z. Kayaalp, M., Pendarakis, D., Wang, H., “ContainerLeaks: Emerging Security Threats of Information Leakages in Container Clouds” 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2017
[30] Jian, Z., Chen, L.,“A Defense Method against Docker Escape Attack” ICCSP '17 Proceedings of the 2017 International Conference on Cryptography, Security and Privacy, 2016

Ayrıntılar

Birincil Dil

İngilizce

Konular

Mühendislik

Bölüm

Derleme

Yazarlar

Ahmet Efe
Türkiye

Ulaş Aslan Bu kişi benim

Aytekin Mutlu Kara Bu kişi benim

Yayımlanma Tarihi

29 Haziran 2020

Gönderilme Tarihi

9 Eylül 2019

Kabul Tarihi

30 Nisan 2020

Yayımlandığı Sayı

Yıl 2020 Cilt: 4 Sayı: 1

DOI

https://doi.org/10.46460/ijiea.617181

IZ

https://izlik.org/JA69UW23TC

APA

Efe, A., Aslan, U., & Kara, A. M. (2020). Securing Vulnerabilities in Docker Images. International Journal of Innovative Engineering Applications, 4(1), 31-39. https://doi.org/10.46460/ijiea.617181

AMA

1.Efe A, Aslan U, Kara AM. Securing Vulnerabilities in Docker Images. ijiea, IJIEA. 2020;4(1):31-39. doi:10.46460/ijiea.617181

Chicago

Efe, Ahmet, Ulaş Aslan, ve Aytekin Mutlu Kara. 2020. “Securing Vulnerabilities in Docker Images”. International Journal of Innovative Engineering Applications 4 (1): 31-39. https://doi.org/10.46460/ijiea.617181.

EndNote

Efe A, Aslan U, Kara AM (01 Haziran 2020) Securing Vulnerabilities in Docker Images. International Journal of Innovative Engineering Applications 4 1 31–39.

IEEE

[1]A. Efe, U. Aslan, ve A. M. Kara, “Securing Vulnerabilities in Docker Images”, ijiea, IJIEA, c. 4, sy 1, ss. 31–39, Haz. 2020, doi: 10.46460/ijiea.617181.

ISNAD

Efe, Ahmet - Aslan, Ulaş - Kara, Aytekin Mutlu. “Securing Vulnerabilities in Docker Images”. International Journal of Innovative Engineering Applications 4/1 (01 Haziran 2020): 31-39. https://doi.org/10.46460/ijiea.617181.

JAMA

1.Efe A, Aslan U, Kara AM. Securing Vulnerabilities in Docker Images. ijiea, IJIEA. 2020;4:31–39.

MLA

Efe, Ahmet, vd. “Securing Vulnerabilities in Docker Images”. International Journal of Innovative Engineering Applications, c. 4, sy 1, Haziran 2020, ss. 31-39, doi:10.46460/ijiea.617181.

Vancouver

1.Ahmet Efe, Ulaş Aslan, Aytekin Mutlu Kara. Securing Vulnerabilities in Docker Images. ijiea, IJIEA. 01 Haziran 2020;4(1):31-9. doi:10.46460/ijiea.617181

Securing Vulnerabilities in Docker Images

Öz

Securing Vulnerabilities in Docker Images

Öz

Anahtar Kelimeler

Kaynakça

Ayrıntılar

Birincil Dil

Konular

Bölüm

Yazarlar

Yayımlanma Tarihi

Gönderilme Tarihi

Kabul Tarihi

Yayımlandığı Sayı

DOI

IZ

Kaynak Göster

Cited By

An Empirical Investigation of Docker Sockets for Privilege Escalation and Defensive Strategies

DOCKER CONTAINER IMAGE SCANNING METHODS

DOCKER CONTAINER IMAGE SCANNING METHODS