Securing Vulnerabilities in Docker Images

Docker is an alternative application development and publishing infrastructure tool to various virtualization environments such as Virtual box and the like. The most popular containerization platform is Docker which is the area where Docker images are run. Container is a lightweight contrasting option to full machine virtualization that includes exemplifying an application in a container with its own working condition. These two concepts, virtualization and containerization are competing in the cloud-based environments. When virtualization became the mainstream, VM security concerns was common. IT Security experts are discussing the potential weaknesses of a virtualized environment for a long time. In this paper, focusing on Docker container, its vulnerabilities and possible measurements against security concerns, we have provided information about assessment of risks and vulnerabilities of containerization and the main differences between these two concepts via vulnerability analysis. 

___

  • [1] Wikipadiea Docker. (n.d.). Retrieved from Wikipedia: https://en.wikipedia.org/wiki/Docker_(software)
  • [2] What is Docker? (n.d.). Retrieved from opensource.com: https://opensource.com/resources/what-docker
  • [3] Docker Security Vulnerabilities. (n.d.). Retrieved from Sysdig: https://sysdig.com/blog/7-docker-security-vulnerabilities/
  • [4] Five Security concerns when using docker. (n.d.). Retrieved from Oreilly: https://www.oreilly.com/ideas/five-security-concerns-when-using-docker
  • [5] Rui, S., Xiaohui, G., & William, E. (March 22 - 24, 2017). A Study of Security Vulnerabilities on Docker Hub. CODASPY '17 Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (pp. 269-280). Scottsdale, Arizona, USA: ACM.
  • [6] ISACA, Understanding the Enterprise Advantages of Application Containerization. (n.d.). USA.
  • [7] Docker Website. (n.d.). Retrieved from Docker Website: https://www.docker.com/
  • [8] Twistlock. (n.d.). Retrieved from 5 Best Practices to Container Image Security: https://www.twistlock.com/2017/08/31/container-image-security-best-practices/
  • [9] Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities. (n.d.). Retrieved from banyanops: https://banyanops.com/blog/analyzing-docker-hub/Advantages-of-Application-Containerization.aspx
  • [10] Federacy. (n.d.). Retrieved from Container Scanning Specification: https://www.federacy.org/docker_image_vulnerabilities
  • [11] Docker 1.3.3 Security Advisor. Retrieved from Security focus Website: https://www.securityfocus.com/archive/1/archive/1/534215/100/0/threaded
  • [12] Bug 1167505 - (CVE-2014-6407) CVE-2014-6407 docker: symbolic and hardlink issues leading to privilege escalation. Retrieved from bugzilla.redhat Website: https://bugzilla.redhat.com/show_bug.cgi?id=1167505
  • [13] SUSE-SU-2015:0984-1: moderate: Security update for docker.Retrieved from Suse Website: http://lists.suse.com/pipermail/sle-security-updates/2015-June/001419.html
  • [14] RHSA-2014:0820 - Security Advisory. Retrieved from redhat Website: https://access.redhat.com/errata/RHSA-2014:0820
  • [15] Docker 1.6.1 - Security Advisory [150507]. Retrieved from Seclists Website: http://seclists.org/fulldisclosure/2015/May/28https://www.cvedetails.com/vulnerability-list/vendor_id-13534/product_id- 28125/Docker-Docker.html
  • [16] Ayaz Ö., Aydın G., “Uygulama Sanallaştırmada Yeni Bir Yaklaşım: Docker”, https://ab.org.tr/ab15/bildiri/312.pdf
  • [17] B. I. Ismail et al., "Evaluation of Docker as Edge computing platform," 2015 IEEE Conference on Open Systems (ICOS), Bandar Melaka, 2015, pp. 130-135.doi: 10.1109/ICOS.2015.7377291
  • [18] W. Felter, A. Ferreira, R. Rajamony and J. Rubio, "An updated performance comparison of virtual machines and Linux containers," 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), Philadelphia, PA, 2015, pp. 171-172. doi: 10.1109/ISPASS.2015.7095802
  • [19] Preeth E N, F. J. P. Mulerickal, B. Paul and Y. Sastri, "Evaluation of Docker containers based on hardware utilization," 2015 International Conference on Control Communication & Computing India (ICCC), Trivandrum, 2015, pp. 697-700.doi: 10.1109/ICCC.2015.7432984
  • [20] W. Wei, “Docker Hub Suffers a Data Breach, Asks Users to Reset Password” 2019
  • [21] Morgan, T. P. “Docker Completes Its Platform Wıth Dıy Lınux” 2017
  • [22] Bui, T., “Analysis of Docker Security” Aalto University T-110.5291 Seminar on Network Security, 2014
  • [23] Combe, T., Martin, A., Pietro, R.D. “To Docker or not to Docker: a security perspective” IEEE Cloud Computing, 2016
  • [24] Bacis E., Mutti, S. Capelli, S. Paraboschi, S. “DockerPolicyModules: Mandatory Access Control for Docker containers” IEEE Publishing, 2015
  • [25] Shu, R., Gu X., Enck, W., “A Study of Security Vulnerabilities on Docker Hub” CODASPY '17 Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, 2017
  • [26] Manu, A R, Patel, J. K., Akhtar S., Agrawal, V. K., Murthy K N, “Docker container security via heuristics-based multilateral security-conceptual and pragmatic study”, IEEE Publishing, 2016
  • [27] Manu, A R, Patel, J. K., Akhtar S., Agrawal, V. K., Murthy K N, “A study, analysis and deep dive on cloud PAAS security in terms of Docker container security”, International Conference on Circuit, Power and Computing Technologies (ICCPCT), 2016
  • [28] Chelladhurai, J., Chelliah, P., Kumar, S. A., “Securing Docker Containers from Denial of Service (DoS) Attacks” International Conference on Services Computing (SCC),2016
  • [29] Gao X., Gu, Z. Kayaalp, M., Pendarakis, D., Wang, H., “ContainerLeaks: Emerging Security Threats of Information Leakages in Container Clouds” 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2017
  • [30] Jian, Z., Chen, L.,“A Defense Method against Docker Escape Attack” ICCSP '17 Proceedings of the 2017 International Conference on Cryptography, Security and Privacy, 2016