Understanding the Security Risks of Docker Hub

Liu, Peiyu; Ji, Shouling; Fu, Lirong; Lu, Kangjie; Zhang, Xuhong; Lee, Wei Han; Lu, Tao; Chen, Wenzhi; Beyah, Raheem

doi:10.1007/978-3-030-58951-6_13

Cited by 26 publications

(15 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Wist et al downloaded and scanned over 2500 images from Docker Hub using the Anchore framework [19]. Liu et al extracted any executed programs (e.g., JAR, Shell script) in the container images and scanned them using Virus totals [20]. Their proposal helps detect malicious container images.…”

Section: Related Workmentioning

confidence: 99%

DAVS: Dockerfile Analysis for Container Image Vulnerability Scanning

Doan¹,

Jung²

2022

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

Container technology plays an essential role in many Information and Communications Technology (ICT) systems. However, containers face a diversity of threats caused by vulnerable packages within container images. Previous vulnerability scanning solutions for container images are inadequate. These solutions entirely depend on the information extracted from package managers. As a result, packages installed directly from the source code compilation, or packages downloaded from the repository, etc., are ignored. We introduce DAVS-A Dockerfile analysis-based vulnerability scanning framework for OCI-based container images to deal with the limitations of existing solutions. DAVS performs static analysis using file extraction based on Dockerfile information to obtain the list of Potentially Vulnerable Files (PVFs). The PVFs are then scanned to figure out the vulnerabilities in the target container image. The experimental shows the outperform of DAVS on detecting Common Vulnerabilities and Exposures (CVE) of 10 known vulnerable images compared to Clair-the most popular container image scanning project. Moreover, DAVS found that 68% of real-world container images are vulnerable from different image registries.

show abstract

Section: Related Workmentioning

confidence: 99%

DAVS: Dockerfile Analysis for Container Image Vulnerability Scanning

Doan¹,

Jung²

2022

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

show abstract

“…Among them, about 6,400 were classified as malicious, of which 44% were related to cryptocurrency mining, 23% were due to flatmap-stream malware, and 20% were a variety of hacking tools. Another study of more than 2 million images from Docker Hub found that it took 181 days on average for a software originator to fix a software vulnerability, but it took an extra 422 days on average for the developer to patch the fix in the image containing the software [101]. Therefore, a software with security vulnerabilities can remain in an image for more than 600 days on average and has a high probability to be downloaded and potentially exploited by the attackers.…”

Section: Identifying Vulnerabilities In Containersmentioning

confidence: 99%

“…A study has shown that the official and community images contain an average of 180 vulnerabilities and 50% of these images have not been updated [143]. It takes an average of 181 days to fix the vulnerability and an additional 422 days on average to update the image [101], and this presents a window for an attacker to exploit the vulnerability. This threat is attributed to vulnerabilities of V2 and V4.…”

Section: Tamperingmentioning

confidence: 99%

“…For example, a user may run a container command with "--privileged" to access certificate on the host to spawn a container [83]. The use of such "sensitive" parameter will allow the container to gain root access to the host and this can be exploited by an attacker [101]. Another example is the use of "--volume" and "-v src:dest" that allows a container to gain access to "src", which is a volume in the host and as a result allows an attacker to upload data in the host to a online repository [101], resulting in threat consequence of TC-1.…”

Section: Information Disclosurementioning

confidence: 99%

“…An attacker can then use the compromised Docker instance as a backdoor to spin the container, which will install the XMRRig cryptocurrency miner for illegal mining [25]. There were also many other critical attacks that had been launched on containers and their subsystems [154], [83], [110], [128], [130], [19], [103], [90], [101], [138], [102], [127], [103], [65], [118]. These and other real-world examples show how security is a critical concern in container systems, beyond the conventional IT systems.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Threat Modeling and Security Analysis of Containers: A Survey

Wong¹,

Chekole²,

Ochoa³

et al. 2021

Preprint

View full text Add to dashboard Cite

Traditionally, applications that are used in large and small enterprises were deployed on "bare metal" servers installed with operating systems. Recently, the use of multiple virtual machines (VMs) on the same physical server was adopted due to cost reduction and flexibility. Nowadays, containers have become popular for application deployment due to smaller footprints than the VMs, their ability to start and stop more quickly, and their capability to pack the application binaries and their dependencies/libraries in standalone units for seamless portability. A typical container ecosystem includes a code repository (e.g., GitHub) where the container images are built from the codes and libraries and then pushed to the image registry (e.g., Docker Hub) for subsequent deployment as application containers. However, the pervasive use of containers also leads to a wide-range of security breaches such as attackers stealing credentials, source codes and sensitive data from image registry and code repository, carrying out DoS attacks on application containers, and gaining root access to misuse the underlying host resources, among others. In this paper, we first perform threat modeling on the containers ecosystem using the popular threat modeling framework, called STRIDE. Using STRIDE, we identify the vulnerabilities in each system component, and investigate potential security threats and their consequences. Then, we conduct a comprehensive survey on the existing countermeasures designed against the identified threats and vulnerabilities in containers. In particular, we assess the strengths and weaknesses of the existing mitigation strategies designed against such threats. We believe that this work will help researchers and practitioners to gain a deeper understanding of the threat landscape in containers and the state-of-the-art countermeasures. We also discuss open research problems, the research gaps and future research directions in containers security, which may ignite further research to be done in this area.

show abstract

Anomaly Detection Through Container Testing: A Survey of Company Practices

Timonen,

Sroor,

Mohanani

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Background: Containers are a commonly used solution for deploying software applications. Therefore, container functionality and security is a concern of practitioners and researchers. Testing is essential to ensure the quality of the container environment component and the software product and plays a crucial role in using containers. Objective: In light of the increasing role of software containers and the lack of research on testing them, we study container testing practices. In this paper, we investigate the current approaches for testing containers. Moreover, we aim to identify areas for improvement and emphasize the importance of testing in securing the container environment and the final software product. Method: We conducted a survey to collect primary data from companies implementing container testing practices and the commonly used tools in container testing. There were 14 respondents from a total of 10 different companies with experience using containers and varying work responsibilities. Findings: The survey findings illustrate the significance of testing, the growing interest in and utilization of containers, and the emerging security and vulnerability concerns. The research reveals variations in testing approaches between companies and the lack of consensus on how testing should be carried out, with advancements primarily driven by industry practices rather than academic research. Conclusion: In this study, we show the importance of testing software containers. It lays out the current testing approaches, challenges, and the need for standardized container testing practices. We also provide recommendations on how to develop these practices further.

show abstract

Understanding the Security Risks of Docker Hub

Cited by 26 publications

References 25 publications

DAVS: Dockerfile Analysis for Container Image Vulnerability Scanning

DAVS: Dockerfile Analysis for Container Image Vulnerability Scanning

Threat Modeling and Security Analysis of Containers: A Survey

Anomaly Detection Through Container Testing: A Survey of Company Practices

Contact Info

Product

Resources

About