Security Analysis and Threats Detection Techniques on Docker Container

Huang, Delu; Cui, Handong; Wen, Shihao; Huang, Cheng

doi:10.1109/iccc47050.2019.9064441

Cited by 22 publications

(6 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Docker Images: Besides Git, researchers and developers, early on without evidence, assumed leaked secrets in images for virtual machines or Docker and provided countermeasures [2,4,5,8,23,42,80]. Nevertheless, non-academic Web-blog studies [43,66,70,77] still find leaked secrets in images on Docker Hub.…”

Section: Related Workmentioning

confidence: 99%

Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact

Dahlmanns

Sander

Decker

et al. 2023

Proceedings of the ACM Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

Containerization allows bundling applications and their dependencies into a single image. The containerization framework Docker eases the use of this concept and enables sharing images publicly, gaining high momentum. However, it can lead to users creating and sharing images that include private keys or API secrets-either by mistake or out of negligence. This leakage impairs the creator's security and that of everyone using the image. Yet, the extent of this practice and how to counteract it remains unclear.In this paper, we analyze 337,171 images from Docker Hub and 8,076 other private registries unveiling that 8.5 % of images indeed include secrets. Specifically, we find 52,107 private keys and 3,158 leaked API secrets, both opening a large attack surface, i.e., putting authentication and confidentiality of privacy-sensitive data at stake and even allow active attacks. We further document that those leaked keys are used in the wild: While we discovered 1,060 certificates relying on compromised keys being issued by public certificate authorities, based on further active Internet measurements, we find 275,269 TLS and SSH hosts using leaked private keys for authentication. To counteract this issue, we discuss how our methodology can be used to prevent secret leakage and reuse. CCS CONCEPTS• Security and privacy → Network security; Key management.

show abstract

Section: Related Workmentioning

confidence: 99%

Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact

Dahlmanns

Sander

Decker

et al. 2023

Proceedings of the ACM Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…Huang et al [31] noted that security is compromised due to immature auditing procedures of Docker images. To protect the security of host computers and local Docker containers from malicious Docker container attacks, it is necessary to detect potential threats of Docker images and discover risks when running Docker container instances on host computers.…”

Section: Data Protection For Containermentioning

confidence: 99%

Experiments and Evaluation of a Container Migration Data-Auditing System on Edge Computing Environment

et al. 2023

View full text Add to dashboard Cite

With the proliferation of IoT sensors and devices, storing collected data in the cloud has become common. A wide variety of data with different purposes and forms are not directly stored in the cloud but are sent to the cloud via edge servers. At the edge server, applications are running in containers and virtual machines to collect data. However, the current deployment and movement mechanisms for containers and virtual machines do not consider any conventions or regulations for the applications and the data it contains. Therefore, it is easy to deploy and migrate containers and virtual machines. However, the problem arises when it is deployed or migrated, which may violate the licensing terms of the contained applications, the rules of the organization, or the laws and regulations of the concerned country. We have already proposed a data-audit control mechanism for the migration of virtual machines. The proposed mechanism successfully controls the unintentional and malicious migration of virtual machines. We expect similar problems with containers to occur as the number of edge servers increases. Therefore, we propose a policy-based data-audit control system for container migration. The proposed system was verified in the implemented edge computing environment and the results showed that adding the proposed data-audit control mechanism had a minimal impact on migration time and that the system was practical enough. In the future, we intend to conduct verification not in a very compact and short-range environment such as this one but on an existing wide-area network.

show abstract

“…Because of that, they are being widely adopted (Kwon & Lee, 2020). Nevertheless, Docker containers are known to be vulnerable (Wenhao & Zheng, 2020;Huang et al, 2019), as they share operating system kernels, and run on root user by default. This fact allows containers to easily execute privileged operations, as well as easily access hardware resources.…”

Section: Related Workmentioning

confidence: 99%

Cryptojacking Malware Detection in Docker Images Using Supervised Machine Learning

Saide¹,

Sarmento²,

Ali³

2022

ICONIC

View full text Add to dashboard Cite

Nowadays, Docker Containers are currently being adopted as industry standards for software delivery, because they provide quick and responsive delivery and handle performance and scalability challenges. However, attackers are exploiting them to introduce malicious instructions in publicly available images to perform unauthorized use of third-party’s computer resources for Cryptojacking. We developed a machine learning based model to detect Docker images that lead to cryptojacking. The dataset used is composed of 800 Docker images collected from Docker hub, half of which contains instructions for cryptomining, and the other half does not contain such instructions. We trained 10 classification algorithms and evaluated them using the K-Fold Cross Validation approach. The results showed accuracy scores ranging from 89% to 97%. Stochastic Gradient Descent for Logistic Regression outperformed the other algorithms reaching an accuracy score of 97%. With these results, we conclude that machine learning algorithms can detect Docker images carrying cryptojacking malware with a good performance.

show abstract

Security Analysis and Threats Detection Techniques on Docker Container

Cited by 22 publications

References 6 publications

Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact

Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact

Experiments and Evaluation of a Container Migration Data-Auditing System on Edge Computing Environment

Cryptojacking Malware Detection in Docker Images Using Supervised Machine Learning

Contact Info

Product

Resources

About