Docker ecosystem – Vulnerability Analysis

• Published in: Computer communications Vol. 122; pp. 30 - 43
• Main Authors: Martin, A., Raponi, S., Combe, T., Di Pietro, R.
• Format: Journal Article
• Language: English
• Published: Elsevier B.V 01.06.2018
• Subjects: Containers; DevOps; Docker; Orchestration; Security; Virtual Machines; Orchestration; Containers; DevOps; Docker; Virtual Machines; Security
• ISSN: 0140-3664; 1873-703X
• DOI: 10.1016/j.comcom.2018.03.011

Cloud based infrastructures have typically leveraged virtualization. However, the need for always shorter development cycles, continuous delivery and cost savings in infrastructures, led to the rise of containers. Indeed, containers provide faster deployment than virtual machines and near-native performance. In this paper, we study the security implications of the use of containers in typical use-cases, through a vulnerability-oriented analysis of the Docker ecosystem. Indeed, among all container solutions, Docker is currently leading the market. More than a container solution, it is a complete packaging and software delivery tool. In this paper we provide several contributions: we first provide a thorough survey on related work in the area, organizing them in security-driven categories, and later we perform an analysis of the containers security ecosystem. In particular, using a top-down approach, we identify in the different components of the Docker environment several vulnerabilities—present by design or introduced by some original use-cases. Moreover, we detail real world scenarios where these vulnerabilities could be exploited, propose possible fixes, and, finally discuss the adoption of Docker by PaaS providers.