Docker ecosystem – Vulnerability Analysis

A. Martin*, S. Raponi, T. Combe, R. Di Pietro

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

124 Scopus citations

Abstract

Cloud based infrastructures have typically leveraged virtualization. However, the need for always shorter development cycles, continuous delivery and cost savings in infrastructures, led to the rise of containers. Indeed, containers provide faster deployment than virtual machines and near-native performance. In this paper, we study the security implications of the use of containers in typical use-cases, through a vulnerability-oriented analysis of the Docker ecosystem. Indeed, among all container solutions, Docker is currently leading the market. More than a container solution, it is a complete packaging and software delivery tool. In this paper we provide several contributions: we first provide a thorough survey on related work in the area, organizing them in security-driven categories, and later we perform an analysis of the containers security ecosystem. In particular, using a top-down approach, we identify in the different components of the Docker environment several vulnerabilities—present by design or introduced by some original use-cases. Moreover, we detail real world scenarios where these vulnerabilities could be exploited, propose possible fixes, and, finally discuss the adoption of Docker by PaaS providers.

Original languageEnglish (US)
Pages (from-to)30-43
Number of pages14
JournalComputer Communications
Volume122
DOIs
StatePublished - Jun 2018

Keywords

  • Containers
  • DevOps
  • Docker
  • Orchestration
  • Security
  • Virtual Machines

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Docker ecosystem – Vulnerability Analysis'. Together they form a unique fingerprint.

Cite this