Reflections on Trusting Docker: Invisible Malware in Continuous Integration Systems

2023 IEEE Security and Privacy Workshops (SPW) Pub Date : 2023-05-01 DOI:10.1109/SPW59333.2023.00025

Florent Moriconi, Axel Neergaard, Lucas Georget, Samuel Aubertin, Aurélien Francillon

{"title":"Reflections on Trusting Docker: Invisible Malware in Continuous Integration Systems","authors":"Florent Moriconi, Axel Neergaard, Lucas Georget, Samuel Aubertin, Aurélien Francillon","doi":"10.1109/SPW59333.2023.00025","DOIUrl":null,"url":null,"abstract":"Continuous integration (CI) is a widely adopted methodology for supporting software development. It provides automated generation of artifacts (e.g., binaries, container images) which are then deployed in production. However, to which extent should you trust the generated artifacts even if the source code is clean of malicious code? Revisiting the famous compiler backdoor from Ken Thompson, we show that a container-based CI system can be compromised without leaving any trace in the source code. Therefore, detecting such malware is challenging or even impossible with common practices such as peer review or static code analysis. We detail multiple ways to do the initial infection process. Then, we show how to persist during CI system updates, allowing long-term compromise. We detail possible malicious attack payloads such as sensitive data extraction or backdooring production software. We show that infected CI systems can be remotely controlled using covert channels to update attack payload or adapt malware to mitigation strategies. Finally, we propose a proof of concept implementation tested on GitLab CI and applicable to major CI providers.","PeriodicalId":308378,"journal":{"name":"2023 IEEE Security and Privacy Workshops (SPW)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE Security and Privacy Workshops (SPW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SPW59333.2023.00025","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Continuous integration (CI) is a widely adopted methodology for supporting software development. It provides automated generation of artifacts (e.g., binaries, container images) which are then deployed in production. However, to which extent should you trust the generated artifacts even if the source code is clean of malicious code? Revisiting the famous compiler backdoor from Ken Thompson, we show that a container-based CI system can be compromised without leaving any trace in the source code. Therefore, detecting such malware is challenging or even impossible with common practices such as peer review or static code analysis. We detail multiple ways to do the initial infection process. Then, we show how to persist during CI system updates, allowing long-term compromise. We detail possible malicious attack payloads such as sensitive data extraction or backdooring production software. We show that infected CI systems can be remotely controlled using covert channels to update attack payload or adapt malware to mitigation strategies. Finally, we propose a proof of concept implementation tested on GitLab CI and applicable to major CI providers.

查看原文本刊更多论文

关于信任Docker的思考:持续集成系统中不可见的恶意软件

持续集成(CI)是一种被广泛采用的支持软件开发的方法。它提供了工件(例如，二进制文件、容器映像)的自动生成，然后将其部署到生产环境中。然而，即使源代码没有恶意代码，您应该在多大程度上信任生成的工件?回顾Ken Thompson著名的编译器后门，我们展示了基于容器的CI系统可以在源代码中不留下任何痕迹的情况下被破坏。因此，检测这样的恶意软件是具有挑战性的，甚至不可能与同行评审或静态代码分析等常见做法。我们详细介绍了进行初始感染过程的多种方法。然后，我们将展示如何在CI系统更新期间持久化，从而允许长期折衷。我们详细介绍了可能的恶意攻击有效载荷，如敏感数据提取或后门生产软件。我们表明，受感染的CI系统可以使用隐蔽通道进行远程控制，以更新攻击有效载荷或使恶意软件适应缓解策略。最后，我们提出了一个在GitLab CI上测试的概念验证实现，适用于主要的CI提供商。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 IEEE Security and Privacy Workshops (SPW)

自引率

0.00%

发文量