Docker镜像安全的实现方法

2021 International Conference on Information Security and Cryptology (ISCTURKEY) Pub Date : 2021-12-02 DOI:10.1109/ISCTURKEY53027.2021.9654383

Özkan Şengül, Hasan Özkılıçaslan, Emrecan Arda, U. Yavanoglu, I. Dogru, A. Selçuk

{"title":"Docker镜像安全的实现方法","authors":"Özkan Şengül, Hasan Özkılıçaslan, Emrecan Arda, U. Yavanoglu, I. Dogru, A. Selçuk","doi":"10.1109/ISCTURKEY53027.2021.9654383","DOIUrl":null,"url":null,"abstract":"Containers that can be easily created, transported and scaled with the use of container-based virtualization technologies work better than classical virtualization technologies and provide efficient resource usage. The Docker platform is one of the most widely used solutions among container-based virtualization technologies. The OS-level virtualization of the Docker platform and the container’s use of the host operating system kernel may cause security problems. In this study, a method including static and dynamic analysis has been proposed to ensure Docker image and container security. In the static analysis phase of the method, the packages of the images are scanned for vulnerabilities and malware. In the dynamic analysis phase, Docker containers are run for a certain period of time, after the open port scanning, network traffic is analyzed with the Snort3. Seven Docker images are analyzed and the results are shared.","PeriodicalId":383915,"journal":{"name":"2021 International Conference on Information Security and Cryptology (ISCTURKEY)","volume":"33 8","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Implementing a Method for Docker Image Security\",\"authors\":\"Özkan Şengül, Hasan Özkılıçaslan, Emrecan Arda, U. Yavanoglu, I. Dogru, A. Selçuk\",\"doi\":\"10.1109/ISCTURKEY53027.2021.9654383\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Containers that can be easily created, transported and scaled with the use of container-based virtualization technologies work better than classical virtualization technologies and provide efficient resource usage. The Docker platform is one of the most widely used solutions among container-based virtualization technologies. The OS-level virtualization of the Docker platform and the container’s use of the host operating system kernel may cause security problems. In this study, a method including static and dynamic analysis has been proposed to ensure Docker image and container security. In the static analysis phase of the method, the packages of the images are scanned for vulnerabilities and malware. In the dynamic analysis phase, Docker containers are run for a certain period of time, after the open port scanning, network traffic is analyzed with the Snort3. Seven Docker images are analyzed and the results are shared.\",\"PeriodicalId\":383915,\"journal\":{\"name\":\"2021 International Conference on Information Security and Cryptology (ISCTURKEY)\",\"volume\":\"33 8\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Information Security and Cryptology (ISCTURKEY)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISCTURKEY53027.2021.9654383\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Information Security and Cryptology (ISCTURKEY)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCTURKEY53027.2021.9654383","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

使用基于容器的虚拟化技术，可以轻松地创建、传输和扩展容器，比传统的虚拟化技术工作得更好，并提供有效的资源使用。Docker平台是基于容器的虚拟化技术中使用最广泛的解决方案之一。Docker平台的操作系统级虚拟化和容器使用主机操作系统内核可能会产生安全问题。本研究提出了一种静态分析和动态分析相结合的方法来保证Docker镜像和容器的安全。在该方法的静态分析阶段，扫描图像包中的漏洞和恶意软件。在动态分析阶段，Docker容器运行一定时间，在开放端口扫描后，使用Snort3分析网络流量。分析了七个Docker映像，并分享了结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Implementing a Method for Docker Image Security

Containers that can be easily created, transported and scaled with the use of container-based virtualization technologies work better than classical virtualization technologies and provide efficient resource usage. The Docker platform is one of the most widely used solutions among container-based virtualization technologies. The OS-level virtualization of the Docker platform and the container’s use of the host operating system kernel may cause security problems. In this study, a method including static and dynamic analysis has been proposed to ensure Docker image and container security. In the static analysis phase of the method, the packages of the images are scanned for vulnerabilities and malware. In the dynamic analysis phase, Docker containers are run for a certain period of time, after the open port scanning, network traffic is analyzed with the Snort3. Seven Docker images are analyzed and the results are shared.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 International Conference on Information Security and Cryptology (ISCTURKEY)

自引率

0.00%

发文量