TY - GEN
T1 - Security analysis of container images using cloud analytics framework
AU - Tak, Byungchul
AU - Kim, Hyekyung
AU - Suneja, Sahil
AU - Isci, Canturk
AU - Kudva, Prabhakar
N1 - Publisher Copyright:
© Springer International Publishing AG, part of Springer Nature 2018.
PY - 2018
Y1 - 2018
N2 - Container technology has become an integral part of today’s major IT services. Although it offers several benefits, it also introduces new challenges for operating and maintaining secure container environments. One such challenge is to retain the ability to detect and address the containers’ vulnerabilities and compliance violations. However, designing an effective solution to enable this capability must be based on the accurate understanding of characteristics observed from actual container images and instances. To contribute toward this objective, we have built a general data processing framework, applying the principles of the state-of-the-art. It is a system that decouples the data collection process from the analysis so as to allow user to focus more on building new analysis logics rather than on the tools for monitoring agents. We applied it to the analysis of container images from the Docker Hub image repository, to learn about their security posture. In this work we present various interesting findings and new insights from analyzing the public image corpus. We have learned that more than 92% of the images contain compliance violations and/or vulnerable packages.
AB - Container technology has become an integral part of today’s major IT services. Although it offers several benefits, it also introduces new challenges for operating and maintaining secure container environments. One such challenge is to retain the ability to detect and address the containers’ vulnerabilities and compliance violations. However, designing an effective solution to enable this capability must be based on the accurate understanding of characteristics observed from actual container images and instances. To contribute toward this objective, we have built a general data processing framework, applying the principles of the state-of-the-art. It is a system that decouples the data collection process from the analysis so as to allow user to focus more on building new analysis logics rather than on the tools for monitoring agents. We applied it to the analysis of container images from the Docker Hub image repository, to learn about their security posture. In this work we present various interesting findings and new insights from analyzing the public image corpus. We have learned that more than 92% of the images contain compliance violations and/or vulnerable packages.
UR - http://www.scopus.com/inward/record.url?scp=85049366093&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-94289-6_8
DO - 10.1007/978-3-319-94289-6_8
M3 - Conference contribution
AN - SCOPUS:85049366093
SN - 9783319942889
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 116
EP - 133
BT - Web Services – ICWS 2018 - 25th International Conference, Held as Part of the Services Conference Federation, SCF 2018, Proceedings
A2 - Jin, Hai
A2 - Zhang, Liang-Jie
A2 - Wang, Qingyang
PB - Springer Verlag
T2 - 25th International Conference on Web Services, ICWS 2018 Held as Part of the Services Conference Federation, SCF 2018
Y2 - 25 June 2018 through 30 June 2018
ER -