Security analysis of container images using cloud analytics framework

Byungchul Tak, Hyekyung Kim, Sahil Suneja, Canturk Isci, Prabhakar Kudva

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

11 Scopus citations

Abstract

Container technology has become an integral part of today’s major IT services. Although it offers several benefits, it also introduces new challenges for operating and maintaining secure container environments. One such challenge is to retain the ability to detect and address the containers’ vulnerabilities and compliance violations. However, designing an effective solution to enable this capability must be based on the accurate understanding of characteristics observed from actual container images and instances. To contribute toward this objective, we have built a general data processing framework, applying the principles of the state-of-the-art. It is a system that decouples the data collection process from the analysis so as to allow user to focus more on building new analysis logics rather than on the tools for monitoring agents. We applied it to the analysis of container images from the Docker Hub image repository, to learn about their security posture. In this work we present various interesting findings and new insights from analyzing the public image corpus. We have learned that more than 92% of the images contain compliance violations and/or vulnerable packages.

Original languageEnglish
Title of host publicationWeb Services – ICWS 2018 - 25th International Conference, Held as Part of the Services Conference Federation, SCF 2018, Proceedings
EditorsHai Jin, Liang-Jie Zhang, Qingyang Wang
PublisherSpringer Verlag
Pages116-133
Number of pages18
ISBN (Print)9783319942889
DOIs
StatePublished - 2018
Event25th International Conference on Web Services, ICWS 2018 Held as Part of the Services Conference Federation, SCF 2018 - Seattle, United States
Duration: 25 Jun 201830 Jun 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10966 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference25th International Conference on Web Services, ICWS 2018 Held as Part of the Services Conference Federation, SCF 2018
Country/TerritoryUnited States
CitySeattle
Period25/06/1830/06/18

Fingerprint

Dive into the research topics of 'Security analysis of container images using cloud analytics framework'. Together they form a unique fingerprint.

Cite this