论文信息 - To Docker or Not to Docker: A Security Perspective

To Docker or Not to Docker: A Security Perspective

The need for ever-shorter development cycles, continuous delivery, and cost savings in cloud-based infrastructures led to the rise of containers, which are more flexible than virtual machines and provide near-native performance. Among all container solutions, Docker, a complete packaging and software delivery tool, currently leads the market. This article gives an overview of the container ecosystem and discusses the Docker environment's security implications through realistic use cases. The authors define an adversary model, point out several vulnerabilities affecting current Docker usage, and discuss further research directions.

[1] Justin Cappos,et al. A look in the mirror: attacks on package managers , 2008, CCS.

[2] Eric W. Biederman,et al. Multiple Instances of the Global Linux Namespaces , 2010 .

[3] Nick Mathewson,et al. Survivable key compromise in software update systems , 2010, CCS '10.

[4] N. Asokan,et al. Security of OS-Level Virtualization Technologies , 2014, NordSec.

[5] Roberto Di Pietro,et al. Virtualization and Cloud Security: Benefits, Caveats, and Future Developments , 2014 .

[6] Thanh Bui,et al. Analysis of Docker Security , 2015, ArXiv.

[7] Carlos Arango,et al. Performance Evaluation of Container-based Virtualization for High Performance Computing Environments , 2017, Revista UIS Ingenierías.