Abstract
Containerization has recently become a de facto standard of virtualization technology in modern cloud environments. Its popularity has led to the development of various container engines and remote registry services. Docker Hub, the largest container registry, distributes numerous official and community container images. It provides agile ways to develop services using containers but at the same time poses new security threats by sharing vulnerable images. In this paper, we investigate the current state of vulnerabilities in container images shared on Docker Hub. We design an automated security assessment framework that discovers and examines container images on Docker Hub. We obtain the following insights by analyzing all the official images and the 10,000 most downloaded community images through our framework. (1) Both the official and community images have an average of 117 or more vulnerabilities. (2) Vulnerabilities in images are patched on average three days after the vulnerabilities are disclosed. (3) Propagation of vulnerability between images is prevalent, but countermeasures against the propagation are costly. We believe that this paper will be utilized as a good foundation in future work on container security.
| Original language | English |
|---|---|
| Pages (from-to) | 1231-1243 |
| Number of pages | 13 |
| Journal | Journal of Korean Institute of Communications and Information Sciences |
| Volume | 47 |
| Issue number | 8 |
| DOIs | |
| State | Published - 1 Aug 2022 |
Keywords
- Cloud computing
- Cloud security
- Container security
- Security and privacy
- Virtualization