Segurança de contêineres: taxonomia baseada na arquitetura

Nikolas Jensen; Charles C. Miers

doi:10.5753/errc.2020.15201

Nikolas Jensen UDESC
Charles C. Miers UDESC

DOI: https://doi.org/10.5753/errc.2020.15201

Resumo

Os contêineres visam uma melhor eficiência no uso dos recursos computacionais ao mesmo tempo que fornecem um ambiente virtualizado para aplicações, mas crescem as preocupações sobre a segurança destes. Contudo, devido ao desfalque na segurança de sua utilização, as empresas e usuários se mantêm receosos ao implementá-lo nas suas aplicações. Este trabalho é propõe uma taxonomia mapeando problemas de segurança conhecidos dos contêineres. Este trabalho é propõe uma taxonomia mapeando problemas de segurança conhecidos dos contêineres. Esta taxonomia aborda os pontos principais desta tecnologia, sem foco num tipo de contêiner específico e também classificando os problemas em suas determinadas categorias.

Referências

Casalicchio, E. and Iannucci, S. (2018). The state-of-the-art in container technologies.

Chakin, P. (2017). Multi-container pods and container communication in kubernetes. https://www.mirantis.com/blog/multi-container-pods-and-container-communication-in-kubernetes/.

Chen, J. (2019). Making containers more isolated: An overview of sandboxed container technologies. https://unit42.paloaltonetworks.com/making-containers-more-isolated-an-overview-of-sandboxed-container-technologies/.

Chitwadgi, A. and Rajewar, R. (2020). Attackers cryptojacking docker images to mine for monero. https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/.

ENISA (2017). Security aspects of virtualization. Technical report.

Evans, J. (2016). What even is a container: namespaces and cgroups. https://jvns.ca/blog/2016/10/10/what-even-is-a-container/.

Godoy, R. (2018). Why non-root containers are important for security. https://engineering.bitnami.com/articles/why-non-root-containers-are-important-for-security.html.

Graber, S. (2014). Lxc 1.0: Security features [6/10]. https://stgraber.org/2014/01/01/lxc-1-0-security-features/.

Gummaraju, J., Desikan, T., and Turner, Y. (2015). Over 30% of official images in docker hub contain high priority security vulnerabilities. https://blog.banyansecurity.io/blog/ over-30-of-official-images-in-docker-hub-contain-high-priority-security-vulnerabilities.

Hayden, M. (2015). Securing linux containers. SANS Institute, page 25.

Hertz, J. (2016). Abusing privileged and unprivileged linux containers.

Lin, X., Lei, L., Wang, Y., Jing, J., Sun, K., and Zhou, Q. (2018). A measurement study on linux container security: Attacks and countermeasures. In Proceedings of ACSAC ’18, ACSAC ’18, page 418–429. ACM.

Linchpiner, P. (2020). Multi-container pods in kubernetes. https://linchpiner.github.io/k8s-multi-container-pods.html.

Panizzon, G., Battisti, J. H. F., Koslovski, G. P., Pillon, M. A., and Miers, C. C. (2019). A Taxonomy of container security on computational clouds: concerns and solutions. Revista de Informática Teórica e Aplicada, 26(1):47–59.

Shu, R., Gu, X., and Enck, W. (2017). A study of security vulnerabilities on docker hub. CODASPY ’17, page 269–280, New York, NY, USA. Association for Computing Machinery.

Souppaya, M., Morello, J., and Scarfone, K. (2017). Application container security guide. NIST Special Publication, 800:190.

Sultan, S., Ahmad, I., and Dimitriou, T. (2019). Container security: Issues, challenges, and the road ahead. IEEE Access, 7:52976–52996.

Tomar, A., Jeena, D., Mishra, P., and Bisht, R. (2020). Docker security: A threat model, attack taxonomy and real-time attack scenario of dos. IEEE Access, pages 150–155.

Zand, M. (2019). Review of pod-to-pod communications in kubernetes. https://superuser.openstack.org/articles/review-of-pod-to-pod-communications-in-kubernetes/.