Multi-Criteria Ranking of Docker Vulnerability Analysis Tools
Abstract
In this study, we evaluated the performance of vulnerability analysis tools for Docker images using the Analytic Hierarchy Process (AHP) as a multi-criteria decision-making methodology. Given the increasing use of Docker containers and the risks associated with vulnerabilities in the images available on Docker Hub, the research aims to compare and rank the main tools designed to identify these weaknesses. We applied the AHP method in two stages: initially, in each study, and later, we used it to the consolidated results of all studies. Our results indicated that the choice of tool should take into account not only overall effectiveness but also contextual factors and the possibility of using multiple tools in parallel for more precise detection. The research also highlights the need for continuous evaluations, especially regarding dynamic analysis approaches and their comparisons with static analysis tools.
Keywords:
AHP Method, Container security, Docker, Vulnerability analysis
References
Ishizaka, A.; Lusti, M. How to derive priorities in AHP: A comparative study. Central European Journal of Operations Research, v. 14, 2006. DOI: 10.1007/s10100-006-0012-9. Disponível em: [link]. Acesso em: 28 mai. 2024.
Shu, R.; Gu, X.; Enck, W. A Study of Security Vulnerabilities on Docker Hub. In. DOI: 10.1145/3029806.3029832. Disponível em: [link]. Acesso em: 25 ago. 2024.
Souppaya, M.; Morello, J.; Scarfone, K. Application Container Security Guide. 2017. DOI: 10.6028/NIST.SP.800-190. Disponível em: [link]. Acesso em: 23 jun. 2024.
Alyas, T. et al. Container Performance and Vulnerability Management for Container Security Using Docker Engine. Security and Communication Networks, v. 2022, 2022. DOI: 10.1155/2022/6819002. Disponível em: [link]. Acesso em: 15 ago. 2024.
Martin, A. et al. Docker ecosystem – Vulnerability Analysis. Computer Communications, v. 122, 2018. DOI: 10.1016/j.comcom.2018.03.011. Disponível em: [link]. Acesso em: 8 ago. 2024.
Liu, P. et al. Understanding the Security Risks of Docker Hub. In: COMPUTER Security – ESORICS 2020: 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, UK, September 14–18, 2020, Proceedings, Part I. Springer-Verlag, 2020. DOI: 10.1007/978-3-030-58951-6_13. Disponível em: [link]. Acesso em: 14 jun. 2024.
Brady, K. et al. Docker Container Security in Cloud Computing. In: 2020 10th Annual Computing and Communication Workshop and Conference (CCWC). 2020. P. 975–980. DOI: 10.1109/CCWC47524.2020.9031195. Disponível em: [link]. Acesso em: 3 ago. 2024.
Tunde-Onadele, O. et al. A Study on Container Vulnerability Exploit Detection. In: 2019 IEEE International Conference on Cloud Engineering (IC2E). 2019. P. 121–127. DOI: 10.1109/IC2E.2019.00026. Disponível em: [link]. Acesso em: 27 jun. 2024.
Pinnamaneni, J.; S, N.; Honnavalli, P. Identifying Vulnerabilities in Docker Image Code using ML Techniques. In: 2022 2nd Asian Conference on Innovation in Technology (ASIANCON). 2022. P. 1–5. DOI: 10.1109/ASIANCON55314.2022.9908676. Disponível em: [link]. Acesso em: 7 ago. 2024.
JAGELID, M. Container Vulnerability Scanners: An Analysis. 2020. MASTER’S THESIS – KTH Royal Institute of Technology, School of Electrical Engineering e Computer Science. Disponível em: [link]. Acesso em: 30 jun. 2024.
Kaur, B. et al. An analysis of security vulnerabilities in container images for scientific data analysis. GigaScience, v. 10, 2021. Disponível em: [link]. Acesso em: 11 jun. 2024.
Javed, O.; Salman, T. An Evaluation of Container Security Vulnerability Detection Tools. In: 2021 5th International Conference on Cloud and Big Data Computing. 2021. Disponível em: [link]. Acesso em: 18 ago. 2024.
Fialho, Y.; Bordim, J. Segurança em imagens Docker: um estudo de ferramentas de análise estática. In: ANAIS do XXVI Workshop de Gerência e Operação de Redes e Serviços. SBC, 2021. P. 138–151. DOI: 10.5753/wgrs.2021.17191. Disponível em: [link].
Andersson, M.; Berg, R. H. Docker Container Images: Concerns about available container image scanning tools and image security. 2022. Disponível em: [link]. Acesso em: 1 ago. 2024.
Zarei, M. Investigating the inner workings of container image vulnerability scanners. 2022. MASTER’S THESIS – Oslo Metropolitan University, Faculty of Technology, Art e Design. Disponível em: [link]. Acesso em: 13 jul. 2024.
Pihlak, A. CONTINUOUS DOCKER IMAGE ANALYSIS AND INTRUSION DETECTION BASED ON OPENSOURCE TOOLS. 2020. MASTER’S THESIS – TALLINN UNIVERSITY OF TECHNOLOGY, School of Information Technology. Disponível em: [link]. Acesso em: 1 jul. 2024.
Malhotra, R.; Bansal, A.; Kessentini, M. Vulnerability Analysis of Docker Hub Official Images and Verified Images. In: 2023 IEEE International Conference on Service-Oriented System Engineering (SOSE). 2023. DOI: 10.1109/SOSE58276.2023.00025. Disponível em: [link]. Acesso em: 1 ago. 2024.
Bhardwaj, P. Detecting Container vulnerabilities leveraging the CICD pipeline. 2023. Diss. (Mestrado) – National College of Ireland, School of Computing. Disponível em: [link]. Acesso em: 20 jun. 2024.
Triantaphyllou, E. Multi-Criteria Decision Making Methods: A Comparative Study. Springer, 2000. v. 44. ISBN 978-1-4419-4838-0. DOI: 10.1007/978-1-4757-3157-6.
Bernasconi, M.; Choirat, C.; Seri, R. The Analytic Hierarchy Process and the Theory of Measurement. University of Venice "Ca’ Foscari", Department of Economics, Working Papers, v. 56, 2009. DOI: 10.2307/27784145. Disponível em: [link]. Acesso em: 19 ago. 2024.
Badri, M. Combining the analytic hierarchy process and goal programming for global facility locational-location problem. International Journal of Production Economics, v. 62, 1999. DOI: 10.1016/S0925-5273(98)00249-7. Disponível em: [link]. Acesso em: 8 jul. 2024.
Vargas, L. G. An overview of the analytic hierarchy process and its applications. European Journal of Operational Research, v. 48, 1990. DOI: 10.1016/0377-2217(90)90056-H. Disponível em: [link]. Acesso em: 10 jul. 2024.
Anchore. Anchore Engine. Anchore, Inc, 2023. Disponível em: [link]. Acesso em: 6 jun. 2024.
Shu, R.; Gu, X.; Enck, W. A Study of Security Vulnerabilities on Docker Hub. In. DOI: 10.1145/3029806.3029832. Disponível em: [link]. Acesso em: 25 ago. 2024.
Souppaya, M.; Morello, J.; Scarfone, K. Application Container Security Guide. 2017. DOI: 10.6028/NIST.SP.800-190. Disponível em: [link]. Acesso em: 23 jun. 2024.
Alyas, T. et al. Container Performance and Vulnerability Management for Container Security Using Docker Engine. Security and Communication Networks, v. 2022, 2022. DOI: 10.1155/2022/6819002. Disponível em: [link]. Acesso em: 15 ago. 2024.
Martin, A. et al. Docker ecosystem – Vulnerability Analysis. Computer Communications, v. 122, 2018. DOI: 10.1016/j.comcom.2018.03.011. Disponível em: [link]. Acesso em: 8 ago. 2024.
Liu, P. et al. Understanding the Security Risks of Docker Hub. In: COMPUTER Security – ESORICS 2020: 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, UK, September 14–18, 2020, Proceedings, Part I. Springer-Verlag, 2020. DOI: 10.1007/978-3-030-58951-6_13. Disponível em: [link]. Acesso em: 14 jun. 2024.
Brady, K. et al. Docker Container Security in Cloud Computing. In: 2020 10th Annual Computing and Communication Workshop and Conference (CCWC). 2020. P. 975–980. DOI: 10.1109/CCWC47524.2020.9031195. Disponível em: [link]. Acesso em: 3 ago. 2024.
Tunde-Onadele, O. et al. A Study on Container Vulnerability Exploit Detection. In: 2019 IEEE International Conference on Cloud Engineering (IC2E). 2019. P. 121–127. DOI: 10.1109/IC2E.2019.00026. Disponível em: [link]. Acesso em: 27 jun. 2024.
Pinnamaneni, J.; S, N.; Honnavalli, P. Identifying Vulnerabilities in Docker Image Code using ML Techniques. In: 2022 2nd Asian Conference on Innovation in Technology (ASIANCON). 2022. P. 1–5. DOI: 10.1109/ASIANCON55314.2022.9908676. Disponível em: [link]. Acesso em: 7 ago. 2024.
JAGELID, M. Container Vulnerability Scanners: An Analysis. 2020. MASTER’S THESIS – KTH Royal Institute of Technology, School of Electrical Engineering e Computer Science. Disponível em: [link]. Acesso em: 30 jun. 2024.
Kaur, B. et al. An analysis of security vulnerabilities in container images for scientific data analysis. GigaScience, v. 10, 2021. Disponível em: [link]. Acesso em: 11 jun. 2024.
Javed, O.; Salman, T. An Evaluation of Container Security Vulnerability Detection Tools. In: 2021 5th International Conference on Cloud and Big Data Computing. 2021. Disponível em: [link]. Acesso em: 18 ago. 2024.
Fialho, Y.; Bordim, J. Segurança em imagens Docker: um estudo de ferramentas de análise estática. In: ANAIS do XXVI Workshop de Gerência e Operação de Redes e Serviços. SBC, 2021. P. 138–151. DOI: 10.5753/wgrs.2021.17191. Disponível em: [link].
Andersson, M.; Berg, R. H. Docker Container Images: Concerns about available container image scanning tools and image security. 2022. Disponível em: [link]. Acesso em: 1 ago. 2024.
Zarei, M. Investigating the inner workings of container image vulnerability scanners. 2022. MASTER’S THESIS – Oslo Metropolitan University, Faculty of Technology, Art e Design. Disponível em: [link]. Acesso em: 13 jul. 2024.
Pihlak, A. CONTINUOUS DOCKER IMAGE ANALYSIS AND INTRUSION DETECTION BASED ON OPENSOURCE TOOLS. 2020. MASTER’S THESIS – TALLINN UNIVERSITY OF TECHNOLOGY, School of Information Technology. Disponível em: [link]. Acesso em: 1 jul. 2024.
Malhotra, R.; Bansal, A.; Kessentini, M. Vulnerability Analysis of Docker Hub Official Images and Verified Images. In: 2023 IEEE International Conference on Service-Oriented System Engineering (SOSE). 2023. DOI: 10.1109/SOSE58276.2023.00025. Disponível em: [link]. Acesso em: 1 ago. 2024.
Bhardwaj, P. Detecting Container vulnerabilities leveraging the CICD pipeline. 2023. Diss. (Mestrado) – National College of Ireland, School of Computing. Disponível em: [link]. Acesso em: 20 jun. 2024.
Triantaphyllou, E. Multi-Criteria Decision Making Methods: A Comparative Study. Springer, 2000. v. 44. ISBN 978-1-4419-4838-0. DOI: 10.1007/978-1-4757-3157-6.
Bernasconi, M.; Choirat, C.; Seri, R. The Analytic Hierarchy Process and the Theory of Measurement. University of Venice "Ca’ Foscari", Department of Economics, Working Papers, v. 56, 2009. DOI: 10.2307/27784145. Disponível em: [link]. Acesso em: 19 ago. 2024.
Badri, M. Combining the analytic hierarchy process and goal programming for global facility locational-location problem. International Journal of Production Economics, v. 62, 1999. DOI: 10.1016/S0925-5273(98)00249-7. Disponível em: [link]. Acesso em: 8 jul. 2024.
Vargas, L. G. An overview of the analytic hierarchy process and its applications. European Journal of Operational Research, v. 48, 1990. DOI: 10.1016/0377-2217(90)90056-H. Disponível em: [link]. Acesso em: 10 jul. 2024.
Anchore. Anchore Engine. Anchore, Inc, 2023. Disponível em: [link]. Acesso em: 6 jun. 2024.
Published
2024-11-27
How to Cite
IDDAR, Ali; TURCHETTI, Rogério C..
Multi-Criteria Ranking of Docker Vulnerability Analysis Tools. In: REGIONAL SCHOOL OF COMPUTER NETWORKS (ERRC), 21. , 2024, Rio Grande/RS.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 71-77.
DOI: https://doi.org/10.5753/errc.2024.4674.
