Uma análise de segurança no uso de contêineres Docker em máquinas virtuais

  • Kerolayne Oliveira UDESC
  • Charles Miers UDESC

Resumo


A procura por novas formas de economizar com data centers proporcionou a entrada de novas tecnologias no mercado e entre estas estão os contêineres. Porém, vulnerabilidades nos mecanismos do núcleo são um risco para os dados e o funcionamento do serviço de todas as entidades que compartilham o mesmo hardware. Portanto, torna-se relevante identificar e classificar ameaças, riscos e possíveis vulnerabilidades para a segurança do ambiente baseado em contêineres. O objetico deste artigo é identificar e definir os problemas de segurança em contêineres Docker Community 18.09.6, indicando meios de mitigação.

Palavras-chave: Computação na nuvem, Segurança em redes

Referências

Bernstein, D. (2014). Containers and cloud: From lxc to docker to kubernetes. IEEE Cloud Computing, 1(3):81–84.

Bui, T. (2015). Analysis of docker security. CoRR, abs/1501.02967.

CIMCOR (2017). Docker security and containerization. Technical report, CIMCOR.

CSA (2017). Security guidance for critical areas of focus in cloud computing v4.0. Technical report, Cloud Security Alliance.

Docker (2016). Modern app architecture for the enterprise. https://www.docker. com/sites/default/files/caaSwhitepaper_V6_0.pdf.

Docker (2018a). Apparmor security profiles for docker. https://docs.docker.com/ engine/security/apparmor/.

Docker (2018b). Docker inspect. https://docs.docker.com/engine/reference/ commandline/inspect/.

Docker (2018c). Limit a container’s resources. https://docs.docker.com/engine/ admin/resource_constraints/.

Docker (2019a). Docker security. https://docs.docker.com/engine/security/ security/.

Docker (2019b). Seccomp security profile. https://docs.docker.com/engine/ security/seccomp/.

Eder, M. (2016). Hypervisor- vs. container-based virtualization. Network Architectures and Services, pages 11–17.

Gao, X., Gu, Z., Kayaalp, M., Pendarakis, D., and Wang, H. (2017). Containerleaks: Emerging security threats of information leakages in container clouds. In 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pages 237–248.

MAN7.0RG (2017). Capabilities. http://man7.org/linux/man-pages/man7/ capabilities.7.html.

Miers, C., Panizzon, G., Oliveira, K., Pillon, M. A., Koslovski, G., and Mimura, N. (2019). Uma análise de segurança no uso de contêineres Docker em nuvens IaaS OpenStack. In Computer on the Beach 2019.

Nath Nayak, G. and Ghosh Samaddar, S. (2010). Different flavours of man-in-the-middle attack, consequences and feasible solutions. In 2010 3rd International Conference on Computer Science and Information Technology, volume 5, pages 491–495.

NCC GROUP (2016). Understanding and hardening linux containers. technical report, NCC Group.

Panizzon, G., Battisti, J. H. F., Koslovski, G. P., Pillon, M. A., and Miers, C. C. (2019). A Taxonomy of container security on computational clouds: concerns and solutions. Revista de Informática Teórica e Aplicada, 26(1):47–59.

Schanzju, C. (2017). Docker engine does not support the parameter security-opt seccomp. https://github.com/docker/for-mac/issues/1946.

Shu, R., Gu, X., and Enck, W. (2017). A study of security vulnerabilities on docker hub. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, CODASPY ’17, pages 269–280, New York, NY, USA. ACM.

SYSTUTORIALS.COM (2019). Unshare (1) - linux man pages. https://www. systutorials.com/docs/linux/man/1-unshare/.
Publicado
16/09/2019
OLIVEIRA, Kerolayne; MIERS, Charles. Uma análise de segurança no uso de contêineres Docker em máquinas virtuais. In: ESCOLA REGIONAL DE REDES DE COMPUTADORES (ERRC), 17. , 2019, Alegrete. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2019 . p. 89-96. DOI: https://doi.org/10.5753/errc.2019.9216.