Tocker: framework para a segurança de containers Docker
Abstract
Tocker is a framework that restricts the network's communication between Docker containers to the minimum necessary and blocks unnecessary ports with the introduction of firewalls, according to the user settings of services and their relationships in a text file or via a graphical interface. The framework also automatically adds containers containing security monitoring services (Snort) between connections, based on pre-established rules. Moreover, it performs static security analysis of the images used in the containers thanks to an integration with the Snyk scanner that searches in external databases which dependencies (software) of the image are outdated (and vulnerable) and alerts the system administrator.References
D. Kreutz, F. M. V. Ramos, P. E. Veríssimo, C. E. Rothenberg, S. Azodolmolky and S. Uhlig, "Software-Defined Networking: A Comprehensive Survey", in Proceedings of the IEEE, vol. 103, no. 1, pp. 14-76, Jan. 2015.
L.Whitney - Security firm Barracuda hit by cyberattack< https://www.cnet.com/news/security-firm-barracuda-hit-by-cyberattack/ <último acesso: 30/06/2019.
Snyk < https://snyk.io/ < [Página do fabricante] último acesso: 30/06/2019.
Runnable Team - Basic Docker networking < https://runnable.com/docker/basic-docker-networking <último acesso: 30/06/2019.
Linode Group < https://www.linode.com/docs/security/firewalls /control-network-traffic-with-iptables/ <último acesso: 30/06/2019.
Chelladhurai, Jeeva, Pethuru Raj Chelliah, and Sathish Alampalayam Kumar. "Securing docker containers from denial of service (dos) attacks." 2016 IEEE International Conference on Services Computing (SCC). IEEE, 2016.
F.Balabanian < https://github.com/FelipeBala/Tocker < [Código do projeto]últimoacesso: 30/06/2019.
L.Whitney - Security firm Barracuda hit by cyberattack< https://www.cnet.com/news/security-firm-barracuda-hit-by-cyberattack/ <último acesso: 30/06/2019.
Snyk < https://snyk.io/ < [Página do fabricante] último acesso: 30/06/2019.
Runnable Team - Basic Docker networking < https://runnable.com/docker/basic-docker-networking <último acesso: 30/06/2019.
Linode Group < https://www.linode.com/docs/security/firewalls /control-network-traffic-with-iptables/ <último acesso: 30/06/2019.
Chelladhurai, Jeeva, Pethuru Raj Chelliah, and Sathish Alampalayam Kumar. "Securing docker containers from denial of service (dos) attacks." 2016 IEEE International Conference on Services Computing (SCC). IEEE, 2016.
F.Balabanian < https://github.com/FelipeBala/Tocker < [Código do projeto]últimoacesso: 30/06/2019.
Published
2019-09-02
How to Cite
BALABANIAN, Felipe; HENRIQUES, Marco.
Tocker: framework para a segurança de containers Docker. In: WORKSHOP ON SCIENTIFIC INITIATION AND UNDERGRADUATE WORKS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 19. , 2019, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 145-154.
DOI: https://doi.org/10.5753/sbseg_estendido.2019.14016.
