Information Leakages of Docker Containers: Characterization and Mitigation Strategies

Compared to classic virtual machines, containers offer lightweight and dynamic execution environments. Hence, they are core building blocks for the development of future softwarized networks and cloud-native applications. However, containers still pose many security challenges, which are less unders...

Full description

Saved in:
Bibliographic Details
Main Authors: Zuppelli, Marco, Repetto, Matteo, Caviglione, Luca, Cambiaso, Enrico
Format: Conference Proceeding
Language:English
Subjects:
Cloud computing
Containers
containers security
covert channels
cybersecurity
data leak
Security
softwarization
Virtual machining
Virtualization
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Compared to classic virtual machines, containers offer lightweight and dynamic execution environments. Hence, they are core building blocks for the development of future softwarized networks and cloud-native applications. However, containers still pose many security challenges, which are less understood compared to other virtualization paradigms. An important aspect often neglected concerns techniques enabling containers to leak data outside their execution perimeters, e.g., to exfiltrate sensitive information or coordinate attacks. In this paper we investigate security impacts of covert communications based on the looser isolation of memory statistics information. Our characterization indicates that the investigation of system calls should be considered a prime tool to reveal the presence of collusive attack schemes. We also elaborate on two mitigation techniques: the first entails prevention via "hardening" configurations of containers, while the second implements a run-time disruption mechanism.
ISSN:2693-9789
DOI:10.1109/NetSoft57336.2023.10175435