Docker Security: A Threat Model, Attack Taxonomy and Real-Time Attack Scenario of DoS
Aparna Tomar, Diksha Jeena, Preeti Mishra, Rahul Bisht
Abstract
As the last decade experienced an explosion in the development and use of virtualization technologies, the need for an efficient and secure virtualization solution has also been increased. All the solutions that emerged can be classified into two major classes i.e. hypervisor-based virtualization and container-based virtualization. Container technologies have been around for a very long time but Docker is a relatively new and the most dominant candidate among all the other technologies. Along with so many advantages, it has a few disadvantages as well in which its security is the primary and the most crucial concern. In this paper, we propose a threat model for Docker with all the possible attack scenarios in Docker-based host systems. Furthermore, the paper also provides a detailed classification of attacks that can take place on various layers of Docker along with the description of each one of them. Lastly, the paper presents a real-time case study on Denial of Service (DoS) attack in the Docker environment.