| Title | A Study of Security Vulnerabilities on Docker Hub |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Shu, Rui, Gu, Xiaohui, Enck, William |
| Conference Name | Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4523-1 |
| Keywords | composability, Docker Images, Metrics, Networked Control Systems Security, pubcrawl, resilience, Resiliency, security vulnerabilities, Vulnerability Propagation |
| Abstract | Docker containers have recently become a popular approach to provision multiple applications over shared physical hosts in a more lightweight fashion than traditional virtual machines. This popularity has led to the creation of the Docker Hub registry, which distributes a large number of official and community images. In this paper, we study the state of security vulnerabilities in Docker Hub images. We create a scalable Docker image vulnerability analysis (DIVA) framework that automatically discovers, downloads, and analyzes both official and community images on Docker Hub. Using our framework, we have studied 356,218 images and made the following findings: (1) both official and community images contain more than 180 vulnerabilities on average when considering all versions; (2) many images have not been updated for hundreds of days; and (3) vulnerabilities commonly propagate from parent images to child images. These findings demonstrate a strong need for more automated and systematic methods of applying security updates to Docker images and our current Docker image analysis framework provides a good foundation for such automatic security update. This article is summarized in: the morning paper an interesting/influential/important paper from the world of CS every weekday morning, as selected by Adrian Colyer |
| URL | http://doi.acm.org/10.1145/3029806.3029832 |
| DOI | 10.1145/3029806.3029832 |
| Citation Key | shu_study_2017 |
A Study of Security Vulnerabilities on Docker Hub