- 402 views
- 532 downloads
Security audit of docker container images in cloud architecture
-
- Author(s) / Creator(s)
-
Containers technology has radically changed the ways for packaging applications and deploying them as services in a cloud environment. According to the recent report of TrendMicro security predictions of 2020, the vulnerabilities in container components that are deployed with cloud architecture have been ranked as one of the top security concerns for development and the operations teams in enterprises. Docker is one of the leading container technologies that automate the deployment of applications into containers. Docker Hub is a public repository by Docker for storing and sharing the docker images. These Docker images are pulled from the Docker Hub repository and the security of images being used from the repositories in any cloud environment could be at risk. Vulnerabilities in docker images could have a detrimental effect on enterprise applications. In this paper, the focus is on securing the docker images using vulnerability centric approach (VCA) to detect the vulnerabilities and developing a checklist of use cases compliant with NIST standards. This paper develops a checklist of use cases to verify the standards by systematic analysis of the docker image in compliance with OWASP CSVS. The paper has the following objectives (i) to identify and assess the vulnerabilities of docker images with their CVE details using VCA; (ii) to develop a checklist of use cases compliant with the NIST guidelines for securing container images; and (iii) to align the checklist with the requirements of OWASP Container Security Verification Standards. The proposed checklist can be used as a useful tool during the development, deployment, and maintenance of the microservice application.
-
- Date created
- 2020
-
- Subjects / Keywords
-
- Type of Item
- Research Material