Still Not Aware of the Loophole of Unintentional Access to Docker? A Proof of Concept

Still Not Aware of the Loophole of Unintentional Access to Docker? A Proof of Concept

연구 분야: Software Development

학회: 2023 IEEE Symposium on Computers and Communications (ISCC)

Due to the ease of management and the high performance of the containerization, many services have been deployed on container, e.g., Web server running in Docker. However, the Docker implementation suffers several fatal loopholes. In this paper, we study a persistent security problem of Docker, i.e., the port mapping statement results in a wrong IPTABLES rule, which has been disclosed for a while but is still not solved. Therefore, we are motivated to provide a technical primer as well as a proof of concept for this issue. Nevertheless, we discuss several methods to mitigate the security problem. Further, we apply our network testbed for demonstrating the loophole and the effectiveness of the defense methods. The experimental results show that our approach not only increase the time cost for the attacker to identify the target but also bring negligible overhead for deploying the countermeasures.