Description
Container virtualization is of increasing importance in modern software deployments.
It is often used as more lightweight alternative to virtual machines, especially in the
cloud sector. This advantage comes at the cost of a weaker isolation between host and
guest as the host’s Operating System (OS) kernel is shared.
By abusing flaws in the isolation configuration of the container attackers are able to
bypass or break the container isolation. In the worst case, an attacker can get root
access to the host system.
In order to prevent container escape attacks based on misconfigurations, it is crucial to
understand their root cause and how they could be prevented by using the available
container isolation mechanisms correctly. Also, it is important to be able to automati-
cally detect potential flaws in the isolation configuration of a container before it gets
deployed.
In this work, we present an approach, which allows analyzing containers on a Linux
system generic of the used container engine regarding their isolation state. To enable
the security evaluation of a container, we propose several categories describing the
different resources a container may interact with on the host system.
Based on the results of the isolation analysis, we further developed a concept which
allows to automatically assess the security of a given container instance regarding its
capability to prevent container escapes. Using our concept, it is possible to identify
which parts of the container are not sufficiently isolated to prevent an attacker of
accessing host resources.
We provide a proof of concept implementation of the developed concepts. Using this
implementation we evaluated five different container engines.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching