SecDr：A Content Safe Docker Registry

doi:10.3969/j.issn.1006-2475.2018.05.015

Abstract

Abstract: Docker is a greatly popular container engine since its rapid deployment and extensive portability. However, it raises image content safe problem. Aiming at this issue, A Docker image content safe registry named SecDr is designed. Firstly, SecDr hierarchically scans Docker image files which are pushed to Docker registry to detect the static vulnerabilities, and confirms any of its installed software packages to match any known vulnerabilities’ features. The vulnerabilities are updated from common vulnerabilities and exposures (CVE) databases. Secondly, SecDr facilitates customized penetration testing to detect the vulnerabilities introduced by developers. The results show that SecDr is able to solve the content safe problem in Docker registry.

Key words: Docker, scanning, penetration test

CLC Number:

TP309.5

WEI Xing-shen1, SU Da-wei2, TU Zheng-wei1, LIU Wei1, QI Long-yun1, LYU Xiao-liang1, YANG Bin1. SecDr：A Content Safe Docker Registry[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2018.05.015.

References

［1］   浙江大学SEL实验室. Docker:容器与容器云［M］. 北京：人民邮电出版社, 2015.
［2］王鹃,胡威,张雨菡,等. 基于Docker的可信容器［J］. 武汉大学学报（理学版）, 2017,63(2):102-108.
［3］    Combe T, Martin A, Pietro R D. To Docker or not to Docker: A security perspective［J］.IEEE Cloud Computing, 2016,3(5):54-62. 
［4］    许丽婷,傅翔君,杨晶晶. 基于Docker技术的分层式数据安全性防护系统［J］. 信息化研究, 2017,43(1):51-55. 
［5］杨文林,谭曦,郭俊廷,等. Docker脆弱性分析与安全增强［J］. 信息安全与技术, 2016(4):21-23.
［6］ James Sulinski. Docker image vulnerability research［J］. Federacy Research, 2017,3(13):1-3.
［7］ Shu Rui, Gu Xiaohui, Enck W. A study of security vulnerabilities on Docker Hub［C］// Proceedings of the 7th ACM Conference on Data and Application Security and Privacy. 2017:269-280.
［8］胡朝辉,王方立. 电力监控系统通信安全技术研究［J］. 电子技术应用, 2017,43(3):21-24.
［9］ Boettiger C. An introduction to Docker for reproducible research［J］. ACM SIGOPS Operating Systems Review, 2015,49(1):71-79.
［10］Giannakopoulos I, Papazafeiropoulos K, Doka K, et al. Isolation in Docker through layer encryption［C］// 2017 37th IEEE International Conference on Distributed Computing Systems. 2017:2529-2532.
［11］Nipun J. 精通Metasploit渗透测试［M］. 北京：人民邮电出版社, 2016.
［12］李啸,胡勇. 基于sqlmap的被动SQL注入扫描技术研究与实现［J］. 现代计算机, 2016,28(1):38-42.
［13］ Meucci M, Muller A. The OWASP testing guide 40［J］. Open Web Application Security Project, 2015,8(3):1-224.
［14］〖ZK(#〗赵丽娟. Web应用程序渗透测试方法研究［D］. 长沙：中南大学, 2014.
［15］王丹,赵文兵,丁治明. 应用常见注入式安全漏洞检测关键技术综述［J］. 北京工业大学学报, 2016,42(12):1822-1832.
［16］韩心慧,王东祺,陈兆丰,等. 云端服务器敏感数据保护方法研究［J］. 清华大学学报(自然科学版), 2016,56(1):51-57.
［17］宋雅楠,刘萍. 渗透测试的信息抓取策略研究［J］. 计算机系统应用, 2017,26(8):232-237.
［18］王扬品,程绍银,蒋凡. 应用漏洞扫描系统［J］. 计算机系统应用, 2015,24(12):58-63.
［19］Dashevskyi S, Brucker A D, Massacci F. On the security cost of using a free and open source component in a proprietary product［C］// International Symposium on Engineering Secure Software and Systems. 2016:190-206.

[1]	LI Hai-hao, WU Ya-feng, WANG Xiao-qiang. Application of Timed Petri Net in Penetration Testing [J]. Computer and Modernization, 2020, 0(10): 110-115.
[2]	HOU Jian-chun1,2， ZHAO Feng-jun2， WU Liang2， YUAN Cheng1,2. An Element of UWB Phased Array Antenna [J]. Computer and Modernization, 2019, 0(09): 72-.
[3]	GUO Yi1, ZHANG Wei-shan1, XU Liang2, ZHAI Jia3. A Micro-service-based Oil Big Data Mining Platform [J]. Computer and Modernization, 2019, 0(05): 25-.
[4]	ZHAO Bo-ying， XIAO Peng， ZHANG Li. Hybrid Programming of MPI and OpenMP Based on Docker [J]. Computer and Modernization, 2018, 0(05): 60-.
[5]	ZHENG Sheng-jun1， GUO Long-hua2， LI Jian-hua2, WANG Hong-kai3, LIU Yun4. Multi-dimensional Monitoring System for Website Security Based on Cloud Platform [J]. Computer and Modernization, 2016, 0(1): 39-45.
[6]	GUAN Yuanjun, LI Yang, WAN Xiaodong. An Improved Disc File System [J]. Computer and Modernization, 2015, 0(12): 116-.
[7]	PEI Jiao-yang1,2, ZHANG Zhi-yi1, YUAN Cong-cong1. A 3D Scanning System Based on Monocular Vision Geometry Construction [J]. Computer and Modernization, 2014, 0(6): 66-70.
[8]	TONG Jing, CHEN Zheng-ming, LIU Jing, XU Xin . Key Technologies of Low-cost Individuation Manufacturing Prototype System [J]. Computer and Modernization, 2014, 0(2): 98-101.
[9]	LIU Tie-hua. Lossless Compression Algorithm Based on HEVC for Digital Image [J]. Computer and Modernization, 2013, 1(8): 23-26.
[10]	LI Qing-shuo;WANG Zhi-gang;YUE Jiang-shui. Modeling and Practice of FY-2 Satellite Tracking [J]. Computer and Modernization, 2013, 218(10): 42-45.