Titulo Estágio
Security Assessment and Analysis in Docker Environments
Áreas de especialidade
Engenharia de Software
Comunicações, Serviços e Infraestruturas
Local do Estágio
SSE-CISUC
Enquadramento
Operating-system-level virtualization appeared as a lighter option to traditional virtualization that avoids the overhead of starting and maintaining virtual machines. Resource isolation features of the operating system and file system are used to create several independent "software containers" that run in the same operating system instance. Docker provides abstraction and automation for such technology and its containers wrap up a software in a filesystem that contains everything it needs to run: code, runtime, system tools, system libraries.
However, as these containers share machines with other containers that, in some cases, can be owned by a different organization, their security is of utmost importance. Although Docker promises security and reliability, it is clear that privilege escalation or code execution attacks, when successful, could be devastating for the infrastructure provider.
Objetivo
In this context, the objective of this work is to perform an empirical study about the security of the Docker platform. This study will start by online security reports, as they constitute an important source of information to obtain insight about the history of security problems. Then, both security testing techniques and code analysis to uncover problems of availability, confidentiality, integrity and isolation in the platform.
Plano de Trabalhos - Semestre 1
T1. [01/09/2016 a 31/10/2016] State of the art analysis
Study the Docker platform, understand the concepts behind security and analyse the most relevant and frequent security problems in operating-system-level virtualization.
T2. [01/11/2016 a 30/11/2016] Creation of a Docker setup.
Install and configure a setup based on Docker, finding or developing representative applications to deploy there.
T3. [01/12/2016 a 31/12/2016] Security Reports analysis.
Analyse the existing security bug reports in the platform. Understand the code that lead to the vulnerabilities, what would be necessary to exploit it, and, the code that was used to patch it.
T4. [01/01/2017 a 31/01/2017] Write the Dissertation Plan
Plano de Trabalhos - Semestre 2
T5. [01/02/2017 a 15/03/2017] Source Code Analysis
Analysis of the source code of the platform, with emphasis on the most problematic modules. This analysis can be done with the help of static code analysis tools, but it is necessary a component of dynamic analysis to complement the study.
T6. [16/03/2017 a 30/04/2017] Security Testing
Define a security testing campaign that includes the development of proof of concept tests to demonstrate the exploitation of the security bugs found previously.
T7. [01/04/2017 a 31/05/2017] Write a paper
T8. [01/03/2017 a 31/07/2017] Write the thesis.
Condições
The work is to be executed at the laboratories of the CISUC’s Software and Systems Engineering Group. There is the possibility of attributing a research scholarship in the second semester. The work will be co-advised by Prof. Baldoino Fonseca (UFAL, Brasil). A work place will be provided as well as the required computational resources.
Orientador
Nuno Antunes
nmsa@dei.uc.pt 📩