Security analysis of Docker containers in a production environment
MetadataVis full innførsel
Container technology for hosting applications on the web is gaining traction as the preferred mode of deployment. Major actors in the IT industry are transforming their infrastructure into smaller services and are using containers as a basis. Compared to a hypervisor-based infrastructure containers are easier to manage and administrate. Container images can be deployed identically independent of platform choice; containers support most infrastructures and operating systems. Containers solve some operation management issues but raise security concerns. The layer of isolation between instances is significantly reduced when comparing a hypervisor with container administration software such as Docker. This thesis aims to compare the security of containers and hypervisor virtual machines by observing exploits in both environments. The experiments shown throughout this thesis describe the outcomes of some exploits. In addition to observing the exploitation of the system, the experiments focus on finding possible solutions to prevent the vulnerabilities to be exploited and possibly secure the applications and environments. The methods utilized to mitigate the exploitations are based on security features within the virtualization technologies as well as features provided by the operating system.