Vulnerability analysis of container-based virtualization

Abstract

Even though system virtualization is not really a new paradigm, the way it is implemented in present system architectures provides a powerful platform for system development, the bene ts of which have only recently been realised as a result of the widespread implementation of commodity hardware and software systems. Virtualization, in concept, incorporates the employment of an encapsulating software layer that surrounds or supports an operating system and provides the same inputs, outputs, and behaviour as a physical device. However, new dangers and security challenges have arisen as a result of the design, implementation, and deployment of virtualization technologies thereby giving rise to the requirement for a reliable and secure virtualization solution.Over time we have come across various virtualisation technologies like virtual machines, containers, unikernels. Container technologies have been used for a long time, but Docker is the most popular and widely used among them. Along with so many bene ts, it also has a few drawbacks, the most critical of which is security.We attempted to develop a prerequisite and postcondition classi cation framework for attacker privileges in this project, which can be utilised to generate attack graphs particular to Docker.Advanced multi-step, multi-host attacks are common in today's computer networks. So, attack graphs are a more e cient way since they are built from a network's recognised vulnerabilities and indicate security concerns via attack paths that aren't visible in the results of primitive methodologies.