Container Attack Surface Reduction Beyond Name Space Isolation

Presented at Black Hat Europe 2018, Dec. 5, 2018, 3:15 p.m. (50 minutes)

Public container images are riddled with vulnerabilities. We've analyzed the top 100 official Docker images present on DockerHub and found thousands of vulnerabilities and misconfigurations. Many of these vulnerabilities lie not within the application itself but in dependencies, binaries, and file/user/network permissions that are not required for the application to run. This issue has been recently mitigated by using a smaller base image layer such as Alpine, Minideb, and Cirros. While this is a step forward to reduce the attack surface, this is still not enough.

Like Unix tools, containers should be atomic in nature and fulfill only one task efficiently. In the context of containers, this means a container should be tailored to run one application only. It means only the required libraries, binaries, files, and network protocols to support a given application should be present.

Our approach tackles this problem by using a fine-grained container-wide profiling tool we developed to identify the subset of resources that the application absolutely needs in order to perform its normal operation. The output of our tool is then used to guide the container re-creation process to generate a new unique container image tailored specifically to only support the given application.

This new container image not only contains the minimum set of dependencies, but is also hardened with strict lock down policies which are enforced at runtime at the system API level to support only the application's intended operations, and neutralize any unneeded functionality that may be of use to exploits. In a preprocessing phase, the tool analyzes each application to pinpoint the call sites of potentially useful (to attackers) system API functions, and uses backwards data flow analysis to derive their expected argument values and generate whitelisting policies in a best-effort way. At runtime, the system exposes to the protected application only specialized versions of these critical API functions, and blocks any invocation that violates the enforced policy.

We've tested our approach on thousands of containers and will present results that demonstrate that our approach not only successfully removed 50%-70% of the known vulnerabilities in the tested images, but can also effectively block many zero-day attacks.


  • Michalis Polychronakis - Assistant Professor, Computer Science Department Stony Brook University
    Dr. Michalis Polychronakis is an assistant professor in the Computer Science Department at Stony Brook University. His main research interests are in the areas of network and system security and network monitoring and measurement. He received the B.Sc. ('03), M.Sc. ('05), and Ph.D. ('09) degrees in Computer Science from the University of Crete, Greece, while working as a research assistant in the Distributed Computing Systems Lab at FORTH-ICS. Before joining Stony Brook, he was an Associate Research Scientist at Columbia University. Michalis' research aims to improve the security of computer systems and networks, build robust defenses against malicious software and online threats, reinforce the privacy of our online interactions, and enhance our understanding of the internet ecosystem and its darker sides.
  • Lei Ding - Security Researcher, Accenture Security Lab
    Dr. Lei Ding is a cybersecurity researcher with Accenture Labs in Washington, D.C., where she focuses on developing, evaluating, and deploying novel data mining approaches and machine learning models in support of endpoint and network security solutions. Before joining Accenture, she was a principal investigator on several federal funded projects, including "Enabling intelligent security assessment for HPC systems via automated learning and data analytics" and "Secure computing environment for High Performance Computing systems" funded by DoE, "Digital forensic tool kit for machinery control systems" funded by Navy, and "Cognitive engine enabled mission-aware intelligent communication system for space networking" funded by NASA.
  • Jay Chien-An Chen - Security Researcher, Accenture Security Lab
    Dr. Chien-An Chen is a researcher in Accenture Cyber Tech Lab based in Washington, DC. His current research focuses on container attack surface reduction. He is also experienced in the Blockchain technology and its applications in cyber security. Before joining Accenture, his research focused on designing secure distributed data storage and data processing system for mobile devices. Chien-An received his Ph.D. degree from Texas A&M University in 2015 and his Masters degree from University of California, Los Angeles in 2010.
  • Azzedine Benameur - Security Researcher, Accenture Security Lab
    Dr. Azzedine Benameur is an experienced researcher in Security & Privacy with a strong industrial focus and is currently a Cyber Security Research & Development manager with Accenture Technology Labs in Washington D.C.. He previously lead the mobile security Research & Development at Kryptowire. He has over 10 years experience working on Security, Privacy, Cloud Security and Mobile. He has a proven track record of delivering industrial focused research with prototypes and patents while pushing the state of the art with academic publications. In his past role at Symantec he was in charge of enhancing the detection of rooted devices and pushed a novel patented solution in both enterprise and consumer versions of Norton used by millions of users. He also focused on Cloud security and low level binary security issues though DARPA and IARPA funded projects (MEERKATS and MINESTRONE). Prior to Symantec he was a Researcher in the Cloud and Security Lab of HP Labs Bristol, UK where he worked on privacy as part of the European Union's EnCoRe project, investigating fine-grained consent and revocation in user-centric applications. Prior to this he worked on SERENITY, another European Union security research project, at the Security & Trust Lab of SAP Research.


Similar Presentations: