@article{MCA1E333F,
title = "Revisiting Security Landscape of Docker Hub Container Images",
journal = "The Journal of Korean Institute of Communications and Information Sciences",
year = "2022",
issn = "1226-4717",
doi = "10.7840/kics.2022.47.8.1231",
author = "Myoungsung You,Jaehan Kim,Seungwon Shin",
keywords = "클라우드 컴퓨팅, 정보보안 및 개인정보보호, 클라우드 보안, 가상화, 컨테이너 보안, Cloud computing, Security and Privacy, Cloud Security, Virtualization, Container security",
abstract = "Containerization has recently become a de facto standard of virtualization technology in modern cloud environments. Its popularity has led to the development of various container engines and remote registry services. Docker Hub, the largest container registry, distributes numerous official and community container images. It provides agile ways to develop services using containers but at the same time poses new security threats by sharing vulnerable images. In this paper, we investigate the current state of vulnerabilities in container images shared on Docker Hub. We design an automated security assessment framework that discovers and examines container images on Docker Hub. We obtain the following insights by analyzing all the official images and the 10,000 most downloaded community images through our framework. (1) Both the official and community images have an average of 117 or more vulnerabilities. (2) Vulnerabilities in images are patched on average three days after the vulnerabilities are disclosed. (3) Propagation of vulnerability between images is prevalent, but countermeasures against the propagation are costly. We believe that this paper will be utilized as a good foundation in future work on container security."
}