TY  - JOUR
T1  - Revisiting Security Landscape of Docker Hub Container Images
AU  - You, Myoungsung 
AU  - Kim, Jaehan 
AU  - Shin, Seungwon 
JO  - The Journal of Korean Institute of Communications and Information Sciences
PY  - 2022
DA  - 2022/1/15
DO  - 10.7840/kics.2022.47.8.1231
KW  - 클라우드 컴퓨팅
KW  - 정보보안 및 개인정보보호
KW  - 클라우드 보안
KW  - 가상화
KW  - 컨테이너 보안
KW  - Cloud computing
KW  - Security and Privacy
KW  - Cloud Security
KW  - Virtualization
KW  - Container security
AB  - Containerization has recently become a de facto standard of virtualization technology in modern cloud environments. Its popularity has led to the development of various container engines and remote registry services. Docker Hub, the largest container registry, distributes numerous official and community container images. It provides agile ways to develop services using containers but at the same time poses new security threats by sharing vulnerable images. In this paper, we investigate the current state of vulnerabilities in container images shared on Docker Hub. We design an automated security assessment framework that discovers and examines container images on Docker Hub. We obtain the following insights by analyzing all the official images and the 10,000 most downloaded community images through our framework. (1) Both the official and community images have an average of 117 or more vulnerabilities. (2) Vulnerabilities in images are patched on average three days after the vulnerabilities are disclosed. (3) Propagation of vulnerability between images is prevalent, but countermeasures against the propagation are costly. We believe that this paper will be utilized as a good foundation in future work on container security.