Experimenting with Docker: Linux Container and BaseOS Attack Surfaces
Linux containers showed great superiority when compared to virtual machines and hypervisors in terms of networking, disk and memory management, start-up and compilation speed, and overall processing performance. In this research, we are questioning whether it is more secure to run services inside Linux containers than running them directly on a host base operating system or not. We used Docker v1.10 to conduct a series of experiments to assess the attack surface of hosts running services inside Docker containers compared to hosts running the same services on the base operating system represented in our paper as Debian Jessie. Our vulnerability assessment shows that using Docker containers increase the attack surface of a given host, not the other way around.
Published in: International Conference on Information Society (i-Society 2016)
- Date of Conference: 10-13 October 2016
- DOI: 10.2053/iSociety.2016.0001
- ISBN: 978-1-908320-62-9
- Conference Location: Dublin, Ireland