Abstract
Abstract
In the rapidly evolving landscape of cloud computing, containerization technologies like Docker have become essential for efficient application deployment and scalability. However, this widespread adoption has also introduced significant security challenges, particularly the threat of container escape vulnerabilities. These vulnerabilities enable malicious actors to breach the isolation of a container, potentially gaining unauthorized access to the host system or other containers, thus posing severe risks to cloud infrastructure security.
This thesis provides a comprehensive analysis of container escape vulnerabilities within Docker environments, focusing on critical Common Vulnerabilities and Exposures (CVEs). The research emphasizes the implementation of Proof of Concepts (PoCs) on ARM-based architectures to demonstrate the feasibility and implications of these vulnerabilities on alternative hardware platforms. Utilizing system call logging with Auditd and a rule-based log analysis methodology, the study offers a structured approach to detect and understand the nature of malicious activities.
Key contributions of this research include the successful adaptation of PoCs for ARM devices, detailed system call analysis during vulnerability exploitation, and the development of rule-based detection mechanisms for identifying anomalous patterns indicative of container escapes. These findings significantly advance the field of container security by providing empirical evidence and methodological advancements aimed at enhancing defenses against container escape attacks.
The thesis concludes with a discussion on the implications of the findings, highlighting the necessity for robust security measures in containerized systems and proposing directions for future research to address the evolving threat landscape.