Container Attack Surface Reduction Beyond Name Space Isolation presented at blackhatEurope 2018

by Michalis Polychronakis, Azzedine Benameur, Jay Chien-an Chen, Lei Ding,

Summary : Public container images are riddled with vulnerabilities. We've analyzed the top 100 official Docker images present on DockerHub and found thousands of vulnerabilities and misconfigurations. Many of these vulnerabilities lie not within the application itself but in dependencies, binaries, and file/user/network permissions that are not required for the application to run. This issue has been recently mitigated by using a smaller base image layer such as Alpine, Minideb, and Cirros. While this is a step forward to reduce the attack surface, this is still not enough. Like Unix tools, containers should be atomic in nature and fulfill only one task efficiently. In the context of containers, this means a container should be tailored to run one application only. It means only the required libraries, binaries, files, and network protocols to support a given application should be present. Our approach tackles this problem by using a fine-grained container-wide profiling tool we developed to identify the subset of resources that the application absolutely needs in order to perform its normal operation. The output of our tool is then used to guide the container re-creation process to generate a new unique container image tailored specifically to only support the given application. This new container image not only contains the minimum set of dependencies, but is also hardened with strict lock down policies which are enforced at runtime at the system API level to support only the application's intended operations, and neutralize any unneeded functionality that may be of use to exploits. In a preprocessing phase, the tool analyzes each application to pinpoint the call sites of potentially useful (to attackers) system API functions, and uses backwards data flow analysis to derive their expected argument values and generate whitelisting policies in a best-effort way. At runtime, the system exposes to the protected application only specialized versions of these critical API functions, and blocks any invocation that violates the enforced policy.We've tested our approach on thousands of containers and will present results that demonstrate that our approach not only successfully removed 50%-70% of the known vulnerabilities in the tested images, but can also effectively block many zero-day attacks.