Date of Submission

Fall 2024

Supervisor

Engr. Dr. Syed Irfan Nabi, Associate Professor, Department of Computer Science

Committee Member 1

Dr. Zaheeruddin Asif, Examiner – I, SMCS, Institute of Business Administration (IBA), Karachi

Committee Member 2

Engr. Dr. Yawar Abbas Bangash, Examiner – II, Military College of Signal, NUST

Committee Member 3

Dr. Tariq Mahmood, Professor and Program Coordinator MS (CS) & MS (DS) Institute of Business Administration (IBA), Karachi

Degree

Master of Science in Data Science

Department

Department of Computer Science

Faculty/ School

School of Mathematics and Computer Science (SMCS)

Keywords

Docker, Image, Container, Security Vulnerabilities, Host OS, Framework

Abstract

Docker has revolutionized application deployment through CI/CD pipelines, leveraging efficient containerization managed directly by the host kernel. Despite its advantages, ensuring the security of the Docker ecosystem remains paramount, especially in cloud computing environments where image security validation is critical. Furthermore, this study conducts a large-scale analysis of Docker Hub, a prominent repository, revealing vulnerabilities in sensitive parameters of Docker run commands and as a result presents a comprehensive framework integrating multiple components and CI/CD pipelines to safeguard Docker-based applications from development through deployment phases. The vulnerabilities identified risks such as host file leakage and denial-of-service attacks. Additionally, malicious images capable of remote code execution are identified, highlighting deficiencies in vulnerability patching. This research underscores the need for enhanced security measures within the Docker ecosystem. Moreover, this study evaluates existing tools for identifying and mitigating Dockerfile misconfigurations, noting prevalent security flaws and the absence of automated repair solutions. To address these gaps a framework is proposed, the Docker Security and Management Framework (DSMF) and its architecture, Docker Security and Management Architecture (DSMA), for a system that detects and suggests repairs for security misconfigurations in Dockerfiles. The framework encompasses secure Docker image building, bundling applications with requisite libraries, and secure image distribution via Docker registries. Validation against vulnerable Docker components demonstrates the framework's efficacy in mitigating security risks. Implementing frameworks like Docker Security and Management Framework (DSMF) and Docker Security and Management Architecture (DSMA) is crucial for maintaining the integrity and security of containerized applications across diverse operational environments. Ultimately, this study advocates ongoing research and development efforts to fortify Docker security, ensuring robust protection against evolving threats. This research may be valuable for software and system developers and solutions providers that use Dockers.

Document Type

Restricted Access

Submission Type

Thesis

Download

Available for download on Tuesday, January 25, 2028

Share

COinS