Analysis of Docker Security
This addresses security concerns for users of Docker in virtualization, but it is incremental as it focuses on analysis and recommendations without introducing new methods.
The paper analyzes the security of Docker, a container-based virtualization technology, by examining its internal security and interactions with Linux kernel features like SELinux and AppArmor, and identifies ways to enhance its security.
Over the last few years, the use of virtualization technologies has increased dramatically. This makes the demand for efficient and secure virtualization solutions become more obvious. Container-based virtualization and hypervisor-based virtualization are two main types of virtualization technologies that have emerged to the market. Of these two classes, container-based virtualization is able to provide a more lightweight and efficient virtual environment, but not without security concerns. In this paper, we analyze the security level of Docker, a well-known representative of container-based approaches. The analysis considers two areas: (1) the internal security of Docker, and (2) how Docker interacts with the security features of the Linux kernel, such as SELinux and AppArmor, in order to harden the host system. Furthermore, the paper also discusses and identifies what could be done when using Docker to increase its level of security.