Call me Ishmael: Using Dynamic Analysis to Hunt Whales on the Internet

Master thesis (2023)

Authors

L.A. Pîrcălăboiu Electrical Engineering, Mathematics and Computer Science

Contributors

M. Conti Cyber Security - EEMCS (supervisor 1)
Alessandro Brighente Università degli Studi di Padova (supervisor 1)
A. Panichella Software Engineering - EEMCS (coach)
Faculty
Electrical Engineering, Mathematics and Computer Science
Copyright: © 2023 Laura Pîrcălăboiu
More Info
expand_more

Published Date

30-08-2023

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

Docker has been one of the most widely used DevOps tools in the last decade, enabling fast development of personalized services. Indeed, the common practice is to reuse already available containers and customize them based on the developer's needs. DockerHub is the leading platform for uploading and downloading Docker containers. Unfortunately, reusing code and infrastructure exposes developers to security and privacy threats, as the original developer might have had malicious intent to collect sensitive data or create backdoors in a victim's system. The existing literature has raised concerns about this security and privacy threats, and performed a mass vulnerability scans of Docker images. However, currently existing studies are mostly based on static analysis, which has been proved to be insufficient for a complete security assessment.

In this thesis we present a novel framework for the en-masse identification of vulnerabilities in Docker Containers. Additionally, as part of the framework, we document and implement a component which sorts and downloads images based on their popularity, which improves on the current fuzzy-search based state-of-the-art. Using this framework we found vulnerabilities in 2.44% of the containers we scanned. The framework also succeeded in finding novel vulnerabilities, resulting in two new reserved CVE numbers in the social network software Friendica.