Well Begun is Half Done: An Empirical Study of Exploitability Impact of Base-Image Vulnerabilities

by   Mubin Ul Haque, et al.

Container technology, (e.g., Docker) is being widely adopted for deploying software infrastructures or applications in the form of container images. Security vulnerabilities in the container images are a primary concern for developing containerized software. Exploitation of the vulnerabilities could result in disastrous impact, such as loss of confidentiality, integrity, and availability of containerized software. Understanding the exploitability and impact characteristics of vulnerabilities can help in securing the configuration of containerized software. However, there is a lack of research aimed at empirically identifying and understanding the exploitability and impact of vulnerabilities in container images. We carried out an empirical study to investigate the exploitability and impact of security vulnerabilities in base-images and their prevalence in open-source containerized software. We considered base-images since container images are built from base-images that provide all the core functionalities to build and operate containerized software. We discovered and characterized the exploitability and impact of security vulnerabilities in 261 base-images, which are the origin of 4,681 actively maintained official container images in the largest container registry, i.e., Docker Hub. To characterize the prevalence of vulnerable base-images in real-world projects, we analysed 64,579 containerized software from GitHub. Our analysis of a set of 1,983 unique base-image security vulnerabilities revealed 13 novel findings. These findings are expected to help developers to understand the potential security problems related to base-images and encourage them to investigate base-images from security perspective before developing their applications.


page 1

page 9


On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency Networks

The increasing interest in open source software has led to the emergence...

Characterizing and Understanding Software Developer Networks in Security Development

To build secure software, developers often work together during software...

An Empirical Study of C++ Vulnerabilities in Crowd-Sourced Code Examples

Software developers share programming solutions in Q A sites like Stac...

Revisiting Dockerfiles in Open Source Software Over Time

Docker is becoming ubiquitous with containerization for developing and d...

Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software

Least-privilege separation decomposes applications into compartments lim...

An Empirical Study on Benchmarks of Artificial Software Vulnerabilities

Recently, various techniques (e.g., fuzzing) have been developed for vul...

Understanding Hackers' Work: An Empirical Study of Offensive Security Practitioners

Offensive security-tests are a common way to pro-actively discover poten...

Please sign up or login with your details

Forgot password? Click here to reset