Abstract
The goal of this research is to create a methodology that evaluates the security posture of container images and helps improve container security. This was done by first searching for any guidelines or standards that focus on container images and security. After finding none, I decided to create an evaluative methodology. The methodology is composed of actions that users should take to evaluate the security of a container image. The methodology was created through in-depth research on container images and the build instructions used to create them and is referred to as the Security Evaluation Methodology for Container Images. The entire Methodology was reviewed by experts in containers, information technology, and security; updated based on their feedback; and then reviewed again for further feedback. Four of the most popular container images—nginx, redis, mbabineau/cfn-bootstrap, and google/cadvisor—were evaluated using the Methodology. The evaluation revealed security issues in each image and provided direction on how to resolve each issue. Based on the positive feedback of experts and the performance of the Methodology, I propose that the Methodology be used to evaluate all container images, as it provides valuable security insights about, and suggestions for, an image.
Degree
MS
College and Department
Ira A. Fulton College of Engineering and Technology; Technology
Rights
http://lib.byu.edu/about/copyright/
BYU ScholarsArchive Citation
Abbott, Brendan Michael, "A Security Evaluation Methodology for Container Images" (2017). Theses and Dissertations. 6287.
https://scholarsarchive.byu.edu/etd/6287
Date Submitted
2017-03-01
Document Type
Thesis
Handle
http://hdl.lib.byu.edu/1877/etd9146
Keywords
container, image, methodology, security, static analysis, docker, rkt, rocket, dockerfile, build instructions
Language
english
Technology Emphasis
Information Technology (IT)
Raw data Files and Supplemental information