DAVS:Dockerfile Analysis for Container Image Vulnerability Scanning
作者机构:School of Electronic EngineeringSoongsil UniversitySeoul06978Korea
出 版 物:《Computers, Materials & Continua》 (计算机、材料和连续体(英文))
年 卷 期:2022年第72卷第7期
页 面:1699-1711页
核心收录:
学科分类:08[工学] 0812[工学-计算机科学与技术(可授工学、理学学位)]
基 金:supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea Government(MSIT)(No.2020-0-00952) Development of 5G edge security technology for ensuring 5G+service stability and availability
主 题:Container security vulnerability scanning OCI image analysis
摘 要:Container technology plays an essential role in many Information and Communications Technology(ICT)***,containers face a diversity of threats caused by vulnerable packages within container *** vulnerability scanning solutions for container images are *** solutions entirely depend on the information extracted from package *** a result,packages installed directly from the source code compilation,or packages downloaded from the repository,etc.,are *** introduce DAVS–A Dockerfile analysis-based vulnerability scanning framework for OCI-based container images to deal with the limitations of existing *** performs static analysis using file extraction based on Dockerfile information to obtain the list of Potentially Vulnerable Files(PVFs).The PVFs are then scanned to figure out the vulnerabilities in the target container *** experimental shows the outperform of DAVS on detecting Common Vulnerabilities and Exposures(CVE)of 10 known vulnerable images compared to Clair–the most popular container image scanning ***,DAVS found that 68%of real-world container images are vulnerable from different image registries.
维普期刊数据库