A Robust Framework for Comprehensive Container Image Vulnerability Assessment
Container technologies have become integral to modern cloud-native application development, offering flexibility, scalability, and ease of deployment. Although containers offer efficiency and scalability in deploying and managing applications, they face security concerns such as malware and privileg...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10902061/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Container technologies have become integral to modern cloud-native application development, offering flexibility, scalability, and ease of deployment. Although containers offer efficiency and scalability in deploying and managing applications, they face security concerns such as malware and privilege escalation due to their weaker isolation. To address these issues, various security solutions have been developed, among which container image scanning technology is regarded as a fundamental security measure. However, existing approaches mainly focus on OS packages, neglecting manually installed or migrated packages, which limits their effectiveness in detecting real-world threats. In this paper, we propose a novel and rigorous container image vulnerability assessment system designed to ensure the secure deployment of applications across both standard and non-standard container images. Unlike existing methods, the proposed system focuses on direct file system inspection rather than relying on package manager analysis or Dockerfile inspection. In addition, the propose approach enables the system to detect vulnerabilities that may be introduced during container execution or through runtime-installed packages. To evaluate the effectiveness of the proposed system, we conducted extensive experiments on datasets of container images collected from various scenarios, and the experimental results demonstrate that our system significantly outperforms existing solutions in detecting vulnerabilities. |
|---|---|
| ISSN: | 2169-3536 |