Analysis of DoS attacks on Docker inter-component stdio copy
In recent years,Docker has been widely deployed due to its flexibility and high scalability.However,its modular design leads to the DoS attacks on inter-component communication.A new DoS attack that outputs to stdout,causing high CPU usages among different Docker components.Analysis shows that the s...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2020-12-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2020074 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529914469122048 |
|---|---|
| author | Tianyu ZHOU Wenbo SHEN Nanzi YANG Jinku LI Chenggang QIN Wang YU |
| author_facet | Tianyu ZHOU Wenbo SHEN Nanzi YANG Jinku LI Chenggang QIN Wang YU |
| author_sort | Tianyu ZHOU |
| collection | DOAJ |
| description | In recent years,Docker has been widely deployed due to its flexibility and high scalability.However,its modular design leads to the DoS attacks on inter-component communication.A new DoS attack that outputs to stdout,causing high CPU usages among different Docker components.Analysis shows that the stdout output triggers the goroutines of Docker components.To find all goroutines setup paths,using the static analysis method to analyze the Docker components systematically was proposed.A static analysis framework was designed and implemented,and evaluated on Docker source code.The results show that static analysis framework finds 34 paths successfully,while 22 of them are confirmed by runtime verification. |
| format | Article |
| id | doaj-art-c6c73be8ffd5426fba090f0cae5a2cc5 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2020-12-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-c6c73be8ffd5426fba090f0cae5a2cc52025-01-15T03:14:29ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2020-12-016455659561589Analysis of DoS attacks on Docker inter-component stdio copyTianyu ZHOUWenbo SHENNanzi YANGJinku LIChenggang QINWang YUIn recent years,Docker has been widely deployed due to its flexibility and high scalability.However,its modular design leads to the DoS attacks on inter-component communication.A new DoS attack that outputs to stdout,causing high CPU usages among different Docker components.Analysis shows that the stdout output triggers the goroutines of Docker components.To find all goroutines setup paths,using the static analysis method to analyze the Docker components systematically was proposed.A static analysis framework was designed and implemented,and evaluated on Docker source code.The results show that static analysis framework finds 34 paths successfully,while 22 of them are confirmed by runtime verification.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2020074containerDocker componentsDoS attackstatic analysis |
| spellingShingle | Tianyu ZHOU Wenbo SHEN Nanzi YANG Jinku LI Chenggang QIN Wang YU Analysis of DoS attacks on Docker inter-component stdio copy 网络与信息安全学报 container Docker components DoS attack static analysis |
| title | Analysis of DoS attacks on Docker inter-component stdio copy |
| title_full | Analysis of DoS attacks on Docker inter-component stdio copy |
| title_fullStr | Analysis of DoS attacks on Docker inter-component stdio copy |
| title_full_unstemmed | Analysis of DoS attacks on Docker inter-component stdio copy |
| title_short | Analysis of DoS attacks on Docker inter-component stdio copy |
| title_sort | analysis of dos attacks on docker inter component stdio copy |
| topic | container Docker components DoS attack static analysis |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2020074 |
| work_keys_str_mv | AT tianyuzhou analysisofdosattacksondockerintercomponentstdiocopy AT wenboshen analysisofdosattacksondockerintercomponentstdiocopy AT nanziyang analysisofdosattacksondockerintercomponentstdiocopy AT jinkuli analysisofdosattacksondockerintercomponentstdiocopy AT chenggangqin analysisofdosattacksondockerintercomponentstdiocopy AT wangyu analysisofdosattacksondockerintercomponentstdiocopy |