1. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
1
How to make my containers secure?
“Securing the Infrastructure and the Workloads of Linux Containers”,
Workshop on Security and Privacy in the Cloud, Sept. 2015.
Mattetti, M., Shulman-Peleg, A., Allouche, Y., Corradi, A., Dolev, S., Foschini, L.

2. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
2
Agenda
1. Introduction to Linux containers
2. Docker technology
3. Container threats
4. LiCShield framework:
• How it works
• Performance evaluation
• Prevention of attacks
5. Conclusion and Future Work

3. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
3
Containers - emerging building blocks of clouds
Lightweight OS-level virtualization via grouping resources like
processes, files, and devices into isolated spaces.
Benefits:
• Portability and easy deployment
• Application isolation
• Near native performance
Server
Host OS
Bins
/Libs
Bins/LibsBins
/Libs
App
A
App
B
App
C
App
D
Server
Hypervisor
Host OS
Bins/
Libs
App A App B App C
Guest
OS
Bins/
Libs
Guest
OS
Guest
OS
Bins/
Libs
Containers VMs

4. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
4
Container boundaries
- Capabilities
+ Namespaces
+ Cgroups
+ LSMs
+ new Root FS

5. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
5
Docker technology
 Open-source platform that automates the deployment of
applications within Linux containers
 Applications and their dependencies are shipped as one package
that can run on any Linux distribution
https://www.docker.com/

6. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
6
Docker Images
A set of read-only layers of a Union File System
 Reduces the disk
footprint
 Speeds up container
boot time
 Copy-on-write (data
volumes for
applications data)
 Automated building via
Dockerfile

7. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
7
Automating code distribution and deployment with Containers
• Container cloud (IaaS)
• Deployment packages (PaaS)
• 70% of organizations
are evaluating Docker
• 49% are concerned with
Docker security
Survey of Vmblog.com (745 participants)
http://stackengine.com/infographic-state-containers-2015-docker-adoption/

8. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
8
Private/Public cloud
Container threats
Threats
• Kernel exploits
• Container engine
• Shared resources
• Shared Bins/Libs
• Mis-configurations
Attack flow:
• “Escape to host”
• Propagating to
additional servers

9. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
9
Open source Linux tools to the rescue!
Linux Security Modules (LSMs, e.g. AppArmor, SElinux) are lightweight, loadable
kernel modules enforcing access control
Advantages of LSM:
• Part of Linux distributions
• Provide mandatory access control (MAC)
Disadvantages of LSMs:
• Complicated configuration and tuning
Profile to restrict the
Docker daemon
(none exists)
Profiles to restrict
the containers
(limited docker-
default profile)

10. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
10
Existing Docker-default profile
Allows any operation on files except
under /proc and /sys file systems
Generic profile to suit the needs of
any container workload
If we know the workload we can do something better!

11. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
11
Linux Container Shield
 Python framework to protect the infrastructure against attacks
on Docker daemon and containers workloads
 A Cloud Provider prospective:
• hosting service allowing co-locating the Linux containers of
different untrusted customers
• containers deployment via pre-configured images or via
building them on servers
 Operates in a synthetic testing environment
 Two steps process:
1. Tracing phase
2. Profiles generation

12. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
12
Tracing phase
https://github.com/LinuxContainerSecurity/LiCShield.git
 Dockerfile as input
 Invokes Docker API
(build/run commands)
 Uses a SystemTap script to
monitor the kernel
operations
 Stores the collected data in
text file

13. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
13
Tracing Files
Structure of a line (million lines file):
 probe point name — name of the kernel function probed
 control group path — path of the control group to which the
trigger process belongs to
 executable path — path of the executable file of the trigger
process
 resource path — paths of the resources given as input to the
probed kernel function
 mount namespace root — path of the root directory of the
trigger process in the main mount namespace

14. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
14
 Generates AppArmor rules to confine the executions of Docker
daemon and its containers
 Optimizes the learning phase of Host-based Intrusion Detection
Systems, by providing the description of the expected activities
Rules Engine

15. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
15
Profiles Technical Insights
 Two types:
• Host profile – to confine the Docker daemon (hundreds of
rules)
• Container profile – to have fine-grained control over the
containers workloads (thousands of rules)
 Tuning measures:
• Host profile – Read, Write, Lock and Link permissions granted
on /var/lib/docker subtree
• Container profile – Read-only and Read-Write permissions
granted under “harmless” subtrees

16. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
16
 Strict control on:
• which library can be loaded
• which executable file can be run
 pivot_root system call as switch point between the Host and the
Container profile
 Glob patterns to make profiles suitable for any container
instance spawned from the examined images
– e.g.* replaces container instance uuid
Profiles Technical Insights (2)

17. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
17
Profile distribution and enforcement
• Construct the security policy once for each image - apply to all
the instances
Server
Host OS
Docker Daemon
My image
Deploy

18. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
18
Dataset
Image Workload
Hadoop hadoop-mapreduce-examples-2.6.0.jar in non-distributed mode
Java SPECjvm2008
Node.js 30000 HTTP Get requests sent at a fixed rate of 100 per second
PHP Same of Node.js
Nginix Same of Node.js
MongoDB Mongo-perf
MySQL MySQL benchmark suite
PostgresSQL 4 clients generating 2000 transactions using the pgbench utility
Python Unladen Swallows benchmark suite
Redis 10000 requests sent by 50 parallel clients using the redis-
benchmark utility

19. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
19
LiCShield Overhead
 Profile generation
• part of the simulation and testing environment
• no overhead in the production environment
 Profile loading
• takes a few seconds
• apparmor_parser utility compiles profiles in a binary
format and stores them in a cache directory reducing time
for subsequent loading requests
MySQL PHP PostgresSQL Node.js Redis Nginx Python Java MongoDB Hadoop
Time in
seconds
584 785 965 437 695 824 842 857 1126 1478

20. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
20
LiCShield Overhead (2)
 Profile enforcement
Average times over 5 executions of the run operations
Average times over 5 executions of
the build operations
< 3%
No significant change in average
response time and error rate for web
containers (Node.js, PHP, Nginix)

21. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
21
LiCShield effectiveness against attacks
 Kernel exploits: can not prevent (co-deploy
with HIDS)
 Shared resources: container profile stops any
operation not provided (e.g. Shocker attack)
 Container engine: exploits simulated by
inserting backdoors (e.g. mistakenly mount
data volumes) in the code of the Docker
daemon; host profile stops any deviation
from the expected set of operations
 Container application: prevents attacks
propagation (attacks can not gain more
privileges than those granted to the
applications)
 Shared bin/libs: blocks any attempt to
overwrite shared libraries during the
containers executions (write permission on
bin/libs granted only during the build)

22. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
22
shared
Shocker attack
Container Processes
Host File System
--cap-add DAC_READ_SEARCH
escape using
open_by_handle_at
The attack:
• is successful using the Docker default profile
• fails against the LiCShield profiles since no rule allows the access to
the resolved path (e.g. /shared/etc/shadow)
Shocker code injected by
overwriting the application
startup script

23. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
23
Conclusion and Future Work
 We presented a framework to secure the engine and the
workloads of Linux containers
 Test results show the low overhead introduced by
LiCShield while it proved to be effective in protecting the
system against different types of attack
 LiCShield is not a competitor but a supplementary tool to
optimize and complement HIDS
 Ongoing work
• Prove the benefits of the combined architecture of
LiCShiend and HIDS on a production environment
• Extend container service with a profile management
module

24. © 2015 IBM Corporation
IBM Security Systems – Cyber Center of Excellence
24
Contact info:
Massimiliano Mattetti
massimiliano.mattetti@unibo.it
https://it.linkedin.com/in/massimilianomattetti
IBM Cyber Security Center of Excellence
https://www.research.ibm.com/haifa/ccoe/index.shtml
Thanks for your attention 
Questions time…