June 15, 2021


Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

Analysis and Improvement of Heterogeneous Hardware Support in Docker Images. (arXiv:2105.02606v2 [cs.CR] UPDATED)

Docker images are used to distribute and deploy cloud-native applications in
containerised form. A container engine runs them with separated privileges
according to namespaces. Recent studies have investigated security
vulnerabilities and runtime characteristics of Docker images. In contrast,
little is known about the extent of hardware-dependent features in them such as
processor-specific trusted execution environments, graphics acceleration or
extension boards. This problem can be generalised to missing knowledge about
the extent of any hardware-bound instructions within the images that may
require elevated privileges. We first conduct a systematic one-year evolution
analysis of a sample of Docker images concerning their use of hardware-specific
features. To improve the state of technology, we contribute novel tools to
manage such images. Our heuristic hardware dependency detector and a
hardware-aware Docker executor give early warnings upon missing dependencies
instead of leading to silent or untimely failures. Our dataset and tools are
released to the research community.