Analysis of DoS attacks on Docker inter-component stdio copy

ZHOU Tianyu; SHEN Wenbo; YANG Nanzi，LI Jinku; QIN Chenggang，YU Wang

doi:10.11959/j.issn.2096-109x.2020074

网络与信息安全学报 (Dec 2020)

Analysis of DoS attacks on Docker inter-component stdio copy

ZHOU Tianyu,
SHEN Wenbo,
YANG Nanzi，LI Jinku,
QIN Chenggang，YU Wang

Affiliations

ZHOU Tianyu: Zhejiang University NGICS Platform, Hangzhou 310027, China ; School of Cyber Science and Technology, Zhejiang University, Hangzhou 310027, China
SHEN Wenbo: School of Cyber Science and Technology, Zhejiang University, Hangzhou 310027, China
YANG Nanzi，LI Jinku: School of Cyber Engineering, Xidian University, Xi'an 710071, China
QIN Chenggang，YU Wang: Ant Financial Services Group, Hangzhou 310000, China

DOI: https://doi.org/10.11959/j.issn.2096-109x.2020074
Journal volume & issue: Vol. 6, no. 6
pp. 45 – 56

Abstract

Read online

In recent years, Docker has been widely deployed due to its flexibility and high scalability. However, its modular design leads to the DoS attacks on inter-component communication. A new DoS attack that outputs to stdout, causing high CPU usages among different Docker components. Analysis shows that the stdout output triggers the goroutines of Docker components. To find all goroutines setup paths, using the static analysis method to analyze the Docker components systematically was proposed. A static analysis framework was designed and implemented, and evaluated on Docker source code. The results show that static analysis framework finds 34 paths successfully, while 22 of them are confirmed by runtime verification.

Published in 网络与信息安全学报

ISSN: 2096-109X (Print)
Publisher: POSTS&TELECOM PRESS Co., LTD
Country of publisher: China
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: http://www.infocomm-journal.com/cjnis/CN/2096-109X/home.shtml

About the journal

Abstract

Keywords