Security analysis of user namespaces and rootless containers

Semjonov, Anton

doi:10.15480/882.3089

Security analysis of user namespaces and rootless containers

Citation Link: https://doi.org/10.15480/882.3089

Publikationstyp

Bachelor Thesis

Date Issued

2020-01

Sprache

English

Author(s)

Semjonov, Anton

Advisor

Gollmann, Dieter

Referee

Kycler, Ann-Christine

Title Granting Institution

Technische Universität Hamburg

Place of Title Granting Institution

Hamburg

Examination Date

2020-01-24

Institut

Sicherheit in verteilten Anwendungen E-15

TORE-DOI

10.15480/882.3089

TORE-URI

http://hdl.handle.net/11420/7891

Citation

Technische Universität Hamburg (2020)

Linux namespaces are used for container-based operating-system-level virtualization today; the user namespace in particular enables a relatively recent development of so-called rootless containers. A brief overview of the technology is given and the underlying permissions model is explained. Two different threat models for application deployment are created. Using a reproducible testing environment and a number of existing vulnerabilities, associated risks and benefits of employing the user namespace are analysed. It is shown that user namespaces can provide significant improvements to a system's security but also pose risks of their own.

Subjects

Linux

User Namespace

Virtualization

Security in Distributed Applications

DDC Class

620: Ingenieurwissenschaften

Lizenz

https://creativecommons.org/licenses/by-sa/4.0/

Name

thesis-r231-g18e9edc.pdf

Size

856.37 KB

Format

Adobe PDF

Options

Security analysis of user namespaces and rootless containers