Options
Security analysis of user namespaces and rootless containers
Citation Link: https://doi.org/10.15480/882.3089
Publikationstyp
Bachelor Thesis
Publikationsdatum
2020-01
Sprache
English
Author
Advisor
Gollmann, Dieter
Referee
Title Granting Institution
Technische Universität Hamburg
Place of Title Granting Institution
Hamburg
Examination Date
2020-01-24
TORE-URI
Citation
Technische Universität Hamburg (2020)
Linux namespaces are used for container-based operating-system-level virtualization today; the user namespace in particular enables a relatively recent development of so-called rootless containers. A brief overview of the technology is given and the underlying permissions model is explained. Two different threat models for application deployment are created. Using a reproducible testing environment and a number of existing vulnerabilities, associated risks and benefits of employing the user namespace are analysed. It is shown that user namespaces can provide significant improvements to a system's security but also pose risks of their own.
Schlagworte
Linux
User Namespace
Virtualization
Security in Distributed Applications
DDC Class
620: Ingenieurwissenschaften
Loading...
Name
thesis-r231-g18e9edc.pdf
Size
856.37 KB
Format
Adobe PDF