Print Email Facebook Twitter Call me Ishmael: Using Dynamic Analysis to Hunt Whales on the Internet Title Call me Ishmael: Using Dynamic Analysis to Hunt Whales on the Internet Author Pîrcălăboiu, Laura (TU Delft Electrical Engineering, Mathematics and Computer Science) Contributor Conti, M. (mentor) Brighente, Alessandro (mentor) Panichella, A. (graduation committee) Degree granting institution Delft University of Technology Programme Computer Science Date 2023-08-30 Abstract Docker has been one of the most widely used DevOps tools in the last decade, enabling fast development of personalized services. Indeed, the common practice is to reuse already available containers and customize them based on the developer's needs. DockerHub is the leading platform for uploading and downloading Docker containers. Unfortunately, reusing code and infrastructure exposes developers to security and privacy threats, as the original developer might have had malicious intent to collect sensitive data or create backdoors in a victim's system. The existing literature has raised concerns about this security and privacy threats, and performed a mass vulnerability scans of Docker images. However, currently existing studies are mostly based on static analysis, which has been proved to be insufficient for a complete security assessment.In this thesis we present a novel framework for the en-masse identification of vulnerabilities in Docker Containers. Additionally, as part of the framework, we document and implement a component which sorts and downloads images based on their popularity, which improves on the current fuzzy-search based state-of-the-art. Using this framework we found vulnerabilities in 2.44% of the containers we scanned. The framework also succeeded in finding novel vulnerabilities, resulting in two new reserved CVE numbers in the social network software Friendica. Subject Dockerdynamic analysisSecuritystatic analysiscontainersOCIcontainer securityDockerHubmeasurementsContainerizationDistributed Systems To reference this document use: http://resolver.tudelft.nl/uuid:9e6e37c7-24f6-4cac-9528-26496430b388 Bibliographical note https://github.com/redshiftss/better-thesis-pipeline Source Code Part of collection Student theses Document type master thesis Rights © 2023 Laura Pîrcălăboiu Files PDF Laura_Pircalaboiu_s_Maste ... sis_24.pdf 9.18 MB Close viewer /islandora/object/uuid:9e6e37c7-24f6-4cac-9528-26496430b388/datastream/OBJ/view