Peiyu Liu,Shouling Ji,Lirong Fu,Kangjie Lu,Xuhong Zhang,Wei Han Lee,Tao Lu,Wenzhi Chen,Raheem Beyah

DOI: https://doi.org/10.1007/978-3-030-58951-6_13

2020-01-01

Abstract:Docker has become increasingly popular because it provides efficient containers that are directly run by the host kernel. Docker Hub is one of the most popular Docker image repositories. Millions of images have been downloaded from Docker Hub billions of times. However, in the past several years, a number of high-profile attacks that exploit this key channel of image distribution have been reported. It is still unclear what security risks the new ecosystem brings. In this paper, we reveal, characterize, and understand the security issues with Docker Hub by performing the first large-scale analysis. First, we uncover multiple security-critical aspects of Docker images with an empirical but comprehensive analysis, covering sensitive parameters in run-commands, the executed programs in Docker images, and vulnerabilities in contained software. Second, we conduct a large-scale and in-depth security analysis against Docker images. We collect 2,227,244 Docker images and the associated meta-information from Docker Hub. This dataset enables us to discover many insightful findings. (1) run-commands with sensitive parameters expose disastrous harm to users and the host, such as the leakage of host files and display, and denial-of-service attacks to the host. (2) We uncover 42 malicious images that can cause attacks such as remote code execution and malicious cryptomining. (3) Vulnerability patching of software in Docker images is significantly delayed or even ignored. We believe that our measurement and analysis serves as an important first-step study on the security issues with Docker Hub, which calls for future efforts on the protection of the new Docker ecosystem.

Katrine Wist,Malene Helsem,Danilo Gligoroski

DOI: https://doi.org/10.1007/978-3-030-71017-0_22

2021-01-01

Abstract:The use of container technology has skyrocketed during the last few years, with Docker as the leading container platform. Docker’s online repository for publicly available container images, called Docker Hub, hosts over 3.5 million images at the time of writing, making it the world’s largest community of container images. We perform an extensive vulnerability analysis of 2500 Docker images. It is of particular interest to perform this type of analysis because the vulnerability landscape is a rapidly changing category, the vulnerability scanners are constantly developed and updated, new vulnerabilities are discovered, and the volume of images on Docker Hub is increasing every day. Our main findings reveal that (1) the number of newly introduced vulnerabilities on Docker Hub is rapidly increasing; (2) certified images are the most vulnerable; (3) official images are the least vulnerable; (4) there is no correlation between the number of vulnerabilities and image features (i.e., number of pulls, number of stars, and days since the last update); (5) the most severe vulnerabilities originate from two of the most popular scripting languages, JavaScript and Python; and (6) Python 2.x packages and jackson-databind packages contain the highest number of severe vulnerabilities. We perceive our study as the most extensive vulnerability analysis published in the open literature in the last couple of years.

Stephan Verbücheln

DOI: https://doi.org/10.48550/arXiv.1501.00447

2015-01-03

Abstract:ECDSA has become a popular choice as lightweight alternative to RSA and classic DL based signature algorithms in recent years. As standardized, the signature produced by ECDSA for a pair of a message and a key is not deterministic. This work shows how this non-deterministic choice can be exploited by an attacker to leak private information through the signature without any side channels, an attack first discovered by Young and Yung for classic DL-based cryptosystems in 1997, and how this attack affects the application of ECDSA in the Bitcoin protocol.

Cryptography and Security

Samuel P. Mullinix,Erikton Konomi,Renee Davis Townsend,Reza M. Parizi

DOI: https://doi.org/10.48550/arXiv.2008.04814

2020-08-12

Abstract:Linux containers have risen in popularity in the last few years, making their way to commercial IT service offerings (such as PaaS), application deployments, and Continuous Delivery/Integration pipelines within various development teams. Along with the wide adoption of Docker, security vulnerabilities and concerns have also surfaced. In this survey, we examine the state of security for the most popular container system at the moment: Docker. We will also look into its origins stemming from the Linux technologies built into the OS itself; examine intrinsic vulnerabilities, such as the Docker Image implementation; and provide an analysis of current tools and modern methodologies used in the field to evaluate and enhance its security. For each section, we pinpoint metrics of interest, as they have been revealed by researchers and experts in the domain and summarize their findings to paint a holistic picture of the efforts behind those findings. Lastly, we look at tools utilized in the industry to streamline Docker security scanning and analytics which provide built-in aggregation of key metrics.

Cryptography and Security,Software Engineering

Alan Mills,Jonathan White,Phil Legg

DOI: https://doi.org/10.1016/j.cose.2023.103478

IF: 5.105

2023-09-15

Computers & Security

Abstract:As the use of software containerisation has increased, so too has the need for security research on their usage, with various surveys and studies conducted to assess the overall security posture of software container images. To date, there has been very little work that has taken a longitudinal view of container security to observe whether vulnerabilities are being resolved over time, as well as understanding the real-world implications of reported vulnerabilities, to assess the evolving security posture. In this work, we study the evolution of 380 software container images across 3 analysis periods between July 2022 and January 2023 to analyse maintenance and vulnerabilities factors over time. We sample across the 3 DockerHub categories: Official, Verified and OSS (Sponsored) Open Source Software. We found that the number of vulnerabilities present increased over time despite many containers receiving regular updates by providers. We also found that the choice of container OS can dramatically impact the number of reported vulnerabilities present over time, with Debian-based images typically having many more vulnerabilities that other Linux distributions, and with some containers still reporting vulnerabilities that date back as far as 1999. However, when taking into account additional reported attributes such as the attack vector required and the existence of a public exploit rated higher than negligible, we found that for each analysis period, less than 1% of all vulnerabilities present what we would consider as high risk real-world impact. Through our investigation, we aim to improve the understanding of the threat landscape posed by software containerisation that is further complicated by the discrepancies between different vulnerability reporting tools.

computer science, information systems

Alexander Krause,Jan H. Klemmer,Nicolas Huaman,Dominik Wermke,Yasemin Acar,Sascha Fahl

DOI: https://doi.org/10.48550/arXiv.2211.06213

2022-11-14

Abstract:Version control systems for source code, such as Git, are key tools in modern software development environments. Many developers use online services, such as GitHub or GitLab, for collaborative software development. While software projects often require code secrets to work, such as API keys or passwords, they need to be handled securely within the project. Previous research and news articles have illustrated that developers are blameworthy of committing code secrets, such as private encryption keys, passwords, or API keys, accidentally to public source code repositories. However, making secrets publicly available might have disastrous consequences, such as leaving systems vulnerable to attacks. In a mixed-methods study, we surveyed 109 developers and conducted 14 in-depth semi-structured interviews with developers which experienced secret leakage in the past. We find that 30.3% of our participants have encountered secret leakage in the past, and that developers are facing several challenges with secret leakage prevention and remediation. Based on our findings, we discuss challenges, e. g., estimating risks of leaked secrets, and needs of developers in remediating and preventing code secret leaks, e. g., low adoption requirements. We also give recommendations for developers and source code platform providers to reduce the risk of secret leakage.

Cryptography and Security

Yang Luo,Wu Luo,Xiaoning Sun,Qingni Shen,Anbang Ruan,Zhonghai Wu

DOI: https://doi.org/10.1109/trustcom.2016.0119

2016-01-01

Abstract:Over the last few years, the cloud computing industry has witnessed the wider adoption of the container-based technologies. And it is obvious to see that Docker has become the de facto standard of the container-based approaches. However, the security mechanism of Docker is far from satisfaction owing to its rapid development without adequate security concerns. This paper primarily identifies several possible covert channels against Docker, which causes critical results like information leak between one container and another (or even the host). Furthermore, we also categorizes the Linux capabilities used by Docker into different groups and find a way to identify the misconfiguration of capabilities based on our classification result. We prove false-negative capabilities to be dangerous by finding a covert channel associated with them. The paper also demonstrates how false-positive capabilities are already well restricted by the current isolating mechanism of Docker via a call analysis approach. So these capabilities can be securely granted to the containers. The experimental results indicate that the proposed covert channels can reach a capacity as high as 733.5b/s at the precision no lower than 90%. At last, the paper discusses what could be done when using Docker to increase its level of security.

Bhupinder Kaur,Mathieu Dugré,Aiman Hanna,Tristan Glatard

DOI: https://doi.org/10.48550/arXiv.2010.13970

2021-03-17

Abstract:Software containers greatly facilitate the deployment and reproducibility of scientific data analyses in various platforms. However, container images often contain outdated or unnecessary software packages, which increases the number of security vulnerabilities in the images, widens the attack surface in the container host, and creates substantial security risks for computing infrastructures at large. This paper presents a vulnerability analysis of container images for scientific data analysis. We compare results obtained with four vulnerability scanners, focusing on the use case of neuroscience data analysis, and quantifying the effect of image update and minification on the number of vulnerabilities. We find that container images used for neuroscience data analysis contain hundreds of vulnerabilities, that software updates remove about two thirds of these vulnerabilities, and that removing unused packages is also effective. We conclude with recommendations on how to build container images with a reduced amount of vulnerabilities.

Cryptography and Security

Ahmet EFE,Ulaş ASLAN,Aytekin Mutlu KARA

DOI: https://doi.org/10.46460/ijiea.617181

2020-06-28

International Journal of Innovative Engineering Applications

Abstract:Docker is an alternative application development and publishing infrastructure tool to various virtualization environments such as Virtual box and the like. The most popular containerization platform is Docker which is the area where Docker images are run. Container is a lightweight contrasting option to full machine virtualization that includes exemplifying an application in a container with its own working condition. These two concepts, virtualization and containerization are competing in the cloud-based environments. When virtualization became the mainstream, VM security concerns was common. IT Security experts are discussing the potential weaknesses of a virtualized environment for a long time. In this paper, focusing on Docker container, its vulnerabilities and possible measurements against security concerns, we have provided information about assessment of risks and vulnerabilities of containerization and the main differences between these two concepts via vulnerability analysis.

Mubin Ul Haque,M. Ali Babar

DOI: https://doi.org/10.48550/arXiv.2112.12597

2021-12-21

Cryptography and Security

Abstract:Container technology, (e.g., Docker) is being widely adopted for deploying software infrastructures or applications in the form of container images. Security vulnerabilities in the container images are a primary concern for developing containerized software. Exploitation of the vulnerabilities could result in disastrous impact, such as loss of confidentiality, integrity, and availability of containerized software. Understanding the exploitability and impact characteristics of vulnerabilities can help in securing the configuration of containerized software. However, there is a lack of research aimed at empirically identifying and understanding the exploitability and impact of vulnerabilities in container images. We carried out an empirical study to investigate the exploitability and impact of security vulnerabilities in base-images and their prevalence in open-source containerized software. We considered base-images since container images are built from base-images that provide all the core functionalities to build and operate containerized software. We discovered and characterized the exploitability and impact of security vulnerabilities in 261 base-images, which are the origin of 4,681 actively maintained official container images in the largest container registry, i.e., Docker Hub. To characterize the prevalence of vulnerable base-images in real-world projects, we analysed 64,579 containerized software from GitHub. Our analysis of a set of $1,983$ unique base-image security vulnerabilities revealed 13 novel findings. These findings are expected to help developers to understand the potential security problems related to base-images and encourage them to investigate base-images from security perspective before developing their applications.

Arvind Kumar Bhardwaj,P.K. Dutta,Pradeep Chintale

DOI: https://doi.org/10.58496/bjn/2024/016

2024-08-20

Abstract:Integrating shift-left security practices and automated vulnerability detection in container images is imperative for modern software development, given the dynamics and vulnerability landscape. This crucial methodology emphasizes security from the initial stages of integration in container-based environments like Docker and Kubernetes. The paper examines containerization security challenges, including image vulnerabilities, insecure configurations, runtime risks, weak orchestration security, and supply chain weaknesses, while stressing compliance with regulatory rules. It explores how this automated approach leverages vulnerability detection methods integrated into Continuous Integration/Continuous Deployment (CI/CD) pipelines through static and dynamic analyses, vulnerability databases, and policy-enforcement mechanisms. Beyond identifying vulnerabilities in CI/CD pipelines, the paper outlines methods to avoid policy violations, mitigate vulnerable images, and prevent recurring practices. Importantly, it underscores the continuous enforcement and remediation of policies and security standards. Security teams must invest efforts in developing policies, automated executions, and remediation procedures, fostering cross-departmental collaboration. In essence, this proactive stance aims to enhance software security, reduce risks, and improve adherence in containerized ecosystems, making it an indispensable component of modern software development.

Libo Chen,Yihang Xia,Zhenbang Ma,Ruijie Zhao,Yanhao Wang,Yue Liu,Wenqi Sun,Zhi Xue

DOI: https://doi.org/10.1016/j.jisa.2022.103351

IF: 4.96

2022-01-01

Journal of Information Security and Applications

Abstract:Container technology has become a popular development that can conveniently accelerate building, running, and sharing applications. However, a container image packaging a collection of software usually lurks various defects threatening consumer safety, such as embedded malware, software vulnerability, privacy leakage, etc. Moreover, developers and users share container images through a centralized, public, and massive repository (e.g., Docker Hub), which can magnify the impact of these security defects in a fast-spreading way. Unfortunately, existing detection methods cannot effectively or efficiently discover such hidden flaws among the numerous images. This paper proposes a novel method to effectively detect and measure container security flaws embedded in images. Based on the crucial insight that container images are constructed hierarchically, each image depends on layers of forwarding image and adds updated content in layers of itself. Our work mines a Global Relationship Tree (GRT) based on dependency among the images that contain common layers. Meanwhile, by traversing the GRT and leveraging content differential analysis, we can locate the changing content in an image corresponding to defects. Therefore, when checking flaws among numerous images, we make a layer-sensitive detection by reusing common layers’ detection results in iterative processes to boost detection and accurately measure the influence scope of defects. Finally, we summarize and develop a set of detection primitives for scaling our approach to handle various flaws that may lead to multiple risks in potential. Depending upon this method, we implemented SEAF , a Scalable, Efficient, and Application-independent Framework, and evaluated it on popular images of diverse applications in Docker Hub. The experiment result shows that SEAF can discover different security flaws fast. Compared to the state-of-the-art tool, Clair, SEAF is more efficient and can find significantly more types of defects.

Haneul Lee,Soonhong Kwon,Jong-Hyouk Lee

DOI: https://doi.org/10.3390/electronics12040940

IF: 2.9

2023-02-16

Electronics

Abstract:Docker has become widely used as an open-source platform for packaging and running applications as containers. It is in the limelight especially at companies and IT developers that provide cloud services thanks to its advantages such as the portability of applications and being lightweight. Docker provides communication between multiple containers through internal network configuration, which makes it easier to configure various services by logically connecting containers to each other, but cyberattacks exploiting the vulnerabilities of the Docker container network, e.g., distributed denial of service (DDoS) and cryptocurrency mining attacks, have recently occurred. In this paper, we experiment with cyberattacks such as ARP spoofing, DDoS, and elevation of privilege attacks to show how attackers can execute various attacks and analyze the results in terms of network traffic, CPU consumption, and malicious reverse shell execution. In addition, by examining the attacks from the network perspective of the Docker container environment, we lay the groundwork for detecting and preventing lateral movement attacks that may occur between the Docker containers.

engineering, electrical & electronic,computer science, information systems,physics, applied

Setu Kumar Basak,Lorenzo Neil,Bradley Reaves,Laurie Williams

DOI: https://doi.org/10.48550/arXiv.2301.12377

2023-01-29

Software Engineering

Abstract:Throughout 2021, GitGuardian's monitoring of public GitHub repositories revealed a two-fold increase in the number of secrets (database credentials, API keys, and other credentials) exposed compared to 2020, accumulating more than six million secrets. To our knowledge, the challenges developers face to avoid checked-in secrets are not yet characterized. The goal of our paper is to aid researchers and tool developers in understanding and prioritizing opportunities for future research and tool automation for mitigating checked-in secrets through an empirical investigation of challenges and solutions related to checked-in secrets. We extract 779 questions related to checked-in secrets on Stack Exchange and apply qualitative analysis to determine the challenges and the solutions posed by others for each of the challenges. We identify 27 challenges and 13 solutions. The four most common challenges, in ranked order, are: (i) store/version of secrets during deployment; (ii) store/version of secrets in source code; (iii) ignore/hide of secrets in source code; and (iv) sanitize VCS history. The three most common solutions, in ranked order, are: (i) move secrets out of source code/version control and use template config file; (ii) secret management in deployment; and (iii) use local environment variables. Our findings indicate that the same solution has been mentioned to mitigate multiple challenges. However, our findings also identify an increasing trend in questions lacking accepted solutions substantiating the need for future research and tool automation on managing secrets.

Jungchul Seo,Younggyo Lee,Young Yoon

DOI: https://doi.org/10.13052/jwe1540-9589.2352

2024-08-23

Journal of Web Engineering

Abstract:Collecting personal data from various sources and using it for machine learning (ML) is prevalent. However, there are increasing concerns about the monopolization and potential breach of private data by greedy and malicious organizations. Interest in Web 3.0 systems is on the rise as an alternative. These systems aim to guarantee the self-sovereignty of personal data in a decentralized setting. Users can share data with others directly for fair compensation. Nevertheless, malicious remote users can still violate the integrity and confidentiality of personal data. Therefore, this paper proposes a novel method of preventing unwanted leakage and counterfeiting of the private data lent on the premise of remote users. This paper focuses on the decentralized nature of Web 3.0 to leverage existing personal storage so that the burden of collecting secure data is relieved. Data owners create a lightweight Docker container to encapsulate their private data sources. The data owners generate another container to be deployed on a remote premise for taking and executing any ML algorithms remote users create. Between the containers forming a distributed trusted execution environment (TEE), data are read through a secure channel. Since the TEE is strictly controlled by the data owner, no malicious ML application can leak or breach the private information. This paper explains the engineering details of how this new method is realized.

computer science, theory & methods, software engineering

Vishnu Kumar Kaliappan,Seungjin Yu,Rajasoundaran Soundararajan,Sangwoo Jeon,Dugki Min,Enumi Choi

DOI: https://doi.org/10.3390/en15155544

IF: 3.2

2022-07-30

Energies

Abstract:In recent years, container-based virtualization technology for edge and cloud computing has advanced dramatically. Virtualization solutions based on Docker Containers provide a more lightweight and efficient virtual environment for Edge and cloud-based applications. Because their use is growing on its own and is still in its early phases, these technologies will face a slew of security issues. Vulnerabilities and malware in Docker container images are two serious security concerns. The risk of privilege escalation is increased because Docker containers share the Linux kernel. This study presents a distributed system framework called Safe Docker Image Sharing with Homomorphic Encryption and Blockchain (SeDIS-HEB). Through homomorphic encryption, authentication, and access management, SeDIS-HEB provides secure docker image sharing. The SeDIS-HEB framework prioritizes the following three major functions: (1) secure docker image upload, (2) secure docker image sharing, and (3) secure docker image download. The proposed framework was evaluated using the InterPlanetary File System (IPFS). Secure Docker images were uploaded using IPFS, preventing unauthorized users from accessing the data contained within the secure Docker images. The SeDIS-HEB results were transparent and ensured the quality of blockchain data access control authentication, docker image metadata denial-of-service protection, and docker image availability.

energy & fuels

Christian Binkowski,Stefan Appel,Andreas Aßmuth

2024-05-18

Abstract:Open software ecosystems are beneficial for customers; they benefit from 3rd party services and applications, e.g. analysis of data using apps, developed and deployed by other companies or open-source communities. One significant advantage of this approach is that other customers may benefit from these newly developed applications as well. Especially software ecosystems utilizing container technologies are prone to certain risks. Docker, in particular, is more vulnerable to attacks than hypervisor based virtualisation as it directly operates on the host system. Docker is a popular representative of containerisation technology which offers a lightweight architecture in order to facilitate the set-up and creation of such software ecosystems. Popular Infrastructure as a Service cloud service providers, like Amazon Web Services or Microsoft Azure, jump on the containerisation bandwagon and provide interfaces for provisioning and managing containers. Companies can benefit from that change of technology and create software ecosystems more efficiently. In this paper, we present a new concept for significant security improvements for cloud-based software ecosystems using Docker for 3rd party app integration. Based on the security features of Docker we describe a secure integration of applications in the cloud environment securely. Our approach considers the whole software lifecycle and includes sandbox testing of potentially dangerous 3rd party apps before these became available to the customers.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Setu Kumar Basak,Lorenzo Neil,Bradley Reaves,Laurie Williams

DOI: https://doi.org/10.48550/arXiv.2208.11280

2022-08-24

Software Engineering

Abstract:Throughout 2021, GitGuardian's monitoring of public GitHub repositories revealed a two-fold increase in the number of secrets (database credentials, API keys, and other credentials) exposed compared to 2020, accumulating more than six million secrets. A systematic derivation of practices for managing secrets can help practitioners in secure development. The goal of our paper is to aid practitioners in avoiding the exposure of secrets by identifying secret management practices in software artifacts through a systematic derivation of practices disseminated in Internet artifacts. We conduct a grey literature review of Internet artifacts, such as blog articles and question and answer posts. We identify 24 practices grouped in six categories comprised of developer and organizational practices. Our findings indicate that using local environment variables and external secret management services are the most recommended practices to move secrets out of source code and to securely store secrets. We also observe that using version control system scanning tools and employing short-lived secrets are the most recommended practices to avoid accidentally committing secrets and limit secret exposure, respectively.

Bipin Gajbhiye,Om Goel,Pandi Kirupa Gopalakrishna Pandian

DOI: https://doi.org/10.36676/jqst.v1.i2.16

2024-06-30

Abstract:The rise of containerized environments, exemplified by Docker and Kubernetes, has revolutionized software deployment and orchestration, enabling agile development and efficient resource utilization. However, the adoption of these technologies also introduces unique security challenges that organizations must address to safeguard their applications and infrastructure. This paper explores the complexities of managing vulnerabilities in containerized and Kubernetes environments, offering a comprehensive analysis of the potential risks and strategies to mitigate them.Containers encapsulate applications with their dependencies, ensuring consistency across different environments. However, this encapsulation can mask underlying vulnerabilities in the application code, base images, or third-party libraries. The ephemeral nature of containers, designed to be short-lived and scalable, adds another layer of complexity, as vulnerabilities can propagate rapidly across environments if not detected and addressed promptly. Moreover, the shared nature of the underlying host operating system and kernel in containerized environments increases the attack surface, making it crucial to secure both the containers and the host.Kubernetes, as a powerful orchestration platform, introduces additional layers of complexity in vulnerability management. The dynamic nature of Kubernetes clusters, with their multiple components such as pods, services, and nodes, can lead to misconfigurations, inadequate access controls, and exposure to security threats. Misconfigurations, such as overly permissive network policies or improper role-based access controls (RBAC), can lead to unauthorized access, privilege escalation, and data breaches. Additionally, the integration of third-party plugins and extensions into Kubernetes clusters can introduce new vulnerabilities, making it imperative to monitor and manage these components effectively.This paper delves into several key aspects of vulnerability management in containerized and Kubernetes environments. Firstly, it examines the importance of securing container images by employing best practices such as using minimal base images, regularly updating images, and scanning them for known vulnerabilities. The paper highlights the role of image scanning tools that can detect vulnerabilities in both base images and application code, emphasizing the need for continuous scanning throughout the development lifecycle.Secondly, the paper discusses the significance of runtime security in containerized environments. While securing container images is critical, monitoring and protecting containers during runtime is equally important. The paper explores tools and techniques for runtime security, including anomaly detection, behavior analysis, and intrusion detection systems that can identify and respond to threats in real-time.Furthermore, the paper addresses the challenges of managing vulnerabilities in Kubernetes clusters. It underscores the importance of securing the Kubernetes control plane, which includes securing API servers, etcd databases, and implementing stringent RBAC policies. The paper also explores the role of network security in Kubernetes, advocating for the use of network policies to control traffic flow between pods and ensure that only authorized communication is allowed.In addition to technical measures, the paper emphasizes the need for organizational practices to manage vulnerabilities effectively. This includes fostering a security-first culture, conducting regular security audits, and ensuring that development and operations teams are aligned on security best practices. The paper also highlights the importance of incident response planning and the need for rapid patching and updates to address newly discovered vulnerabilities.In conclusion, managing vulnerabilities in containerized and Kubernetes environments requires a multifaceted approach that combines technical measures with organizational practices. As organizations increasingly rely on these technologies for their application deployment and orchestration, a proactive and holistic approach to security is essential to mitigate risks and protect critical assets. This paper provides a roadmap for organizations to enhance their vulnerability management strategies, ensuring that their containerized and Kubernetes environments are secure, resilient, and capable of withstanding evolving threats.

Yutian Yang,Wenbo Shen,Bonan Ruan,Wenmao Liu,Kui Ren

DOI: https://doi.org/10.1109/tpsisa52974.2021.00016

2021-01-01

Abstract:In recent years, containerization has become a major trend in the cloud due to its high resource utilization efficiency and convenient DevOps support. However, the complexity of container system also introduces attack surfaces. This paper aims to summarize security challenges in the container cloud. In particular, we first divide the whole container system into different layers according to their functionalities, including the kernel layer, the container layer, and the orchestration layer. We then summarize security-related technologies. After that, we discuss the security challenges for each layer. Finally, we present the current protection status for the container system and highlight future research directions. Our study shows that to improve the container cloud security, we need to design and implement more robust kernel isolation mechanisms, conduct systematic and thorough security analysis on existing container techniques, and develop comprehensive configuration checking tools.