Cargando…
Leadership Hijacking in Docker Swarm and Its Consequences
With the advent of microservice-based software architectures, an increasing number of modern cloud environments and enterprises use operating system level virtualization, which is often referred to as container infrastructures. Docker Swarm is one of the most popular container orchestration infrastr...
Autores principales: | , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
MDPI
2021
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8304174/ https://www.ncbi.nlm.nih.gov/pubmed/34356455 http://dx.doi.org/10.3390/e23070914 |
_version_ | 1783727269834915840 |
---|---|
author | Farshteindiker, Adi Puzis, Rami |
author_facet | Farshteindiker, Adi Puzis, Rami |
author_sort | Farshteindiker, Adi |
collection | PubMed |
description | With the advent of microservice-based software architectures, an increasing number of modern cloud environments and enterprises use operating system level virtualization, which is often referred to as container infrastructures. Docker Swarm is one of the most popular container orchestration infrastructures, providing high availability and fault tolerance. Occasionally, discovered container escape vulnerabilities allow adversaries to execute code on the host operating system and operate within the cloud infrastructure. We show that Docker Swarm is currently not secured against misbehaving manager nodes. This allows a high impact, high probability privilege escalation attack, which we refer to as leadership hijacking, the possibility of which is neglected by the current cloud security literature. Cloud lateral movement and defense evasion payloads allow an adversary to leverage the Docker Swarm functionality to control each and every host in the underlying cluster. We demonstrate an end-to-end attack, in which an adversary with access to an application running on the cluster achieves full control of the cluster. To reduce the probability of a successful high impact attack, container orchestration infrastructures must reduce the trust level of participating nodes and, in particular, incorporate adversary immune leader election algorithms. |
format | Online Article Text |
id | pubmed-8304174 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2021 |
publisher | MDPI |
record_format | MEDLINE/PubMed |
spelling | pubmed-83041742021-07-25 Leadership Hijacking in Docker Swarm and Its Consequences Farshteindiker, Adi Puzis, Rami Entropy (Basel) Article With the advent of microservice-based software architectures, an increasing number of modern cloud environments and enterprises use operating system level virtualization, which is often referred to as container infrastructures. Docker Swarm is one of the most popular container orchestration infrastructures, providing high availability and fault tolerance. Occasionally, discovered container escape vulnerabilities allow adversaries to execute code on the host operating system and operate within the cloud infrastructure. We show that Docker Swarm is currently not secured against misbehaving manager nodes. This allows a high impact, high probability privilege escalation attack, which we refer to as leadership hijacking, the possibility of which is neglected by the current cloud security literature. Cloud lateral movement and defense evasion payloads allow an adversary to leverage the Docker Swarm functionality to control each and every host in the underlying cluster. We demonstrate an end-to-end attack, in which an adversary with access to an application running on the cluster achieves full control of the cluster. To reduce the probability of a successful high impact attack, container orchestration infrastructures must reduce the trust level of participating nodes and, in particular, incorporate adversary immune leader election algorithms. MDPI 2021-07-19 /pmc/articles/PMC8304174/ /pubmed/34356455 http://dx.doi.org/10.3390/e23070914 Text en © 2021 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
spellingShingle | Article Farshteindiker, Adi Puzis, Rami Leadership Hijacking in Docker Swarm and Its Consequences |
title | Leadership Hijacking in Docker Swarm and Its Consequences |
title_full | Leadership Hijacking in Docker Swarm and Its Consequences |
title_fullStr | Leadership Hijacking in Docker Swarm and Its Consequences |
title_full_unstemmed | Leadership Hijacking in Docker Swarm and Its Consequences |
title_short | Leadership Hijacking in Docker Swarm and Its Consequences |
title_sort | leadership hijacking in docker swarm and its consequences |
topic | Article |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8304174/ https://www.ncbi.nlm.nih.gov/pubmed/34356455 http://dx.doi.org/10.3390/e23070914 |
work_keys_str_mv | AT farshteindikeradi leadershiphijackingindockerswarmanditsconsequences AT puzisrami leadershiphijackingindockerswarmanditsconsequences |