Securing Container using Threat Modelling— STRIDE

Threat modeling is a structured process through which IT pros can identify potential security threats and vulnerabilities, quantify the seriousness of each, and prioritize techniques to mitigate the attack and protect IT resources.

  1. An abstraction of the system.
  2. Profiles of potential attackers, including their goals and methods.
  3. A catalog of potential threats that may arise.
  1. Checking Dockerfiles FROM directives pointing to a smart whitelist of base images. This whitelist contains only the verified, official, and trusted Docker standard library and some inhouse approved images. Thus if scanning the Dockerfiles FROM directives found to be using the image that is not in the whitelist, it will reject them.
  2. Enabling docker content trust using Notary (a tool for publishing and managing trusted collections of content). Publishers can digitally sign collections and consumers can verify the integrity and origin of the content and trusted publishers to ensure pulling cryptographically signed base images are pulled.
  1. Docker Content Trust should be enabled to ensure that only pulling cryptographically signed, untampered, original base images are pulled.
  2. Checking for the tag version in the Dockerfiles’ FROM directives rather than the generic “latest” tag for full traceability. This can be achieved by either scanning the dockerfile or using Dockerfile linter like hadolint and dockerfilelint.
  3. Checking the Dockerfiles for Docker directive COPY and not, ADD. The danger of using ADD is that it automatically performs decompression of local files. You may end up downloading malicious software and decompressing them which you didn’t intend to.
  1. Making sure that you have complete audit logging enabled in your docker registry. It should capture events that could questions like when an activity is performed, who are the actors, and the timeline.
  2. Setting up auditd in your docker host (a userspace component to the Linux Auditing System) responsible for writing audit records to the disk.
  1. Disable experimental features while you are setting up your docker.
  2. Looking for sensitive volume mount like /proc, /opt, and rejecting the image from building if it's found to be present in dockerfile.
  3. Running automated dependency scanners to check that we are using the latest, most secure version of our code dependencies. Using scanners like OWASP Dependency Check, RetireJS, Synk, OSSIndex can be effective.
  1. Scanning docker images for vulnerable third party libraries, binaries, and dependencies for any critical open CVE and rejecting the image if it is found. Clair, Anchore, Dagda, Falcao are some of the tools which can be used to scan Docker image in the pipeline.
  2. Docker CIS Benchmark recommends having HEALTHCHECK command in dockerfile to make sure the application base process is running correctly. Simply scanning the dockerfile for the HEALTHCHECK directive would do this.
  1. If the user is privileged enough to run docker, i.e. being in the docker group or being root, they can run the container with host mounted volumes like /etc mounted in and get the root access. A straight forward check is to scan the dockerfile to find if the root user or ‘docker’ group is being used.
  2. Dockerfile linter also helps to check if the root user is being used to execute the program inside of the container and there on you can reject such images within your pipeline.
  3. One of the Docker CIS Benchmark recommendations is to remove setuid and setgid privileges if not needed.




Security Engineer @Microsoft | DevSecOps | Speaker | Breaking stuff to learn | Featured in Forbes, BBC| Acknowledged by Google, NASA, Yahoo, UN etc

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

NEAR Protocol: Regardless of displaying community development, why is its token ‘NEAR’ the…

Four Tips for Strengthening Cybersecurity Training

Azure Sentinel

Announcing the Playcent Fair Launch Protection System, Powered by Ferrum Network

Data Integrity Use Cases

The latest version of TenUp Core, 3.4.0, is now available!

{UPDATE} Word Search Little Books Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Avinash Jain (@logicbomb)

Avinash Jain (@logicbomb)

Security Engineer @Microsoft | DevSecOps | Speaker | Breaking stuff to learn | Featured in Forbes, BBC| Acknowledged by Google, NASA, Yahoo, UN etc

More from Medium

Creating Amazon Elastic Container Service for Kubernetes (Amazon EKS)

How to setup Horizontal Pod Autoscaling(HPA) on AWS EKS

Elastic Stack: an overview and ELK installation on Ubuntu 20.04

Getting started with Prometheus Federation in Docker