This morning, after a long, incredibly instructive and exciting journey, I was finally able to submit my bachelor thesis about Docker Security - An analysis of security threats and recommended practices for building a secure Docker infrastructure. It provides on overview of built-in security features of Docker, an analysis of Docker security threats on different levels from hardware to deployment pipelines, and, eventually, recommendatations for security improvements for a Docker infrastructure.

Abstract

The use of virtualization technologies has increased significantly in recent years. With the introduction of Docker, a container-based approach was established that competes fiercely with traditional virtual machines. Not only are containers significantly more lightweight and resource-efficient in comparison, but they also enable faster development cycles and modern DevOps approaches. However, the question arises whether these advantages go hand in hand with weaker security of the virtualized infrastructure. This thesis tries to address this problem. The analysis consists of three parts: (1) The internal functionalities designed to ensure the security of Docker, (2) the threats to be observed when using Docker, and (3) which measures complicate or even prevent the threats identified in the last step. The analysis of threats covers several layers within a Docker infrastructure, starting with the hardware up to the integration of Docker in an automated deployment pipeline.

I created the thesis in cooperation with Secomba GmbH in Augsburg. I am very grateful that I was able to experience so much autonomy in researching and writing the thesis. Special thanks should go to my supervisor Robert Freudenreich.

[UPDATE 2018-08-24]: Today, I presented my thesis to the Boxcryptor team. The slides of my talk can be found here.