On Docker and Security

Security is a process, not a product. Products provide some protection, but the only way to effectively do business in an insecure world is to put processes in place that recognize the inherent insecurity in the products. The trick is to reduce your risk of exposure regardless of the products or patches.

Bruce Schneier

As we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns

Donald Rumsfeld

Security is essentially a process of risk management where you have little idea of what the risks are or an effective way of quantifying them. This battle against the “unknown unknowns” as Donald so eloquently puts it can result in a business loosing agility as an over zealous IT department hardens every system against every possible vulnerability at the expense of flexibility and usability.

Since the end of 2013 the I.T. world has been caught up in Docker fever. Developers race to “containerise” their apps. Free from the encumbrance of .rpm or .deb operating system packaging dogma; applications are quickly deployed to cloudy infrastructures with ease and may I say, a hint of passion.Developers are now free to deploy and redeploy there apps with ease; free from the encumbrance of the System Administrators. This rush towards Docker is I believe a direct consequence of the previous efforts of the aforementioned IT department failing to recognise themselves as service departments to the developers.

A compromised docker hypervisor is a dangerous thing.
A compromised docker hypervisor is a dangerous thing.

Docker is an application packaging method masquerading as a containerisation technology. The security model of Docker relies on the robustness of the Kernel security model which is a dicey proposition at best. Docker has to potential of exposing the Known Knowns, Known Unknown and Unknown Unknown kernel vulnerabilities which could be particularly dangerous in a multi tenanted environment or even in a situation where an externally facing docker “container” is compromised.