Chinese Journal of Network and Information Security ›› 2020, Vol. 6 ›› Issue (6): 45-56.doi: 10.11959/j.issn.2096-109x.2020074

• Special Column:Network Application and Protection Technology • Previous Articles     Next Articles

Analysis of DoS attacks on Docker inter-component stdio copy

Tianyu ZHOU1,2,Wenbo SHEN2(),Nanzi YANG3,Jinku LI3,Chenggang QIN4,Wang YU4   

  1. 1 Zhejiang University NGICS Platform,Hangzhou 310027,China
    2 School of Cyber Science and Technology,Zhejiang University,Hangzhou 310027,China
    3 School of Cyber Engineering,Xidian University,Xi'an 710071,China
    4 Ant Financial Services Group,Hangzhou 310000,China
  • Revised:2020-09-24 Online:2020-12-15 Published:2020-12-16
  • Supported by:
    Leading Innovative and Entrepreneur Team Introduction Program of Zhejiang Province(2018R01005);The Key R&D Program of Shaanxi Province(2019ZDLGY12-06);Fundamental Research Funds for the Central Universities

Abstract:

In recent years,Docker has been widely deployed due to its flexibility and high scalability.However,its modular design leads to the DoS attacks on inter-component communication.A new DoS attack that outputs to stdout,causing high CPU usages among different Docker components.Analysis shows that the stdout output triggers the goroutines of Docker components.To find all goroutines setup paths,using the static analysis method to analyze the Docker components systematically was proposed.A static analysis framework was designed and implemented,and evaluated on Docker source code.The results show that static analysis framework finds 34 paths successfully,while 22 of them are confirmed by runtime verification.

Key words: container, Docker components, DoS attack, static analysis

CLC Number: