Saved in:
Bibliographic Details
Main Authors: Haq, Md Sadun, Tosun, Ali Saman, Korkmaz, Turgay
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2405.07054
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917664119586816
author Haq, Md Sadun
Tosun, Ali Saman
Korkmaz, Turgay
author_facet Haq, Md Sadun
Tosun, Ali Saman
Korkmaz, Turgay
contents Containerization has emerged as a revolutionary technology in the software development and deployment industry. Containers offer a portable and lightweight solution that allows for packaging applications and their dependencies systematically and efficiently. In addition, containers offer faster deployment and near-native performance with isolation and security drawbacks compared to Virtual Machines. To address the security issues, scanning tools that scan containers for preexisting vulnerabilities have been developed, but they suffer from false positives. Moreover, using different scanning tools to scan the same container provides different results, which leads to inconsistencies and confusion. Limited work has been done to address these issues. This paper provides a fully functional and extensible framework named LUCID that can reduce false positives and inconsistencies provided by multiple scanning tools. We use a database-centric approach and perform query-based analysis, to pinpoint the causes for inconsistencies. Our results show that our framework can reduce inconsistencies by 70%. The framework has been tested on both Intel64/AMD64 and ARM architecture. We also create a Dynamic Classification component that can successfully classify and predict the different severity levels with an accuracy of 84%. We believe this paper will raise awareness regarding security in container technologies and enable container scanning companies to improve their tool to provide better and more consistent results.
format Preprint
id arxiv_https___arxiv_org_abs_2405_07054
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle LUCID: A Framework for Reducing False Positives and Inconsistencies Among Container Scanning Tools
Haq, Md Sadun
Tosun, Ali Saman
Korkmaz, Turgay
Cryptography and Security
Containerization has emerged as a revolutionary technology in the software development and deployment industry. Containers offer a portable and lightweight solution that allows for packaging applications and their dependencies systematically and efficiently. In addition, containers offer faster deployment and near-native performance with isolation and security drawbacks compared to Virtual Machines. To address the security issues, scanning tools that scan containers for preexisting vulnerabilities have been developed, but they suffer from false positives. Moreover, using different scanning tools to scan the same container provides different results, which leads to inconsistencies and confusion. Limited work has been done to address these issues. This paper provides a fully functional and extensible framework named LUCID that can reduce false positives and inconsistencies provided by multiple scanning tools. We use a database-centric approach and perform query-based analysis, to pinpoint the causes for inconsistencies. Our results show that our framework can reduce inconsistencies by 70%. The framework has been tested on both Intel64/AMD64 and ARM architecture. We also create a Dynamic Classification component that can successfully classify and predict the different severity levels with an accuracy of 84%. We believe this paper will raise awareness regarding security in container technologies and enable container scanning companies to improve their tool to provide better and more consistent results.
title LUCID: A Framework for Reducing False Positives and Inconsistencies Among Container Scanning Tools
topic Cryptography and Security
url https://arxiv.org/abs/2405.07054