Core Container Security Frameworks

With the introduction of Docker and Kubernetes, the container environment, along with DevOps, is evolving rapidly. The importance of container security has been highlighted by the discovery of new security vulnerabilities in container environments such as DIRTY COW (CVE-2016-5195) and RunC Container Escape (CVE-2019- 5736). Further, in February 2018, the system that used to be serviced in Amazon's AWS environment and that mined the cryptocurrency after Tesla's Kubernetes environment was hacked has become a significant issue. Despite these security threats, however, research into the container security framework is still in its early stages. Thus, the authors intend to analyze the existing container security framework to find deficiencies and to suggest the actual applicable container security framework by supplementing the items that need to be newly added. To this end, the security framework and solutions of three (3) Korean banks and one (1) credit card company collected between January and March of 2020 were analyzed to derive forty-four (44) solutions in five (5) areas to be migrated from the traditional security framework, while eight (8) criteria for analysis were prepared through an attack vector analysis of the container environment. Based on the above, finally, 20 solutions in 6 areas were derived and the core container security framework was presented.