Docker Security: How Secure are Containers and Will Security be a Hurdle to Container Adoption?
In 1897, physiologist René Quinton completely replaced the blood of a live, abandoned dog with seawater in an experiment to prove the theory that the chemistry of mammalian blood is formulated from ocean water, with which it shares many properties including salinity and acidity. Ancient life forms co-opted other primitive life forms in a symbiotic state to harvest oxygen from seawater. When the advanced life forms moved out of the ocean, they brought forward those primitives with them to maintain the seawater within themselves. Isn’t it bizarre that, millions of years later, we still carry around our own seawater and all its supporting apparatus?
In the digital age, we have brought forward similar primitives into our computing clouds: virtual versions of desktop operating systems from the 90s: Windows, BSD and Linux. It’s bizarre because these bulky, inefficient virtual guest operating systems are just supporting apparatus for an application.
But now a form of virtualization called containers may obsolete virtual operating systems. Containers are host processes that have advanced support for multi-tenancy and privilege isolation. Applications can run inside a container more efficiently than inside a whole virtual operating system.
And just as VMware rode the wave of operating system virtualization to fame and fortune, there’s a new company named Docker riding the popularity of containers. Docker is fast becoming synonymous with container technology and as a result is the new open-source debutante that everyone wants to date.
So will containers replace traditional operating system virtualization in the same way that virtualization has replaced much of the physical, bare-metal world? And how secure are containers, anyway? Will that be a stumbling block to container adoption?
A recent Gartner analysis of Docker security largely gives Docker security a thumbs up (while noting shortcomings in management and maturity). Because the overall concept of cloud security has already been accepted, the argument now is just about the level of protection. We’re probing the mechanics of the immune system, not deciding whether the concept lives or dies. The Gartner analysis for Docker security reiterates some of the main points from Docker’s own security page.
• Virtualization security has migrated into the host operating system. Linux and Microsoft kernels have been providing more support for virtualization in every release. The LXC (Linux container) and userspace file systems secure the containers at the host operating system level. This helps traditional virtualization as well and enables containers to focus on efficiency.
• A container system has a smaller threat surface than the traditional virtualization system. Because containers consolidate redundant shared resources, there will be fewer versions of Apache (and its entire mod ecosystem) to attack, and fewer processes to manage. A smaller attack surface is always a good thing.
• Process security controls will be applied to containers. Process security is an ancient black art: easy to misconfigure, often disabled, and it often doesn’t do what you think it should. But the underlying technology should only get better.
On a fundamental level, container security is equivalent to hypervisor security. If you can suspend your disbelief about security to the point where you accept the additional layer of risk because there is no “air gap,” then you’ve got to be good with both hypervisors and containers. Sure, Docker is not as mature as VMware, but that’s just one parameter in your equation—as container security matures, the reduced threat surface may lead to fewer vulnerabilities than full virtual machines.
Docker is already supported by the major cloud infrastructures: Google, Amazon Web Services, IBM, and now Microsoft. The promise of container efficiency is leading some to predict that containers will eventually replace traditional virtualization systems. The ability to spin up containers in a second or less means they will proliferate to deliver their value and then disappear, allowing the underlying operating system to boost the efficiency of the application’s circulatory system.
Perhaps there is a Dr. Quinton right now running an experiment to see how effectively containers may replace the traditional virtual system. And just to fully close the loop and put your mind at ease, in the dog experiment, the dog whose blood was replaced with seawater was incredibly ill—close to death, actually—but then fully recovered in a week’s time. Happy ending.