Docker and Kubernetes Threat Modeling Cheat SheetView the original Working Session content
A Cheat Sheet covering the most common threats against Docker and Kubernetes.
Synopsis and Takeaways
This working session aimed to answer the following questions:
- Can we identify the main or generic threats?
- Can we organize the threats in Risk Patterns
- Can they be summarized on a Cheat Sheet?
Example: As a tester I want to run a baseline scan of a website in order to sanity check.
Threats were listed and grouped according to the four questions:
- What are we building?
- What can go wrong?
- What are we going to do about that?
- Did we do a good enough job?
Question 1: What are we building?
- Insufficient Authentication Protection
- Password Policy
- Brute Force protection
- Username enumeration
- Information Disclosure
- Insider Threat
- Tamperproof Dockerfile
- Sensitive data in Docker file or image
Question 2: What can go wrong?
- Sensitive Data
- Dangerous commands on boot
Question 3: What are we going to do about that?
- Documentation Group
- Run = Access
- Docker inspection used
- Exposing daemon socket
- Segregation of duties not forced
- User can mass download
- “Latest” user awareness
- Escalation of privilege to a deeper level
- Session page :TM Docker / Kubernetes
- Summit 2017 session page : Docker Security
- Summit 2017 outcome page : Docker Security Outcomes