research-article

A Method of Docker Container Forensics Based on API

Authors:

Long ChenAuthors Info & Claims

ICCSP 2018: Proceedings of the 2nd International Conference on Cryptography, Security and Privacy

Pages 159 - 164

https://doi.org/10.1145/3199478.3199506

Published: 16 March 2018 Publication History

Abstract

As one of the main technologies supporting cloud computing virtualization, Docker is featured in its fast and lightweight virtualization which has been adopted by numerous platform-as-a-service (PaaS) systems, but forensics research for Docker has not been paid the corresponding attention yet. Docker exists to store and distribute illegal information as a carrier for initiating attacks like traditional cloud services.

The paper explains Docker service principles and structural features, and analyzing the model and method of forensics in related cloud environment, then proposes a Docker container forensics solution based on the Docker API. In this paper, Docker APIs realize the derivation of the Docker container instances, copying and back-up of the container data volume, extraction of the key evidence data, such as container log information, configuration information and image information, thus conducts localized fixed forensics to volatile evidence and data in the Docker service container. Combined with digital signatures and digital encryption technology to achieve the integrity of the original evidence data protection.

References

[1]

Mell P, Grance T, The NIST Definition of Cloud Computing{R}. National Institute of Standards and Technology, 2011.

Digital Library

[2]

SEL Laboratory of Zhejiang University, Docker-container and container clouding{M}. Posts & Telecom Press, 2015.

[3]

Rimal B P, Choi E, Lumb I. A Taxonomy and Survey of Cloud Computing Systems{C}//2009 Fifth International Joint Conference on INC, IMS and IDC. IEEE Computer Sociaty, 2009:44--51.

Digital Library

[4]

Dua Rajdeep, Raja A Reddy, Kakadia Dharmesh, Virtualization vs containerization to support PaaS{C}, IEEE International Conference on Cloud Engineering, 2014, pp 610--614.

Digital Library

[5]

Ding, Weimin, Ghansah Benjamin, Wu Yanyan, Research on the Virtualization technology in Cloud computing environment{J}, International Journal of Engineering Research in Africa, 2016, vol. 2, pp 191--196.

[6]

Keyun Ruan, Joe Carthy, Tahar Kechadi, Mark Crosbie. Cloud Forensics{J}. IFIP Advances in Information and Communication Technology, 2011, vol. 361, pp 35--46.

[7]

Ruan K, Carthy J, Kechadi T, et al. Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results{J}. Digital Investigation, 2013, 10(1): 34--43.

Digital Library

[8]

Mathew A R, Al Zahli J A. Cloud Technology and the Challenges for Forensics Investigators{J}. DEStech Transactions on Computer Science and Engineering, 2017 (cnsce).

[9]

Zawoad S, Dutta A K, Hasan R. SecLaaS: secure logging-as-a-service for cloud forensics{C}//Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security. ACM, 2013: 219--230.

Digital Library

[10]

Kun Zhang. Research and Implementation of Digital Forensics under Cloud Computing Environment{D}. University of Electronic Science and Technology, 2014.

[11]

Xie Y L, Ding L P, Lin Y Q, et al. ICFF IaaS{J}. Journal on Communications, 2013, 34: 5.

[12]

Wu S, Du J. DCFF: a container forensics framework based on Docker{C}//2016 3rd International Conference on Materials Engineering, Manufacturing Technology and Control. Atlantis Press, 2016.

[13]

Gang Zhou. Research on Scene Migration of Computer Forensics in Cloud Computing Environment{J}. Huazhong University of Science and Technology, 2011, 9.

[14]

M. Huber, M. Mulazzani, M. Leithner, S. Schrittwieser, G. Wondracek and E. Weippl, Social snapshots: Digital forensics for online social networks, Proceedings of the Twenty-Seventh Annual Computer Security Applications Conference, pp. 113--122, 2011.

Digital Library

[15]

ElcomSoft, ElcomSoft Cloud Explorer, Moscow, Russia, 2016.

Cited By

Gharaibeh TSeiden SAbouelsaoud MBou-Harb EBaggili I(2024)Don't, Stop, Drop, Pause: Forensics of CONtainer CheckPOINTs (ConPoint)Proceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670895(1-11)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670895
Mahavaishnavi VSaminathan RPrithviraj R(2024)Secure container Orchestration: A framework for detecting and mitigating Orchestrator - level vulnerabilitiesMultimedia Tools and Applications10.1007/s11042-024-19613-xOnline publication date: 9-Jul-2024
https://doi.org/10.1007/s11042-024-19613-x
V S DChakkaravarthy Sethuraman SKhan M(2023)Container security: Precaution levels, mitigation strategies, and research perspectivesComputers & Security10.1016/j.cose.2023.103490135(103490)Online publication date: Dec-2023
https://doi.org/10.1016/j.cose.2023.103490
Show More Cited By

Index Terms

A Method of Docker Container Forensics Based on API
1. Applied computing
  1. Computer forensics

Recommendations

Forensics Studies based on Docker Containers
ICICSE 2021: 2021 10th International Conference on Internet Computing for Science and Engineering

For now, there is little research on forensic methods in docker environments at home and abroad, and there are no forensic tools for such environments on the market. In order to improve the efficiency of forensic work in such environments, this article ...
A particle swarm optimization-based container scheduling algorithm of docker platform
ICCIP '18: Proceedings of the 4th International Conference on Communication and Information Processing

Docker is rapidly changing the rules of operation in the field of cloud computing, and completely subverts the development of cloud technology. Swarm is a Docker container-based cluster management tool. By analyzing and researching the overall ...
Contention-aware container placement strategy for docker swarm with machine learning based clustering algorithms
Abstract
Containerization technology utilizes operating system level virtualization to package applications to run with required libraries and are isolated from other processes on the same host. Lightweight and quick deployment make containers popular in ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICCSP 2018: Proceedings of the 2nd International Conference on Cryptography, Security and Privacy

March 2018

187 pages

ISBN:9781450363617

DOI:10.1145/3199478

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Wuhan Univ.: Wuhan University, China
University of Electronic Science and Technology of China: University of Electronic Science and Technology of China

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 March 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICCSP 2018

ICCSP 2018: 2018 the 2nd International Conference on Cryptography, Security and Privacy

March 16 - 19, 2018

Guiyang, China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
582
Total Downloads

Downloads (Last 12 months)41
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gharaibeh TSeiden SAbouelsaoud MBou-Harb EBaggili I(2024)Don't, Stop, Drop, Pause: Forensics of CONtainer CheckPOINTs (ConPoint)Proceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670895(1-11)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670895
Mahavaishnavi VSaminathan RPrithviraj R(2024)Secure container Orchestration: A framework for detecting and mitigating Orchestrator - level vulnerabilitiesMultimedia Tools and Applications10.1007/s11042-024-19613-xOnline publication date: 9-Jul-2024
https://doi.org/10.1007/s11042-024-19613-x
V S DChakkaravarthy Sethuraman SKhan M(2023)Container security: Precaution levels, mitigation strategies, and research perspectivesComputers & Security10.1016/j.cose.2023.103490135(103490)Online publication date: Dec-2023
https://doi.org/10.1016/j.cose.2023.103490
Mishra APilli EGovil M(2022)CONTAIN4n6: a systematic evaluation of container artifactsJournal of Cloud Computing: Advances, Systems and Applications10.1186/s13677-022-00303-811:1Online publication date: 19-Aug-2022
https://dl.acm.org/doi/10.1186/s13677-022-00303-8
Kumar NHaribabu K(2022)Evaluation of File Carving Tools for Forensic Investigation in Docker Containers2022 IEEE 6th Conference on Information and Communication Technology (CICT)10.1109/CICT56698.2022.9997954(1-6)Online publication date: 18-Nov-2022
https://doi.org/10.1109/CICT56698.2022.9997954
Bhardwaj SDave M(2021)Crypto-Preserving Investigation Framework for Deep Learning Based Malware Attack Detection for Network ForensicsWireless Personal Communications10.1007/s11277-021-09026-6Online publication date: 25-Aug-2021
https://doi.org/10.1007/s11277-021-09026-6
Spiekermann DEggendorfer TKeller J(2019)A Study of Network Forensic Investigation in Docker EnvironmentsProceedings of the 14th International Conference on Availability, Reliability and Security10.1145/3339252.3340505(1-7)Online publication date: 26-Aug-2019
https://dl.acm.org/doi/10.1145/3339252.3340505

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents