Security in Rootless Containers : Measuring the Attack Surface of Containers

Abstract: Rootless containers are commonly perceived as more secure, as they run without added privileges. To the best of my knowledge, this hypothesis has never been proven.  This thesis aims to contribute to addressing knowledge gaps in research by measuring the attack surface of Rootless Podman, Rootless Docker, as well as Rootful Docker for comparison. Furthermore, different Rootless Container Engines are analysed in a prestudy to summarise what current options exist on the market today. The attack surface is systematically measured using the Attack Surface Measurement Method. The method identifies resources and groups them into different attack classes, based on the resource attackability. The authors of the method defines attackability as the likelihood of a successful attack. Finally, the total attackability of the container engines is computed.  The study concludes that attack surface is significantly reduced when a local container image is used, instead of downloading one. In addition, the design choice of the container engine influences the attack surface more than whether the container is rootless or rootful.