Blockchain-based decentralized content trust for docker images

Download PDF
Open Webpage

Quanqing Xu, Chao Jin, Mohamed Faruq Bin Mohamed Rasid, Bharadwaj Veeravalli, Khin Mi Mi Aung

Published: 01 Jan 2018, Last Modified: 09 Nov 2025Multim. Tools Appl. 2018EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: It is feasible to deploy Docker containers in IoT (Internet of Things) devices because their runtime overhead is almost zero. Default Docker installation does not verify an image authenticity. Authentication is vital for users to trust that the image is not malicious or tampered with. As Docker is currently a popular choice for developers, tightening its security is a priority for system administrators and DevOps engineers. Docker recently deployed Notary as a solution to verify authenticity of their images. Notary is a viable solution, but it has some potential threats. This paper specifically addresses its vulnerability towards Denial-of-Service (DoS) attacks, and propose a potential solution: blockchain-based Decentralized Docker Trust (DDT). The proposed solution involves decentralizing the trust via a blockchain. The solution greatly reduces the risk of DoS and at the same time provides a signature verification service for Docker images. We demonstrate the proposed blockchain-based solution’s scalability and efficiency by conducting performance evaluation. At the same time, we also implemented a system prototype of Decentralized Docker Trust (DDT), and conducted performance evaluation for it on Amazon Web Services (AWS) across multiple data centers.