New Docker crypto locker is a blocker for Docker image mockers

Verison 1.8 adds container signing to prevent man-in-middle attacks

Docker has tackled the problem of secure application container distribution with a new system that supports signing container images using public key cryptography.

The new feature, known as Docker Content Trust, is the main attraction of Docker 1.8, the latest version of the tool suite that was announced on Wednesday.

"Before a publisher pushes an image to a remote registry, Docker Engine signs the image locally with the publisher's private key," Docker security boss Diogo Mónica said in a blog post outlining the process. "When you later pull this image, Docker Engine uses the publisher's public key to verify that the image you are about to run is exactly what the publisher created, has not been tampered with and is up to date."

Docker is basing its code-signing capabilities on Notary, a standalone piece of software that it first unveiled at the DockerCon 2015 conference in June. Notary, in turn, is based on The Update Framework (TUF), a project that offers both a specification and a code library for generic software update systems.

At DockerCon, Docker CTO Solomon Hykes explained that he likes the TUF design because it not only offers protection against content forgery and various forms of man-in-the-middle attacks, but it also offers what the TUF project calls "survivable key compromise."

"Basically it means if one of the keys in the system gets lost or stolen, you're in trouble, but you're not completely, impossibly screwed," Hykes said. "It means you can apply regular policies to deal with the issue, depending on the magnitude, instead of going out of business."

Docker believes in shipping code early and often – and often it puts it out before it's fully baked – and so for the 1.8 release, Docker Content Trust is an optional feature that must be enabled by setting an environment variable.

If your interest is piqued, however, there's a detailed description of the new trust model available here.

In addition to Docker Content Trust, the Docker 1.8 release includes the customary upgrades to the Docker Engine, Registry, and related tools. Plugins to support various types of storage volumes, which were experimental in the previous version, are considered stable in Engine 1.8. Docker Registry, meanwhile, has been upped to version 2.1 and is faster and supports new cloud storage drivers for Aliyun OSS, Ceph Rados, and OpenStack Swift. The Compose, Machine, and Swarm orchestration tools have also been improved.

Full release notes for Docker 1.8, including download links, are available on the project's public GitHub repo, here. ®

Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Google battles bots, puts Workspace admins on alert
    No security alert fatigue here

    Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.

    The API capabilities – aptly named "Advanced API Security" – are built on top of Apigee, the API management platform that the web giant bought for $625 million six years ago.

    As API data makes up an increasing amount of internet traffic – Cloudflare says more than 50 percent of all of the traffic it processes is API based, and it's growing twice as fast as traditional web traffic – API security becomes more important to enterprises. Malicious actors can use API calls to bypass network security measures and connect directly to backend systems or launch DDoS attacks.

    Continue reading
  • Zero Trust: What does it actually mean – and why would you want it?
    'Narrow and specific access rights after authentication' wasn't catchy enough

    Systems Approach Since publishing our article and video on APIs, I’ve talked with a few people on the API topic, and one aspect that keeps coming up is the importance of security for APIs.

    In particular, I hear the term “zero trust” increasingly being applied to APIs, which led to the idea for this post. At the same time, I’ve also noticed what might be called a zero trust backlash, as it becomes apparent that you can’t wave a zero trust wand and instantly solve all your security concerns.

    Zero trust has been on my radar for almost a decade, as it was part of the environment that enabled network virtualization to take off. We’ve told that story briefly in our SDN book – the rise of microsegmentation as a widespread use-case was arguably the critical step that took network virtualization from a niche technology to the mainstream.

    Continue reading

Biting the hand that feeds IT © 1998–2022