Preprint Article Version 1 Preserved in Portico This version is not peer-reviewed

Leadership Hijacking in Docker Swarm and Its Consequences

Version 1 : Received: 24 May 2021 / Approved: 25 May 2021 / Online: 25 May 2021 (08:57:28 CEST)

How to cite: Farshteindiker, A.; Puzis, R. Leadership Hijacking in Docker Swarm and Its Consequences. Preprints 2021, 2021050594 (doi: 10.20944/preprints202105.0594.v1). Farshteindiker, A.; Puzis, R. Leadership Hijacking in Docker Swarm and Its Consequences. Preprints 2021, 2021050594 (doi: 10.20944/preprints202105.0594.v1).

Abstract

With the advent of microservice-based software architectures, an increasing number of modern cloud environments and enterprises use operating system level virtualization, often referred to as containers. Docker Swarm is one of the most popular container orchestration infrastructures, providing high availability and fault tolerance. Occasionally discovered container escape vulnerabilities allow adversaries to execute code on the host operating system and operate within the cloud infrastructure. We show that docker swarm is currently not secured against misbehaving manager nodes and allows a high impact, high probability privilege escalation attack that we refer to as leadership hijacking. Cloud lateral movement and defense evasion payloads allow an adversary to leverage the docker swarm functionality to control each and every host in the underlying cluster. We demonstrate an end-to-end attack, in which an adversary with access to an application running on the cluster achieves full control of the cluster. To reduce the probability of a successful high impact attack, container orchestration infrastructures must reduce the trust level of participating nodes and in particular, incorporate adversary immune leader election algorithms.

Subject Areas

docker swarm; leader election; privilege escalation; defense evasion; cloud

Comments (0)

We encourage comments and feedback from a broad range of readers. See criteria for comments and our diversity statement.

Leave a public comment
Send a private comment to the author(s)
Views 0
Downloads 0
Comments 0
Metrics 0


×
Alerts
Notify me about updates to this article or when a peer-reviewed version is published.
We use cookies on our website to ensure you get the best experience.
Read more about our cookies here.