Q
Get started Bring yourself up to speed with our introductory content.

How does Docker's hardware signing work?

Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan goes over these new features.

Docker security got a recent upgrade with new features and tools, including support for hardware signing. The organization...

also announced "Project Nautilus" for automated security analysis. How does Docker hardware signing work, and what's included in Project Nautilus?

Docker hardware signing is an extension of the Docker Content Trust feature for application signing, which was released with Docker 1.8.0. Hardware signing is implemented using Yubico USB keys, hardware devices that can digitally sign an application without exposing the private root encryption key. The Yubico USB key  is a strong second factor that complies with the FIDO Alliance Universal Second Factor. Application signing is a form of authentication that allows users of an image to know who created the image. With that knowledge in hand, users can then assess the trustworthiness of the image.

Project Nautilus is an open source project developing an image scanner for Docker images. The scanner performs security analysis on Docker images. An important feature of Nautilus is that it is not limited to scanning for known vulnerabilities. It performs deep content analysis that can analyze the semantics of instructions and not just scan for known malicious patterns or indicators.

Nautilus is used to scan official images in the Docker Hub repository. The Docker team expects to make it publically available in the near future.

Want to ask Dan Sullivan a question about cloud security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Read up on some Docker container technology tips

Find out how Docker Content Trust improves container security

Learn how CoreOS' Rocket compares to Docker security-wise

This was last published in May 2016

Dig Deeper on Cloud Security Services: Cloud-Based Vulnerability Scanning and Antivirus

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What are your experiences with Docker application signing?
Cancel

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly.com

Close