kantver - Fotolia
Docker security got a recent upgrade with new features and tools, including support for hardware signing. The organization also announced "Project Nautilus" for automated security analysis. How does Docker hardware signing work, and what's included in Project Nautilus?
Docker hardware signing is an extension of the Docker Content Trust feature for application signing, which was released with Docker 1.8.0. Hardware signing is implemented using Yubico USB keys, hardware devices that can digitally sign an application without exposing the private root encryption key. The Yubico USB key is a strong second factor that complies with the FIDO Alliance Universal Second Factor. Application signing is a form of authentication that allows users of an image to know who created the image. With that knowledge in hand, users can then assess the trustworthiness of the image.
Project Nautilus is an open source project developing an image scanner for Docker images. The scanner performs security analysis on Docker images. An important feature of Nautilus is that it is not limited to scanning for known vulnerabilities. It performs deep content analysis that can analyze the semantics of instructions and not just scan for known malicious patterns or indicators.
Nautilus is used to scan official images in the Docker Hub repository. The Docker team expects to make it publically available in the near future.
Want to ask Dan Sullivan a question about cloud security? Submit your question now via email. (All questions are anonymous.)
Read up on some Docker container technology tips
Find out how Docker Content Trust improves container security
Learn how CoreOS' Rocket compares to Docker security-wise
Dig Deeper on Cloud Security Services: Cloud-Based Vulnerability Scanning and Antivirus
Related Q&A from Dan Sullivan
Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of ... Continue Reading
Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks ... Continue Reading
AWS has begun providing Active Directory management in the cloud. Expert Dan Sullivan explains this new Amazon service and what it means for users. Continue Reading