Analyzing Docker Vulnerabilities through Static and Dynamic Methods and Enhancing IoT Security with AWS IoT Core, CloudWatch, and GuardDuty
Round 1
Reviewer 1 Report
Comments and Suggestions for AuthorsIn this paper, the authors investigate the security of software containes. In particular, special emphasis is given to the vulnerabilities of Docker. In general, the overall paper is interesting and the experimetal results demonstrate the efficacy of the proposed work. However, there is room for improvment. Particular recommendations for this purpose are provided below.
1. The contributions of the paper are not clear. The should be stated in the introduction section.
2. Introduction does not provide sufficient information in order to indtruce the reader suitably. For instance, the structure of the paper is missing. The authors should provide a more detailed introduction, providing the motivation behind this works, explaining the structure of the paper, presenting the contributions, etc.
3. In section, the contributions of this paper and differences with repect to relevant works are not clear. They should be clarified in this section.
4. In general the paper is not structured well. For isntance there is some background information within different parts and it is not easy to understand what the authors provide. The paper in general should be re-structured.
5. All the implementation details should be clarified, providing more technical and technology information. Again it is not for the reader to check and understand what implemented by the authors.
6. SImilalry, the evaluation results should be clarifired and enhanced.
7. Finally, the paper should be re-checked regarding typos and writing errors.
Comments on the Quality of English LanguageThe paper should be re-checked regarding typos and writing errors.
Author Response
Response to Reviewers’ Comments
We would like to thank all the reviewers for making valuable suggestions to improve the manuscript. Below, we provide detailed responses to the comments from each individual reviewer. All major changes required are highlighted in blue font. All the page numbers stated are in accordance with the new pdf submitted.
Reviewer #1 Questions:
- The contributions of the paper are not clear. They should be stated in the introduction section.
Response: We thank the reviewer for the comment we have changed the introduction section to describe directly what has our study contributed.
In particular, we have underlined our combined usage of static and dynamic techniques in Docker vulnerability analysis as well as the new integration between AWS IoT Core, CloudWatch and Guard Duty to provide reinforcement for IoT security.
In this research article we have also highlighted IoT security concerns related to cyberattacks and brute force attacks on IoT devices. We discussed security concerns on both platforms such as AWS IoT Core CloudWatch and Guard Duty.
Did a detailed analysis on vulnerabilities associated with Docker Images, configs etc within the micro-services environment, and provided assessment methods using tools like Trivy and Falco which organizations can adopt to solve the high arching issues.
- Introduction does not provide sufficient information in order to introduce the reader suitably. For instance, the structure of the paper is missing. The authors should provide a more detailed introduction, providing the motivation behind this works, explaining the structure of the paper, presenting the contributions, etc.
Response: Thank you for pointing out the issue. We have made a major revision in the introduction part to overcome that problem.
The new introduction provides a full motivation of the research, an outline of how we structured our paper and most importantly information about what was found in this study. This ought to give readers a clear sense right from the beginning.
We have introduced discussion about the areas of the topic in the introduction to give more depth. On p1 col. 1-2 and p2 col. 1
Information technology (IT) has passed through a tremendous evolution over the past few decades. From the early days of from the mainframe computers to the current era of cloud computing and artificial intelligence, IT has continuously transformed how businesses operate and how individuals interact with one another. This evolution has led to increased efficiency, productivity and connectivity in a wide array of areas, but it has also introduced new challenges, particularly in the realm of Cybersecurity.
Docker, a platform for developing, shipping, and running containers, with the ability to package applications in containers, have revolutionized software deployment and scaling. Containers allow applications to run on different computing environments in a consistent manner. From the developer's local machine to production servers, this technology has made application much easier deployed and managed but has at the same time also introduced new security considerations that need to be addressed.
The Internet of Things (IoT) refers to the network of interconnected physical devices with electronics built into software, sensors, and network connectivity can enable these things to collect and share data. IoT solutions are found in a wide variety of areas including smart homes, industrial automation, healthcare, agriculture, and urban planning. It serves the purpose of enhancing efficiency, improving decision-making through data analysis, and creating new services and experiences for users. However, the vast number of connected devices also poses huge security challenges.
To address these challenges, this study explores the use of AWS cloud security services:
- AWS IoT Core: A managed cloud service that allows connected devices to interact securely with cloud applications and other devices.
- CloudWatch: A monitoring and observability service that provides data and actionable insights for AWS, on-premises, and other cloud applications and infrastructure resources.
- GuardDuty: A threat detection service that continuously monitors AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.
- In section, the contributions of this paper and differences with respect to relevant works are not clear. They should be clarified in this section.
Response: Thank you for pointing out the issue.
We have added a completely new section of contribution, P1, col 1-2
The contribution of the paper is as follows i) In particular, we have underlined our combined usage of static and dynamic techniques in Docker vulnerability analysis as well as the new integration between AWS IoT Core, CloudWatch and Guard Duty to provide reinforcement for IoT security. ii) In this research article we have also highlighted IoT security concerns related to cyberattacks and brute force attacks on IoT
devices. We discussed the security concerns on both platforms such as AWS IoT Core CloudWatch and Guard Duty. iii) We performed simulation and testing on AWS Core and presented the results.
- In general, the paper is not structured well. For, there is some instance background information within different parts and it is not easy to understand what the authors provide. The paper in general should be re-structured.
Response: Thank you for pointing out the issue.
We have restructured the paper as per the guidance.
- All the implementation details should be clarified, providing more technical and technology information. Again, it is not for the reader to check and understand what implemented by the authors.
Response: Thank you for pointing out the issue.
We have added process flow diagrams which can explain things with more clarity and the implementation steps have been explained in a simplified manner for all the 3 major portions, which is the static analysis using Trivy in P5, col 1, dynamic analysis using Falco in P6, col 1 and the IoT Brute force attack in P8 col 1.
Static Analysis using Trivy
- Environment Setup: Make sure that Docker and Trivy are installed on your system.
- Pull the Docker Image: Pull the docker image for analyzing using the docker commands.
- Run Trivy Scan: Run the Trivy scan on the Docker image with a command like trivy image <image-name>`. This command will prepare a detailed list of found vulnerabilities in the image.
- Results Analysis: Going through the results and classifying the vulnerabilities according to their criticality, such as critical, high, medium, fix the identified vulnerabilities, update dependencies, or change configurations.
Fig 1. Static Analysis using Trivy
Dynamic Analysis with Falco
- Install Falco: Install Falco and make sure it is set up to watch the Docker containers of interest for analysis.
- Set Up Monitoring: Configure Falco rules such that the rules define the kind of activity that you consider malicious for the specific use cases of your application. For example, you could define rules to detect any unauthorized shell access, or rules to detect unexpected network activity.
- Run the Containers: Start your Docker containers. Falco will automatically start monitoring their activity in real-time.
- Respond to Alarms: When there is an event of abnormal activity, alerts are generated by falco. This is the best way to react by looking into these alert messages ASAP, realize whether there is a real threat on them, and take necessary steps to reduce such risk.
Fig 2. Dynamic Analysis using Falco
Brute Force Attack Simulation on IoT Smart Door
Fig 3. Brute Force Attack Simulation
This is the brute force attack simulation from a smart door lock enabled by IoT, where the aim is to find out the resilience of an IoT enablement system in the case of unauthorized access trials. It systematically tries out different combinations of usernames and passwords until access is gained into the system. The use of AWS services in the simulation is going to be targeted for device management in the same way AWS IoT Core and AWS Lambda for automatic configuration of the attack script through scripting, plus AWS CloudWatch for monitoring.
Steps:
- IoT Smart Door Lock: Representing the target of the attack.
- Brute Force Attack Script: Provides additional post-exploitation modules within the C2, automated with AWS Lambda, in trying to guess credential combos.
- AWS IoT Core: Decides all operations communication and messaging between the smart door lock and the Cloud.
- AWS CloudWatch: Log every attempt and fire the alert on suspicious activities like multiple attempts of failed login.
- AWS GuardDuty: Provides threat detection that includes any anomalies related to the brute force attack.
- Similarly, the evaluation results should be clarified and enhanced.
Response: Thank you for your observation.
The results have been explained with the outputs observed and the related screenshots have been added which justifies the content provided within those sections.
- Finally, the paper should be re-checked regarding typos and writing errors.
Response: Thank you for your observation
. We have thoroughly rechecked the entire paper and made sure that there are no typos and writing errors.
Author Response File: Author Response.docx
Reviewer 2 Report
Comments and Suggestions for AuthorsThe researchers in this article are focused on the following main gap/problem:
- Explored the intricate security aspects of Docker systems, emphasizing the importance of tools such as Trivy and Falco for undertaking comprehensive static and dynamic assessments to detect and address security risks.
- Highlighted the necessity of creating sophisticated intrusion detection systems and enforcing strong security protocols to protect against complex cyber threats.
- Utilized Trivy for static analysis and Falco for dynamic analysis to identify and address vulnerabilities in Docker environments before deployment and in real time.
- Promoted the use of AWS cloud security technologies such as IoT Core, CloudWatch, and GuardDuty to protect IoT devices from threats.
However, the following modification is necessary before accepting their work/article:
Section 1—The introduction is not written professionally.
Section 2—The literature review section consists of an Overview and Motivation, which are part of the introduction; the authors move and make this part of the introduction section.
Section—3 contains some background knowledge that does not look professional; the authors should create a new section, Preliminaries & Background, by defining all the foundation topics pertaining to this research work.
Section—4 the name is wrong; the author changed it to Implementation Environment
Section—5, the author simulated the proposed comprehensive security framework for bruit force attack but didn’t mention this in the abstract, introduction, or conclusion. So, they must tell the reader about this in the said sections.
Section—6, the researchers comprehensively mentioned future scope/future directions in bullet points. The current version looks vague.
Section—7, Conclusion, is what you have concluded while conducting the said research work; the current conclusion is vague, and the authors must revise it.
8—The figures in the paper are fixed unprofessionally. The researchers must fix at least 300 DPI screenshots in the article so that the reader can get an idea from their work.
9—References 22 and 34 are irrelevant; replace
Author Response
Response to Reviewers’ Comments
We would like to thank all the reviewers for making valuable suggestions to improve the manuscript. Below, we provide detailed responses to the comments from each individual reviewer. All major changes required are highlighted in blue font. All the page numbers stated are in accordance with the new pdf submitted.
Reviewer #2 Questions:
- The introduction is not written professionally.
Response: We thank the reviewer for the comment we have changed the introduction section to describe directly what has our study contributed and its written professionally now with additional information.
In particular, we have underlined our combined usage of static and dynamic techniques in Docker vulnerability analysis as well as the new integration between AWS IoT Core, CloudWatch and Guard Duty to provide reinforcement for IoT security.
In this research article we have also highlighted IoT security concerns related to cyberattacks and brute force attacks on IoT devices. We discussed security concerns on both platforms such as AWS IoT Core CloudWatch and Guard Duty.
Did a detailed analysis on vulnerabilities associated with Docker Images, configs etc within the micro-services environment, and provided assessment methods using tools like Trivy and Falco which organizations can adopt to solve the high arching issues.
The new introduction provides a full motivation of the research, an outline of how we structured our paper and most importantly information about what was found in this study. This ought to give readers a clear sense right from the beginning.
We have introduced discussion about the areas of the topic in the introduction to give more depth. On p1 col. 1-2 and p2 col. 1
Information technology (IT) has passed through a tremendous evolution over the past few decades. From the early days of from the mainframe computers to the current era of cloud computing and artificial intelligence, IT has continuously transformed how businesses operate and how individuals interact with one another. This evolution has led to increased efficiency, productivity and connectivity in a wide array of areas, but it has also introduced new challenges, particularly in the realm of Cybersecurity.
Docker, a platform for developing, shipping, and running containers, with the ability to package applications in containers, have revolutionized software deployment and scaling. Containers allow applications to run on different computing environments in a consistent manner. From the developer's local machine to production servers, this technology has made application much easier deployed and managed but has at the same time also introduced new security considerations that need to be addressed.
The Internet of Things (IoT) refers to the network of interconnected physical devices with electronics built into software, sensors, and network connectivity can enable these things to collect and share data. IoT solutions are found in a wide variety of areas including smart homes, industrial automation, healthcare, agriculture, and urban planning. It serves the purpose of enhancing efficiency, improving decision-making through data analysis, and creating new services and experiences for users. However, the vast number of connected devices also poses huge security challenges.
To address these challenges, this study explores the use of AWS cloud security services:
- AWS IoT Core: A managed cloud service that allows connected devices to interact securely with cloud applications and other devices.
- CloudWatch: A monitoring and observability service that provides data and actionable insights for AWS, on-premises, and other cloud applications and infrastructure resources.
- GuardDuty: A threat detection service that continuously monitors AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.
- The literature review section consists of an Overview and Motivation, which are part of the introduction; the authors move and make this part of the introduction section.
Response: We appreciate this suggestion.
The Literature Review section has been kept intact as it captures the essence of the study to focus exclusively on related work, providing a more streamlined and professional presentation of existing research.
- contains some background knowledge that does not look professional; the authors should create a new section, Preliminaries & Background, by defining all the foundation topics pertaining to this research work.
Response: We appreciate this suggestion.
We have restructured Section 3 and created a new section titled "Preliminaries & Background." This new section consolidates all foundational topics relevant to Docker, Security Challenges and recent studies and development and security concerns P4, col 1-2, providing a clearer and more professional overview that supports the subsequent sections of the paper.
- Section—4 the name is wrong; the author changed it to Implementation Environment
Response: Thank you for the observation.
We have updated the title of Section 4 to "Implementation Environment - IoT" as suggested. This change better reflects the content of the section and aligns with the terminology used throughout the manuscript in P7, col 1.
- Section—5, the author simulated the proposed comprehensive security framework for bruit force attack but didn’t mention this in the abstract, introduction, or conclusion. So, they must tell the reader about this in the said sections.
Response: Thank you for pointing out the issue.
We agree with the reviewer's point and have revised the Abstract, Introduction, and Conclusion sections to include the simulation of the comprehensive security framework for brute force attacks. This addition ensures that the scope and findings of our research are fully communicated to the readers.
Abstract—In the age of fast digital transformation, Docker containers have become one of the central technologies for flexible and scalable application deployment. However, this has opened a new dimension toward challenges in security, which is skyrocketing with increased adoption. The paper will discern these challenges through a manifold approach: first, comprehensive static analysis by Trivy, and second, real-time dynamic analysis by Falco in order to uncover vulnerabilities in Docker environments pre-deployment and during runtime. One can also find similar challenges in security within the Internet of Things (IoT) sector, due to huge numbers of devices connected and immanently in WiFi networks. From simple data breaches such as brute force attacks and unauthorized access to large-scale cyberattacks against critical infrastructure, which are only a portion of the problems. In connection with this, this paper is calling for the execution of robust AWS cloud security solutions: IoT Core, CloudWatch, and GuardDuty. IoT Core provides a secure channel of communication for IoT devices, and CloudWatch offers detailed monitoring and logging. Additional security is provided by GuardDuty’s automatized threat detection system, which continuously seeks out potential threats across network traffic. Armed with these technologies, we try to build a more resilient and privacy-oriented IoT while protecting the security of our digital existence. The result is, therefore, an all-inclusive work on security in both Docker and IoT domains, which might be considered one of the most important efforts so far to strengthen the digital infrastructure against fast-evolving cyber threats. Combine with state-of-the-art methods of static and dynamic analysis for Docker security with advanced, cloud- based protection for IoT devices.
It can be found on P1, col 1
Introduction
Information technology (IT) has passed through a tremendous evolution over the past few decades. From the early days of from the mainframe computers to the current era of cloud computing and artificial intelligence, IT has continuously transformed how businesses operate and how individuals interact with one another. This evolution has led to increased efficiency, productivity and connectivity in a wide array of areas, but it has also introduced new challenges, particularly in the realm of Cybersecurity. Docker, a platform for developing, shipping, and running containers, with the ability to package applications in containers, have revolutionized software deployment and scaling. Containers allow applications to run on different computing environments in a consistent manner. From the developer’s local machine to production servers, this technology has made application much easier deployed and managed but has at the same time also introduced new security considerations that need to be addressed. The Internet of Things (IoT) refers to the network of interconnected physical devices with electronics built into software, sensors, and network connectivity can enable these things to collect and share data. IoT solutions are found in a wide variety of areas including smart homes, industrial automation, healthcare, agriculture, and urban planning. It serves the purpose of enhancing efficiency, improving decision-making through data analysis, and creating new services and experiences for users. However, the vast number of connected devices also poses huge security challenges. To address these challenges, this study explores the use of AWS cloud security services: • AWS IoT Core: Managed cloud service that allows devices to interoperate securely and safely, with cloud applications and other devices. • CloudWatch: A monitoring and observability service that gives AWS, on-premises, and other cloud applications, and infrastructure, data and actionable insights Resources. • GuardDuty: A threat detection service that continuously Keep an eye on AWS accounts and workloads to help identify malicious activity and deliver detailed security findings for visibility and remediation. The contribution of the paper is as follows i) In particular, we have underlined our combined usage of static and dynamic techniques in Docker vulnerability analysis as well as the new integration between AWS IoT Core, CloudWatch and Guard Duty to provide reinforcement for IoT security. ii) In this research article we have also highlighted IoT security concerns related to cyberattacks and brute force attacks on IoT devices. We discussed the security concerns on both platforms such as AWS IoT Core CloudWatch and Guard Duty. iii) We performed simulation and testing on AWS Core and presented the results. This remainder and the structure of this paper is as follows. Section II discusses related works. Section III reviews the security mechanisms together with managing vulnerabilities and threats in docker deployment. Section IV discusses the IoT services used in deployment and building a simulation. Section V reviews the outcomes from a brute force attack and results. Section VI discusses prospects of this study. Section VII will conclude the research paper.
It can be found on P1, col 1,2 and P2 col 1
Conclusion
In our research we investigated the security issues on Docker systems and IoT platforms, and we employed Trivy and Falco for static and ’runtime’ security checking and allowed us to make a product prototype visualising the potential vulnerabilities in the digital ecosystem, and providing a mechanism to stop attacks from escalating by blocking or terminating tainted Docker containers before they can infect the system. Our results highlight the pressing need of implementing advanced Intrusion Detection Systems (IDS) to counter the growing number of complex cyberattacks aiming at Docker platforms, which will become even more prominent in the future with the advent of IoT environments. Categorizing and overcoming these threats requires more stringent and robust security requirements for both Docker and IoT platforms. These security policies, in combination with advanced IDS, could ensure the robust security posture of the platforms. This, in turn, could better serve the emerging applications in the Internet of Things environment. But, given the pervasiveness of IoT into everyday living, the research also strongly suggests that further studies on identified security vulnerabilities are crucial. The sheer depth and scale of IoT necessitate a continued research effort into the security of IoT devices, including in security by design be incorporated into IoT devices, standardisation of protocols, privacy-enhancing technologies and its application to IoT devices, and not least, regulatory policies and government interventions. Our brute force attack simulation also showed this on a practical level: it demonstrated how essential it is to have good practices in place to prevent unauthorised access on all IoT systems, not just those involving the new generation of more powerful tools. The tools that exist today are fine, but they will need to be extended and refined to stay a step ahead of evolving threats. By investing now in research, policymaking and education, we can reduce the risks posed by IoT devices, and build a safer and more secure digital future. In conclusion, we saw that the security enhancements enabled by utilizing Docker and AWS’ tools show us a way forward toward a stronger digital infrastructure. Future work could continue in this direction by further developing a secure infrastructure or by looking for inventive new ways to protect against ever-advancing threats.
It can be found on P9, col 2
- Section—6, the researchers comprehensively mentioned future scope/future directions in bullet points. The current version looks vague.
Response: Thank you for the observation.
We have revised the Future Work section to provide more specific and detailed directions for future research. The bullet points have been expanded to clearly outline potential research avenues and improvements, making the section more informative and actionable.
The future for both Docker vulnerabilities analysis, whether static or dynamic, and the enhancement of IoT security with AWS IoT Core, CloudWatch, and GuardDuty altogether is bright. Here are a few ways things could go: • Increasing Use of AI and ML: Artificial Intelligence and Machine Learning technologies have been used for the betterment of security in IoT, which comprises devices using neural networks and decision trees. Accuracy in the detection of IoT security threats can be enhanced through these kinds of technologies. Besides, such technologies are capable of reducing the rate of false alarms and automating security processes in order to detect and respond fast enough [23]. • Advanced Tools Development: Further development of new tools and techniques to analyze Docker vulnerabilities is in process. According to some recent research, deep learning algorithms can be used for the detection and classification of vulnerabilities in Docker images. This will enhance the accuracy and efficiency of vulnerability detection greatly [24]. • Dynamic analysis improvements: Increasing the application of dynamic analysis techniques, such as fuzz testing and symbolic execution-based vulnerability detection in runtime containerized apps, will enable one to detect threats that the static analysis might miss [23]. • Edge Computing Integration: There is growing interest in how the integration between IoT security and edge computing really works. Edge computing allows offloading processing or data analysis from the center, closer to IoT devices, hence reducing latency and improving reaction time. Research shows that edge computing can also be used for security monitoring, analysis, and faster threat detection, response modes [23].
It can be found on P9, col 1
- Section—7, Conclusion, is what you have concluded while conducting the said research work; the current conclusion is vague, and the authors must revise it.
Response: Thank you for pointing out the issue.
The Conclusion section has been thoroughly revised to reflect the key findings and contributions of our research. We have ensured that it clearly summarizes the outcomes of the study, the effectiveness of the proposed methods, and their implications for future work.
In our research we investigated the security issues on Docker systems and IoT platforms, and we employed Trivy and Falco for static and ’runtime’ security checking and allowed us to make a product prototype visualising the potential vulnerabilities in the digital ecosystem, and providing a mechanism to stop attacks from escalating by blocking or terminating tainted Docker containers before they can infect the system. Our results highlight the pressing need of implementing advanced Intrusion Detection Systems (IDS) to counter the growing number of complex cyberattacks aiming at Docker platforms, which will become even more prominent in the future with the advent of IoT environments. Categorizing and overcoming these threats requires more stringent and robust security requirements for both Docker and IoT platforms. These security policies, in combination with advanced IDS, could ensure the robust security posture of the platforms. This, in turn, could better serve the emerging applications in the Internet of Things environment. But, given the pervasiveness of IoT into everyday living, the research also strongly suggests that further studies on identified security vulnerabilities are crucial. The sheer depth and scale of IoT necessitate a continued research effort into the security of IoT devices, including in security by design be incorporated into IoT devices, standardisation of protocols, privacy-enhancing technologies and its application to IoT devices, and not least, regulatory policies and government interventions. Our brute force attack simulation also showed this on a practical level: it demonstrated how essential it is to have good practices in place to prevent unauthorised access on all IoT systems, not just those involving the new generation of more powerful tools. The tools that exist today are fine, but they will need to be extended and refined to stay a step ahead of evolving threats. By investing now in research, policymaking and education, we can reduce the risks posed by IoT devices, and build a safer and more secure digital future. In conclusion, we saw that the security enhancements enabled by utilizing Docker and AWS’ tools show us a way forward toward a stronger digital infrastructure. Future work could continue in this direction by further developing a secure infrastructure or by looking for inventive new ways to protect against ever-advancing threats.
It can be found on P9, col 1 & 2
- The figures in the paper are fixed unprofessionally. The researchers must fix at least 300 DPI screenshots in the article so that the reader can get an idea from their work.
Response: Thank you for pointing out the issue.
Alignment of the images have been sorted out. Now each image defines the study of work.
- References 22 and 34 are irrelevant; replace
Response: Thank you for pointing out the issue.
Thank you for pointing this out. We don’t intend to replace references 22 as the documentation for Falco provides information regarding the product, security aspects and acts as a helping hand for implementation as well. References 34 does not exist.
Author Response File: Author Response.docx
Reviewer 3 Report
Comments and Suggestions for AuthorsGeneral Evaluation:
The paper investigates Docker vulnerabilities using static and dynamic methods and enhances IoT security through AWS IoT Core, CloudWatch, and GuardDuty. The study utilizes Trivy for static analysis and Falco for dynamic analysis to identify and address vulnerabilities in Docker environments. It aims to improve IoT security by leveraging AWS cloud security technologies, ensuring user privacy and safety in interconnected digital systems.
In addition, authors are required to consider the following comments:
Major Comments:
· Abstracts need to be extended.
· Authors are required to consider shortening and focusing the introduction to more directly set up the research question and objectives and also it is required to improve and enhance the introduction section of the paper.
· The literature review is extensive but could benefit from a more critical analysis of existing studies, highlighting specific gaps that this research aims to fill.
· The paper contains significant technical jargon that may be challenging for readers, not deeply familiar with Docker and IoT security concepts. Simplifying some explanations or providing a glossary could improve readability.
· The paper compares Docker’s security features are similar to those of traditional VMs and Kubernetes but lack in-depth analysis of specific advantages and disadvantages in different scenarios.
· The study primarily focuses on Falco for dynamic analysis. Including a broader examination of additional dynamic analysis tools could provide a more comprehensive security assessment.
· Authors are required to include additional dynamic analysis tools and compare their effectiveness with Falco to provide a broader perspective on dynamic security assessments.
· In addition, the study focuses only on one type of attack, i.e., brute force, however, the brute force attack simulation on IoT smart door locks is useful, additional types of attacks and their mitigations could be explored to provide a more comprehensive security analysis.
· Authors are required to conduct simulations of various types of attacks on IoT devices, such as DDoS attacks, data interception, and unauthorized device access, to offer a comprehensive security assessment.
·The conclusions are somewhat generalized. More specific recommendations based on different types of Docker vulnerabilities and IoT security threats could enhance the practical applicability of the findings.
· Authors are required to re-check the Figure numbers, specifically figure 6, is missing. Also, proofread the paper and then submit it.
· I recommend a major revision before reconsideration for publication.
Recommendation: A major revision is required.
Comments for author File: Comments.pdf
Proper proofreading is required.
Author Response
Response to Reviewers’ Comments
We would like to thank all the reviewers for making valuable suggestions to improve the manuscript. Below, we provide detailed responses to the comments from each individual reviewer. All major changes required are highlighted in blue font. All the page numbers stated are in accordance with the new pdf submitted.
Reviewer #3 Questions:
- Abstracts need to be extended.
Response: We appreciate the suggestion to extend the abstract.
We have revised the abstract to provide a more detailed overview of our research objectives, methodologies, and key findings. The revised abstract now better reflects the scope and contributions of the study.
Abstract—In the age of fast digital transformation, Docker containers have become one of the central technologies for flexible and scalable application deployment. However, this has opened a new dimension toward challenges in security, which is skyrocketing with increased adoption. The paper will discern these challenges through a manifold approach: first, comprehensive static analysis by Trivy, and second, real-time dynamic analysis by Falco in order to uncover vulnerabilities in Docker environments pre-deployment and during runtime. One can also find similar challenges in security within the Internet of Things (IoT) sector, due to huge numbers of devices connected and immanently in WiFi networks. From simple data breaches such as brute force attacks and unauthorized access to large-scale cyberattacks against critical infrastructure, which are only a portion of the problems. In connection with this, this paper is calling for the execution of robust AWS cloud security solutions: IoT Core, CloudWatch, and GuardDuty. IoT Core provides a secure channel of communication for IoT devices, and CloudWatch offers detailed monitoring and logging. Additional security is provided by GuardDuty’s automatized threat detection system, which continuously seeks out potential threats across network traffic. Armed with these technologies, we try to build a more resilient and privacy-oriented IoT while protecting the security of our digital existence. The result is, therefore, an all-inclusive work on security in both Docker and IoT domains, which might be considered one of the most important efforts so far to strengthen the digital infrastructure against fast-evolving cyber threats. Combine with state-of-the-art methods of static and dynamic analysis for Docker security with advanced, cloud- based protection for IoT devices.
It can be found on P1, col 1
- Authors are required to consider shortening and focusing the introduction to more directly set up the research question and objectives and also it is required to improve and enhance the introduction section of the paper.
Response: Thanks for the observation.
We have identified that providing the motivation behind this work, explaining the structure of the paper, presenting the contributions, etc is the key to the research paper, hence modified it accordingly.
Information technology (IT) has passed through a tremendous evolution over the past few decades. From the early days of from the mainframe computers to the current era of cloud computing and artificial intelligence, IT has continuously transformed how businesses operate and how individuals interact with one another. This evolution has led to increased efficiency, productivity and connectivity in a wide array of areas, but it has also introduced new challenges, particularly in the realm of Cybersecurity.
Docker, a platform for developing, shipping, and running containers, with the ability to package applications in containers, have revolutionized software deployment and scaling. Containers allow applications to run on different computing environments in a consistent manner. From the developer's local machine to production servers, this technology has made application much easier deployed and managed but has at the same time also introduced new security considerations that need to be addressed.
The Internet of Things (IoT) refers to the network of interconnected physical devices with electronics built into software, sensors, and network connectivity can enable these things to collect and share data. IoT solutions are found in a wide variety of areas including smart homes, industrial automation, healthcare, agriculture, and urban planning. It serves the purpose of enhancing efficiency, improving decision-making through data analysis, and creating new services and experiences for users. However, the vast number of connected devices also poses huge security challenges.
To address these challenges, this study explores the use of AWS cloud security services:
- AWS IoT Core: A managed cloud service that allows connected devices to interact securely with cloud applications and other devices.
- CloudWatch: A monitoring and observability service that provides data and actionable insights for AWS, on-premises, and other cloud applications and infrastructure resources.
- GuardDuty: A threat detection service that continuously monitors AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.
It can be found on P1, col 1-2 and P2 col 1
- The literature review is extensive but could benefit from a more critical analysis of existing studies, highlighting specific gaps that this research aims to fill.
Response: We appreciate this suggestion.
The Literature Review section has been kept intact as it captures the essence of the study to focus exclusively on related work, providing a more streamlined and professional presentation of existing research.
- The paper contains significant technical jargon that may be challenging for readers, not deeply familiar with Docker and IoT security concepts. Simplifying some explanations or providing a glossary could improve readability.
Response: We appreciate this suggestion.
Acknowledging that the paper contains significant technical jargon, we have revised sections to simplify complex explanations especially the implementation parts, we have put in the process flow diagrams and have explained the implementation steps in simple terms, which provides the details with much more clarity. Our major consideration was to assist readers who may not be deeply familiar with Docker and IoT security concepts, thereby improving the overall readability of the paper.
We have added process flow diagrams which can explain things with more clarity and the implementation steps have been explained in a simplified manner for all the 3 major portions, which is the static analysis using Trivy in P5, col 1, dynamic analysis using Falco in P6, col 1 and the IoT Brute force attack in P8 col 1.
Static Analysis using Trivy
- Environment Setup: Make sure that Docker and Trivy are installed on your system.
- Pull the Docker Image: Pull the docker image for analyzing using the docker commands.
- Run Trivy Scan: Run the Trivy scan on the Docker image with a command like trivy image <image-name>`. This command will prepare a detailed list of found vulnerabilities in the image.
- Results Analysis: Going through the results and classifying the vulnerabilities according to their criticality, such as critical, high, medium, fix the identified vulnerabilities, update dependencies, or change configurations.
Fig 1. Static Analysis using Trivy
Dynamic Analysis with Falco
- Install Falco: Install Falco and make sure it is set up to watch the Docker containers of interest for analysis.
- Set Up Monitoring: Configure Falco rules such that the rules define the kind of activity that you consider malicious for the specific use cases of your application. For example, you could define rules to detect any unauthorized shell access, or rules to detect unexpected network activity.
- Run the Containers: Start your Docker containers. Falco will automatically start monitoring their activity in real-time.
- Respond to Alarms: When there is an event of abnormal activity, alerts are generated by falco. This is the best way to react by looking into these alert messages ASAP, realize whether there is a real threat on them, and take necessary steps to reduce such risk.
Fig 2. Dynamic Analysis using Falco
Brute Force Attack Simulation on IoT Smart Door
Fig 3. Brute Force Attack Simulation
This is the brute force attack simulation from a smart door lock enabled by IoT, where the aim is to find out the resilience of an IoT enablement system in the case of unauthorized access trials. It systematically tries out different combinations of usernames and passwords until access is gained into the system. The use of AWS services in the simulation is going to be targeted for device management in the same way AWS IoT Core and AWS Lambda for automatic configuration of the attack script through scripting, plus AWS CloudWatch for monitoring.
Steps:
- IoT Smart Door Lock: Representing the target of the attack.
- Brute Force Attack Script: Provides additional post-exploitation modules within the C2, automated with AWS Lambda, in trying to guess credential combos.
- AWS IoT Core: Decides all operations communication and messaging between the smart door lock and the Cloud.
- AWS CloudWatch: Log every attempt and fire the alert on suspicious activities like multiple attempts of failed login.
- AWS GuardDuty: Provides threat detection that includes any anomalies related to the brute force attack.
- The paper compares Docker’s security features are similar to those of traditional VMs and Kubernetes but lack in-depth analysis of specific advantages and disadvantages in different scenarios.
Response: We appreciate this suggestion.
We have taken this into consideration for future research as they intend to deviate from the simplicity of the paper which majorly focuses on the vulnerability part (security) of Docker and the Brute force attack on IoT devices.
- The study primarily focuses on Falco for dynamic analysis. Including a broader examination of additional dynamic analysis tools could provide a more comprehensive security assessment.
Response: We appreciate this suggestion.
So we want to consider this for our further work and since bug hunting must be done dynamically (For obvious reasons we took the ‘security’ part of Docker in our paper, where causality is very simple), we just wanted to understand how the tool called Falco works – which in fact is a trending tech – which gives real time event notifications or analysis.
- Authors are required to include additional dynamic analysis tools and compare their effectiveness with Falco to provide a broader perspective on dynamic security assessments.
Response: We appreciate this suggestion.
We have considered this for future work and they will go away from the simplicity (static and dynamic analysis) of the paper in the exploration of Docker’s security part which is very important as we wanted to explore the tool Falco, and provide detail insights about it, rather than exploring other tools and deviating from the topic.
- In addition, the study focuses only on one type of attack, i.e., brute force, however, the brute force attack simulation on IoT smart door locks is useful, additional types of attacks and their mitigations could be explored to provide a more comprehensive security analysis.
Response: We appreciate this suggestion.
We have taken this into consideration for future research as they intend to deviate from the simplicity of the paper which majorly focuses on the Brute force attack on IoT devices, security challenges and concerns as well.
- Authors are required to conduct simulations of various types of attacks on IoT devices, such as DDoS attacks, data interception, and unauthorized device access, to offer a comprehensive security assessment.
Response: Thank you for the suggestion.
The suggestion to include simulations of various attacks like DDoS, data interception, and unauthorized access for a comprehensive security assessment. However, our current study focuses on Docker vulnerabilities and brute force attacks on IoT devices to maintain a clear and specific scope. We acknowledge the importance of these additional attack simulations and plan to address them in future research to provide a more holistic view of IoT security challenges.
- The conclusions are somewhat generalized. More specific recommendations based on different types of Docker vulnerabilities and IoT security threats could enhance the practical applicability of the findings.
Response: Thank you for pointing out the issue.
The Conclusion section has been thoroughly revised to reflect the key findings and contributions of our research. We have ensured that it clearly summarizes the outcomes of the study, the effectiveness of the proposed methods, and their implications for future work.
In our research we investigated the security issues on Docker systems nd IoT platforms, and we employed Trivy and Falco for static and ’runtime’ security checking and allowed us to make a product prototype visualising the potential vulnerabilities in the digital ecosystem, and providing a mechanism to stop attacks from escalating by blocking or terminating tainted Docker containers before they can infect the system. Our results highlight the pressing need of implementing advanced Intrusion Detection Systems (IDS) to counter the growing number of complex cyberattacks aiming at Docker platforms, which will become even more prominent in the future with the advent of IoT environments. Categorizing and overcoming these threats requires more stringent and robust security requirements for both Docker and IoT platforms. These security policies, in combination with advanced IDS, could ensure the robust security posture of the platforms. This, in turn, could better serve the emerging applications in the Internet of Things environment. But, given the pervasiveness of IoT into everyday living, the research also strongly suggests that further studies on identified security vulnerabilities are crucial. The sheer depth and scale of IoT necessitate a continued research effort into the security of IoT devices, including in security by design be incorporated into IoT devices, standardisation of protocols, privacy-enhancing technologies and its application to IoT devices, and not least, regulatory policies and government interventions. Our brute force attack simulation also showed this on a practical level: it demonstrated how essential it is to have good practices in place to prevent unauthorised access on all IoT systems, not just those involving the new generation of more powerful tools. The tools that exist today are fine, but they will need to be extended and refined to stay a step ahead of evolving threats. By investing now in research, policymaking and education, we can reduce the risks posed by IoT devices, and build a safer and more secure digital future. In conclusion, we saw that the security enhancements enabled by utilizing Docker and AWS’ tools show us a way forward toward a stronger digital infrastructure. Future work could continue in this direction by further developing a secure infrastructure or by looking for inventive new ways to protect against ever-advancing threats.
It can be found on P9, col 1 & 2
- Authors are required to re-check the Figure numbers, specifically figure 6, is missing. Also, proofread the paper and then submit it.
Response: We have rechecked all figure numbers and ensured that all figures, including Figure 6, are correctly referenced in the text. The entire manuscript has been thoroughly proofread to correct any errors and ensure consistency.
Recommendation for Major Revision
Response: We have made substantial revisions in response to the reviewers’ feedback and believe that the manuscript has been significantly improved. We look forward to the reviewers’ reassessment and hope that the revised manuscript meets the expectations for publication. We hope that these revisions address all of the reviewer’s concerns. We believe that these changes have substantially improved the quality of our manuscript, and we are grateful for the constructive feedback provided.
Author Response File: Author Response.docx
Round 2
Reviewer 1 Report
Comments and Suggestions for AuthorsThe authors addressed the various comments. Therefore, the paper can be accepted.
Comments on the Quality of English LanguageNo further comments
Reviewer 2 Report
Comments and Suggestions for AuthorsNow, it seems that both thematic and structural unity sum up, making the work credible for publishing in IoT. The authors have successfully incorporated the suggested changes, which makes the work attractive to readers.
Reviewer 3 Report
Comments and Suggestions for AuthorsDear Authors,
Thank you for incorporating the given comments.
Good luck.