Publicação
Secure Execution of Containers
| dc.contributor.author | Santos, Afonso Capela Cucharra dos | |
| dc.contributor.institution | Faculty of Sciences | |
| dc.contributor.institution | Department of Informatics | |
| dc.contributor.supervisor | Calha, Mário João Barata | |
| dc.date.accessioned | 2026-01-20T10:25:01Z | |
| dc.date.available | 2026-01-20T10:25:01Z | |
| dc.date.issued | 2025 | |
| dc.description | Trabalho de Projeto de Mestrado, Segurança Informática, 2025, Universidade de Lisboa, Faculdade de Ciências | |
| dc.description.abstract | In this work, we aim to enhance the security of the container infrastructure at ADMIN-DI by addressing vulnerabilities, misconfigurations, and exposed secrets in Dockerfiles, as well as by strengthening the security of the machines where containers are executed. To this end, the work begins with an examination of the current ADMIN-DI infrastructure, analyzing its assets together with the existing development and deployment processes. Following the introduction of key concepts in the ”Related Work” chapter, a threat model of the infrastructure is developed to identify which assets are most susceptible to different categories of attacks, using the STRIDE methodology for systematic threat identification. The probability and impact of each threat type against each asset are then evaluated on a scale from 1 to 5, and these measures are combined to assess the overall level of risk to which each asset is exposed. The chapter concludes with the proposal of security controls aimed at either preventing attacks or mitigating their potential impact. From a practical perspective, a static analysis script was developed to detect and remediate vulnerabilities in Dockerfiles, while also identifying misconfigurations and exposed secrets. The script is designed for integration into ADMIN-DI’s development and deployment pipeline. Its effectiveness was validated by testing it against intentionally vulnerable Dockerfiles. Furthermore, we present some recommendations to help shift the current DevOps culture at ADMIN-DI into a more mature DevSecOps culture, increasing the role of security in all operations. Lastly, the work concludes by outlining future steps to further strengthen the security of ADMIN-DI’s infrastructure and processes. | en |
| dc.format | application/pdf | |
| dc.identifier.tid | 204174805 | |
| dc.identifier.uri | http://hdl.handle.net/10400.5/116724 | |
| dc.language.iso | eng | |
| dc.subject | Containerization | |
| dc.subject | Threat Modeling | |
| dc.subject | Static Analysis | |
| dc.subject | CI/CD Pipeline | |
| dc.subject | DevSecOps | |
| dc.title | Secure Execution of Containers | en |
| dc.type | master thesis | |
| dspace.entity.type | Publication | |
| rcaap.rights | openAccess |
Ficheiros
Principais
1 - 1 de 1
A carregar...
- Nome:
- TM_Afonso_Santos.pdf
- Tamanho:
- 1003.19 KB
- Formato:
- Adobe Portable Document Format