中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/98228
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 83776/83776 (100%)
造訪人次 : 59588352      線上人數 : 1213
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
    •  進階搜尋


    請使用永久網址來引用或連結此文件: https://ir.lib.ncu.edu.tw/handle/987654321/98228


    題名: GhostImage: A Method to Fool Container Image Vulnerability Scanners
    作者: 莊姝禎;SHU-CHEN, CHUANG
    貢獻者: 資訊工程學系
    關鍵詞: 容器安全;容器映像;靜態掃描器;繞過技術;映像安全;漏洞隱藏;Container;Docker Image;Container Security;Scanner Bypassing;Static Scanner;Container Security
    日期: 2025-07-14
    上傳時間: 2025-10-17 12:31:15 (UTC+8)
    出版者: 國立中央大學
    摘要: 隨著 DevOps 與雲端技術的普及,容器映像檔成為軟體供應鏈的
    重要環節。然而,若映像中包含已知漏洞或惡意程式,將對系統安全 構成威脅。現有映像掃描工具如 Trivy [1] 和 Docker Hub [2] Scanner 雖可進行漏洞檢測,但依賴固定 metadata 與檔案結構,存在被繞過 的風險。本研究提出多種映像檔操控技術,包含刪除 metadata、重命 名檔案及結構混淆,成功繞過主流靜態掃描器,並於實驗中證實可隱 匿漏洞映像,揭示靜態掃描技術的防護侷限,並為未來防禦機制提供 改進依據。;In the context of the widespread adoption of DevOps and cloud environments, container technology provides strong isolation and flexibility, making software development and deployment more efficient.
    A Docker Image serves as the foundation for container execution, containing an application and all its dependencies, allowing users to quickly build and deploy applications. However, if an image contains security vulnerabilities, it may pose significant risks to automated deployment environments. For instance, attackers can exploit vulnerable dependencies (CVE) or inject malicious backdoors to launch attacks on the system, potentially leading to the leakage of confidential information. This highlights the inseparable relationship between container security and image integrity.
    Currently, many organizations rely on official or third-party image scanners to assess image security and mitigate potential risks. However, our research reveals that existing scanners still have limitations—attackers can craft specially designed images to bypass scanning mechanisms, thereby introducing vulnerable dependencies into containers and creating new attack vectors.
    This study aims to explore methods for bypassing current image scanner detection mechanisms and analyze their potential impact on containerized environments, with the goal of developing more effective defense strategies.
    顯示於類別:[資訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML12檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明