{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T19:55:51Z","timestamp":1774382151297,"version":"3.50.1"},"publisher-location":"Cham","reference-count":39,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030589509","type":"print"},{"value":"9783030589516","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-58951-6_13","type":"book-chapter","created":{"date-parts":[[2020,9,11]],"date-time":"2020-09-11T09:07:40Z","timestamp":1599815260000},"page":"257-276","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":33,"title":["Understanding the Security Risks of Docker Hub"],"prefix":"10.1007","author":[{"given":"Peiyu","family":"Liu","sequence":"first","affiliation":[]},{"given":"Shouling","family":"Ji","sequence":"additional","affiliation":[]},{"given":"Lirong","family":"Fu","sequence":"additional","affiliation":[]},{"given":"Kangjie","family":"Lu","sequence":"additional","affiliation":[]},{"given":"Xuhong","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Wei-Han","family":"Lee","sequence":"additional","affiliation":[]},{"given":"Tao","family":"Lu","sequence":"additional","affiliation":[]},{"given":"Wenzhi","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Raheem","family":"Beyah","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,9,12]]},"reference":[{"key":"13_CR1","unstructured":"Amazon Elastic Container Servicen, August 2019. https:\/\/aws.amazon.com\/getting-started\/tutorials\/deploy-docker-containers"},{"key":"13_CR2","unstructured":"Anchore, August 2019., https:\/\/anchore.com\/engine\/"},{"key":"13_CR3","unstructured":"API to get Top Docker Hub images, August 2019. https:\/\/stackoverflow.com\/questions\/38070798\/where-is-the-new-docker-hub-api-documentation"},{"key":"13_CR4","unstructured":"Docker, August 2019. https:\/\/www.docker.com\/resources\/what-container"},{"key":"13_CR5","unstructured":"Docker Hub Documents, August 2019. https:\/\/docs.docker.com\/glossary\/?term=Docker%20Hub"},{"key":"13_CR6","unstructured":"Docker Security Best-Practices, August 2019. https:\/\/dev.to\/petermbenjamin\/docker-security-best-practices-45ih"},{"key":"13_CR7","unstructured":"FFmpeg, August 2019. http:\/\/ffmpeg.org"},{"key":"13_CR8","unstructured":"Malicious Docker Containers Earn Cryptomining Criminals \\$90K, August 2019. https:\/\/kromtech.com\/blog\/security-center\/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers"},{"key":"13_CR9","unstructured":"Running Docker in Production, August 2019. https:\/\/ghost.kontena.io\/docker-in-production-good-bad-ugly"},{"key":"13_CR10","unstructured":"strings(1) - Linux man page, August 2019. https:\/\/linux.die.net\/man\/1\/strings"},{"key":"13_CR11","unstructured":"Virustotal Api, August 2019. https:\/\/pypi.org\/project\/virustotal-api\/"},{"key":"13_CR12","unstructured":"Vulnerability Metrics, August 2019. https:\/\/nvd.nist.gov\/vuln-metrics\/cvss"},{"key":"13_CR13","unstructured":"Understanding the Security Risks of Docker Hub, July 2020. https:\/\/github.com\/decentL\/Understanding-the-Security-Risks-of-Docker-Hub"},{"key":"13_CR14","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: effective and explainable detection of Android malware in your pocket. In: NDSS, vol. 14, pp. 23\u201326 (2014)","DOI":"10.14722\/ndss.2014.23247"},{"key":"13_CR15","doi-asserted-by":"crossref","unstructured":"Bugiel, S., N\u00fcrnberger, S., P\u00f6ppelmann, T., Sadeghi, A.R., Schneider, T.: Amazonia: when elasticity snaps back. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 389\u2013400. ACM (2011)","DOI":"10.1145\/2046707.2046753"},{"issue":"5","key":"13_CR16","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1109\/MCC.2016.100","volume":"3","author":"T Combe","year":"2016","unstructured":"Combe, T., Martin, A., Di Pietro, R.: To docker or not to docker: a security perspective. IEEE Cloud Comput. 3(5), 54\u201362 (2016)","journal-title":"IEEE Cloud Comput."},{"key":"13_CR17","doi-asserted-by":"crossref","unstructured":"Cozzi, E., Graziano, M., Fratantonio, Y., Balzarotti, D.: Understanding Linux malware. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 161\u2013175. IEEE (2018)","DOI":"10.1109\/SP.2018.00054"},{"key":"13_CR18","doi-asserted-by":"crossref","unstructured":"Duan, R., et al.: Automating patching of vulnerable open-source software versions in application binaries. In: NDSS (2019)","DOI":"10.14722\/ndss.2019.23126"},{"key":"13_CR19","doi-asserted-by":"crossref","unstructured":"Gao, X., Gu, Z., Kayaalp, M., Pendarakis, D., Wang, H.: ContainerLeaks: emerging security threats of information leakages in container clouds. In: 2017 47th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 237\u2013248. IEEE (2017)","DOI":"10.1109\/DSN.2017.49"},{"key":"13_CR20","doi-asserted-by":"crossref","unstructured":"Gorla, A., Tavecchia, I., Gross, F., Zeller, A.: Checking app behavior against app descriptions. In: Proceedings of the 36th International Conference on Software Engineering, pp. 1025\u20131035. ACM (2014)","DOI":"10.1145\/2568225.2568276"},{"issue":"6","key":"13_CR21","doi-asserted-by":"publisher","first-page":"931","DOI":"10.1109\/TDSC.2017.2762673","volume":"15","author":"P He","year":"2017","unstructured":"He, P., Zhu, J., He, S., Li, J., Lyu, M.R.: Towards automated log parsing for large-scale log data analysis. IEEE Trans. Dependable Secure Comput. 15(6), 931\u2013944 (2017)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"13_CR22","doi-asserted-by":"crossref","unstructured":"Kotzias, P., Matic, S., Rivera, R., Caballero, J.: Certified PUP: abuse in authenticode code signing. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 465\u2013478 (2015)","DOI":"10.1145\/2810103.2813665"},{"key":"13_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1007\/978-3-319-94289-6_8","volume-title":"Web Services \u2013 ICWS 2018","author":"B Tak","year":"2018","unstructured":"Tak, B., Kim, H., Suneja, S., Isci, C., Kudva, P.: Security analysis of container images using cloud analytics framework. In: Jin, H., Wang, Q., Zhang, L.-J. (eds.) ICWS 2018. LNCS, vol. 10966, pp. 116\u2013133. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-94289-6_8"},{"key":"13_CR24","doi-asserted-by":"crossref","unstructured":"Lin, X., Lei, L., Wang, Y., Jing, J., Sun, K., Zhou, Q.: A measurement study on Linux container security: attacks and countermeasures. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 418\u2013429. ACM (2018)","DOI":"10.1145\/3274694.3274720"},{"issue":"6","key":"13_CR25","doi-asserted-by":"publisher","first-page":"1016","DOI":"10.1109\/TDSC.2016.2642191","volume":"15","author":"B Liu","year":"2016","unstructured":"Liu, B., Zhou, W., Gao, L., Zhou, H., Luan, T.H., Wen, S.: Malware propagations in wireless ad hoc networks. IEEE Trans. Dependable Secure Comput. 15(6), 1016\u20131026 (2016)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"13_CR26","doi-asserted-by":"crossref","unstructured":"Loukidis-Andreou, F., Giannakopoulos, I., Doka, K., Koziris, N.: Docker-Sec: a fully automated container security enhancement mechanism. In: 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS), pp. 1561\u20131564. IEEE (2018)","DOI":"10.1109\/ICDCS.2018.00169"},{"key":"13_CR27","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1016\/j.comcom.2018.03.011","volume":"122","author":"A Martin","year":"2018","unstructured":"Martin, A., Raponi, S., Combe, T., Di Pietro, R.: Docker ecosystem-vulnerability analysis. Comput. Commun. 122, 30\u201343 (2018)","journal-title":"Comput. Commun."},{"issue":"9","key":"13_CR28","doi-asserted-by":"publisher","first-page":"817","DOI":"10.1109\/TSE.2016.2630689","volume":"43","author":"W Martin","year":"2017","unstructured":"Martin, W., Sarro, F., Yue, J., Zhang, Y., Harman, M.: A survey of app store analysis for software engineering. IEEE Trans. Softw. Eng. 43(9), 817\u2013847 (2017)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"13_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"122","DOI":"10.1007\/978-3-319-40667-1_7","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"B Miller","year":"2016","unstructured":"Miller, B., et al.: Reviewer integration and performance measurement for malware detection. In: Caballero, J., Zurutuza, U., Rodr\u00edguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 122\u2013141. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-40667-1_7"},{"key":"13_CR30","doi-asserted-by":"crossref","unstructured":"Nguyen, D., Derr, E., Backes, M., Bugiel, S.: Short text, large effect: measuring the impact of user reviews on Android app security and privacy. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 155\u2013169. IEEE (2019)","DOI":"10.1109\/SP.2019.00012"},{"key":"13_CR31","doi-asserted-by":"crossref","unstructured":"Rastogi, V., Davidson, D., Carli, L.D., Jha, S., Mcdaniel, P.: Cimplifier: automatically debloating containers. In: Joint Meeting on Foundations of Software Engineering (2017)","DOI":"10.1145\/3106237.3106271"},{"key":"13_CR32","doi-asserted-by":"crossref","unstructured":"Ray, B., Posnett, D., Filkov, V., Devanbu, P.: A large scale study of programming languages and code quality in GitHub. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 155\u2013165. ACM (2014)","DOI":"10.1145\/2635868.2635922"},{"key":"13_CR33","doi-asserted-by":"crossref","unstructured":"Ringer, T., Grossman, D., Roesner, F.: Audacious: user-driven access control with unmodified operating systems. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 204\u2013216. ACM (2016)","DOI":"10.1145\/2976749.2978344"},{"key":"13_CR34","doi-asserted-by":"crossref","unstructured":"Shahzad, M., Shafiq, M.Z., Liu, A.X.: A large scale exploratory analysis of software vulnerability life cycles. In: 2012 34th International Conference on Software Engineering (ICSE), pp. 771\u2013781. IEEE (2012)","DOI":"10.1109\/ICSE.2012.6227141"},{"key":"13_CR35","doi-asserted-by":"crossref","unstructured":"Shalev, N., Keidar, I., Weinsberg, Y., Moatti, Y., Ben-Yehuda, E.: WatchIT: who watches your IT guy? In: Proceedings of the 26th Symposium on Operating Systems Principles, pp. 515\u2013530. ACM (2017)","DOI":"10.1145\/3132747.3132752"},{"key":"13_CR36","doi-asserted-by":"crossref","unstructured":"Shu, R., Gu, X., Enck, W.: A study of security vulnerabilities on docker hub. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 269\u2013280. ACM (2017)","DOI":"10.1145\/3029806.3029832"},{"key":"13_CR37","unstructured":"Sun, Y., Safford, D., Zohar, M., Pendarakis, D., Gu, Z., Jaeger, T.: Security namespace: making Linux security frameworks available to containers. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 1423\u20131439 (2018)"},{"key":"13_CR38","doi-asserted-by":"crossref","unstructured":"Wijesekera, P., et al.: The feasibility of dynamically granted permissions: aligning mobile privacy with user preferences. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 1077\u20131093. IEEE (2017)","DOI":"10.1109\/SP.2017.51"},{"key":"13_CR39","doi-asserted-by":"crossref","unstructured":"Zerouali, A., Mens, T., Robles, G., Gonzalez-Barahona, J.M.: On the relation between outdated docker containers, severity vulnerabilities, and bugs, pp. 491\u2013501 (2019)","DOI":"10.1109\/SANER.2019.8668013"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2020"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-58951-6_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T22:02:35Z","timestamp":1757541755000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-58951-6_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030589509","9783030589516"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-58951-6_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"12 September 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guildford","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/esorics2020.sccs.surrey.ac.uk\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"366","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"72","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3,16","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9,1","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-10 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}