2. Reflections on trusting Docker: Invisible Malware in continuous integration systems
print

Reflections on trusting Docker: Invisible Malware in continuous integration systems

Moriconi, Florent; Neergaard, Axel; Georget, Lucas; Aubertin, Samuel; Francillon, Aurélien
THCon 2023, Toulouse Hacking Convention, 20-21 April 2023, Toulouse, France

Revisiting the famous compiler backdoor from Ken Thompson, we show that a container-based Continuous Integration system can be compromised without leaving any trace in the source code. Detecting such malware is challenging or even impossible with common practices such as peer review or static code analysis. We detail multiple ways to do the initial infection process such as malicious commit or dependencies confusion. Finally, we show that the malicious code is able to backdoor production images and to reinject itself on CI system updates to allow long-term compromise.


Detail
HAL
BIBTEX
Type:
Talk
City:
Toulouse
Date:
2023-04-20
Department:
Sécurité numérique
Eurecom Ref:
7547
Copyright:
© EURECOM. Personal use of this material is permitted. The definitive version of this paper was published in THCon 2023, Toulouse Hacking Convention, 20-21 April 2023, Toulouse, France and is available at :
See also:
MORICONI Florent
FRANCILLON Aurélien
PERMALINK : https://www.eurecom.fr/publication/7547