gh0stEdit: Exploiting Layer-Based Access Vulnerability Within Docker Container Images

📅 2025-06-09
📈 Citations: 0
Influential: 0
📄 PDF

career value

170K/year
🤖 AI Summary
This work uncovers a deep trust vulnerability in Docker’s image layering mechanism: attackers can stealthily modify the filesystem contents of cryptographically signed images without altering the image history, layer structure, or Docker Content Trust (DCT) signatures—nor triggering static or dynamic security scanners. The flaw stems from the decoupling between image metadata and underlying filesystem access permissions, enabling “invisible edits.” The authors are the first to systematically identify, characterize, and exploit this vulnerability. They develop a proof-of-concept (PoC) toolchain leveraging layered storage reverse engineering, manual tar archive reconstruction, and DCT signature validation bypass techniques. Experiments demonstrate successful, undetectable malicious injection into production-signed images across real-world scenarios, evading detection by mainstream container security scanners. These findings fundamentally challenge the integrity guarantees and trust assumptions underpinning current container image distribution models, motivating the design of novel defense mechanisms resilient to metadata–filesystem privilege separation.

Technology Category

Application Category

📝 Abstract
Containerisation is a popular deployment process for application-level virtualisation using a layer-based approach. Docker is a leading provider of containerisation, and through the Docker Hub, users can supply Docker images for sharing and re-purposing popular software application containers. Using a combination of in-built inspection commands, publicly displayed image layer content, and static image scanning, Docker images are designed to ensure end users can clearly assess the content of the image before running them. In this paper we present extbf{ extit{gh0stEdit}}, a vulnerability that fundamentally undermines the integrity of Docker images and subverts the assumed trust and transparency they utilise. The use of gh0stEdit allows an attacker to maliciously edit Docker images, in a way that is not shown within the image history, hierarchy or commands. This attack can also be carried out against signed images (Docker Content Trust) without invalidating the image signature. We present two use case studies for this vulnerability, and showcase how gh0stEdit is able to poison an image in a way that is not picked up through static or dynamic scanning tools. Our attack case studies highlight the issues in the current approach to Docker image security and trust, and expose an attack method which could potentially be exploited in the wild without being detected. To the best of our knowledge we are the first to provide detailed discussion on the exploit of this vulnerability.
Problem

Research questions and friction points this paper is trying to address.

Exploiting Docker layer access to hide malicious edits
Undermining Docker image integrity and trust transparency
Bypassing static and dynamic scanning in signed images
Innovation

Methods, ideas, or system contributions that make the work stand out.

Exploits layer-based access in Docker images
Edits images undetectably in history or scans
Bypasses Docker Content Trust signature checks
🔎 Similar Papers