Abstract
Background: Containers are a commonly used solution for deploying software applications. Therefore, container functionality and security is a concern of practitioners and researchers. Testing is essential to ensure the quality of the container environment component and the software product and plays a crucial role in using containers.
Objective: In light of the increasing role of software containers and the lack of research on testing them, we study container testing practices. In this paper, we investigate the current approaches for testing containers. Moreover, we aim to identify areas for improvement and emphasize the importance of testing in securing the container environment and the final software product.
Method: We conducted a survey to collect primary data from companies implementing container testing practices and the commonly used tools in container testing. There were 14 respondents from a total of 10 different companies with experience using containers and varying work responsibilities.
Findings: The survey findings illustrate the significance of testing, the growing interest in and utilization of containers, and the emerging security and vulnerability concerns. The research reveals variations in testing approaches between companies and the lack of consensus on how testing should be carried out, with advancements primarily driven by industry practices rather than academic research.
Conclusion: In this study, we show the importance of testing software containers. It lays out the current testing approaches, challenges, and the need for standardized container testing practices. We also provide recommendations on how to develop these practices further.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
References
Siddiqui, T., Siddiqui, S., Khan, N.: Comprehensive analysis of container technology. In: 4th International Conference on Information Systems and Computer Networks (ISCON), pp. 218–223 (2019). https://doi.org/10.1109/ISCON47742.2019.9036238
Douglis, F., Nieh, J.: Microservices and containers. IEEE Internet Comput. 23(6), 5–6 (2019). https://doi.org/10.1109/MIC.2019.2955784
Shu, R., Gu, X., Enck, W.: A study of security vulnerabilities on docker hub. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 269–280 (2017). https://doi.org/10.1145/3029806.3029832
Sultan, S., Ahmad, I., Dimitriou, T.: Container security: issues, challenges, and the road ahead. IEEE Access 7, 52976–52996 (2019). https://doi.org/10.1109/ACCESS.2019.2911732
Wong, A., Chekole, E., Ochoa, M., Zhou, J.: Threat modeling and security analysis of containers: a survey. ArXiv (2021). https://doi.org/10.48550/arXiv.2111.11475
Siddiqui, S., Siddiqui, T.: Quantitative data analysis of non functional testing in container applications. In: 2021 9th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO), pp. 1–6 (2021). https://doi.org/10.1109/ICRITO51393.2021.9596457
Chen, C., Hung, M., Lai, K., Lin, Y.: Docker and Kubernetes. In: Industry 4.1: Intelligent Manufacturing with Zero Defects, pp. 169–213 (2022). https://doi.org/10.1002/9781119739920.ch5
Jamshidi, P., Pahl, C., Mendonça, N., Lewis, J., Tilkov, S.: Microservices: the journey so far and challenges ahead. IEEE Softw. 35(3), 24–35 (2018). https://doi.org/10.1109/MS.2018.2141039
Liu, P., et al.: Understanding the security risks of docker hub. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020. LNCS, vol. 12308, pp. 257–276. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58951-6_13
Gummaraju, J., Desikan, T., Turner, Y.: Over 30 percent of official images in docker hub contain high priority security vulnerabilities (2015). https://www.banyansecurity.io/blog/over-30-of-official-images-in-docker-hub-contain-high-priority-security-vulnerabilities/. Accessed 20 June 2023
Kwon, S., Lee, J.: DIVDS: docker image vulnerability diagnostic system. IEEE Access 8, 42666–42673 (2020). https://doi.org/10.1109/ACCESS.2020.2976874
Lin, X., Lei, L., Wang, Y., Jing, J., Sun, K., Zhou, Q.: A measurement study on linux container security: attacks and countermeasures. In Proceedings of the 34th Annual Computer Security Applications Conference, pp. 418–429 (2018). https://doi.org/10.1145/3274694.3274720
Wan, Z., Lo, D., Xia, X., Cai, L.: Practical and effective sandboxing for Linux containers. Empir. Softwa. Eng. 24(6), 4034–4070 (2019). https://doi.org/10.1007/s10664-019-09737-2
Lin, Y., Tunde-Onadele, O., Gu, X.: CDL: classified distributed learning for detecting security attacks in containerized applications. In Annual Computer Security Applications Conference, pp. 179–188 (2020). https://doi.org/10.1145/3427228.3427236
Kang, D., Fuller, D., Honavar, V.: Learning classifiers for misuse and anomaly detection using a bag of system calls representation. In Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, pp. 118–125 (2005). https://doi.org/10.1109/IAW.2005.1495942
Javed, O., Toor, S.: Understanding the quality of container security vulnerability detection tools (2021). https://doi.org/10.48550/arXiv.2101.03844
Efe, A., Aslan, U., Kara, A.: Securing vulnerabilities in docker images. Int. J. Innov. Eng. Appl. 4(1), 31–39 (2020). https://doi.org/10.46460/ijiea.617181
Chen, L., et al.: SEAF: a scalable, efficient, and application-independent framework for container security detection. J. Inf. Secur. Appl. 71, 103351 (2021). https://doi.org/10.1016/j.jisa.2022.103351
Syed, M., Fernandez, E.: The secure container manager pattern. In: PLoP 2018. The Hillside Group, Portland (2020). https://dl.acm.org/doi/10.5555/3373669.3373676
Abhishek, M., Rajeswara Rao, D.: Framework to secure docker containers. In: 2021 Fifth World Conference on Smart Trends in Systems Security and Sustainability, pp. 152–156 (2021). https://doi.org/10.1109/WorldS451998.2021.9514041
Jolak, R., et al.: CONSERVE: a framework for the selection of techniques for monitoring containers security. J. Syst. Softw. 186, 111158 (2021). https://doi.org/10.1016/j.jss.2021.111158
Siddiqui, S., Siddiqui, T.: Non-functional testing framework for container-based applications. Indian J. Sci. Technol. 14(47), 343–344 (2021). https://doi.org/10.17485/IJST/v14i47.1909
Siddiqui, T., Ahmad, R.: A review on software testing approaches for cloud applications. Recent Trends Eng. Mater. Sci. Perspect. Sci. 8, 689–691 (2016). https://doi.org/10.1016/j.pisc.2016.06.060
Molléri, J., Petersen, K., Mendes, E.: Survey guidelines in software engineering: an annotated review. In: Proceedings of the 10th ACM/IEEE ESEM, Article 58 (2016). https://doi.org/10.1145/2961111.2962619
Ralph, P., et al.: Empirical standards for software engineering research. In: ACM SIGSOFT Empirical Standards (2020). https://doi.org/10.48550/arXiv.2010.03525
Acknowledgement
The research was conducted as part of the Containers as the Quantum Leap in Software Development (QLeap) project, involving the University of Jyväskylä and various industry partners.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Timonen, S., Sroor, M., Mohanani, R., Mikkonen, T. (2024). Anomaly Detection Through Container Testing: A Survey of Company Practices. In: Kadgien, R., Jedlitschka, A., Janes, A., Lenarduzzi, V., Li, X. (eds) Product-Focused Software Process Improvement. PROFES 2023. Lecture Notes in Computer Science, vol 14483. Springer, Cham. https://doi.org/10.1007/978-3-031-49266-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-031-49266-2_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-49265-5
Online ISBN: 978-3-031-49266-2
eBook Packages: Computer ScienceComputer Science (R0)