Blockchain-based decentralized content trust for docker images

It is feasible to deploy Docker containers in IoT (Internet of Things) devices because their runtime overhead is almost zero. Default Docker installation does not verify an image authenticity. Authentication is vital for users to trust that the image is not malicious or tampered with. As Docker is currently a popular choice for developers, tightening its security is a priority for system administrators and DevOps engineers. Docker recently deployed Notary as a solution to verify authenticity of their images. Notary is a viable solution, but it has some potential threats. This paper specifically addresses its vulnerability towards Denial-of-Service (DoS) attacks, and propose a potential solution: blockchain-based Decentralized Docker Trust (DDT). The proposed solution involves decentralizing the trust via a blockchain. The solution greatly reduces the risk of DoS and at the same time provides a signature verification service for Docker images. We demonstrate the proposed blockchain-based solution's scalability and efficiency by conducting performance evaluation. At the same time, we also implemented a system prototype of Decentralized Docker Trust (DDT), and conducted performance evaluation for it on Amazon Web Services (AWS) across multiple data centers.