LUCID DATASET

Citation Author(s):
MD SADUN
HAQ
University Of Texas At San Antonio
ALI SAMAN
TOSUN
University Of North Carolina At Pembroke
TURGAY
KORKMAZ
University Of Texas At San Antonio
Submitted by:
MD SADUN HAQ
Last updated:
Thu, 07/18/2024 - 00:31
DOI:
10.21227/0zxn-dq73
Data Format:
License:
0
0 ratings - Please login to submit your rating.

Abstract 

Containerization has emerged as a revolutionary technology in the software development and deployment industry. Containers offer a portable and lightweight solution that allows for packaging applications and their dependencies systematically and efficiently. In addition, containers offer faster deployment and near-native performance with isolation and security drawbacks compared to Virtual Machines. To address the security issues, scanning tools that scan containers for preexisting vulnerabilities have been developed, but they suffer from false positives. Moreover, using different scanning tools to scan the same container provides different results, which leads to inconsistencies and confusion. Limited work has been done to address these issues. This paper provides a fully functional and extensible framework named LUCID that can reduce false positives and inconsistencies provided by multiple scanning tools. We use a database-centric approach and perform query-based analysis, to pinpoint the causes for inconsistencies. Our results show that our framework can reduce inconsistencies by 70%. The framework has been tested on both Intel64/AMD64 and ARM architecture. We also create a Dynamic Classification component that can successfully classify and predict the different severity levels with an accuracy of 84%. We believe this paper will raise awareness regarding security in container technologies and enable container scanning companies to improve their tool to provide better and more consistent results.

Instructions: 

The csv files contain data exported from tables that we used in our analysis.

scan_results_feb_2023_v2 file contains information regarding the vulnerability, which tool detected it, which docker image it was present in, vulnerable package and other useful information.

original_package_info file contains information regarding the packages present in a docker container.

nvd_results, ubuntu_results, and redhat_results are files that contain the vulnerabilities that are present in the docker containers, which were also given specific severities according to these vendors.

Comments

Contains dataset gathered during the experimental and development phases of LUCID framework

Submitted by MD SADUN HAQ on Wed, 03/06/2024 - 16:53