Operator Security Risks
Malicious AVS
-
Guest container breaking into host machine:
- Kernel Exploits: Containers share the same kernel as the host. If there are vulnerabilities in the kernel, a container might exploit them to gain elevated privileges on the host.
- Escape to Host: There have been vulnerabilities in the past that allowed processes within a container to escape and get access to the host. This is especially dangerous if containers are run with elevated privileges.
- Inter-container Attacks: If one container is compromised, an attacker might try to move laterally to other containers on the same host.
-
Access to the host’s network. Because containers run in a home stakers environment, they have access to a home network or a k8s environment.
-
Malware in the container or via a supply chain attack or AVS is malicious.
AVS Implementation and Deployment Bugs
- Running outdated software.
- Misconfigured ports and services open to the internet.
- Running containers with elevated privileges.
What can operators do to mitigate malicious AVS risks?
Operator Best Practices
- Regularly update and patch containers and the host system.
- Don't share your keys between AVSs / ETH validator. Refer to key management section.
- Monitor container runtime (logs) behavior for any suspicious activities and setup alerts as relevant.
- Do not run containers with privileged flag.It can give them almost unrestricted access to the host.
- Limit Resources to a container so it doesn’t take down the cluster / node
- Data Theft: Do not mount entire volumes into containers to prevent data leak, container escapes etc.
- Follow Network Access / Least privilege principles in your organization to reduce attack surface
Infrastructure
General
- Only allow Network traffic to ports / from whitelisted ip's required by the AVS.
- Do not expose critical services like ssh to the internet.
- Configure your firewall with a DENY ALL approach and explicitly allow traffic that is required.
Docker Infra
- Network Segmentation: Use Docker's network policies to segment containers and limit inter-container communication.
- Regular Audits: audit and monitor container activities using tools like - Docker Bench for Security or Clair.
- Isolation
- Through VMs: lightweight VMs (like Kata Containers or gVisor) combine container - flexibility with VM isolation.
- User namespaces, seccomp, AppArmor, and SELinux etc can help further restrict the container.
K8’s Infra
- Network Segmentation: Limit the services your AVSs can talk to. Follow least privilege principles via Kubernetes Documentation Network Policies.
Incident Response Plan:
- Have a plan in place for how to respond if a container is compromised. This includes isolating affected containers, analyzing, and restoring services.
- Regular Backups: Regularly backup your data and configurations to recover from any malicious changes.
- Stay Updated: Always keep an eye on Docker's official documentation, security advisories, and community forums for the latest best practices and updates.