DEVELOPMENT OF A METHOD FOR SELECTING AN IDP PROVIDER FOR INTEGRATION WITH DOCKER

Abstract

The paper investigates the problem of ensuring the security of the container build process in the Docker environment by
selecting the optimal identity provider (IdP). The main goal was to form a method for selecting an IdP that can prevent
unauthorized operations during the build and deployment of containers. To identify key risks, the Security Threat Oriented
Requirements Engineering (STORE) approach was used, which made it possible to identify threats caused by developer errors,
the use of unreliable or compromised build agents, as well as the possibility of unauthorized build initiation. Based on the
analysis of these threats, the requirements for the IdP were formulated: support for multi-factor authentication, the use of shortterm and revocable tokens, flexible access control models, integration with CI/CD processes and Kubernetes, as well as
centralized auditing and mapping of claims to authorization policies. As a result of the research, a method for selecting an identity management system provider (IdP) for integration into the Docker builder environment in order to prevent unauthorized
operations. Based on the analysis of threats identified within the Security Threat Oriented Requirements Engineering (STORE)
approach, a system of criteria and weights was built that reflect the impact of each aspect of the IdP on eliminating risks
associated with uncontrolled actions of developers, assembly agents, and compromise of secrets. A comparative analysis of
identity providers identified the most suitable IDP providers that provide the necessary flexibility and level of security.
Keywords: Single Sign-On, Docker, DevOps security, STORE, access control, information protection.

References
1. R. S. Sandhu, E. J. Coyne, F. L. Hal та C. E. Youmank. Role-Based Access Control Models // IEEE Computer,
pp. 38-74, 1996.
2. J. Glöckler, J. Sedlmeir, M. Frank та G. Fridgen. A Systematic Review of Identity and Access Management
Requirements in Enterprises and Potential Contributions // Business & Information Systems Engineering, pp. 421-440,
2023.
3. V. Radha та D. Sahitha. A Survey on Single Sign-On Techniques // Procedia Technology, pp. 134-139, 2012.
4. A. Zineddine, Y. Belfaik, A. Rehaimi, Y. Sadqi та S. Safi. Single Sign-On Security and Privacy: A Systematic
Literature Review // Computers, Materials & Continua, pp. 4019-4054, 2025.
5. R. R, S. Mathi, S. G та S. M. An Empirical Investigation of Docker Sockets for Privilege Escalation and
Defensive Strategies // 5th International Conference on Innovative Data Communication Technologies and Application,
Coimbatore, 2024.
6. H. M. Kiran та Z. Ali. Requirement Elicitation Techniques for Open-Source Systems: A Review // International
Journal of Advanced Computer Science and Applications, т. 9, № 1, pp. 330-334, 2018.
7. J. Elijah, A. Mishra, M. Chukwu Udo, A. Abdulganiyu та A. Musa Aibinu. Survey on Requirement Elicitation
Techniques: It’s Effect on Software Engineering // International Journal of Innovative Research in Computer and
Communication Engineering, pp. 9201-9215, 2017.
8. C. Pacheco, I. García та M. Reyes. Requirements elicitation techniques: asystematic literature review based on
thematurity of the techniques // IET Software, pp. 365-378, 2018.
9. A. Van Lamsweerde. Goal-Oriented Requirements Engineering: A Guided Tour // EEE International
Requirements Engineering Conference (RE), Toronto, 2001.
10. T. Jamal Ansari, D. Pandey та M. Alenezi. STORE: Security Threat Oriented Requirements Engineering //
Journal of King Saud University – Computer and Information Sciences, pp. 1210-1211, 2020.
11. R. M. X. WuI, Y. Wang, N. Shafiabady, H. Zhang, W. Yan, J. Gou, Y. Shi, B. Liu, E. Gide, C. Kang, Z. Zhang,
B. Shen, X. Li, J. Fan, X. He, J. Soar, H. Zhao, L. Sun, W. Huo та Y. Wang. Using multi-focus group method as an
effective tool for eliciting business system requirements: Verified by a case study // PLOS ONE, т. 3, № 18, pp. 1-16,
2023.