DBCChecker: A Bigraph-Based Tool for Checking Security Properties of Container Compositions

Despite their widespread application in modern systems, container composition is often complex and error-prone. In this work, we present DBCChecker, a tool aiming to verify security properties of systems obtained by composition of containers. From the configuration of a container-based system and an abstract description of the interface behaviour of each container, the tool builds a formal model of the overall system, which can be verified in ProVerif (an automatic symbolic protocol verifier), to check that the overall system satisfies the required properties. The system can be described in a specification language capable to express at once the interfaces and connections of containers and the relevant behavioural aspects of their interfaces, called JSON Bigraph Format (JBF), and inspired by previous formal models, based on bigraphs, for containerized architectures.