This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
For More Information or to Register, Click Here
View analytic
Monday, October 5 • 10:30 - 11:20
What Does Container Security Actually Look Like? - Matthew Garrett, CoreOS

Sign up or log in to save this to your schedule and see who's attending!

Containers are used for a range of deployment scenarios, from low-cost VM substitutes to easier application deployment and all the way up to resource-efficient large-scale clusters. But this flexibility comes at a cost - containers share an underlying kernel, leaving a larger attack surface.

Various technical approaches exist to mitigate this limitation, including seccomp (reducing the number of system calls available), svirt (using SELinux to isolate containers) and Intel's clear containers (using very light weight VMs as a substitute for traditional containers). But which should be used, and when? And are these the full story?

This presentation will discuss the risks associated with containers, how seriously they need to be taken and which approaches are most worthwhile in avoiding them.


Matthew Garrett

Principal Security Developer, CoreOS
Matthew Garrett is a security developer at CoreOS, developing technologies to improve the security of containers and the systems that run them. He has a background in firmware integration, power management and fruitfly genetics and so has atypical ideas about system complexity and the ease of reverse engineering. He is a board member of the Free Software Foundation and passionate defender of user freedoms

Monday October 5, 2015 10:30 - 11:20

Attendees (126)