LCE-EU 2015 has ended
For More Information or to Register, Click Here
Back To Schedule
Monday, October 5 • 10:30 - 11:20
What Does Container Security Actually Look Like? - Matthew Garrett, CoreOS

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Containers are used for a range of deployment scenarios, from low-cost VM substitutes to easier application deployment and all the way up to resource-efficient large-scale clusters. But this flexibility comes at a cost - containers share an underlying kernel, leaving a larger attack surface.

Various technical approaches exist to mitigate this limitation, including seccomp (reducing the number of system calls available), svirt (using SELinux to isolate containers) and Intel's clear containers (using very light weight VMs as a substitute for traditional containers). But which should be used, and when? And are these the full story?

This presentation will discuss the risks associated with containers, how seriously they need to be taken and which approaches are most worthwhile in avoiding them.


Matthew Garrett

Staff Security Developer, Google
Matthew Garrett is a security developer at Google, working on infrastructural security for Linux desktop and mobile platforms.

Monday October 5, 2015 10:30 - 11:20 IST

Attendees (0)