SLIDE 1
Improving Trust in Containers Matthew Garrett @mjg59 | - - PowerPoint PPT Presentation
Improving Trust in Containers Matthew Garrett @mjg59 | - - PowerPoint PPT Presentation
Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com Containers are great Containers are resource efficient Containers make deployment easy Containers can be monitored easily Containers are secure But are
SLIDE 2
SLIDE 3
Containers are resource efficient
SLIDE 4
Containers make deployment easy
SLIDE 5
Containers can be monitored easily
SLIDE 6
Containers are secure
SLIDE 7
But are they secure enough?
SLIDE 8
Shared kernel = shared attack surface
SLIDE 9
The kernel is imperfect
SLIDE 10
The kernel will always be imperfect
SLIDE 11
What can we do about that?
SLIDE 12
What does a container vulnerability look like?
SLIDE 13
Namespace escape
SLIDE 14
LSM isolation (sVirt)
SLIDE 15
Arbitrary modification of kernel
SLIDE 16
Reduce attack surface
SLIDE 17
Seccomp
SLIDE 18
Root is too many things
SLIDE 19
Capabilities
SLIDE 20
User namespaces
SLIDE 21
Harden the kernel itself
SLIDE 22
Run virtualised containers
SLIDE 23
We can build a world where containers are secure enough
SLIDE 24
Can we go further?
SLIDE 25
TPMs
SLIDE 26
Measured boot
SLIDE 27
Integrity Measurement Architecture
SLIDE 28
All very difficult to manage
SLIDE 29
Traditional deployment patterns result in combinatorial explosions
SLIDE 30
Containers make this more manageable
SLIDE 31
Simple base OS
SLIDE 32
Containers are independently measurable
- bjects
SLIDE 33
Measure containers into the TPM log
SLIDE 34
Cryptographically verifiable audit chain
SLIDE 35
How about the future
SLIDE 36
Hybrid models
SLIDE 37
Introspection
SLIDE 38