Presented by

  • Aleksa Sarai

    Aleksa Sarai
    @lordcyphar
    https://www.cyphar.com/

    Aleksa Sarai is a core developer and maintainer of runc and umoci, contributor to the Open Container Initiative specifications, and a Linux kernel contributor. He works on the containers team at SUSE, maintaining various core parts of the lower levels of the containers stack and related software for both SUSE Linux Enterprise and openSUSE; he is also committed to working in the open, and is a strong proponent of Free Software.

Abstract

In the past few years, we have seen a varied array of different security vulnerabilities in container runtimes (often resulting in breakouts or other severe attacks against the host system). As a result, some members of the community have been looking into whether there are more fundamental issues at play which could help resolve some of these problems. In this talk, we will discuss what are possible problem areas for container runtime security and our attempts to solve some of these issues through both kernel-space and user-space protections -- and how some of these protections may help many other programs outside the container runtime community secure themselves against attackers.