Loading…
View analytic
Thursday, October 29 • 1:50pm - 2:30pm
Unraveling Docker Security: Lessons From a Production Cloud

Sign up or log in to save this to your schedule and see who's attending!

Whether you are integrating Docker containers into an existing cloud, or building out a multi-tenant cloud implementation using Docker, it can be a significant challenge to ensure proper security is in place. In this session, we will unravel various threads of security topics that all come together to provide properly configured security and isolation for Docker containers. Many of our findings are based on our experience in building and securing the IBM Container service based on Docker technology on top of an OpenStack IaaS. Topics include: 
  • Usage and threat model
  • Implications of sharing the kernel with the host
  • How user namespaces provide isolation from the root user on host
  • Docker engine configuration for security and limitations for preventing forkbomb, filebomb, DOS
  • Security features and issues for Docker registry
  • Docker API and lack of multi-tenancy capabilities


Speakers
avatar for Salman Baset

Salman Baset

Research Staff Member
| Salman Baset is working as a Research Staff Member at IBM T. J. Watson Research Center. He received a PhD in Computer Science from Columbia University. His recent work at IBM has been focused on Docker security and designing, building, and securing IBM Containers. Presently, he... Read More →
SB

Stefan Berger

Senior Technical Staff Member
Stefan Berger is a Senior Technical Staff Member at the IBM T.J. Watson Research Center in Yorktowm Heights, NY. He works on cloud and virtualization security and application of Trusted Computing technologies to those. Stefan has contributed to various open source projects, including... Read More →
avatar for Phil Estes

Phil Estes

Distinguished Engineer & CTO, Container Architecture Strategy, IBM Cloud
Phil is a Distinguished Engineer and CTO, leading Linux OS and Container Architecture Strategy for the IBM Watson & Cloud Platform organization. Phil is a core contributor and maintainer on the Docker engine project where he has contributed key features like user namespace support... Read More →


Thursday October 29, 2015 1:50pm - 2:30pm
Kougyoku

Attendees (0)