This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, October 29 • 1:50pm - 2:30pm
Unraveling Docker Security: Lessons From a Production Cloud

Sign up or log in to save this to your schedule and see who's attending!

Whether you are integrating Docker containers into an existing cloud, or building out a multi-tenant cloud implementation using Docker, it can be a significant challenge to ensure proper security is in place. In this session, we will unravel various threads of security topics that all come together to provide properly configured security and isolation for Docker containers. Many of our findings are based on our experience in building and securing the IBM Container service based on Docker technology on top of an OpenStack IaaS. Topics include: 
  • Usage and threat model
  • Implications of sharing the kernel with the host
  • How user namespaces provide isolation from the root user on host
  • Docker engine configuration for security and limitations for preventing forkbomb, filebomb, DOS
  • Security features and issues for Docker registry
  • Docker API and lack of multi-tenancy capabilities

avatar for Salman Baset

Salman Baset

Research Staff Member
| Salman Baset is working as a Research Staff Member at IBM T. J. Watson Research Center. He received a PhD in Computer Science from Columbia University. His recent work at IBM has been focused on Docker security and designing, building, and securing IBM Containers. Presently, he also serves as the chair of SPEC OSG cloud benchmarking sub-committee, which is working on standardizing a cloud benchmark. He is a recipient of Young Scholars Award by... Read More →

Stefan Berger

Senior Technical Staff Member
Stefan Berger is a Senior Technical Staff Member at the IBM T.J. Watson Research Center in Yorktowm Heights, NY. He works on cloud and virtualization security and application of Trusted Computing technologies to those. Stefan has contributed to various open source projects, including QEMU, libvirt, as well as Linux. He received a diploma in EE from Universitaet Erlangen-Nuernberg.
avatar for Phil Estes

Phil Estes

Senior Technical Staff Member, IBM Cloud Open Technologies
Phil is a Senior Technical Staff Member with the IBM Cloud Open Technologies team. Phil is a core contributor and maintainer on the Docker engine project and is a leader and expert within IBM on container and cloud open source technologies. Phil has an active role helping both IBM product teams and IBM's customers understand and apply container technology and concepts to their cloud strategy and implementation. Phil also is a regular speaker at... Read More →

Thursday October 29, 2015 1:50pm - 2:30pm