Explore container isolation through virtualization in this conference talk that emphasizes the importance of shrinking guest kernels. Learn about lightweight virtualization techniques for improving container runtime isolation, such as Kata containers. Discover how new VM monitors like AWS Firecracker and tools like Weaveworks Ignite have advanced lightweight virtualization. Examine the often-overlooked aspect of guest kernel optimization and its impact on performance and security. Understand the case for guest kernel specialization through kernel configuration and the challenges of applying these techniques in sandboxed container environments. Gain insights into the balance between isolation, performance, and security in modern containerized systems.
Container Isolation via Virtualization - Don't Forget to Shrink the Guest
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Container Isolation via Virtualization: Don't Forget to Shr... Dan Williams & Hsuan-Chi (Austin) Kuo
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Nabla Containers - A New Approach to Container Isolation
-
Living in a Secure Container Down by the River
-
Kata Containers + Cloud-Hypervisor - Virtualization for Cloud Native
-
ISLET - Isolated, Scalable, & Lightweight Environment for Training
-
Attacks are Forwarded - Breaking the Isolation of MicroVM-based Containers Through Operation Forwarding
-
BlackBox - A Container Security Monitor for Protecting Containers on Untrusted Operating Systems
