Explore the architecture, platforms, and security boundaries of gVisor, an application kernel written in Go that implements Linux system call interface, in this 21-minute conference talk. Gain insights into how gVisor provides an additional isolation layer between applications and host operating systems, understand its threat model, and learn about Google's continuous security approach. Examine real-world case studies of discovered vulnerabilities and their exploitability analysis to better comprehend container security implications.
Overview
Syllabus
gVisor The Future of Container Security - Andy Nguyen
Taught by
fwd:cloudsec
Related Courses
-
![CNCF [Cloud Native Computing Foundation]](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Flogos%2Finstitutions%2Fcncf-cloud-native-computing-foundation-hz.png?auto=format&blur=200&h=40&ixlib=php-4.1.0&px=16&s=39a7386e89fe41aff1e1aa4e9df07aa2)
gVisor and Falco - Strengthening Kubernetes and Container Security with Visibility
-
Running Untrusted Code with gVisor - Container Security and Sandboxing
-
5 Years of Providing Root Shells - Security Challenges in Container Services
-
BlackBox - A Container Security Monitor for Protecting Containers on Untrusted Operating Systems
-
Introducing LinuxKit: Container OS and Security Features
-
Improving Container Security with System Call Interception
![CNCF [Cloud Native Computing Foundation]](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Flogos%2Finstitutions%2Fcncf-cloud-native-computing-foundation-hz.png?auto=format&h=40&ixlib=php-4.1.0&s=41ac519a3d7def6c705637a8ae3c06c4){kind=small}
