Explore a conference talk on Nabla Containers, a novel approach to container isolation presented by Brandon Lum and Ricardo Koller from IBM. Delve into the security concerns surrounding horizontal attacks in cloud environments and learn how Nabla Containers address these issues by leveraging library OS/unikernel techniques to reduce the attack surface on host kernels. Discover how this innovative solution allows popular applications like Node.js, Python, and Redis to run with only 9 syscalls via seccomp. Compare Nabla Containers' isolation and performance metrics against other technologies such as gVisor and Kata Containers. Gain insights into how this technology could potentially revolutionize container security and isolation in container-native cloud environments.
Nabla Containers - A New Approach to Container Isolation
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Nabla Containers: A New Approach to Container Isolation - Brandon Lum & Ricardo Koller, IBM
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Kata Containers + Cloud-Hypervisor - Virtualization for Cloud Native
-
Confidential Containers: The Next Episode in Workload Isolation
-
Living in a Secure Container Down by the River
-
Container Isolation via Virtualization - Don't Forget to Shrink the Guest
-
The COW - Container On Windows Who Escaped the Silo
-
Experience with Hard Multi-Tenancy in Kubernetes Using Kata Containers
