Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

BlackBox - A Container Security Monitor for Protecting Containers on Untrusted Operating Systems

USENIX via YouTube

Overview

Explore a conference talk on BlackBox, a novel container architecture designed to enhance security for containerized applications without relying on the operating system. Learn about the Container Security Monitor, a small trusted computing base that creates Protected Physical Address Spaces (PPASes) for each container, preventing direct information flow between containers and the operating system. Discover how BlackBox leverages Arm hardware virtualization support to implement PPASes, supports Linux containers with minimal kernel modifications, and offers superior security guarantees compared to traditional hypervisor and container architectures. Examine the implementation details, including interposing, task identification, and application performance, while understanding how BlackBox addresses the security risks posed by large operating system codebases containing vulnerabilities.

Syllabus

Intro
Container advantages
Motivation
BlackBox
Container Security Monitor (CSM)
Protected Physical Address Space (PPAS)
Container Security Monitor - PPASes
Container Security Monitor ABI - Example
Managing PPAS Memory - Page Fault
OS Interactions - IPC
Memory Mapping lago Attacks
Implementing PPASes
Implementation - Interposing
Implementation - Task Identification
Application Performance

Taught by

USENIX

Reviews

Start your review of BlackBox - A Container Security Monitor for Protecting Containers on Untrusted Operating Systems

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.