Explore the world of container security and sandboxing in this 35-minute conference talk by Ian Lewis from Google. Learn about gVisor, an open-source sandbox runtime that enhances container isolation without sacrificing the benefits of containerization. Discover various approaches to sandboxing containers, including virtual machines and unikernels, and understand their trade-offs. Dive into gVisor's unique container security model, its architecture, and how it differs from virtual machine-based sandboxes. Gain insights into use cases for sandboxing containers and witness a demonstration of a minimal serverless platform using gVisor and Kubernetes. Enhance your knowledge of container security and explore innovative solutions for running untrusted code safely in your applications.
Running Untrusted Code with gVisor - Container Security and Sandboxing
Overview
Syllabus
The Enemy Within: Running Untrusted Code with gVisor - Ian Lewis, Google
Taught by
Linux Foundation
Tags
Related Courses
-
gVisor and Falco - Strengthening Kubernetes and Container Security with Visibility
-
Accelerating AI Securely with GVisor
-
gVisor: Modern Linux Sandboxing Technology - Hack In The Box 2023
-
In a Container, Nobody Hears Your Screams - Next Generation Process Isolation
-
URUNC - A Unikernel Container Runtime for Serverless Computing
-
Experience with Hard Multi-Tenancy in Kubernetes Using Kata Containers
