Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Towards the Hardened Cloud-Native Cornerstone: Container Runtime Protection

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore container runtime protection strategies in this comprehensive conference talk. Delve into the security challenges faced by containers in cloud-native environments, examining attack vectors and existing protection mechanisms like AppArmor, SELinux, and seccomp. Discover recent advancements in kernel-aided and hardware-aided security measures, including Landlock, Core Scheduling, Memory Protection Keys, and Trusted Execution Environments. Learn about necessary adaptations to container runtime and image specifications, policy enforcement, debugging, monitoring, logging, and alerting management. Gain insights into the current state and future developments of hardened two-way sandboxes for both security and privacy in container environments.

Syllabus

Intro
Container Security Risks (Users' View)
(Extended) Container Threat Modeling
Container Attack Vectors (Attackers' View)
Container Attack Scenarios (AS)
Any Best Practice?
What Do We Have So Far?
What Else Can We Apply?
Not Enough Security Deployment!
Weaknesses (Still) Across Every Layer!
Unprivileged Sandboxing
Sandboxing Containers with Landlock
Defend Against Cross-HT Attacks
Containers with Core Scheduling
Can Hardware Assist?
An Augmented Threat Model
Secure - Confidential Containers
Gaps From A Bird's Eye View
A Further Augmented Threat Model?

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Towards the Hardened Cloud-Native Cornerstone: Container Runtime Protection

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.