Description:

Containers are becoming increasingly popular. They have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting an new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations.

In this webcast we will:

• Review the actual security risks, in particular for multi-tenant environments running arbitrary applications and code
• Discuss how to mitigate those risks
• Focus on containers as implemented by Docker and the libcontainer project, but the discussion also stands for plain containers as implemented by LXC

About Jérôme Petazzoni

Jérôme is a senior engineer at Docker, where he rotates between Ops, Support and Evangelist duties. In another life he built and operated Xen clouds when EC2 was just the name of a plane, developed a GIS to deploy fiber interconnects through the French subway, managed commando deployments of large-scale video streaming systems in bandwidth-constrained environments such as conference centers, and various other feats of technical wizardry. When annoyed, he threatens to replace things with a very small shell script. His left hand cares for the dotCloud PAAS servers, while his right hand builds cool hacks around Docker.
Twitter: @jpetazzo