October 4-6 in Berlin, Germany
Register Now for LinuxCon+ContainerCon Europe
Back To Schedule
Tuesday, October 4 • 11:15 - 12:05
Putting the Parts Together: Building a Secure Container Platform - Matthew Garrett, CoreOS

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

General purpose operating systems have to solve many problems, and that means they make compromises. You need to be able to install, upgrade and configure individual components, which means having a large surface area vulnerable to attack. More specialised products (such as phones and Chromebooks) benefit from being able to reduce that surface area. Can we do the same with containers?

Security technologies can be overly restrictive in general purpose operating systems. This presentation covers a range of technologies that can be used unobtrusively and effectively in container-focused designs. It will describe how features like dm-verity can provide filesystem-level assurance that binaries are unmodified, how the kernel keyring can be used to provide immutable trusted key stores, how secure boot can root all of this trust in firmware and how container introspection can stop attacks.


Matthew Garrett

Staff Security Developer, Google
Matthew Garrett is a security developer at Google, working on infrastructural security for Linux desktop and mobile platforms.

Tuesday October 4, 2016 11:15 - 12:05 CEST
Schinkel II/III