Successfully reported this slideshow.
Your SlideShare is downloading. ×

DockerDay2015: Docker Security


More Related Content


DockerDay2015: Docker Security

  1. 1. Docker  Security   Thuong  Nguyen  –  Vega   Recap  From  DockerCon  US  2015  
  2. 2. Least-privilege Microservices Diogo Mónica Nathan McCauley Recap  From  DockerCon  US  2015  
  3. 3. Agenda • • • • • Why least-privilege History of least-privilege Least-privilege with Docker Ongoing and future work Conclusions Recap  From  DockerCon  US  2015  
  4. 4. “Every process must be able to access only the information and resources that are necessary for its legitimate purpose” Recap  From  DockerCon  US  2015  
  5. 5. Front-end Server Database Auth Service Recap  From  DockerCon  US  2015  
  6. 6. 1990 Internet All-in-one Recap  From  DockerCon  US  2015  
  7. 7. 2000 Internet DatabasesServicesFront-end Recap  From  DockerCon  US  2015  
  8. 8. 2010 Internet Recap  From  DockerCon  US  2015  
  9. 9. Recap  From  DockerCon  US  2015  
  10. 10. Container One Process AppA AppB AppC AppD AppE AppF libraries Docker Engine Host OS Server Recap  From  DockerCon  US  2015  
  11. 11. Today Internet Recap  From  DockerCon  US  2015  
  12. 12. ‣ A FE server has a very different security profile than a database or a worker host ‣ Imagine that each container only has access exactly to the resources and APIs it needs. No more, no less. Front-end Server Back-end Server ‣ Access to a lot of downstream services ‣ Most exposed ‣ I/ O intensive ‣ Limited network access Worker Host ‣ CPU Intensive ‣ Wide range of workloads Profiles Recap  From  DockerCon  US  2015  
  13. 13. ‣ A container is a process. Let’s find out what syscalls it needs. Process Monitoring Recap  From  DockerCon  US  2015  
  14. 14. ‣ Namespaces provide an isolated view of the system (Network, PID, etc) ‣ Cgroups limit and isolate the resource usage of a collection of processes ‣ Linux Security Modules give us a MAC (AppArmor, SELinux) Fine-grained controls Recap  From  DockerCon  US  2015  
  15. 15. Fine-grained controls ‣ Capabilities divides the privileges of root into distinct units (bind, chown, etc) ‣ Per-container ulimit (since 1.6) ‣ User-namespaces: root inside is not root outside (remapped root for 1.8) ‣ Seccomp: Individual syscall filtering (working on my laptop) Recap  From  DockerCon  US  2015  
  16. 16. Safer by default ‣ Less than half the Linux capabilities by default ‣ Copy-on-write ensures immutability ‣ No device access by default ‣ Default AppArmor and SELinux profiles for an increasing number of containers Recap  From  DockerCon  US  2015  
  17. 17. Safer by default ‣ Smaller footprint ‣ Remove all unneeded packages ‣ Remove all unneeded users ‣ Remove all suid binaries … Debia n Recap  From  DockerCon  US  2015  
  18. 18. Security Profiles ‣ Producers of containers should be responsible for creating adequate profiles ‣ Profile gets shipped with the container ‣ Aggregates all of the different isolation mechanisms into one single profile Recap  From  DockerCon  US  2015  
  19. 19. Securing the Ecosystem User- namespaces Seccomp Provenance Selinux Kerbero s Recap  From  DockerCon  US  2015  
  20. 20. Intro to Container Security Recap  From  DockerCon  US  2015  
  21. 21. Docker Bench ‣ Fully automated ‣ Shipped as a container that tests containers Recap  From  DockerCon  US  2015  
  22. 22. Conclusion ‣ Docker is on the path to support least-privilege microservices, since it allows fine-grained control over what access each container should have. ‣ We will need easier tooling to define per-container security profiles ‣ You can help! #docker-security on Freenode Recap  From  DockerCon  US  2015  
  23. 23. Thank you Recap  From  DockerCon  US  2015