Containers have the potential to improve the security of typical deployments, but for many the argument has not yet been made convincingly. This talk will describe the existing security technologies around containers, and show how their use can make container-based systems more secure than the alternatives. It will then go further, describing new technologies that allow admins to have even greater confidence in the security of their systems, beyond anything possible with traditional deployment techniques.

1. Matthew Garrett
@mjg59 | mjg59@coreos.com | coreos.com
Building trustworthy containers

2. Security is a tough sell

3. Convenience often beats security

4. How can we ensure security wins?

5. Make the secure solution the better solution

6. Telnet

7. rsh

8. ssh

9. …or increase social pressure

10. Let’s Encrypt

11. Many other security stories have been failures

12. SELinux

13. Seccomp

14. Trusted Computing

15. So, why do people want containers?

16. Ease of deployment

17. Ease of development

18. Containers let us think differently

19. Containers give us well-defined interfaces

20. Containers let us treat different code differently

21. Containers move much security to the runtime

22. SELinux today:

23. Write some software

24. Ship it

25. Discover SELinux blocks it on RHEL

26. Write SELinux policy

27. Discover SuSE ship different SELinux policy

28. sudo setenforce 0

29. SELinux with containers:

30. Write software

31. Package container

32. That’s it

33. No, really, that’s it

34. Container runtime does the rest

35. But what about bundled libraries?

36. Static analysis works

37. Paradoxically, may be easier

38. Not all OpenSSL use is equally security critical

39. More aggressive updates of each container

40. Containers are better than the status quo

41. …but can we do even more?

42. You can’t build security on shaky foundations

43. Container security depends on OS security

44. General purpose operating systems are hard

45. Without defined use-cases, security is difficult

46. Let’s build specific-purpose operating systems

47. A truly immutable OS

48. Cryptographically verified filesystem

49. Trusted Computing

50. A trustworthy base to build on

51. But what next?

52. Signed container images

53. Measure the container images into the TPM

54. Verifiable audit trail

55. Taking things even further

56. Not all containers are equal

57. Can we isolate further?

58. (We can isolate further)

59. VM-based isolation

60. Deploy and manage identically

61. All the security benefits of full VMs

62. We can build secure container infrastructure

63. We can place trust in our containers

64. Thank you!
Matthew Garrett
@mjg59 | mjg59@coreos.com
We’re hiring in all departments!
Email: careers@coreos.com
Positions: coreos.com/ careers