In our interconnected world of mobile and cloud computing, particularly with the rise of governmental spying, corporate espionage, and theft of data by organized crime syndicates, security is more important than ever. Many claims are being made about the security of open-source cloud technologies: How can administrators, users, and developers separate fact from fiction?
This talk will equip the audience with the principles needed to evaluate security claims. We will talk the nature of risk, of vulnerabilities and exploits; the various factors that reduce the risk of vulnerabilities in software; and about TCB, threat models, and defense-in-depth.
We will then apply these principles to three open-source cloud technologies: containers, KVM, and Xen, to see how they stack up. These will be backed up with numbers: lines of code, security advisories, entry points, and so on.