Container Security: what could possibly go wrong?
- Daniel Kouril (CESNET)
- Michaela Doležalová (Masaryk University)
Containers are an emerging technology that is getting more and more popular as an alternative to full virtualization. The flexibility of containers enabled several new approaches in IT, like DevOps. However powerful and attractive the new technology is, we should not ignore security implications that are inherently linked to the principles or main implementations.
The goal of this training session is to discuss selected aspects related to containers and present potential security threats. We will focus mainly on Docker and its typical use-cases. The main principles, however, will be applicable also for other container technologies. The workshop is not meant as an exhaustive training session covering every possible aspect of the technology. Its purpose is to point out some typical problems that are important to consider, some of which are inspired by real-world security incidents.
The workshop will be organized as a mixture of technical presentations, interleaved with shorter sessions where attendees will be able to practice the ongoing topics on a couple of hands-on exercises.