DockerCon brings industry leaders and experts of the container world to one event where they share their knowledge, experience and guidance. This year is no different. For the next few weeks, we’re going to highlight a few of our amazing speakers and the talks they will be leading.
In this second highlight, we have several industry experts on container and application security that we’re excited to have sharing their knowledge at DockerCon. We’re going to have sessions covering network security, a dissection of a real world Kubernetes vulnerability (and what to do about it), encrypted containers, and the new AWS Firecracker “micro-VM” for containers, just to name a few.
In case you missed it, you can also see our first speaker highlight here, featuring storage, service mesh and networking experts.
Zero Trust Networks Come to Docker Enterprise Kubernetes
More on their session here.
Spike Curtis
Tigera Software Developer
Brent Salisbury
Docker Technical Alliances
What is your breakout about?
Brent: Docker Enterprise with Calico for networking being used in conjunction with Istio is an exciting intersection of securing various layers of networking – all from a single policy interface.
Spike: The Docker-Calico-Istio combination gives you some amazing tools out of the box for securing your application’s network connectivity. The breakout is about showing you how to use them!
Why should people go to your session?
Spike: Networks are super important to every application, but getting the security right is intimidating, so people often leave it until it’s too late. This talk should lower that intimidation factor and give some concrete steps to take to get your network secured from the get-go.
What is your favorite DockerCon moment?
Spike: I think it was standing at the Calico booth at the very first DockerCon. The booth was in the hallway to the main auditorium, so literally everyone had to walk past and you could just see the crowds and fee the excitement. We knew the opportunity was huge.
What are you looking forward to the most at this DockerCon?
Spike: I always really enjoy talks by Michelle Noorali, so looking forward to hearing her speak.
Brent: I am very excited to see the opportunity of having cross-platform capabilities, particularly the coming parity between Windows and Linux.
Crafty Requests: Deep Dive into a Kubernetes CVE
More on Ian’s session here.
Ian Coldwater
Heroku Platform Security Engineer (& Kubernetes Breaker)
What is your breakout about?
I’m going to be doing a deep dive into one of the most serious Kubernetes security vulnerabilities discovered thus far (CVE 2018-1002105), which was all over the news and affected countless clusters. I’ll be diving into how this vulnerability works, which also helps explain the inner workings of Kubernetes itself, and then I’ll talk about how to use this knowledge to secure Kubernetes and mitigate against future security risks.
Why should people go to your session?
This will be a good session for people with different kinds of expertise. For someone who knows a good bit about security but maybe less about containers and Kubernetes, this session will give them a good idea of how Kubernetes works on the back end and how flaws like this can happen. For people who are more familiar with Docker and Kubernetes, this will give them a better understanding of how they can protect their clusters against this vulnerability and others like it.
I think this vulnerability is fascinating and instructive, and we can all learn something from it. Also, live exploit demos are fun.
What are you looking forward to the most at this DockerCon?
This is my first DockerCon so I’m really excited to go this year! I’m looking forward to connecting with and learning from other people who have the same interests.
Enabling High Assurance/Sensitive Container Workloads with Encrypted Images
More on Justin’s session here.
Justin Cormack
Docker Sr. Software Engineer – Security
What is your breakout about?
I am doing a talk with Brandon Lum from IBM about encrypting container images, a project we have been working on for a while now. For many use cases, keeping containers behind access control in the registry is fine, but there are other use cases where you want containers encrypted from build to when they are run. We will demo the integration into containerd, which will later make its way into Docker and Kubernetes. This is a great example of the community working together to add new features.
Also I will be involved in the open source security summit, where we have sessions on supply chain security, bug bounties in the container ecosystem and policy management.
What is your favorite DockerCon moment?
I love it when people launch their new products at DockerCon – in 2014 Google launched some little project called “Kubernetes” there…
What are you looking forward to the most at this DockerCon?
We have a big open source track again this year, which is great, there are lots of exciting community projects. Also excited for some of the announcements!
Deep Dive into Firecracker-Containerd
Learn more about Samuel’s session here.
Samuel Karp
Amazon Web Services Sr. Software Development Engineer
What is your breakout about?
I’ll be talking about how we’re integrating the Firecracker virtual machine manager (VMM), which is optimized for lightweight, container-like “micro”-VMs, with containerd to make it easier to run containers with the isolation provided by a hypervisor.
Why should people go to your session?
I’m hoping that anyone interested in hypervisor-mediated isolation and using containers will find my session interesting! This session dives deep into the architecture of the firecracker-containerd project, which aims to allow portability between standard OCI container images and the larger container ecosystem with Firecracker micro-VMs.
What are you looking forward to the most at this DockerCon?
I’m looking forward to connecting with people who have use-cases for hypervisor isolation or who are interested in working with us on bringing the project along. I’m also interested in talking to anyone who uses containers on AWS about their journey and what they’d like to see from AWS in the future.
Thank you all our presenters and see you at DockerCon!
#DockerCon sneak peek: A chat with #security breakout session creators. Register for @DockerCon 2019 today:Click To Tweet
For more information
Register for DockerCon 2019, April 29 – May 2 in San Francisco – Save $250 by registering before April 16!
Sign up and attend these additional events, running conjunction with DockerCon:
Women@DockerCon Summit, Monday, April 29th
Open Source Summit, Thursday, May 2nd
Official Docker Training and Certification
Workshops
The post Feature Friday: A Chat With Security Experts appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/
Published by