Loading…
Shanghai, China
June 24–26, 2019
Click here for more information and registration

Simultaneous translation will be provided for all keynote and breakout sessions.
我们将为所有主题演讲和分组会议提供同声传译服务。

To view the Chinese version of this schedule please go here.
请点击此处查看中文版本。

Venue + Sponsor Showcase Map
场馆 + 赞助商展示区地图
Tuesday, June 25 • 11:00 - 11:35
The Enemy Within: Running Untrusted Code with gVisor - Ian Lewis, Google

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Containers are a great way to isolate application resources but they can fall short when it comes to security isolation. How do you improve the security of your workloads without giving up the properties of containers that you've come to love? There are many approaches to sandboxing containers, such as virtual machines and unikernels, but which is right for you?
gVisor is a unique open-source sandbox runtime that allows you to run unmodified applications in containers with a higher level of isolation and low overhead. In this talk I will explore the container security model of gVisor and use cases for sandboxing containers. I will discuss various approaches and their tradeoffs before diving into the architecture of gVisor and how it differs from virtual machine based sandboxes. Finally, I will bring it all together with a demo of a minimal serverless platform using gVisor and Kubernetes.

Speakers
avatar for Ian Lewis

Ian Lewis

Developer Advocate, Google
Ian is a software engineer at Google and contributor to the gVisor project. Ian has had various developer and operations roles throughout his career and enjoys working in environments with diverse ways of thinking. Ian has been living in Tokyo since 2006 and is active in the open-source... Read More →


Tuesday June 25, 2019 11:00 - 11:35
619