Shanghai, China
June 24–26, 2019
Click here for more information and registration

Simultaneous translation will be provided for all keynote and breakout sessions.

To view the Chinese version of this schedule please go here.

Venue + Sponsor Showcase Map
场馆 + 赞助商展示区地图
Back To Schedule
Tuesday, June 25 • 11:00 - 11:35
The Enemy Within: Running Untrusted Code with gVisor - Ian Lewis, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Containers are a great way to isolate application resources but they can fall short when it comes to security isolation. How do you improve the security of your workloads without giving up the properties of containers that you've come to love? There are many approaches to sandboxing containers, such as virtual machines and unikernels, but which is right for you?
gVisor is a unique open-source sandbox runtime that allows you to run unmodified applications in containers with a higher level of isolation and low overhead. In this talk I will explore the container security model of gVisor and use cases for sandboxing containers. I will discuss various approaches and their tradeoffs before diving into the architecture of gVisor and how it differs from virtual machine based sandboxes. Finally, I will bring it all together with a demo of a minimal serverless platform using gVisor and Kubernetes.

avatar for Ian Lewis

Ian Lewis

Developer Relations Engineer, Google
Ian is an engineer at Google working on Supply Chain Security. Ian has been living in Tokyo since 2006 and has had various developer and operations roles throughout his career while staying active in the open-source developer community. Ian is a contributor to the SLSA framework and... Read More →

Tuesday June 25, 2019 11:00 - 11:35 CST