Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
Secure Containerized Applications
Eric Windisch
@ewindisch
for
IsolationIsolation
Pattern #1Pattern #1
Service
{Application
ConsolidationConsolidation
Pattern #2Pattern #2
(not actually a security pattern)
Hypervisors: a case studyHypervisors: a case study
Xen project: ~38 CVEs in the past 12 months
29 CVEs with a CVSS score >...
"x86 considered
harmful"
VMs do not contain
1. http://blog.invisiblethings.org/2015/10/27/x86_harmful.html
1
Consolidation may
be appropriate for
you, but it's not a
security pattern.
FragmentationFragmentation
(aka isolation)
Pattern #3Pattern #3
(micro)Services(micro)Services
= isolation
...not more services
with more seams
"This seems
like a lot of
work"
Thank you,Thank you,
Eric WindischEric Windisch
eric@windisch.us
@ewindisch
Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)
Próxima SlideShare
Cargando en…5
×

Patterns for Secure Containerized Applications (Docker)

989 visualizaciones

Publicado el

From Container Days NYC 2015, Eric Windisch introduces patterns for building applications, questions the security of VMs, and demonstrates best practices for deploying microservices via Docker and other container management solutions.

Publicado en: Software
  • Inicia sesión para ver los comentarios

Patterns for Secure Containerized Applications (Docker)

  1. 1. Secure Containerized Applications Eric Windisch @ewindisch for
  2. 2. IsolationIsolation Pattern #1Pattern #1
  3. 3. Service {Application
  4. 4. ConsolidationConsolidation Pattern #2Pattern #2 (not actually a security pattern)
  5. 5. Hypervisors: a case studyHypervisors: a case study Xen project: ~38 CVEs in the past 12 months 29 CVEs with a CVSS score >4 This is a good great, functioning security team. Fewer CVEs for other hypervisors is not indicative of better security; it may mean worse security response. https://www.cvedetails.com/vulnerability-list/vendor_id-6276/XEN.html
  6. 6. "x86 considered harmful" VMs do not contain 1. http://blog.invisiblethings.org/2015/10/27/x86_harmful.html 1
  7. 7. Consolidation may be appropriate for you, but it's not a security pattern.
  8. 8. FragmentationFragmentation (aka isolation) Pattern #3Pattern #3
  9. 9. (micro)Services(micro)Services = isolation ...not more services with more seams
  10. 10. "This seems like a lot of work"
  11. 11. Thank you,Thank you, Eric WindischEric Windisch eric@windisch.us @ewindisch

×