GOTO Berlin is a vendor independent international software development conference with more that 60 top speakers and 600 attendees. The conference covers topics such as Java, Open Source, Agile, Architecture, Design, Web, Cloud, New Languages and Processes.

Presentation: "Insights in Container Security"

Track: Privacy & Security / Time: Thursday 14:30 - 15:20 / Location: Hall 10

The popular container virtualization has arrived on many developer desks and is now approaching more and more production environments. However, many Ops teams are concerned about the security impact of containers. This talk examines the security features of Docker and  introduces the technology behind it. The predominant security function of Docker is isolation, which in turn is implemented not by the Docker software itself, but by a couple of Linux kernel subsystems including namespaces and cgroups. These subsystems are amended by auxiliary protection means such as SELinux and capabilities.
These components have to operate in a very coordinated way, since unexpected attack vectors emerge otherwise. The talk explains how, and presents examples of existing (but in the meantime fixed) exploits to demonstrate the issues.
Armed with this knowledge participants are able to assess whether Docker corresponds to their individual requirements. Furthermore, it presents a series of best practices that users should implement in Docker to increase their security performance.

Download slides

Nils Magnus, System Architect and Journalist

Nils Magnus

Biography: Nils Magnus

Nils Magnus is a system architect and journalist. He has a 15+ year track record in security management and engineering as well as cloud infrastructure based on Open Source. He believes in sustainable data center solutions and cooperative, agile development methods. In his role as an organizer at LinuxTag Association and the German Unix Users Group, he organizes for more than 15 years conferences and workshops on these topics. Nils Magnus lives in Munich and Berlin.