May 2-4, 2018 - Copenhagen, Denmark
Click Here For Information & Registration
Back To Schedule
Thursday, May 3 • 16:35 - 17:10
Entitlements: Understandable Container Security Controls - Justin Cormack & Nassim Eddequiouaq, Docker (Intermediate Skill Level) (Slides Attached)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In this talk Justin Cormack introduces a new system of security entitlements for container workloads. These specify the types of access a pod should have in a human readable way. He will also demonstrate an example implementation running in Kubernetes.

The current pod security configuration is very low level, and does not really make any sense to users of the system. How can we make security configuration understandable? One route comes from the model of application entitlements that Apple uses on the iPhone to control things like access to Push Notifcations and Payments. The open source libentitlement library, being developed at Docker, enables similarly high level controls to be used for managing containers. The talk will also cover the relationship with Open Policy Agent and other access control frameworks, and relation to Linux Security Modules and PodSecurityPolicy.

avatar for Justin Cormack

Justin Cormack

CTO, Docker
Justin is the CTO of Docker, a Notary maintainer, and a member of the CNCF TOC. He has been working with containers and in the security space for many years.
avatar for Nassim Eddequiouaq

Nassim Eddequiouaq

Security Engineer, Docker
Nassim is a security engineer at Docker where he focuses on designingand creating new security features for the container ecosystem andmaking existing ones as usable as possible. Nassim previously spent acouple of years working on hobby kernels and reverse-engineeringcompetitions... Read More →

Thursday May 3, 2018 16:35 - 17:10 CEST
  Security+Identity+Signing, Intermediate