Attending this event?
Seattle, WA
December 10–13, 2018
Click Here for More Information & Registration
View Venue Map
View analytic
Thursday, December 13 • 10:50am - 11:25am
How to Choose a Kubernetes Runtime - Justin Cormack, Docker

Sign up or log in to save this to your schedule and see who's attending!

Log in to leave feedback.
This year has seen the launch of several new container runtimes,including gVisor from Google and Nabla from IBM, as well as the consolidation of the Hyper and Intel VM container projects into Kata containers. This talk looks at all the runtimes, how we can evaluate their security, and how they compare to the standard OCI runtime, runc.

There are a variety of ways of measuring how much the different runtimes reduce the Linux kernel attack surface, so this talk makes an assessment of those risks, based on types of code that are blocked, and actual and theoretical attacks. In addition we discuss the threat models for different types of users and code, and look at which types of user should consider these options.

This talk is aimed at people wishing to increase the security of the runtimes they are using for Kubernetes, and who wish to understand what the risks and improvements are.

avatar for Justin Cormack

Justin Cormack

Security Engineer, Docker
Justin Cormack is a security engineer at Docker. He has worked on runc, container isolation policies, virtualisation and container security, and knows his way around the Linux kernel and the container stack.

Thursday December 13, 2018 10:50am - 11:25am
4C 1/2