Talk: Container Security: Buy it, use it, break it, fix it – Container internals and breakouts (with 30% more AWS EKS!)
On the 13th of April, SBA Research hosted a seminar for the Vienna DevOps & Security Meetup group with a topical focus on Cloud Native technologies, DevOps, and Security.
Reinhard Kugler, a security expert of MATRIS, contributed to this Meetup with an intriguing talk. He explained the hands-on approach to the internals of containers while addressing the required implementations for security measures to achieve sufficient isolation of containers in terms of AWS, EKS, and Docker. Moreover, he made an in-depth analysis of the moving parts of containers and described how an attacker could leverage them. He also showcased infamous misconfigurations leading to complete control over the hosting node and, ultimately, to other containers. The talk continued with an engaging discussion.
The content of the talk:
- Namespaces and Control Groups
- Mount and Network Namespace
- Docker and AWS EKS Implementation
- Capabilities and Root
- Device Nodes and EBPF Device Control