Containers, Docker, and Security: State of the Union

Similar documents
WHITEPAPER INTRODUCTION TO CONTAINER SECURITY. Introduction to Container Security

DockerCon Day 1 Welcome

Cloud Security with Stackato

Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi,

Protecting the Cloud from Inside

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Orchestrating Distributed Deployments with Docker and Containers 1 / 30

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Building Docker Cloud Services with Virtuozzo

Security Considerations in Cloud Deployments Matthew Garrett

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

How Bigtop Leveraged Docker for Build Automation and One-Click Hadoop Provisioning

How To Get The Most Out Of Redhat.Com

Building a Continuous Integration Pipeline with Docker

From Months to Minutes How GE Appliances Brought Docker Into the Enterprise

OPEN CLOUD INFRASTRUCTURE BUILT FOR THE ENTERPRISE

RED HAT ENTERPRISE VIRTUALIZATION & CLOUD COMPUTING

RED HAT CONTAINER STRATEGY

How To Achieve Pca Compliance With Redhat Enterprise Linux

BM482E Introduction to Computer Security

John Essner, CISO Office of Information Technology State of New Jersey

Intro to Docker and Containers

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

More Efficient Virtualization Management: Templates

STRATEGIC WHITE PAPER. The next step in server virtualization: How containers are changing the cloud and application landscape

Cloud Security Who do you trust?

VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE

Parallels Virtuozzo Containers

The Bro Network Security Monitor

Solving the Package Problem? Or Making it Infinitely Worse?

Microservices a security nightmare? GOTO Berlin - Dec 2, 2015 Maximilian Schöfmann Container Solutions Switzerland

Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities

Mitigating Information Security Risks of Virtualization Technologies

Realities of Private Cloud Security

Safety measures in Linux

What is Really Needed to Secure the Internet of Things?

Mandatory Access Control in Linux

Virtual Patching: a Proven Cost Savings Strategy

Secure your Docker images

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

Solution Guide Parallels Virtualization for Linux

SANS Top 20 Critical Controls for Effective Cyber Defense

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Virtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE

Mirantis OpenStack Express: Security White Paper

Security in Hybrid Clouds

Taking a Proactive Approach to Linux Server Patch Management Linux server patching

the CONTAINER COLORING BOOK "Who's afraid of the big bad wolf?" MÁIRÍN DUFFY DAN WALSH illustrated by written by

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

Protecting Your Organisation from Targeted Cyber Intrusion

Defense in Depth: Protecting Against Zero-Day Attacks

encription IT Security and Forensic Services

whitepaper Cloud Servers: New Risk Considerations

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

Network Security Requirements and Solutions

Nessus Agents. October 2015

Intro to Firewalls. Summary

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk

Building A Secure Microsoft Exchange Continuity Appliance

Testing Control Systems

Linstantiation of applications. Docker accelerate

CMPT 471 Networking II

Stanislav Ulrych CTO RED HAT ENTERPRISE LINUX OPENSTACK PLATFORM

The Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole

An Integrated CyberSecurity Approach for HEP Grids. Workshop Report.

What new with Informix Software as a Service and Bluemix? Brian Hughes IBM

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Linux Operating System Security

Panoramica su Cloud Computing targata Red Hat AIPSI Meeting 2010

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

White Paper How Noah Mobile uses Microsoft Azure Core Services

x86 ISA Modifications to support Virtual Machines

Goals. Understanding security testing

Effective Software Security Management

Managing and Maintaining Windows Server 2008 Servers

The Red Hat Enterprise Linux advantages over Oracle Linux

OpenStack in the Enterprise: From Strategy to Real Life. Radhesh Balakrishnan General Manager OpenStack

The Definitive Guide To Docker Containers

How To Protect Your Cloud From Attack

ISLET: Jon Schipp, Ohio Linux Fest An Attempt to Improve Linux-based Software Training

Cloud Computing Governance & Security. Security Risks in the Cloud

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Security in the Sauce Labs Cloud. Practices and protocols used in Sauce s infrastructure and Sauce Connect

Designing and Coding Secure Systems

Security Issues in Cloud Computing

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Using Likewise Enterprise to Boost Compliance with Sarbanes-Oxley

Automating Cloud Security Control and Compliance Enforcement for PCI DSS 3.0

Network and Host-based Vulnerability Assessment

APPLICATION VIRTUALIZATION TECHNOLOGIES WHITEPAPER

The Business Case Migration to Windows Server 2012 R2 with Lenovo Servers

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

The path to the cloud training

Trend Micro. Advanced Security Built for the Cloud

WINDOWS AZURE EXECUTION MODELS

Security Model for VM in Cloud

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Transcription:

Containers, Docker, and Security: State of the Union

1 / Who am I? Jérôme Petazzoni (@jpetazzo) French software engineer living in California Joined Docker (dotcloud) more than 4 years ago (I was at Docker before it was cool!) I built and scaled the dotcloud PaaS (millions of containers, no known security issues) I learned a few things about running containers (in production)

2 / Outline Yesterday Today Tomorrow

Yesterday 3 /

4 / Containers and Security yesterday "Is it safe to run applications in containers?"

5 / Containers and Security yesterday "Is it safe to run applications in containers?" really meant "Can one container break out, and into another?"

6 / Containers and Security yesterday "Is it safe to run applications in containers?" really meant "Can one container break out, and into another?" Main concern: isolation

What was the answer? 7 /

What was the answer? 8 /

9 / What was the answer? "It's complicated" Long list of recommendations some were easy (and automatically enforced by Docker) some were not obvious (and had to be enabled manually) some were hard to deploy (or required missing kernel features)

10 / How is this different today? People still ask about container isolation Much more frequently, they ask about image security and provenance They want to know: if dockerpulldebianis what it claims to be if jpetazzo/dindhas vulnerabilities if a given image has been vetted by their sec team

11 / Why has it changed? Who cares about container isolation? hosting providers (more density = more $$$) PAAS (for rapid deployment; on-demand activation) early adopters Who doesn't care about container isolation? people who use VMs only because autoscaling people who would put multiple components per machine anyway second wave of users

Today 12 /

13 / Docker and Containers Security Today Improving what we had yesterday (fine-grained permissions, immutable containers) Addressing new challenges (provenance, content verification, notary) Defense in depth (containers + VM) The infosec mindset (better upgrades, security benchmarks, policies)

14 / Finer-grained permissions Per-container ulimit Capability reduction --cap-drop/ --cap-add e.g.: --cap-addnet_admin Device access restrictions --device(better than --privileged!) Improved handling of LSM (SELinux, AppArmor)

15 / Smaller attack surface Hardware management done on the host (no kernel, drivers, device handling... in containers) Package management is optional (once a container is built, it doesn't need to be changed) Minimal distros can be used (e.g. buildroot, Alpine Linux...) Less software = less risk

16 / Immutable containers dockerrun--read-only (makes it impossible to entrench in a container) Helps with vulnerability detection (audit can be performed on offline images) Even without --read-onlyflag: copy-on-write prevents changes from being permanent break a container when hacking it it gets recycled dockerdiffallows easy audit of changes

17 / Image provenance How can I trust dockerpulldebian? I must trust upstream (i.e. Debian and whoever maintains the image) I must trust Docker Inc. (operator of the Hub) I must trust the transport (between the Hub and my Docker host)

18 / Image provenance How can I trust dockerpulldebian? I must trust upstream (i.e. Debian and whoever maintains the image) I must trust Docker Inc. (operator of the Hub) I must trust the transport (between the Hub and my Docker host) That's a lot of trust

19 / "I don't want to trust anybody!" If you don't trust upstream, you have to... stop using apt-getand yumwith public repos rebuild everything from source verify source integrity (full audit + review all changes) If you don't trust Docker Inc., you probably should... audit the whole Docker Engine code audit every single patch that goes into Docker (if you can do that... we're looking for reviewers)

20 / Security reminder It's OK to be paranoid, but beware of: Bumps in the carpet (moving a problem rather than solving it) Usability (if security makes it hard/impossible to work, people will work around it!) Tinfoil hats

21 / Can we trust the transport? Registry v1 protocol had serious issues: arbitrary layer IDs no integrity check (other than TLS transport integrity) Registry v2 protocol has: content-based layer IDs signed image manifests Is that enough?

22 / Notary: a better trust framework Sign content with offline key Distribute signed content on (potentially insecure) servers Based on TUF (The Update Framework) Some features: don't fail hard when a key is compromised guarantee freshness trust thresholds (=Red October for signed content) leverage existing (insecure) transport and mirrors Launched at DockerCon a few weeks ago!

23 / Defense in depth So, VM or containers?

24 / Defense in depth So, VM or containers? VM and containers!

25 / Defense in depth So, VM or containers? VM and containers! Reduce number of VMs (when security perimeter allows it) Colocated containers are safer than colocated processes Malicious code has to escape both layers Docker provides an extra layer of isolation Applications are safer with containers than without

26 / The infosec mindset Better upgrades Accurate, actionable security benchmarks Clear, sensible security policies

27 / Better upgrades Dockerfile= easy, fast, reliable builds and rebuilds "But now I have 1000s of container images to upgrade!" Yes, but that's way better than the 100s of server images that you had before The organizational risk is lower (reliable rollbacks)

28 / Security benchmarks CIS (Center of Internet Security) Docker Benchmark Docker Bench: automated assessment tool to check compliance https://dockerbench.com

29 / Policies Docker Inc. (the company) and the Docker Project (open source) have clear security guidelines Mandatory code reviews (see CONTRIBUTING.md) to ensure quality of code base Quarterly security audits and pen tests of our infrastructure We support responsible disclosure

Tomorrow 30 /

31 / Container security in the future Personal predictions - not Docker Inc.'s roadmap!

32 / Container security in the future Personal predictions - not Docker Inc.'s roadmap! Offline image audit Hardening of immutable containers (noexec, nosuid) Better GRSEC, PAX, LSM integration User namespaces (eventually!) Better default seccomp profiles

33 / Resources Docker security page Docker security presentation at DockerCon 2015 SF Docker Security CheatSheet Notary on GitHub Docker Bench for Security

34 / Thanks! Questions? @jpetazzo @docker

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information