Attending this event?
October 31 - November 1 - Co-Located Events
October 28-30 - Conference
Lyon Convention Centre - Lyon, France
More information for Open Source Summit + Embedded Linux Conference Europe 2019
Monday, October 28 • 14:25 - 15:00
In-and-out - Security of Copying to and from Live Containers - Ariel Zelivansky & Yuval Avrahami, Twistlock

Sign up or log in to save this to your schedule and see who's attending!

Nowadays mature container platforms (such as Docker, Kubernetes and LXD) provide users a way to extract files from a running container. There are several different design approaches for implementing such a copy feature. In this talk, Yuval and Ariel will present the ups and downs of the different implementations with a focus on security and possible vulnerabilities.

Attendees will learn about the basics of container isolation such as namespaces and seccomp. Why a sandbox like gVisor can’t protect from some attacks on the copy mechanism. Finally, a proof of concept of a vulnerability in the Kubernetes copy command that the authors recently found and disclosed.

avatar for Ariel Zelivansky

Ariel Zelivansky

Security Research Team Lead, Palo Alto Networks
Ariel Zelivansky is a security researcher and the head of Twistlock's research team, dealing with hacking and securing anything related to containers.
avatar for Yuval Avrahami

Yuval Avrahami

Security Researcher, Twistlock
Yuval Avrahami is a security researcher at Twistlock, dealing with hacking and securing anything related to containers. Yuval is a veteran of the Israeli Air Force, where he served in the role of a researcher.

Monday October 28, 2019 14:25 - 15:00
Lumiere Auditortium
Feedback form isn't open yet.