Defending Containers Like a Ninja: A Walk through the Advanced Security Features of Docker & Kubernetes

Presented at Black Hat USA 2020 Virtual, Aug. 5, 2020, 10 a.m. (40 minutes).

Today, with a few commands anyone can have containers running on their machine; at this point, they seem to be neither complex nor complicated to secure. However, the story dramatically changes when the ecosystem grows exponentially and now we have thousands of nodes that fulfill different roles, with different resources, running different applications, in different virtual environments, remotely accessed by different users who must have different types of permissions and so on. Complexity is the worst enemy of security, what can we do to protect these huge containerized environments?<br /> <br /> There are many features of Docker and Kubernetes that allow to secure quite well these environments. However, the eternal official documentation makes, perhaps, these functionalities go unnoticed. <br /> <br /> Throughout this talk it will be explained how to implement the advanced security features to secure the Docker daemon and its core components, the containers execution, Swarm and Kubernetes orchestrated environments. We will go from the depths, limiting the kernel's capabilities at container runtime and remapping it to the user-namespace, until successfully apply the RBAC at the orchestrator in Swarm or Kubernetes. In addition, the talk reveals various attacks that could be carried out if these advanced security measures are not applied.

Presenters:

  • Sheila Berta - Head of Research, Dreamlab Technologies
    Sheila A. Berta is an offensive security specialist who started at 12 years-old by learning on her own. At the age of 15, she wrote her first book about Web Hacking, published in several countries. Over the years, Sheila has discovered vulnerabilities in popular web applications and software, as well as given courses at universities and private institutes in Argentina. She specializes in offensive techniques, reverse engineering, and exploit writing and is also a developer in ASM (MCU and MPU x86/x64), C/C++, Python and Golang. As an international speaker, she has spoken at important security conferences such as Black Hat Briefings, DEF CON, HITB, Ekoparty, IEEE ArgenCon and others. Sheila currently works as Head of Research at Dreamlab Technologies.

Links:

Similar Presentations: