multiple applications on one operating system Gives you way to compose clusters, manage them and play with them at the scale of 100,000 Docker Docker Docker
not be secure for long. (because people will find a way to go around it) Usable Security is a principle of building security systems while considering human workflows. Speed Efficiency Learnability Memorability User Preference Idea of Usable Security
Cloud Infrastructure. Your Production, Development & Testing Cycles. It is going to be used by everyone Your team, clients, and partners. Independent developers and teams who are using your images. We should definitely think about #docker-security Docker Space
malicious user has docker daemon access, what to do ? Can I use security policies over docker ? SELINUX,APPARMOR,GRSEC Can I really trust docker image I install ? Can i ssh to docker container ? Lets think..
and resources that are necessary for its legitimate purpose - Diogo Mónica, Docker Linux namespaces (isolated view of system.) Cgroups (limit and isolate the resource usage.) Linux Security Modules (Apparmor,SELINUX) Capabilities Per-container ulimit User-namespaces: root inside is not root outside Seccomp: Individual syscall filtering (like chrome sandbox) Enter Least Privilege
real root. (User Namespaces) Docker ulimit With cgroups, you can control on the resource usage of container docker run --lxc-conf=lxc.cgroup.cpuset.cpus = 0,1 ..
container to have all those capabilities Each container can have some of the capabilities of root, but not all. Mounting operations Access to raw sockets (prevent opening privileged ports, spoofing) Some file system operations (mkdev, chown, chattrs) Loading kernel modules Capabilites
seccomp. Quite like sandboxing. Supports syscall filtering by using BPF SIGKILL signal to process, who made blocked syscall docker run –lxc-conf=common.seccomp ...
help you in deciding minimal privilege for each application. Preventing permission escalation and unauthorized information disclosure (or worse). Within the container configuration the related AppArmor profile can be defined with lxc.aa_profile. docker run –security-opt label:type:svirt_apche ...
for host, with kernel patches. User Mappings Map user/group ids lxc.id_map = u 0 1000000 65536 lxc.id_map = g 0 1000000 65536 Couple it with docker run –lxc-conf= More...
Server Interaction Publisher signed content Publisher Key validates integrity of content Platform Agnostic to distribute any content https://github.com/docker/notary Docker Notary
Tagging Key Exists for each new repository that publisher owns Can be shared with collaborators easily. Offline Key Users see this key as official publisher’s key Important in establishing trust. Only needed when creating new repository or rotating existing repository Publisher’s View
& Freshness of Content Notion of Timestamp Key Needed to ensure freshness guarantees Generated at remote server. Docker maintains it for you http://theupdateframework.com/ Trust Update Framework
all isolation profiles in one file, what apparmor, selinux profiles, seccomp , whitelisting and blacklisting, mount lables Bootchain, selinux, authentication Dockersecurity, dockerbench,sharethebestpracticesnotjustnameit Usable security usable signing, secure system distribution survivable key compromise, freshest gurantees,
server. And server has all acls Distributed key management problem, encrypted storage at rest Managing security, certificates Batteries included removable, jet spring attacks, runtime integrity docker run -p 80:80 --rm registry:5000/dolly