Back To Schedule
Tuesday, January 24 • 12:00pm - 12:50pm
Protecting container applications with file system whitelisting

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Container technologies like Docker are gaining mainstream interest from development organizations. Unlike virtual machines, containers running on the same host share the underlying OS kernel and filesystem. In this talk we describe an approach to harden and isolate containerized applications via file system monitoring. We show that it is possible to automatically build a whitelist of file system resources that are available to containers based on static analysis of the container contents and configuration. In addition containers can be monitored in runtime for storage writes of known exploits. We demonstrate how a mix of static and runtime file system monitoring proves to be an unintrusive and effective layer of security and isolation for containerized Cloud Native applications.

avatar for Chenxi Wang, Ph.D.

Chenxi Wang, Ph.D.

General Partner, Rain Capital
Dr. Chenxi Wang is ,Managing General Partner at Rain Capital.  Chenxi built an illustrious career at Forrester Research, Intel Security, and CipherCloud. At Forrester, Chenxi covered mobile, cloud, and enterprise security, and wrote many hard hitting research papers. At Intel Security... Read More →

Tuesday January 24, 2017 12:00pm - 12:50pm PST
Garden Terrace Room