Xen Summit 2016 has ended
View analytic
Friday, August 26 • 09:30 - 10:00
A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, Aporeto

Sign up or log in to save this to your schedule and see who's attending!

Docker and other container runtimes are gathering momentum and becoming the new industry standard for server applications. Linux namespaces, commonly used to run Docker apps, come with a large surface of attack which is difficult to reduce. Intel’s Clear Containers use KVM to run containers as VMs to provide additional isolation. It is possible to provide VM-like isolation for containers without sacrificing performance. 

This talk focuses on the benefits of using Xen to provide an execution environment for Docker apps. The presentation starts by listing the requirements of this environment. It explains why monitoring container syscalls is important and what its security benefits are. The talk introduces a new paravirtualized protocol to virtualize IP sockets and provides the design and implementation details. The presentation clarifies the impact of the new protocol from a security perspective. The discussion concludes by comparing performance figures with the traditional PV network frontend and backend drivers in Linux, explaining the reasons for any performance gaps. 


Dimitri Stiliadis

CTO, Aporeto Inc
Dimitri Stiliadis is the Founder and CEO of Aporeto and was the Founder and CTO of Nuage Networks (Nokia). He has a multi-disciplinary background in distributed systems, security, and networking. He has held several leading roles in Bell Labs Research and received a PhD in computer... Read More →

Friday August 26, 2016 09:30 - 10:00
Pier 4

Attendees (7)