Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, August 26 • 09:30 - 10:00
A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, Aporeto

Sign up or log in to save this to your schedule and see who's attending!

Docker and other container runtimes are gathering momentum and becoming the new industry standard for server applications. Linux namespaces, commonly used to run Docker apps, come with a large surface of attack which is difficult to reduce. Intel’s Clear Containers use KVM to run containers as VMs to provide additional isolation. It is possible to provide VM-like isolation for containers without sacrificing performance. 

This talk focuses on the benefits of using Xen to provide an execution environment for Docker apps. The presentation starts by listing the requirements of this environment. It explains why monitoring container syscalls is important and what its security benefits are. The talk introduces a new paravirtualized protocol to virtualize IP sockets and provides the design and implementation details. The presentation clarifies the impact of the new protocol from a security perspective. The discussion concludes by comparing performance figures with the traditional PV network frontend and backend drivers in Linux, explaining the reasons for any performance gaps. 

Speakers
DS

Dimitri Stiliadis

Founder and CEO, Aporeto
Dimitri Stiliadis is the Founder and CEO of Aporeto and was the Founder and CTO of Nuage Networks (Nokia). He has a multi-disciplinary background in distributed systems, security, and networking. He has held several leading roles in Bell Labs Research and received a PhD in computer engineering from the University of California, Santa Cruz. He is the author for more than 50 peer-reviewed papers and holds more than 20 patents.


Friday August 26, 2016 09:30 - 10:00
Pier 4

Attendees (7)