9-11 September 2019
Europe/Lisbon timezone

Address Space Isolation for Container Security

10 Sep 2019, 15:30
15m
Jade-room-I&II (Corinthia Hotel Lisbon)

Jade-room-I&II

Corinthia Hotel Lisbon

160

Speakers

Mike Rapoport James Bottomley (IBM)

Description

Containers are generally percieved less secure than virtual
machines. Without going into a theological argument about the actual
state of the affairs, we suggest to explore the possibility of using
address space isolation inside the kernel to make containers even more
secure.

Assuming that kernel bugs and therefore vulnerabilities are inevitable
it is worth isolating parts of the kernel to minimize damage that
these vulnerabilities can cause.

One way to create such isolation is to assign an address space to the
Linux namespaces, so that tasks running in namespace A have different
view of kernel memory mappings than the tasks running in namespace B.

For instance, by keeping all the objects in a network namespace
private, we can achieve levels of isolation equivalent to running a
separated network stack.

Another possible usecase is isolating address spaces for different
user namespaces.

Beside marrying namespaces with address spaces we also considering
implementaiton of isolated memory mappings using mmap()/madvise() so
that a region of the caller's memory would be hidden from the rest of
the system.

We are going to give a short update on current status of our research
and we are going to discuss implications of the address space
isolation and possible future directions:

  • What are the trade-offs between letting user-space to control the
    isolation or keeping the control completely in-kernel.

  • What should be user-visible interface for address space management?
    Does it need to be on/off switch at kernel command line or do we
    need runtime knobs for that? Or maybe even "address space namespace"
    or "address space cgroup"?

  • How can we evaluate the security improvements beyond empiric
    obvservation that when less code and data are mapped, there are less
    vulnerabilities exposed?

I agree to abide by the anti-harassment policy Yes

Primary authors

Mike Rapoport James Bottomley (IBM)

Presentation Materials

There are no materials yet.
Your browser is out of date!

Update your browser to view this website correctly. Update my browser now

×