Episode from the podcastThe CyberWire Daily

It's still possible to find ways to break out. [Research Saturday]

Released Saturday, 10th October 2020
Good episode? Give it some love!
Containers offer speed, performance, and portability, but do they actually contain? While they try their best, the shared kernel is a disturbing attack surface: a mere kernel vulnerability may allow containerized processes to escape and compromise the host. This issue prompted a new wave of sandboxing tools that use either unikernels, lightweight VMs or userspace-kernels to separate the host OS from the container's OS.
One of these solutions is Kata Containers, a container runtime that spawns each container inside a lightweight VM, and can function as the underlying runtime in Docker and Kubernetes. Kata's virtualized containers provide two layers of isolation: even if an attacker breaks out of the container, he is still confined to the microVM.
Joining us in this week's Research Saturday to discuss the research is Yuval Avrahami from Palo Alto Networks Unit 42.
The research presented at Black Hat USA 2020 can be found here: 

Episode Reviews

This episode hasn't been reviewed yet. You can add a review to show others what you thought.

This podcast, its content, and its artwork are not owned by, affiliated with, or endorsed by Podchaser.
Rate Episode

Share This Episode

Recommendation sent

Join Podchaser to...

  • Rate podcasts and episodes
  • Follow podcasts and creators
  • Create podcast and episode lists
  • & much more

Episode Details

Length
20m 14s
Explicit
No
Season
2
Episode
155
Episode Type
Full

Episode Tags

Do you host or manage this podcast?
Claim and edit this page to your liking.