August 19-21 - Co-Located Events
August 21-23 - Conference
Hilton San Diego Bayfront - San Diego, CA
More information for Open Source Summit + Embedded Linux Conference North America 2019
Back To Schedule
Wednesday, August 21 • 5:10pm - 5:45pm
The Enemy Within: Running Untrusted Code with gVisor - Ian Lewis, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Containers are a great way to isolate application resources but they can fall short when it comes to security isolation. How do you improve the security of your workloads without giving up the properties of containers that you've come to love? There are many approaches to sandboxing containers, such as virtual machines and unikernels, but which is right for you?
gVisor is a unique open-source sandbox runtime that allows you to run unmodified applications in containers with a higher level of isolation and low overhead. In this talk I will explore the container security model of gVisor and use cases for sandboxing containers. I will discuss various approaches and their tradeoffs before diving into the architecture of gVisor and how it differs from virtual machine based sandboxes. Finally, I will bring it all together with a demo of a minimal serverless platform using gVisor and Kubernetes.

avatar for Ian Lewis

Ian Lewis

Developer Advocate, Google
Ian is a software engineer at Google and contributor to the gVisor project. Ian has had various developer and operations roles throughout his career and enjoys working in environments with diverse ways of thinking. Ian has been living in Tokyo since 2006 and is active in the open-source... Read More →

Wednesday August 21, 2019 5:10pm - 5:45pm PDT
Sapphire L