SlideShare uma empresa Scribd logo

Null Bangalore Meet 18/03/17

S
Subash SN

A presentation on Security by Isolation.

Tecnologia
1 de 15
Baixar para ler offline
Security by Isolation Subash SN sns [a] vuln.in
2 Approaches to Security Correctness Obfuscation Isolation
3 Isolation Sandboxes Containers Virtual Machines Physical
4 Containers 101 Like FreeBSD Jails and Solaris Zones, Linux containers are self- contained execution environments -- with their own, isolated CPU, memory, block I/O, and network resources -- that share the kernel of the host operating system. The result is something that feels like a virtual machine, but sheds all the weight and startup overhead of a guest operating system.
5 Containers? Which one? LXC Docker OpenVZ
6
7 How containers isolate? cgroups and namespaces Additionally: SELinux AppArmor Seccomp
8 Sandboxing Firejail Subuser Chrome ( chrome://sandbox )
9
10 Container, VM escape
11 Nothing beats Physical Isolation? Right? Attacks on Air-gapped systems → Fan → Electromagnetic radiation → LED → Speaker/Mic Just anything a software can affect.
12
13 QubesOS
14 Proxmox
15 Thank you Subash sns@vuln.in

Recomendados

Low fat virtualization for embedded systems
Low fat virtualization for embedded systemsLow fat virtualization for embedded systems
Low fat virtualization for embedded systems
Jacques Supcik
 
Wicked Cool Shell Scripts
Wicked Cool Shell ScriptsWicked Cool Shell Scripts
Wicked Cool Shell Scripts
Dr.Ravi
 
Solaris Operating System - Oracle
Solaris Operating System - Oracle Solaris Operating System - Oracle
Solaris Operating System - Oracle
Malan Amarasinghe
 
Solaris, OpenSolaris y Virtualización
Solaris, OpenSolaris y VirtualizaciónSolaris, OpenSolaris y Virtualización
Solaris, OpenSolaris y Virtualización
juandanielp
 
Solaris basics
Solaris basicsSolaris basics
Solaris basics
Ashwin Pawar
 
Futex Scaling for Multi-core Systems
Futex Scaling for Multi-core SystemsFutex Scaling for Multi-core Systems
Futex Scaling for Multi-core Systems
Davidlohr Bueso
 
Opensolaris Introduction Extended
Opensolaris Introduction ExtendedOpensolaris Introduction Extended
Opensolaris Introduction Extended
alpercelk
 
Open solaris (final)
Open solaris (final)Open solaris (final)
Open solaris (final)
liannemonique vergara
 

Recomendados

Low fat virtualization for embedded systems
Low fat virtualization for embedded systemsLow fat virtualization for embedded systems
Low fat virtualization for embedded systems
Jacques Supcik
 
Wicked Cool Shell Scripts
Wicked Cool Shell ScriptsWicked Cool Shell Scripts
Wicked Cool Shell Scripts
Dr.Ravi
 
Solaris Operating System - Oracle
Solaris Operating System - Oracle Solaris Operating System - Oracle
Solaris Operating System - Oracle
Malan Amarasinghe
 
Solaris, OpenSolaris y Virtualización
Solaris, OpenSolaris y VirtualizaciónSolaris, OpenSolaris y Virtualización
Solaris, OpenSolaris y Virtualización
juandanielp
 
Solaris basics
Solaris basicsSolaris basics
Solaris basics
Ashwin Pawar
 
Futex Scaling for Multi-core Systems
Futex Scaling for Multi-core SystemsFutex Scaling for Multi-core Systems
Futex Scaling for Multi-core Systems
Davidlohr Bueso
 
Opensolaris Introduction Extended
Opensolaris Introduction ExtendedOpensolaris Introduction Extended
Opensolaris Introduction Extended
alpercelk
 
Open solaris (final)
Open solaris (final)Open solaris (final)
Open solaris (final)
liannemonique vergara
 
Linux Opearating System
Linux Opearating SystemLinux Opearating System
Linux Opearating System
Ashvini Jangid
 
Opensolarisbarcampphnompenh
OpensolarisbarcampphnompenhOpensolarisbarcampphnompenh
Opensolarisbarcampphnompenh
pjharper
 
Presentation Caro
Presentation CaroPresentation Caro
Presentation Caro
aniloracrojas
 
Presentation mac os x security
Presentation mac os x securityPresentation mac os x security
Presentation mac os x security
reza jalaluddin
 
A Guide on Top Linux Distribution in 2016
A Guide on Top Linux Distribution in 2016A Guide on Top Linux Distribution in 2016
A Guide on Top Linux Distribution in 2016
david rom
 
Linux
LinuxLinux
Linux
Venkat Aadithan
 
Open solaris what's new presentation
Open solaris what's new presentationOpen solaris what's new presentation
Open solaris what's new presentation
xKinAnx
 
[김태우] Soscon 후기
[김태우] Soscon 후기[김태우] Soscon 후기
[김태우] Soscon 후기
Taewoo Kim
 
Os digital assignment 2
Os digital assignment 2Os digital assignment 2
Os digital assignment 2
ShahinMakubhai
 
Operating system (Introduction to Linux)
Operating system (Introduction to Linux)Operating system (Introduction to Linux)
Operating system (Introduction to Linux)
Muhammad Jawwad Hashmi
 
Versiones de sistemas operativos
Versiones de sistemas operativosVersiones de sistemas operativos
Versiones de sistemas operativos
josue-1
 
Blast off!
Blast off!Blast off!
Blast off!
UltraUploader
 
Poodle
PoodlePoodle
Poodle
Samit Anwer
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638
Riyaz Walikar
 
DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet. DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet.
Shubham Mittal
 
Alphabets ppt
Alphabets pptAlphabets ppt
Alphabets ppt
Aashik Praveen
 
how healthy decision to go for laser treatment for a women?? think before it....
how healthy decision to go for laser treatment for a women?? think before it....how healthy decision to go for laser treatment for a women?? think before it....
how healthy decision to go for laser treatment for a women?? think before it....
ShitalSavaliya1
 
Node JS reverse shell
Node JS reverse shellNode JS reverse shell
Node JS reverse shell
Madhu Akula
 
WEB ISOLATION
WEB ISOLATIONWEB ISOLATION
WEB ISOLATION
malware_prevention
 
An Introduction to Sysinternals
An Introduction to SysinternalsAn Introduction to Sysinternals
An Introduction to Sysinternals
Riyaz Walikar
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla Isolation
Cybryx
 
Menlo Security Isolation Platform
Menlo Security Isolation PlatformMenlo Security Isolation Platform
Menlo Security Isolation Platform
Marco Scala
 

Mais conteúdo relacionado

Mais procurados

Presentation mac os x security
Presentation mac os x securityPresentation mac os x security
Presentation mac os x security
reza jalaluddin
 
Open solaris what's new presentation
Open solaris what's new presentationOpen solaris what's new presentation
Open solaris what's new presentation
xKinAnx
 

Mais procurados (12)

Linux Opearating System
Linux Opearating SystemLinux Opearating System
Linux Opearating System
 
Opensolarisbarcampphnompenh
OpensolarisbarcampphnompenhOpensolarisbarcampphnompenh
Opensolarisbarcampphnompenh
 
Presentation Caro
Presentation CaroPresentation Caro
Presentation Caro
 
Presentation mac os x security
Presentation mac os x securityPresentation mac os x security
Presentation mac os x security
 
A Guide on Top Linux Distribution in 2016
A Guide on Top Linux Distribution in 2016A Guide on Top Linux Distribution in 2016
A Guide on Top Linux Distribution in 2016
 
Linux
LinuxLinux
Linux
 
Open solaris what's new presentation
Open solaris what's new presentationOpen solaris what's new presentation
Open solaris what's new presentation
 
[김태우] Soscon 후기
[김태우] Soscon 후기[김태우] Soscon 후기
[김태우] Soscon 후기
 
Os digital assignment 2
Os digital assignment 2Os digital assignment 2
Os digital assignment 2
 
Operating system (Introduction to Linux)
Operating system (Introduction to Linux)Operating system (Introduction to Linux)
Operating system (Introduction to Linux)
 
Versiones de sistemas operativos
Versiones de sistemas operativosVersiones de sistemas operativos
Versiones de sistemas operativos
 
Blast off!
Blast off!Blast off!
Blast off!
 

Destaque

Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Spark Summit
 

Destaque (20)

Poodle
PoodlePoodle
Poodle
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638
 
DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet. DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet.
 
Alphabets ppt
Alphabets pptAlphabets ppt
Alphabets ppt
 
how healthy decision to go for laser treatment for a women?? think before it....
how healthy decision to go for laser treatment for a women?? think before it....how healthy decision to go for laser treatment for a women?? think before it....
how healthy decision to go for laser treatment for a women?? think before it....
 
Node JS reverse shell
Node JS reverse shellNode JS reverse shell
Node JS reverse shell
 
WEB ISOLATION
WEB ISOLATIONWEB ISOLATION
WEB ISOLATION
 
An Introduction to Sysinternals
An Introduction to SysinternalsAn Introduction to Sysinternals
An Introduction to Sysinternals
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla Isolation
 
Menlo Security Isolation Platform
Menlo Security Isolation PlatformMenlo Security Isolation Platform
Menlo Security Isolation Platform
 
Null picture forensics using ghiro appliance
Null picture forensics using ghiro applianceNull picture forensics using ghiro appliance
Null picture forensics using ghiro appliance
 
Exploiting a vulnerability to gain a shell
Exploiting a vulnerability to gain a shellExploiting a vulnerability to gain a shell
Exploiting a vulnerability to gain a shell
 
Hostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit PrateekHostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit Prateek
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
 
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...
 
Equipos de refrigeracion
Equipos de refrigeracionEquipos de refrigeracion
Equipos de refrigeracion
 
Carta
CartaCarta
Carta
 
The solar system geometry part 2-
The solar system geometry part 2-The solar system geometry part 2-
The solar system geometry part 2-
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 

Semelhante a Null Bangalore Meet 18/03/17

Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in Linux
Sadegh Dorri N.
 
Fosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using VirtualizationFosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using Virtualization
The Linux Foundation
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project Virtualisation
The Linux Foundation
 
The State of Linux Containers
The State of Linux ContainersThe State of Linux Containers
The State of Linux Containers
inside-BigData.com
 
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
Jérôme Petazzoni
 
Kernel Mode Threats and Practical Defenses
Kernel Mode Threats and Practical DefensesKernel Mode Threats and Practical Defenses
Kernel Mode Threats and Practical Defenses
Priyanka Aash
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and security
Jérôme Petazzoni
 

Semelhante a Null Bangalore Meet 18/03/17 (20)

Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in Linux
 
Linux container & docker
Linux container & dockerLinux container & docker
Linux container & docker
 
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORLOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISOR
 
aws.ppt
aws.pptaws.ppt
aws.ppt
 
Fosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using VirtualizationFosdem 18: Securing embedded Systems using Virtualization
Fosdem 18: Securing embedded Systems using Virtualization
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project Virtualisation
 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016
 
The State of Linux Containers
The State of Linux ContainersThe State of Linux Containers
The State of Linux Containers
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
 
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
 
Introduction to OpenSolaris 2008.11
Introduction to OpenSolaris 2008.11Introduction to OpenSolaris 2008.11
Introduction to OpenSolaris 2008.11
 
Securing Your Linux System
Securing Your Linux SystemSecuring Your Linux System
Securing Your Linux System
 
CEHv10 M0 Introduction.pptx
CEHv10 M0 Introduction.pptxCEHv10 M0 Introduction.pptx
CEHv10 M0 Introduction.pptx
 
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: Introduction
 
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyLinux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
 
Kernel Mode Threats and Practical Defenses
Kernel Mode Threats and Practical DefensesKernel Mode Threats and Practical Defenses
Kernel Mode Threats and Practical Defenses
 
Linux Device Driver’s
Linux Device Driver’sLinux Device Driver’s
Linux Device Driver’s
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and security
 
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red HatPractical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
 
Beyond desktop/server with GNU/Linux (archived)
Beyond desktop/server with GNU/Linux (archived)Beyond desktop/server with GNU/Linux (archived)
Beyond desktop/server with GNU/Linux (archived)
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Null Bangalore Meet 18/03/17