Session – Cloud Infrastructure and Information Security
Investigating Security Threats in Linux Containers
Department of Computer and Information Sciences
University of Delaware
Newark, DE 19716
Xing Gao is an Assistant Professor in the Department of Computer and Information Sciences at the University of Delaware. Xing received his Ph.D. degree in Computer Science from the College of William and Mary at Williamsburg in 2018. His research interests include security, cloud computing, and mobile computing. His works have been published in a series of top-tier CS venues and have resulted in a Linux kernel patch, CVEs, and a US patent.
Container technology provides a lightweight operating system level virtual hosting environment. It has been broadly adopted in various computation scenarios, including edge computing, microservice architecture, serverless computing, and commercial cloud vendors. However, security and privacy concerns still widely exist regarding whether the container features in the Linux kernel can provide the same level of security and isolation guarantees as VMs. In this talk, I will introduce security problems in basic building blocks that enable containerization on Linux, and discuss potential exploitations and consequences.