时间:2019年7月5日 16:00
地点:信科院106会议室
Abstract:
Container technology provides a lightweight operating system level virtual hosting environment. It has been broadly adopted in various computation scenarios, including edge computing, microservice architecture, serverless computing, and commercial cloud vendors. However, security and privacy concerns still widely exist regarding whether the container features in the Linux kernel can provide the same level of security and isolation guarantees as VMs. In this talk, I will introduce security problems in two basic building blocks, namespace and control groups, that enable containerization on Linux; and discuss potential exploitations and consequences.
容器技术提供了一种轻量级操作系统的虚拟主机环境,并且已经被广泛的应用在各种计算场景。然而对于内核中的容器特性是否能够提供足够的安全和隔离保证仍存疑问。本次报告将对namespace和control groups两个基本构建块中的安全问题进行讨论。
Bio:
Xing Gao received his Ph.D. in Computer Science from the College of William and Mary at Williamsburg in 2018. He is an Assistant Professor of Computer Science at the University of Memphis, Memphis, TN. His research interests lie in the areas of security, cloud computing, and mobile computing. He has published in a series of top‐tier CS venues and journals such as NDSS, DSN, ICDCS, SRDS, TDSC, TIFS, etc.
高幸博士在2018年于美国威廉玛丽学院计算机系获博士学位,现为美国孟菲斯大学计算 机科学系助理教授。迄今为止,在NDSS, DSN, ICDCS, IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Information Forensics and Security等计算机 会议与期刊发表论文。其主要研究方向包括:计算机系统与网络安全,云计算与安全 ,移动计算与安全。