Container Attack Surface Reduction Beyond Name Space Isolation

Explore container security vulnerabilities and attack surface reduction techniques in this 50-minute Black Hat conference talk. Analyze findings from a study of the top 100 official Docker images on DockerHub, revealing thousands of vulnerabilities and misconfigurations. Discover how these security issues often stem from unnecessary dependencies, binaries, and improper file/user/network permissions rather than the core application. Learn strategies for reducing container attack surfaces that go beyond traditional namespace isolation. Gain insights from security experts Azzedine Benameur, Jay Chien-An Chen, Lei Ding, and Michalis Polychronakis on improving container security practices.

Container Attack Surface Reduction Beyond Name Space Isolation