YoVDO

Seitan: A Plant-Based Recipe Against Syscall Anxiety

Offered By: DevConf via YouTube

Tags

System Calls Courses JSON Courses Containers Courses Virtual Machines Courses Seccomp Courses BPF Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a unified approach to privilege separation in containers and virtual machines through this DevConf conference talk. Dive into Seitan, an early development framework that uses a declarative, auditable model for describing security-relevant actions and constraints across virtualization and container stacks. Learn how Seitan leverages system calls as an abstraction for privileged resource access, utilizing BPF and seccomp notifiers. Discover how cluster administrators can create JSON recipes to describe filtered system calls and associate them with privileged operations. Witness practical examples as the speakers demonstrate writing and testing JSON recipes. Gain insights into how Seitan's supervisor evaluates seccomp notifications against bytecode with matches and corresponding actions, offering a flexible solution for enhancing security in untrusted workload execution.

Syllabus

seitan: A plant-based recipe against syscall anxiety


Taught by

DevConf

Related Courses

Containers at Facebook - Advanced Linux, Btrfs, and Systemd Implementation
ChariotSolutions via YouTube Cilium - Kernel Native Security and DDOS Mitigation for Microservices with BPF
Docker via YouTube The Why and How of libseccomp
Linux Foundation via YouTube BPF Static Keys Support: Update on Wildcard Map Including Use Cases and Restrictions
Linux Foundation via YouTube Compiled BPF: Part 2 - Evolution and Future Directions
Linux Foundation via YouTube