Running Untrusted Code with gVisor - Container Security and Sandboxing

Explore the world of container security and sandboxing in this 35-minute conference talk by Ian Lewis from Google. Learn about gVisor, an open-source sandbox runtime that enhances container isolation without sacrificing the benefits of containerization. Discover various approaches to sandboxing containers, including virtual machines and unikernels, and understand their trade-offs. Dive into gVisor's unique container security model, its architecture, and how it differs from virtual machine-based sandboxes. Gain insights into use cases for sandboxing containers and witness a demonstration of a minimal serverless platform using gVisor and Kubernetes. Enhance your knowledge of container security and explore innovative solutions for running untrusted code safely in your applications.

The Enemy Within: Running Untrusted Code with gVisor - Ian Lewis, Google