YoVDO

BASTION - A Security Enforcement Network Stack for Container Networks

Offered By: USENIX via YouTube

Tags

USENIX Annual Technical Conference Courses Network Security Courses Container Security Courses

Course Description

Overview

Explore a conference talk from USENIX ATC '20 that introduces BASTION, a high-performance security enforcement network stack for container networks. Delve into the security analysis of container networks, identifying concerns arising from unnecessary network operations exposure by containerized applications. Learn about BASTION's intelligent container-aware communication sandbox, which extends the container hosting platform with a network visibility service for fine-grained control over visible network topology and a traffic visibility service for secure isolation and forwarding of inter-container traffic. Discover how BASTION effectively mitigates adversarial attacks while improving overall performance in single-host and cross-host container communications. Examine the talk's comprehensive syllabus, covering topics such as the state of container security, current container networks, security challenges, BASTION's architecture, security evaluation, and performance analysis.

Syllabus

Intro
The state of Container Security
Current Container Networks (1/2) . Conceptual microservice architecture
Security Challenges in Container Networks 1
Bastion: Security Enforcement Network Stad
Manager - Container Collection
Security Stack - Network Visibility Service 121
Security Stack - Traffic Visibility Service (1/2)
Security Evaluation
Security: Attack Scenario Verification
Security: Passive Packet Monitoring
Security: Active Packet Injection
Performance: Inter-container Throughputs
Performance: Bastion on Various Networks
Summary


Taught by

USENIX

Related Courses

Amazon DynamoDB - A Scalable, Predictably Performant, and Fully Managed NoSQL Database Service
USENIX via YouTube
Faasm - Lightweight Isolation for Efficient Stateful Serverless Computing
USENIX via YouTube
AC-Key - Adaptive Caching for LSM-based Key-Value Stores
USENIX via YouTube
The Future of the Past - Challenges in Archival Storage
USENIX via YouTube
A Decentralized Blockchain with High Throughput and Fast Confirmation
USENIX via YouTube