Dimitrij Klesev & Andreas Zeissner

Enhancing Workload Security in Kubernetes

A single blocked syscall can prevent a file-less memory attack. Learn how to automate this level of security across your Kubernetes cluster with the Security Profiles Operator.

Enhancing Workload Security in Kubernetes
#1about 3 minutes

Understanding the Kubernetes securityContext for workloads

The securityContext field in a pod specification allows you to define privilege and access control settings for a pod or container.

#2about 4 minutes

Restricting kernel system calls with seccomp profiles

Seccomp profiles enhance security by allowing you to explicitly define which kernel system calls a containerized workload is permitted to make.

#3about 4 minutes

Hardening file system access with AppArmor profiles

AppArmor provides mandatory access control by defining profiles that restrict application capabilities like file reads, writes, and network access.

#4about 6 minutes

Implementing fine-grained control with SELinux contexts

SELinux uses a labeling system to enforce mandatory access control policies, providing granular control over process and object interactions.

#5about 2 minutes

Automating security with the Security Profiles Operator

The Security Profiles Operator simplifies the management and distribution of seccomp, AppArmor, and SELinux profiles across all nodes in a Kubernetes cluster.

#6about 5 minutes

Demo of blocking an in-memory execution attack

A live demonstration shows how a seccomp profile can block the `memfd_create` system call to prevent a fileless malware execution attack.

#7about 3 minutes

Demo of managing seccomp with the operator

This demo illustrates how the Security Profiles Operator uses a `ProfileBinding` to automatically apply a seccomp profile to workloads based on their image.

#8about 8 minutes

Demo of troubleshooting SELinux permissions

A practical demonstration shows how SELinux denies access by default and how to use audit logs and tools like `audit2allow` to diagnose and create new policies.

#9about 8 minutes

Q&A on AppArmor, fileless attacks, and eBPF

The speakers answer audience questions about applying AppArmor profiles, the nature of fileless malware, discovering system calls, and the role of eBPF.

Related jobs
Jobs that call for the skills explored in this talk.

Featured Partners

Related Videos

See all videos
Kubernetes Security - Challenge and Opportunity42:45

Kubernetes Security - Challenge and Opportunity

Marc Nimmerrichter

Hacking Kubernetes: Live Demo Marathon46:36

Hacking Kubernetes: Live Demo Marathon

Andrew Martin

DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

Kubernetes Security Best Practices23:08

Kubernetes Security Best Practices

Rico Komenda

A practical guide to writing secure Dockerfiles42:25

A practical guide to writing secure Dockerfiles

Madhu Akula

Enabling automated 1-click customer deployments with built-in quality and security44:40

Enabling automated 1-click customer deployments with built-in quality and security

Christoph Ruggenthaler

You can’t hack what you can’t see29:34

You can’t hack what you can’t see

Reto Kaeser

Securing secrets in the GitOps Era58:52

Securing secrets in the GitOps Era

Davide Imola

From learning to earning

Jobs that call for the skills explored in this talk.

DevOps con Kubernetes

EMETEL
Municipality of Madrid, Spain

Remote
Intermediate
GIT
Bash
Linux
DevOps
+11