Malicious Compliance Automated: Building Secure Containers and Obfusca… Kyle Quest & Duffie Cooley

Don’t miss out! Join us at our next Flagship Conference: KubeCon + CloudNativeCon North America in Salt Lake City from November 12 – 15, 2024. Connect with our current graduated, incubating, and sandbox projects as the community gathers to further the education and advancement of cloud native computing. Learn more at https://kubecon.io

Malicious Compliance Automated: Building Secure Containers and Obfuscating What’s Inside – Kyle Quest, AutonomousPlane & Duffie Cooley, Isovalent

What if you compress a container image? What will happen? Is it even possible?

Let’s explore the good, the bad and the fun of minifying container images and the side effects of it.

You will learn what it takes to build secure container images and how to make sure you have only the components you need to reduce the attack surface of your containers. You will learn about what’s truely necessary for your containers to function. You will also learn how it’s possible to automate container image compression leveraging low level Linux kernel interfaces and application analysis.

We’ll also explore the side effects of image compression on the vulnerability scanners and exploits and how they will be disrupted and broken.

As a bonus you will see a number of additional container obfuscation techniques that will make vulnerability scanners completely blind.

source

by CNCF [Cloud Native Computing Foundation]

linux foundation