from Cloudflare, Linux Guru (United Kingdom)
Ignat is a systems engineer at Cloudflare working mostly on Linux, platforms and hardware security. Ignat’s interests are cryptography, hacking, and low-level programming. Before Cloudflare, Ignat worked as a senior security engineer for Samsung Electronics’ Mobile Communications Division.
About speakers company
Linux seccomp is a simple, yet powerful tool to sandbox running processes and significantly decrease potential damage in case the application code gets exploited. It provides fine-grained controls for the process to declare what it can and can’t do in advance and in most cases has zero performance overhead.
The only disadvantage: to utilise this framework, application developers have to explicitly add sandboxing code to their projects and developers usually either delay this or omit completely as their main focus is mostly on the functionality of the code rather than security. Moreover, the seccomp security model is based around system calls, but many developers, writing their code in high-level programming languages and frameworks, either have little knowledge to no experience with syscalls or just don’t have easy-to-use seccomp abstractions or libraries for their frameworks.
All this makes seccomp not widely adopted—but what if there was a way to easily sandbox any application in any programming language without writing a single line of code? This presentation discusses potential approaches with their pros and cons.
The talk was accepted to the conference program
The largest professional conference for developers of high-load systems
The price is soaring — the closer the conference is, the more it costs.
The current price of a ticket is — 450 EUR
Changed your mind?
Please tell us why.
Thank you for your reply!
Professional conference for developers of high-load systems