In-person + Virtual
October 24-28
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Daylight Time (UTC -4). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Wednesday, October 26 • 11:55am - 12:30pm
Armoring Cloud Native Workloads With LSM Superpowers - Barun Acharya, Accuknox

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Containers are not protected by default as the various tools for security into place provides perimeter security at the host, or the network and not necessarily the workload itself. LSMs(Linux Security Modules) provide with security hooks necessary to set up least permissive perimeter for various workloads. KubeArmor is a cloud-native runtime security enforcement system that leverages various LSMs to secure your workloads. LSMs are a really powerful system but they come with a high barrier of entry, steep learning curve and do not provide enough metadata for modern cloud native workloads. This talk will be about how KubeArmor leverages LSM superpowers to abstract away the complexities to help protect modern cloud native workloads, how we leverage eBPF to provide context about what's happening in the containers, how various kernel primitives fair with each to protect modern container workloads and what design considerations/challenges for integrating various LSM into KubeArmor.

avatar for Barun Acharya

Barun Acharya

Software Engineer, Accuknox
Barun is a final year computer science undergraduate student in India and currently works as a Software Engineer at Accuknox. He loves to talk about Open Source and has been associated with programs like Google Summer of Code and LFX Mentorship. He is usually hacking on low level... Read More →

Wednesday October 26, 2022 11:55am - 12:30pm EDT
Virtual Platform Only
  Security + Identity + Policy