EGI CSIRT will hold a security workshop on containers at the International Symposium of Grid and Cloud 2022, a virtual conference that will be held from 21 to 25 March 2022.

With the uptake of different virtualization technologies also in traditional data processing workflows, the security
landscape gets increasingly heterogeneous. Container technology allows users and user communities to easily ship
complex data processing environments to the federated resources. While using containers adds a lot of flexibility for
resource usage, it also increases the possible attack surface of the infrastructure. The goal of our training
session is to discuss selected aspects related to containers and present potential security threats. We will focus
mainly on Docker and its typical use-cases. The main principles, however, will be applicable also for other container
technologies. The workshop is not meant as an exhaustive training session covering every possible aspect of the
technology. Its purpose is to point out some typical problems that are important to consider, some of which are
inspired by real-world security incidents.

The workshop will be organized as a mixture of technical presentations, interleaved with shorter sessions where
attendees will be able to practice the ongoing topics on a couple of hands-on exercises.

The abstract and materials can be found on this website.

Also, join us for other security sessions (see timetable):

  • Collaborative threat intelligence and security operations centres by David Crooks
  • IRIS Trust and Security by David Crooks
  • EUGridPMA, IGTF, AARC and EOSC ISM by David Groep