Random Thoughts: Hardened Docker Container, Unikernel and SGX

Recently I read several interesting research and analyst papers on Docker container security.

SCONE: Secure Containers using Intel SGX describes an implementation of putting Container in the secure enclave, without extensive footprint and performance loss.

Hardening Linux Container is a very comprehensive analysis of Containers, virtualization, and underlying technologies. I find it very rewarding to read it twice. So is the other white paper Abusing Privileged and Unprivileged Linux Containers.

So far all these are based on Docker Containers that runs on top of a general purpose OS (Linux). There are limitations and false claims.

What about running an unikernel in SGX? It is entirely possible, per Solo5. And what about the next step to make unikernel, running inside SGX, a new container runtime for Kubernetes, just like Docker, rkt, and hyper?


3 thoughts on “Random Thoughts: Hardened Docker Container, Unikernel and SGX

  1. Thanks for sharing your thoughts. It is encouraging to see that people are exploring the intersection between Containers and SGX.


    1. hank you, I have read your blog and its all true, bad credit is like a long term disease, it effects everything you do, finacially and commecially. a good credit cleaning service is an important resipionlhat.Don Todrin


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s