Skip to main content

IBM's new Nabla containers are designed for security first

posted onJuly 18, 2018
by l33tdawg
containers
Credit: containers

Companies love containers because they enable them to run more jobs on servers. But businesses also hate containers, because they fear they're less secure than virtual machines (VM)s. IBM thinks it has an answer to that: Nabla containers, which are more secure by design than rival container concepts.

James Bottomley, an IBM Research distinguished engineer and top Linux kernel developer, first outlines that there are two kind of fundamental kinds of container and virtual machine (VM) security problems. These are described as Vertical Attack Profile (VAP) and Horizontal Attack Profile (HAP).

A VAP is all the code, which is traversed to provide a service all the way from input to database update to output. This code, like all programs, contains bugs. The bug density varies, but the more code you traverse, that is called to run, the greater your chance of exposure to a security hole. For example, it doesn't matter how much code is in an operating system or program if it's not run. Stack security holes exploits, which can jump into either the physical server host or VMs, are HAPs.

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th