Title: Orchestrating Least Privilege
The popularity of containers has driven the need for distributed systems that have the ability to manage resources, place workloads and adapt to faults. These so-called Container Orchestrators have seen a rise in popularity in the enterprise that is reminiscent of the early container adoption. Open-source projects such as Docker Swarm, Kubernetes and Marathon make it easy for anyone to manage their container workloads using their cloud-based or on-premise infrastructure Unfortunately, a lot of these orchestrator systems have not been architected with security in mind. In particular, compromise of a less-privileged node usually allows an attacker to escalate privileges to either gain control of the whole system, or to access resources it shouldn't have access to. Given the popularity of containers in the enterprise, it is critical that we start designing orchestrators that are designed with security in mind, and follow the principle of least-privilege, where any participant of the system only has access to the resources that are strictly necessary for its legitimate purpose. No more, no less.
Diogo Mónica is the security lead at Docker, an open platform for building, shipping and running distributed applications. He was an early employee at Square where he led the platform security team, has a BSc, MSc and PhD degrees in Computer Science, serves on the board of advisors of several security startups, and is a long-time IEEE Volunteer.