Resources for Cloud Native Security Research, such as Docker, Kubernetes, etc. Pull request welcome.
2021:"The Zero Trust Security Practice" by Kevin Chen - article, CN
2020:"Cloud Native Security: Container Security Practice" by Pray3r - article, CN
Series of articles: Exploring Container Security by Google - articles
Namespaces in operation by Michael Kerrisk - whitepaper
Control groups series by Neil Brown - whitepaper
2018: KubeCon, CloudNativeCon:"Container Isolation at Scale (Introducing gVisor) by Dawn Chen and Zhengyu He" - slide - video
2018:"A history of low-level Linux container runtimes" by Daniel J. Walsh - article
2015:"The History of Containers" by by thildred - article
2015: LinuxCon:"Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic" by Jérôme Petazzoni - slide
2013:"Resource management: Linux kernel Namespaces and cgroups" by Rami Rosen - slide
2020:"Escaping Virtualized Containers" - slide - video
2019:"CVE-2019-5736:runC:Escape from Docker and Kubernetes containers to root on host" - article - exp
2018:"CVE-2017-1002101:kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath" - article - exp
2017:"Escaping Docker container using waitid() – CVE-2017-5123" by Daniel Shapira - article
2016:"Abusing Privileged and Unprivileged Linux Containers" by NCC Group - whitepaper
2015: "Chw00t: How to break out from various chroot solutions" by Balázs Bucsay - slide
2014:"Container escape through open_by_handle_at (shocker exploit)" - vuln - exp
2017:"Docker Security" by Mika Vatanen - slide
2016:"Docker & Security" by Florian Barth and Matthias Luft - slide
2016: BSides:"Docker: Security Myths, Security Legends" by Rory McCune - video
2015: BlackHat:"Vulnerability Exploitation In Docker Container Environments" by Anthony Bettini - video - slide - whitepaper
2018:"Hard Multi-Tenancy in Kubernetes by Jessie Frazelle" - article
2016:"Understanding and Hardening Linux Containers" by NCC Group - whitepaper
2018:"How modern containerization trend is exploited by attackers" - article
2018:"How one of our Kubernetes clusters got pwned Shopify" - article
2015: Defcon 23:"Linux Containers: Future or Fantasy?" by Aaron Grattafiori - video - slide
The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. https://github.com/docker/docker-bench-security
The Kubernetes Bench for Security is a Go application that checks whether Kubernetes is deployed according to security best practices. https://github.com/aquasecurity/kube-bench
Open Policy Agent https://github.com/anderseknert/awesome-opa