Dimitrij Klesev & Andreas Zeissner

Enhancing Workload Security in Kubernetes

A single blocked syscall can prevent a file-less memory attack. Learn how to automate this level of security across your Kubernetes cluster with the Security Profiles Operator.

Enhancing Workload Security in Kubernetes
#1about 3 minutes

Understanding the Kubernetes securityContext for workloads

The securityContext field in a pod specification allows you to define privilege and access control settings for a pod or container.

#2about 4 minutes

Restricting kernel system calls with seccomp profiles

Seccomp profiles enhance security by allowing you to explicitly define which kernel system calls a containerized workload is permitted to make.

#3about 4 minutes

Hardening file system access with AppArmor profiles

AppArmor provides mandatory access control by defining profiles that restrict application capabilities like file reads, writes, and network access.

#4about 6 minutes

Implementing fine-grained control with SELinux contexts

SELinux uses a labeling system to enforce mandatory access control policies, providing granular control over process and object interactions.

#5about 2 minutes

Automating security with the Security Profiles Operator

The Security Profiles Operator simplifies the management and distribution of seccomp, AppArmor, and SELinux profiles across all nodes in a Kubernetes cluster.

#6about 5 minutes

Demo of blocking an in-memory execution attack

A live demonstration shows how a seccomp profile can block the `memfd_create` system call to prevent a fileless malware execution attack.

#7about 3 minutes

Demo of managing seccomp with the operator

This demo illustrates how the Security Profiles Operator uses a `ProfileBinding` to automatically apply a seccomp profile to workloads based on their image.

#8about 8 minutes

Demo of troubleshooting SELinux permissions

A practical demonstration shows how SELinux denies access by default and how to use audit logs and tools like `audit2allow` to diagnose and create new policies.

#9about 8 minutes

Q&A on AppArmor, fileless attacks, and eBPF

The speakers answer audience questions about applying AppArmor profiles, the nature of fileless malware, discovering system calls, and the role of eBPF.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Malware campaigns, cloud latency, and government IT theft
01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Crypto crime, EU regulation, and working while you sleep
01:15 MIN

Crypto crime, EU regulation, and working while you sleep

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Comparing the security models of browsers and native apps
05:01 MIN

Comparing the security models of browsers and native apps

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Improving the developer feedback loop with specialized tools
03:16 MIN

Improving the developer feedback loop with specialized tools

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

The security challenges of building AI browser agents
06:33 MIN

The security challenges of building AI browser agents

AI in the Open and in Browsers - Tarek Ziadé

Organizing a developer conference for 15,000 attendees
01:32 MIN

Organizing a developer conference for 15,000 attendees

Cat Herding with Lions and Tigers - Christian Heilmann

Technical challenges of shipping a cross-platform browser
09:38 MIN

Technical challenges of shipping a cross-platform browser

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Featured Partners

Related Videos

See all videos
Kubernetes Security Best Practices23:08

Kubernetes Security Best Practices

Rico Komenda

Kubernetes Security - Challenge and Opportunity42:45

Kubernetes Security - Challenge and Opportunity

Marc Nimmerrichter

Hacking Kubernetes: Live Demo Marathon46:36

Hacking Kubernetes: Live Demo Marathon

Andrew Martin

Securing secrets in the GitOps Era58:52

Securing secrets in the GitOps Era

Davide Imola

Securing Secrets in the GitOps era58:57

Securing Secrets in the GitOps era

Alex Soto

DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

Developing locally with Kubernetes - a Guide and Best Practices39:20

Developing locally with Kubernetes - a Guide and Best Practices

Dan Erez

5 steps for running a Kubernetes environment at scale57:09

5 steps for running a Kubernetes environment at scale

Stijn Polfliet

Related Articles

View all articles
AG
Andre Braun, GitLab
Now is the time for industrialized software development
Now is the time for industrialized software development Recently, I received a letter from my car’s manufacturer alerting me to a recall. They had discovered a defective part and wanted to replace it. It was easily fixed, and I might have forgotten a...
Now is the time for industrialized software development
Learning Kubernetes made easy with KubeCampus
Learning to use Kubernetes? KubeCampus by Kasten offers free educational content for all skill levels to get you started!Kubernetes is an open-source system for deploying, scaling and managing containerized applications. It allows you to deploy your ...
Learning Kubernetes made easy with KubeCampus

From learning to earning

Jobs that call for the skills explored in this talk.