Brussels / 31 January & 1 February 2015


Surviving the Zombie Apocalypse

Containers, KVM, Xen, and Security

In our interconnected world of mobile and cloud computing, particularly with the rise of governmental spying, corporate espionage, and theft of data by organized crime syndicates, security is more important than ever. Many claims are being made about the security of open-source cloud technologies: How can administrators, users, and developers separate fact from fiction?

This talk will equip the audience with the principles needed to evaluate security claims. We will talk the nature of risk, of vulnerabilities and exploits; the various factors that reduce the risk of vulnerabilities in software; and about TCB, threat models, and defense-in-depth. And we will introduce a colorful and (hopefully) helpful analogy to help make these concepts more clear.

We will then apply these principles to three open-source cloud technologies: containers, KVM, and Xen, to see how they stack up. These will be backed up with numbers: lines of code, security advisories, entry points, and so on.


This is particularly aimed at system administrators or system architects wishing to make decisions about which cloud technologies to use or deploy. It should also be of interest to those who want an introduction to thinking about security analysis in general.

Benefits to the ecosystem

First, it will help those making decisions about which technology to used to make an informed decision. Secondly, by giving the audience a framework for thinking about security analysis, and show how to apply it to some concrete examples, it will help anyone thinking about security in almost any area of development or configuration.


Ian Jackson