Justin Cormack

Let’s talk about Security

Having a conversation about security between developers, security professionals and ops requires a common language, and tools that respect that language.

In this talk I discuss a conversational approach to defense, in depth approaches to application security, going from a high level language about what a program is intended to do, and applying this to tools that restrict behaviours.

Appropriate language depends on the problem domain, so I will look at concrete examples. The first case is the OpenBSD pledge system, introduced last year. This has been the most successful rollout of a capability reduction system, with it applied to the majority of the programs in the base system within a few months. It is however successful because it targets the language of a particular problem domain, and is not necessarily directly applicable elsewhere.

As a second example I will look at the ongoing work we are doing at Docker to apply the pledge model to make a language for describing containerised applications, looking at the differences in the domain languages for a different type of application.


Let's talk about security by Justin Cormack from DevOpsDays London 2016 on Vimeo.


Justin Cormack

Justin Cormack


Justin Cormack is an engineer at Docker, and co-author of Docker in Production: Lessons from the Trenches. He worked for Unikernel Systems, and now Docker in Cambridge UK. He is interested in how we can make systems software adapt to modern devops practices, as it is one of the last areas to aspire to the monolithic and slow moving.