06-12, 14:00–14:40 (US/Pacific), Salon C
gVisor is an application kernel, written in Go, that implements a substantial portion of the Linux system call interface. It provides an additional layer of isolation between running applications and the host operating system.
In this talk, we will dive into the architecture and some of the platforms of gVisor, and what security boundaries it provides for untrusted workloads. Next, we will explain its threat model and Google’s approach to continuously securing it. Finally, we will do a case study on some vulnerabilities that we have uncovered and analyze their exploitability.
I am a Senior Information Security Engineer at Google and I work on Cloud Vulnerability Research with a focus on low-level security. I am also a PlayStation hobbyist hacker and have found and exploited dozens of bugs on the PS Vita, PS4 and PS5.