"Jailing, How to Trust Untrustworthy Code at Dropbox " Thursday, February 28, 2019, 3:10 – 4pm
Room:1131
Location of Event:UC Davis Campus
Event Type:Lectures and Seminars
Presented by:The Department of Computer Science

CS Colloquium Seminar: Dr. Alex Garbutt from Dropbox

Host: Sam King

Abstract

The desire to run untrustworthy or memory unsafe code is frequently encountered across the industry. Rather than “accepting the risk,” Dropbox iterated on a number of jailing techniques to in order to arrive at the solutions in use today. It begins with basic process isolation, to Provost (built on chroot, setuid, setgid, rlimits, and seccomp filter), and finally on to ULXC (Long-lived service built on LXC, cgroups, and seccomp filters). This evolution was driven by competing desires between strong isolation and minimal overhead. This talk will cover the history of server-side jailing at Dropbox, including the motivations and the challenges associated with jailing at scale.

View CalendarView CalendarPrintPrintQR Code