Skip to main content

What it means to work on securing the internet: My time working on Container Linux

This post is by CoreOS principal security engineer, Matthew Garrett, known for his work in the open source security community. We wish him well in his next endeavor.

CoreOS was founded around a simple idea - the security of the internet can be improved by making it easier and faster to update software. Automated image based updates get patched versions of the OS into people’s hands seamlessly, and the combination of containers and features like Clair allows admins to prioritise updates to critical components without worrying about them breaking less security-sensitive ones while using container-based isolation to reduce the impact of vulnerabilities that do exist.

During my time here at CoreOS we’ve furthered that security by incorporating existing features such as SELinux and Seccomp that are typical around security-oriented Linux distributions. But we’ve also brought in features like dm-verity, making it impossible for attackers to modify the underlying filesystem containing the OS - features that have otherwise not been present in server products. We’ve become the first operating system on the planet to provide known-good TPM measurements for the operating system, and the first container runtime to support TPM-based measurement of individual containers to provide a tamper-proof audit trail of every container run on a system. We’ve even written support for automated detection of a wide range of privilege escalation attacks in containers.

I’m incredibly proud to have been part of a team that’s kept up with much larger organisations while simultaneously developing innovative new security features. As we’ve seen in recent months, internet security isn’t just about compromised credit cards any more - it has the potential to shape the future of entire countries. The CoreOS model of making things as secure as possible by default, of getting security fixes into deployment as quickly as possible, and of making it easier to determine whether or not a system has been compromised will be critical to avoiding the same kind of security failings that we’ve seen so frequently in the past.

But the security of servers and services is only part of the puzzle, and the security of client systems is just as critical. My passion has always been the security and safety of end-users, and so I’ve taken the incredibly difficult decision to leave CoreOS to work on client system security.

CoreOS is in a unique position to do meaningful security work and get it into production rapidly; and I'm proud to have been part of that team that has brought meaningful security improvements to users. Even though I am leaving CoreOS I’ll still be participating in open source development and introducing new exciting security features to the ecosystem. The beauty of collaborative development is that CoreOS will continue to benefit from my work, just as I (and the rest of the internet) will continue to benefit from theirs.