# Armoring Containers with LSM Superpowers ## Abstract Title* > If your talk is selected, the Abstract Title you choose will be the title shown in the conference schedule, often what attendees use as a starting point to determine if they will be interested in the talk. Choose your title carefully - make sure that it accurately describes what your talk will cover. Armoring Containers with LSM Superpowers ## Abstract* > Provide an abstract that briefly summarizes your proposal. Provide as much information as possible about what the content will include. Do not be vague. > This is the description that will be posted on the website schedule if your talk is selected, so be sure to spell check, use complete sentences (and not just bullet points), and write in the third person (use your name instead of ā€œIā€). > Remember that this description is what will make an attendee decide whether your session would be a good fit for them. Be sure to provide enough information to help attendees make the right choice. Be clear and concise. > The presentation selection process is very competitive, with many proposals rejected. A well-written abstract will greatly increase the possibility of the proposal being accepted. Containers and Orchestrators have abstracted away the process to develop and ship applications. But security still seems to be heavily reliant on the underlying infrastructure. There's a need for a declarative policy management system for Mandatory Access Control in modern container workloads where underlying infrastructure is abstracted away. Containers are not protected by default as the various tools for security into place provides perimeter security at the host, or the network and not necessarily the workload itself. LSM(Linux Security Module) provide with security hooks necessary to set up least permissive perimeter for various workloads. KubeArmor is a cloud-native runtime security enforcement system that leverages various LSMs to secure the container workloads. LSMs are a really powerful system but they come with a high barrier of entry, steep learning curve and do not provide enough metadata for container workloads. This talk will be about how KubeArmor leverages LSM superpowers to abstract away the complexities, how we leverage eBPF to provide context about what's happening in the containers, how various kernel primitives fair with each to protect modern container workloads and what design considerations/challenges for integrating various LSM into KubeArmor.