Docker Founder Details His Plan to Secure Virtualization | eWeek

Docker Founder Details His Plan to Secure Virtualization

Docker Founder Details His Plan to Secure Virtualization
Aug 22, 2014
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

CHICAGO–Solomon Hykes started the open-source Docker project in March of 2013, and over the last year and half watched it grow into one of the most talked about new virtualization efforts in the industry.

In an interview with eWEEK at the LinuxCon conference here, Hykes discussed what’s next for Docker and specifically how the security posture is set to get some significant enhancements.

Docker 1.0 was released on June 9, and new updates have come out every month since then. Hykes explained that new releases of Docker debut every month in a rolling release cycle.

The next set of releases will include new security features for access and identity control.

“The goal is to offer primitives that are simple and solid enough to build all these different complex scenarios,” Hykes said. “The basic idea is that if you install a Docker runtime somewhere, that runtime has a keypair associated with it and then you, the end-user, can manage which runtime is authorized to do what.”

Hykes explained that the keypair is public key cryptography technology and on top of that is an authorization model for the keys. Going a step further, there could potentially be a validation mechanism that would only trust digitally signed keys issued by an authorized Certificate Authority (CA).

“The goal is to have a default chain of trust that you can rely on,” Hykes said.

Docker runs on Linux, which also has a role to play in helping to ensure the isolation of Docker containers. The Linux kernel includes cgroups and namespaces, which are features that provide levels of control and sandboxing within an operating system.

“As for sandboxing, mostly we’re tracking the progress in the [Linux] kernel, and we participate in that effort,” Hykes said. “With cgroups and namespaces, security at the kernel level is on the right track. It just needs time to be hardened and vetted by the security community.”

Another idea that is being worked on in the Docker community is that of container provenance.

“In production you want to be able to ask, ‘Who built this and from which source and when, and has it been signed by keys that I trust?'” Hykes said. “Collectively, we call that provenance, and that’s a big topic.”

Watch the full video interview with Solomon Hykes below:


Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.