Welcome to Edera

Customer training for authorized users only

Only users with authorized email domains can access this portal.
Contact support@edera.dev if you need assistance.

Real-World Security Challenges

Let’s move from theory to practice. What actually happens when container security fails? And why should your enterprise care?

Container Escape Vulnerabilities: A Greatest Hits

Container escapes aren’t edge cases—they’re a recurring pattern. Here are some notable examples:

CVE-2019-5736: runc Vulnerability

What happened: A vulnerability in runc (the container runtime used by Docker and others) allowed an attacker to overwrite the host runc binary and gain root access to the host.

Impact: Any container with the ability to execute code could escape and compromise the host.

Blast radius: Affected nearly every container deployment in the world.

Fix: Patch runc. Hope you deployed the patch everywhere before someone exploited it.

CVE-2022-0492: cgroups Vulnerability

What happened: A flaw in Linux kernel cgroup handling allowed containers to escape and execute arbitrary code on the host.

Impact: Unprivileged containers could gain full root access.

Blast radius: Affected all Linux kernels before the patch.

Fix: Kernel update required across entire infrastructure.

Dirty Pipe (CVE-2022-0847)

What happened: A Linux kernel vulnerability that allowed overwriting data in arbitrary read-only files.

Impact: Container processes could modify read-only files on the host, leading to privilege escalation.

Blast radius: All Linux kernels 5.8+

Fix: Kernel patch, cluster-wide rollout, fingers crossed.

The Pattern

Notice a trend?

  1. Vulnerability discovered in kernel or runtime
  2. All containers potentially compromised
  3. Full-scale incident that requires host/kernel patching
  4. Deployment blast radius is complex and risky
  5. Race against time and exploit development

This is the treadmill of detection-based security. You’re always waiting for the next big incident. You’re always behind after it happens.

Multi-Tenancy: The Impossible Dream?

Here’s a question that keeps platform engineers up at night: Can you safely run untrusted workloads on shared infrastructure?

With traditional containers, the honest answer is: not really.

The Multi-Tenant Nightmare Scenario

You’re running a platform where customers deploy their own code:

Node 1:
├─ Customer A: E-commerce app
├─ Customer B: Data processing job
├─ Customer C: Web scraper (possibly malicious)
└─ Customer D: ML training workload

If any customer’s workload is malicious or compromised:

  • ❌ They exploit a kernel vulnerability
  • ❌ Access Customer A’s payment data
  • ❌ Steal Customer D’s ML models
  • ❌ Use your infrastructure for crypto mining
  • ❌ Pivot to other nodes in the cluster

The Current “Solutions”

How do platforms currently handle this?

  1. Don’t allow multi-tenancy - Run separate clusters per customer (spikes your cloud bill, complex maintenance and management)
  2. Trust your customers - Hope nobody is malicious or never deploys vulnerable code (naive)
  3. Add more security tools - RBAC, network policies, admission controllers (doesn’t fix the fundamental problem)
  4. Use gVisor or Kata Containers - Better, but comes with significant performance and compatibility tradeoffs

None of these are great options.

GPU Isolation: The AI Security Challenge

As AI workloads become more common, GPU sharing introduces a whole new attack surface.

The GPU Problem

GPUs are complex devices with:

  • Their own firmware and drivers
  • Direct Memory Access (DMA) capabilities
  • Shared memory pools
  • Complex privilege boundaries

When multiple containers share a GPU:

┌─────────────────────────────────┐
│  Container A    Container B     │
│  [ML Model]    [ML Training]    │
├─────────────────────────────────┤
│      Shared GPU & Driver        │
├─────────────────────────────────┤
│         Linux Kernel            │
└─────────────────────────────────┘

Real Risks

  1. Data leakage - Container A could potentially read GPU memory used by Container B
  2. Model and weights theft - Valuable ML models and weights could be extracted
  3. Driver vulnerabilities - GPU drivers are enormous and complex codebases. When they fail, they provide full system access.
  4. DMA attacks - GPUs with DMA could potentially access arbitrary system memory

Why This Matters for Enterprises

If you’re running AI workloads:

  • Training data might be sensitive (customer data, privacy and regulatory requirements, proprietary information)
  • Model weights are highly valuable IP
  • GPUs are expensive so sharing them is an economical necessity
  • Customers demand isolation guarantees

Traditional container isolation doesn’t cut it here.

Lateral Movement: One Breach, Total Compromise

Once an attacker escapes a container to the host, the real damage begins.

The Attack Chain 

1. Initial Compromise
   └─> Exploit container vulnerability

2. Container Escape
   └─> Leverage kernel vulnerability

3. Host Compromise
   └─> Gain root on host

4. Lateral Movement
   ├─> Access other containers on same host
   ├─> Steal credentials (kubelet certs, service tokens)
   ├─> Pivot to other nodes and data
   └─> Compromise entire cluster

5. Data Exfiltration / Ransomware / IP Theft

The Blast Radius Problem

In a typical Kubernetes cluster:

  • Dozens or hundreds of nodes
  • Thousands of containers
  • Shared network fabric
  • Shared control plane
  • Shared storage

A single container escape can cascade into full cluster compromise. And because containers share a kernel, that escape is fundamentally possible from any container.

The Enterprise Impact

Let’s translate these technical risks into business terms:

Compliance Nightmares

  • PCI DSS: “Are your payment processing containers isolated?” (Not really…)
  • HIPAA: “Can healthcare data leak to other tenants?” (Possibly…)
  • SOC 2: “What are your isolation guarantees?” (Um…)

Financial Risks

  • Data breach costs (average: $4.45M per incident)
  • Regulatory fines (GDPR can be 4% of global revenue)
  • Customer churn after security incidents
  • Incident response and remediation costs

Operational Costs

  • Security team overhead
  • Constant patching and updates
  • Over-provisioning for security (separate clusters, nodes)
  • Complexity of defense-in-depth architectures

Why Traditional Security Isn’t Enough

The typical response to these challenges is to add more security layers:

  • Runtime security monitoring
  • Network policies
  • Admission controllers
  • Vulnerability scanning
  • Runtime behavioral analysis
  • Intrusion detection

This is all valuable, but it’s detection-based security, not prevention. You’re trying to catch attacks after they happen, not prevent them architecturally.

The Problem with Detection

Detection-based security assumes:

  1. You can detect all attacks (you can’t)
  2. You can respond fast enough (you usually can’t)
  3. The attacker hasn’t already pivoted (they probably have)

Prevention is better than detection.

What if, instead of trying to detect container escapes, we made them architecturally impossible?

That’s where Edera comes in.

Next: The Detection vs Prevention Problem →

Last updated on
The Container IllusionDetection vs Prevention