December 13, 2019

171 words 1 min read

Deep Dive: TUF

Deep Dive: TUF

When VCS systems, build pipelines, or signing servers are are compromised, attackers get to distribute malicious versions to millions of unsuspecting users. We present how Datadog used TUF and in-toto …
Talk Title Deep Dive: TUF
Speakers Justin Cappos (Professor, NYU), Trishank Kuppusamy (Chief Security Solutions Engineer, Datadog)
Conference KubeCon + CloudNativeCon North America
Conf Tag
Location Seattle, WA, USA
Date Dec 9-14, 2018
URL Talk Page
Slides Talk Slides
Video

When VCS systems, build pipelines, or signing servers are are compromised, attackers get to distribute malicious versions to millions of unsuspecting users. We present how Datadog used TUF and in-toto to develop, to the best of our knowledge, the industry’s first end-to-end verified pipeline that automatically builds integrations for the Datadog agent. That is, even if this pipeline is compromised, users should not be able to install malware. We will show a demonstration of our pipeline in production being used to protect users of the Datadog agent, and describe how you can use TUF + in-toto secure your own pipeline.

pipeline attack
comments powered by Disqus
The freedom to configure is the freedom to make a better world.

The freedom to configure is the freedom to make a better world.

December 13, 2019

Chances are you fell in love with technology the day you took some tool that didn't quite work for you and made it betterbetter suited to you and your idiosyncratic needs and uses. Then you shared your improvements and made other people's lives better too, and what sweeter feeling is there? Cory Doctorow explains why the right to configure is the signature right of the 21st century.
Automated Kubernetes Scalability Testing

Automated Kubernetes Scalability Testing

December 10, 2019

Kubernetes supports large clusters according to the docs, but how does it actually scale? Who came up with those limits? What are the actual numbers? To challenge this we built a CI/CD environment gea …
Hadoop under attack: Securing data in a banking domain

Hadoop under attack: Securing data in a banking domain

December 9, 2019

The apparent difficulty of managing Hadoop compared to more traditional and proprietary data products makes some companies wary of the Hadoop ecosystem, but managing security is becoming more accessible in the Hadoop space, particularly in the Cloudera stack. Federico Leven offers an overview of an end-to-end security deployment on Hadoop and the data and security governance policies implemented.
Human-in-the-loop data science with Jupyter widgets

Human-in-the-loop data science with Jupyter widgets

December 8, 2019

Jupyter widgets let you create lightweight, interactive graphical interfaces directly in Jupyter notebooks. Pascal Bugnion demonstrates how to use Jupyter widgets to implement human-in-the-loop machine learning with highly interactive user interfaces.
Improving DevOps and QA efficiency using machine learning and NLP methods

Improving DevOps and QA efficiency using machine learning and NLP methods

December 8, 2019

DevOps and QA engineers spend a significant amount of time investigating reoccurring issues. These issues are often represented by large configuration and log files, so the process of investigating whether two issues are duplicates can be a very tedious task. Ran Taig and Omer Sagi outline a solution that leverages NLP and machine learning algorithms to automatically identify duplicate issues.
Making Big Data Processing Portable. The Story of Apache Beam and gRPC

Making Big Data Processing Portable. The Story of Apache Beam and gRPC

December 7, 2019

Big data applications have been an almost exclusive domain of Java and Scala developers. This not only frustrates engineers who prefer other languages and their ecosystems, but also impedes companies …