December 22, 2019

193 words 1 min read

Scrutinizing SPIRE to Sensibly Strengthen SPIFFE Security

Scrutinizing SPIRE to Sensibly Strengthen SPIFFE Security

SPIFFE (Secure Production Identity Framework For Everyone) is an open source standard for giving identities to services in dynamic and heterogeneous environments. SPIRE is an implementation of SPIFFE …

Talk Title Scrutinizing SPIRE to Sensibly Strengthen SPIFFE Security
Speakers Evan Gilman (Engineer, Scytale), Matt Moyer (Security Engineer, Heptio)
Conference KubeCon + CloudNativeCon North America
Conf Tag
Location Seattle, WA, USA
Date Dec 9-14, 2018
URL Talk Page
Slides Talk Slides
Video

SPIFFE (Secure Production Identity Framework For Everyone) is an open source standard for giving identities to services in dynamic and heterogeneous environments. SPIRE is an implementation of SPIFFE that provides a solid bedrock for secure infrastructure – at least that’s what we hope! In this talk, we’ll attempt to rationalize that notion. We’ll introduce a formalized threat model for SPIRE and show how it helps suggest practical security improvements. First, we’ll introduce the components of SPIFFE and show how applications can use it to build secure service-level authorization systems. Then we’ll show how the components of SPIRE work together to enforce useful security properties. Finally, we’ll walk through our findings and show some of the incremental improvements we’ve made to strengthen SPIRE.

comments powered by Disqus