December 22, 2019

193 words 1 min read

Scrutinizing SPIRE to Sensibly Strengthen SPIFFE Security

Scrutinizing SPIRE to Sensibly Strengthen SPIFFE Security

SPIFFE (Secure Production Identity Framework For Everyone) is an open source standard for giving identities to services in dynamic and heterogeneous environments. SPIRE is an implementation of SPIFFE …
Talk Title Scrutinizing SPIRE to Sensibly Strengthen SPIFFE Security
Speakers Evan Gilman (Engineer, Scytale), Matt Moyer (Security Engineer, Heptio)
Conference KubeCon + CloudNativeCon North America
Conf Tag
Location Seattle, WA, USA
Date Dec 9-14, 2018
URL Talk Page
Slides Talk Slides
Video

SPIFFE (Secure Production Identity Framework For Everyone) is an open source standard for giving identities to services in dynamic and heterogeneous environments. SPIRE is an implementation of SPIFFE that provides a solid bedrock for secure infrastructure – at least that’s what we hope! In this talk, we’ll attempt to rationalize that notion. We’ll introduce a formalized threat model for SPIRE and show how it helps suggest practical security improvements. First, we’ll introduce the components of SPIFFE and show how applications can use it to build secure service-level authorization systems. Then we’ll show how the components of SPIRE work together to enforce useful security properties. Finally, we’ll walk through our findings and show some of the incremental improvements we’ve made to strengthen SPIRE.

identity threat framework security open source infrastructure
comments powered by Disqus
SPIFFE Deep Dive

SPIFFE Deep Dive

November 26, 2019

SPIFFE (Secure Production Infrastructure for Everyone) and SPIRE are two of the newest projects to join the CNCF. These projects build on designs first championed at Google, Twitter and elsewhere to p …
Introduction to continuous compliance and remediation

Introduction to continuous compliance and remediation

December 22, 2019

Join Nathen Harvey to learn how to easily integrate automated tests that check for adherence to policy into any stage of your deployment pipeline, using InSpec for compliance and Chef for remediation.
Distributed training of deep learning models

Distributed training of deep learning models

December 10, 2019

Mathew Salvaris, Miguel Gonzalez-Fierro, and Ilia Karmanov offer a comparison of two platforms for running distributed deep learning training in the cloud, using a ResNet network trained on the ImageNet dataset as an example. You'll examine the performance of each as the number of nodes scales and learn some tips and tricks as well as some pitfalls to watch out for.
Hadoop under attack: Securing data in a banking domain

Hadoop under attack: Securing data in a banking domain

December 9, 2019

The apparent difficulty of managing Hadoop compared to more traditional and proprietary data products makes some companies wary of the Hadoop ecosystem, but managing security is becoming more accessible in the Hadoop space, particularly in the Cloudera stack. Federico Leven offers an overview of an end-to-end security deployment on Hadoop and the data and security governance policies implemented.
Entitlements: Understandable Container Security Controls

Entitlements: Understandable Container Security Controls

November 23, 2019

In this talk Justin Cormack introduces a new system of security entitlements for container workloads. These specify the types of access a pod should have in a human readable way. He will also demonstr …
The Industry Convergence of Automotive and Blockchain

The Industry Convergence of Automotive and Blockchain

November 14, 2019

Automotive and transportation sits at the very core of society. Legacy technology permeates industry business frameworks, along with a human proclivity to simplicity and a reluctance to change. With c …