Things I've Spoken About
Removing Cloud Providers From the Zero Trust Equation
SPIFFE is a framework to generate identities for software systems in dynamic and heterogeneous environments. SPIFFE Verifiable Identity Documents (SVIDs) enable us to be explicit about the trust we place in systems. However, the degree of trust we can place in SVIDs relies heavily on the soundness of the data gathering and verification process during node attestation.
This presentation introduces a novel approach to enhance the trust in SVIDs by leveraging confidential computing technologies, specifically Confidential Virtual Machines (CVMs) such as AMD SEV-SNP or Intel TDX. These technologies enable us to track platform information directly in hardware, including firmware, boot loader, and kernel images, which are then signed with a key rooted inside the CPU itself. By incorporating hardware-protected platform information directly into the SVID generation process, we can significantly enhance the confidence placed in the resulting identity documents.
Talk
Confidential Computing
SPIFFE/SPIRE
Zero Trust
From Offense to Defense: Live Exploitation of GitHub Action Vulnerabilities
In this interactive session, we delve into the realm of GitHub Actions,
exploring both the vulnerabilities that attackers exploit and the
defensive strategies developers can employ. We’ll demonstrate real-world
attacks and their countermeasures, showcasing practical methods to secure
your CI/CD workflows. Join us as we uncover the intricacies of GitHub
Actions, where we explore the following attacks (and how to protect against them):
• Fake git commits and meta data
• Take over a GitHub action to distribute malicious code
• Manipulate GitHub repository settings
• Backdoor a GitHub release
Talk
GitHub Actions
CI/CD Security
Supply Chain Security
VSCorode: Inside your IDE, Inside your Git Repository \w Kevin Ward
VSCode is one of the most popular IDEs with a flourishing community of extensions for data manipulation, theming, programmatic language features and additional debugging functionality. There is a great deal of trust placed in these extensions so what would happen if an extension turned against you?
Code for the demo is hosted at https://github.com/controlplaneio/research-vscode
There is also a two part blog post series [1] [2] that details our research and findings.
Talk
VSCode
Supply Chain Security
IDE Security
Learning from Open Source: A Developer-First Approach to Security
Everyone is all too familiar with the stereotypical sticky-note with a password attached to a monitor, but we see equivalent security risks in our jobs, everyday! From sharing production secrets through insecure channels, to disregarding TLS server certificate validation. These are symptoms of a larger issue - ‘Security at the expense of usability comes at the expense of security’. In this talk we will delve into the heart of this issue and show why adopting a developer-first approach is paramount when designing a secure system.
Code for the demo is hosted at https://github.com/datosh/devx
Talk
Developer Experience
Let's Encrypt
Sigstore
Demystifying Confidential Computing: A Practical Introduction for Cloud Native Engineers
Confidential computing stands at the forefront of modern security paradigms, offering unprecedented levels of data protection in cloud environments. As cloud-native architectures become increasingly prevalent, understanding and leveraging confidential virtual machines (CVMs) is paramount for engineers tasked with safeguarding sensitive data. This talk aims to demystify confidential computing and provide cloud-native engineers with a practical introduction to integrating confidential VMs into their cloud infrastructures.
Code for the demo is hosted at https://github.com/datosh/intro-to-cc
Talk
Confidential Computing
AMD SEV-SNP
GCP
3h Workshop: Advanced CI Security Powered by the Open Source Community
In this workshop, we will learn how to secure your CI/CD pipeline
using open source tools and best practices. We will cover how to:
• Understand how attackers think (Threat Modelling)
• Sign and verify git commits
• Scan for vulnerabilities in containers and binaries
• Generate SBOMs to make security decisions
• Sign your build artifacts
• Demonstrate how clients verify artifacts
Accompanying blog post on control-plane.io
Talk
Supply Chain Security
CI/CD Security
Git Commit Signing
Hacking & Defending Kubernetes Clusters: We’ll Do It LIVE!!
Ever wondered about the security of your own Kubernetes cluster, but new to Kubernetes security and not sure where to start? In this talk Fabian and James will, via a series of live demos, demonstrate both common attacks and offensive techniques against Kubernetes clusters and workloads, and the runtime controls to protect against them. Scenarios include: Leveraging a compromised Container to attack the underlying node, pivot across the network, or abuse accessible secrets and tokens. A Malicious Insider exploiting common RBAC misconfigurations. Using a single node to hijack the entire cluster.
Each attack will be contextualised via mapping to the threat model resources available to the community today, such as the MITRE ATT&CK® Containers Matrix and CNCF Financial Services User Group attack trees. Fabian and James will explain how to use these resources, and the demonstrated attacks and controls to threat model, security test and defend your own Kubernetes Clusters.
Talk
Kubernetes Security
Level-up your security game as a K8s developer!
In this talk I will present how to incorporate security best practices in your day-to-day tasks as a (Golang) Kubernetes developer. We will cover how to sign your git commits, scan container images for vulnerabilities and release + deploy minimal images that make both you and your SREs happy! We will heavily rely on the Sigstore ecosystem to sign without the hassle of key management. No subscriptions or server deployments are required, which will enable you to adopt these practices right away.
Talk
Git Commit Signing
Container Image Security
Supply Chain Security
Verifiable Build Environments in the Cloud: Powered by Sigstore and Enclaves
Confidential computing is a breakthrough security technology. With it data can be kept encrypted during processing. Tools in the confidential computing space utilize these new concepts to provide fully-encrypted, high security environments, but as everyone in security knows: you are only as strong as your weakest link. Supply Chain Security is one of our industries weakest links. This talk will provide a deep drive of how Sigstore can help confidential (and other high security) products maintain a high level of security, keep their trusted compute base minimal, all the while preserving a high engineering velocity. To that end we will sketch out an architecture to build and sign in the cloud without malicious actors being able to steal signing keys or tamper with build processes. We will also show a live working demo of how such a system could be realized.
Talk
Confidential Computing
Supply Chain Security
Case study as an early adopter of Sigstore.
As an early adopter of Sigstore, Edgeless Systems provided me with the time to contribute a case study on how to use Sigstore to secure the releases and measurements of Constellation.
Blog
Supply Chain Security
Share my Confidential Computing journey at KCD Berlin 2022.
After joining Edgeless Systems 6 months earlier, I shared my journey of learning about Confidential Computing with the Kubernetes and cloud native community at KCD Berlin 2022.
Talk
Confidential Computing