logo
allArticlesConferencesPresentations

Untrusted Execution: Attacking the Cloud Native Supply Chain

Conference:  KubeCon + CloudNativeCon North America 2022

2022-10-26

Authors:   Andrew Martin

Summary

The presentation discusses the importance of threat modeling and supply chain security in DevOps and provides best practices for securing the supply chain.
  • Threat modeling is important to bring quantifiability and reason to abstract threats and to identify attack paths.
  • The Stride process and standards documents can be used to exhaust potential permutations of threats and identify simple controls to cover as many cases as possible.
  • The attack tree is a visual representation of an attack and can be used to multiply likelihood and impact to give abstract risk scores.
  • Layering controls across the branches of the attack tree can break the attack chain and provide a minimum viable set of security configurations.
  • Pipeline metadata is important for piecing things back together and giving a different type of observation.
  • Best practices for securing the supply chain include using S-bombs, artifact signing, and evidence leaks and ledgers.
  • Measuring SAL level and mean time to remediation are useful indicators of vendor maturity.
  • Retrofitting and slowly maturing the supply chain is important.
  • Asking vendors for S-bombs is a closer first step than asking for SAL level.
The speaker mentions a tool called Witness which can run as your paid one and trace all your build behavior to help derive what you actually do and how that is built.

Abstract

Should we trust the code we run in production? Not if a motivated attacker can compromise our system’s complex supply chains. While hardened runtimes and detection can mitigate some zero day attacks, malicious internal threat actors and software implants are much harder to detect. Supply chain security looks to address some of these concerns, but with so many signing options available to us, what do we really care about? Our source code, open source dependencies, CI/CD, built containers, vendor software — or the hardware and operating systems we run on? Securing the whole supply chain is a non-trivial task, and requires consideration at all of these levels. In this talk we: - Undertake a risk-based threat model of supply chain attacks against our systems - Compare the open source supply chain security controls available to us - Examine trusted execution environments and their security properties - Propose a solution for end to end supply chain security
Materials:
Slides
Tags:
Supply chain security
source code security
open source security
container security
runtime security

Post a comment

Related work

Image Signing and Runtime Verification at Scale: Datadog's Journey

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Ethan Lowman
2023-04-20

The Simple, Yet Lethal, Anatomy of a Software Supply Chain Attack

Conference:  RSA Conference 2022
Authors:
2022-06-06

Sponsored Session: The Simple, Yet Lethal, Anatomy of a Software Supply Chain Attack

Conference:  SupplyChainSecurityCon 2022
Authors: Jossef Harush Kadouri
2022-06-22

A Treasure Map of Hacking (and Defending) Kubernetes

Conference:  KubeCon + CloudNativeCon Europe 2022
Authors: Andrew Martin
2022-05-20

Protecting Ourselves from CNCFgate. Software Supply Chain Security at CNCF - Practices, and Tools - Andres Vega & Emily Fox, CNCF SIG

Conference:  KubeCon + CloudNativeCon Europe 2021
Authors: Emily Fox, Andres Vega, Jonathan Meadows

Kubernetes Supply Chain Security: The Software Factory

Conference:  KubeCon + CloudNativeCon North America 2021
Authors: Andrew Martin
2021-10-13