logo
allArticlesConferencesPresentations

Introducing graph theory to Policy-As-Code

Conference:  OWASP 20th Anniversary Event

2021-09-24

Authors:   Barak Schoster

Summary

The presentation discusses the importance of infrastructure as code and automation in cloud security and DevOps. It highlights the challenges of manual security reviews and misconfigurations in open source repositories, and proposes solutions such as infrastructure linters and early feedback loops.
  • Infrastructure as code and automation are crucial for cloud security and DevOps
  • Manual security reviews and misconfigurations in open source repositories pose significant risks
  • Infrastructure linters and early feedback loops can help prevent misconfigurations and improve security
  • Collaboration between security and development teams is essential for a scalable and agile security process
The speaker shares how their organization struggled with manual security reviews and tedious policy implementation before adopting infrastructure as code and automation. They also highlight the risks of misconfigurations in open source repositories, such as lack of encryption and logging, and the challenges of keeping up with new cloud services and configurations. The speaker emphasizes the need for collaboration between security and development teams to ensure a scalable and agile security process.

Abstract

Abstract:Graphs are a data structures used to model relationships between nodes. Modern cloud infrastructures can be thought of as graphs - compute resource depend on network resources, which in turn depend on access control resources, and so on.Infrastcture as code projects such as Terraform builds a directed acyclic graph to model the relationships between resources so operators can safely manage and change infrastructure resources across bare metal, IaaS, PasS, and SaaS.Can we utilize a similar graph to analyze and enforce a policy over infrastrcture as code?In this talk we will explore how to apply graph theory to Policy As Code using the open source tool Checkov.We will cover the internals of Checkov, Demonstrate usage and will write a costom policy that on the relationship that are between compute resources and acces control resources.
Materials:
Tags:
graphs
data structures
nodes
relationships
Cloud

Post a comment

Related work

All Your GNN Models and Data Belong to Me

Conference:  Black Hat USA 2022
Authors:
2022-08-10

The New Stack Tapas Tuesday (Limited Seating Availability; In Person Attendees Only)

Conference:  KubeCon + CloudNativeCon Europe 2022
Authors: Heather Joslyn, Alex William, Bailey Hayes, Fabrizio Pandini, Saad Malik
2022-05-17

Empowering the Guardians of Your Code Kingdom

Conference:  Global AppSec Dublin 2023
Authors: Gabriel L. Manor
2023-02-15

Inside Out - The Cloud has Never been so Close

Conference:  BlackHat EU 2019
Authors:
2019-12-05

Sponsored Session: Bridgecrew - End-to-end policy-as

Conference:  KubeCon + CloudNativeCon Europe 2021
Authors: Matt Johnson

How We Migrated Over 1000 Services to Backstage Using GitOps and Survived to Talk About It!

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Shahar Shmaram, Ran Mansoor
2023-04-20