logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Black Hat Asia 2023
Authors: Roni Gavrilov
2023-05-12

The adoption of Industry 4.0 and IoT (IIoT) technologies into industrial business operations has brought great operational and economic benefits, but also introduced new risks and challenges. One of the major risks is the potential for central points of failure (the cloud), which in the industrial remote access scenario can leave many industrial companies reliant on a single IIoT supplier's security level.IIoT suppliers often provide cloud-based management solutions to remotely manage and operate devices. While some research has been conducted on the security of these IIoT devices' firmwares and protocols, there is still much to learn about the unexpected security risks emerging from their cloud-based management platforms.In our research, we focused on the cloud-based management platforms of three major IIoT gateway suppliers - Sierra Wireless, Teltonika Networks, and InHand Networks. When investigating how they might be exploited by malicious actors, we found out these types of platforms can act as the backdoor for accessing multiple industrial and critical environments at once, bypassing perimeter and defense-in-depth security measures. During the session, we will present three attack vectors that could compromise cloud-managed IIoT devices through their cloud-based management platforms. The discovered vulnerabilities impact thousands of devices in industrial environments, bypassing NAT and traditional security layers. We will provide an in-depth overview of these vulnerabilities and demonstrate multiple vulnerabilities including RCE over the internet, bypassing NAT and reaching directly to the internal network, without any pre-conditions. At the end of the session, we will suggest practical recommendations for asset owners, security architects and IIoT vendors.
Authors: Petter Sveum
2023-04-21

tldr - powered by Generative AI

The presentation discusses the challenges of data protection and application recovery in cloud and Kubernetes architectures and proposes an autonomous data management platform as a solution.
  • More customers are building critical infrastructure into Kubernetes, but struggle with data protection and recovery.
  • Critical applications require persistent storage and disaster recovery orchestration.
  • An autonomous data management platform should be cloud-optimized, API-enabled, microservices containerized, elastic, multi-cloud, and multi-tenant.
  • The platform should deliver advanced functionalities like automated capacity management, self-optimization, recovery of service, resiliency of service, and end-to-end security.
  • The platform should apply a set of criteria for protecting workloads and ensuring security and predictability for recovery.
  • The platform should provide an outcome where data is protected end-to-end, resiliency can be managed, tested, and validated, and there is optimized and efficient usage of infrastructure.
Authors: Yin Ding, Kevin Wang
2023-04-21

tldr - powered by Generative AI

The presentation discusses the Cube Edge project, which aims to enable AI collaboration between cloud and edge computing. The project has multiple use cases, including satellite image analysis and oil field management. The community effort is crucial to the project's growth, and the future of the project involves creating dedicated scenario-based toolkits and supporting multiple architectures and operating systems.
  • Cube Edge enables AI collaboration between cloud and edge computing
  • Use cases include satellite image analysis and oil field management
  • Community effort is crucial to the project's growth
  • Future plans involve creating dedicated scenario-based toolkits and supporting multiple architectures and operating systems
Authors: Kevin Hoffman
2023-04-21

tldr - powered by Generative AI

WasmCloud is a distributed computing framework that allows for building microservices, functions, and fully distributed systems using simple WebAssembly modules. It provides capabilities such as a web server, key-value store, and event sourcing. The framework takes care of dispatching messages and communicating with state stores, allowing developers to focus on writing simple, testable functions.
  • WasmCloud allows for building microservices, functions, and fully distributed systems using simple WebAssembly modules
  • Capabilities such as a web server, key-value store, and event sourcing are provided
  • The framework takes care of dispatching messages and communicating with state stores
  • Developers can focus on writing simple, testable functions
Authors: Roland Kool, Ricardo Rocha, Piotr Szczesniak, Christian Huening, Rania Mohamed
2023-04-21

tldr - powered by Generative AI

The challenges of securing and governing communication between services running in multiple clusters or different infrastructure can be addressed through the use of service mesh and gateway API solutions in a distributed, heterogeneous environment.
  • The shift from data centers on premises to cloud and multi-cloud and hybrid environment has created new challenges in securing and governing communication between services
  • Service mesh and gateway API solutions provide a way to address these challenges by offering a shared trust anchor, identity framework, and policies for selective communication
  • Examples of service mesh solutions include Linker D and Istio, while Kubernetes Gateway API offers a portable solution for multi-cluster communication
Authors: Christophe Tafani-Dereeper, Diego Comas
2023-04-20

tldr - powered by Generative AI

The talk discusses common pitfalls and traps in managed Kubernetes environments and how to bridge the gaps between what runs inside a managed Kubernetes cluster and what is deployed in other services of the cloud provider.
  • Admins in AWS do not necessarily have permissions on their Kubernetes cluster
  • External secrets can be brought into the cluster using different techniques
  • Architecting cloud-native applications can benefit from the full power of cloud services while avoiding complete vendor lock-in
  • Attackers can abuse mechanisms to pivot from exploiting a single containerized workload to compromising full cloud environments
  • A tool is being released to help mitigate and handle some of the pitfalls and problems
Authors: Stefan van Gastel, Anna Magdalena Kosek
2023-04-20

tldr - powered by Generative AI

The presentation discusses the challenges and ambitions of improving situational awareness and decision support through information superiority in military operations using cloud-native software and Kubernetes Cluster Federation.
  • The goal is to achieve information superiority, provide multi-domain and integrated operations, and deploy both software and personnel quickly, scalably, and self-supporting.
  • TNO is enlisted to help bridge the gap between the actual state, the current state, and the desired state, and determine which steps and technologies need to be explored.
  • The research program focuses on the assumption that future command and control systems will be built and run cloud-natively, and every vehicle will have a form of Kubernetes running to facilitate this.
  • The use of Cloud-native software excels in situations where there is a complete lack of connectivity, taking into account the sporadic occasion in which there is a possibly small bandwidth connection during physical deployment.
  • Kubernetes Cluster Federation helps realize the future picture by ensuring trust and isolation, observability, and power and temperature aware scheduling.
  • Data replication across clusters is minimized, and data gravity is used to keep data on the cluster.
  • Revocation of keys and certificates is an open question, but there are ongoing experiments and research being done in other parts of the world.
  • The presentation ends with a call to action for job opportunities and feedback.
Authors: Rodrigo Campos Catelin, Marga Manterola
2023-04-20

tldr - powered by Generative AI

The presentation discusses the benefits and challenges of using Kubernetes for Cloud Native applications.
  • Kubernetes can automate tasks and make applications more resilient
  • Automatic health checking and load balancing are important features of Kubernetes
  • Kubernetes is a complex abstraction layer that requires learning and debugging
  • Deploying applications as Kubernetes deployments involves writing YAML files that specify desired state
  • Connecting backend and frontend pods in Kubernetes requires service objects
Authors: Ameer Abbas, Steve McGhee
2023-04-20

tldr - powered by Generative AI

The presentation discusses the importance of starting with archetypes when building resilient platforms and services, and the trade-offs between reliability and effort.
  • Archetypes provide known good starting points for building resilient platforms and services
  • Applications have multiple services and microservices should be used to degrade gracefully
  • Resilient teams are necessary to build robust platforms that can handle risks
  • There are trade-offs between reliability and effort, and exponential curves show the increasing effort required for higher levels of reliability
Authors: Shay Berkovich, Barak Sharoni
2023-04-20

tldr - powered by Generative AI

The presentation discusses the exploitation of a feature on the scope called custom plugin monitor, which extends the core functionality on the NPD and allows for a chain of attack that can lead to persistency. The talk highlights the need for a multi-level approach to cluster security and the importance of understanding the components in worker nodes.
  • The custom plugin monitor feature on the scope can be exploited to write a script into the circle folder node problem detector, which can lead to persistency.
  • Misconfigurations and file writing abilities of the Pod can be exploited to execute scripts as root and establish persistence.
  • Kubernetes security controls do not take into account middleware components, and permission and CSP-based methods may need to be rethought.
  • A multi-level approach to cluster security is necessary, including understanding the impact of misconfigurations, log-based detection, agent-based detection, and sensor-based detection.
  • It is important to understand the components in worker nodes to ensure cluster security.