Skip to main content

Red October: Implementing the Two-man Rule for Keeping Secrets

Nick Sullivan (CloudFlare)
Average rating: ***..
(3.80, 5 ratings)
Slides:   1-PDF 

This talk is about the creation of a new security tool, Red October. Red October can be used to enforce the two-person rule for access to critical data, helping keep company data protected from insider threats.

The security industry tends to be less open about the details of how their software works than other parts of the software industry. This project was created to tackle the practical challenges of traditional security compliance, but inspired by an open source mentality. By taking a vague set of regulatory requirements we devised a user-friendly tool that solves a broader problem that is an issue for many small organizations.

This talk will teach people about cryptography and division of responsibility in key management, a very important consideration when moving a business to the cloud. It will also help show where to draw the line between using existing cryptographic and security mechanisms, and building your own.

The points I will cover include:

The problem we were trying to solve (protecting secrets from insiders)
An examination of naive approaches and why they failed
An overview of what the server can and cannot do
An explanation of the cryptographic design of the project
Examples of how it can be used
The advantages and pitfalls of developing the tool with a newer programming language like Go
Design decisions for the interface
The steps to open source the project
Community reaction and implementation

Photo of Nick Sullivan

Nick Sullivan


Nick is a software engineering leader innovating in the world of Internet scale data at CloudFlare. He is also a respected digital rights management innovator with a thorough understanding of the digital media distribution process through over half a decade working on the iTunes store. He previously worked as a security analyst worked at Symantec analyzing large scale threat data. He holds an MSc in Cryptography and a BMath in Pure Mathematics.