Making Open Work
May 8–9, 2017: Training & Tutorials
May 10–11, 2017: Conference
Austin, TX

A question of trust: When good containers go bad

Tim Mackey (Black Duck Software)
3:25pm3:50pm Tuesday, May 9, 2017
Location: Ballroom G
Average rating: **...
(2.50, 4 ratings)

Managing container infrastructure in a production environment is challenged by problems of scale. One of the biggest problems is trust—specifically trust of the application. To put it another way, can you trust that all containers in your Kubernetes or OpenShift cluster are performing the tasks you expect of them? We know that containerization has increased the pace of deployment, but has trust kept pace? If a container becomes compromised in some fashion, how many other containers are at risk and how far has trust been broken?

To answer those questions, you first need to make some assertions: that all containerized applications were subjected to static code analysis and were pen-tested; that you’re able to determine the provenance of the container through signatures and from trusted repositories; and that appropriate perimeter defenses are in place and authorization controls are gating deployment changes. In essence this defines a trust model but forgets a key perspective—the attacker profile. Attackers decide what’s important to them. When defending against them at scale, you need to understand what information they use to design their attacks.

Tim Mackey explores the nature of data center threats, why threat models fail, how malicious attackers design their attacks, when the threat risk increases prior to attack and why information flow matters, and how traditional defenses are inadequate for container workloads. Tim then shares measures you can take to proactively identify risks, including OpenShift integrated tooling to identify container images with increased risk.

Photo of Tim Mackey

Tim Mackey

Black Duck Software

Tim Mackey is a technical evangelist for Synopsys and Black Duck Software. Tim’s role is one of engaging with technical communities to best understand how Black Duck and Synopsys solutions can solve their current application security problems, and learn what bleeding edge security concerns are top of mind in order to feed them back into the development team. He is well versed in open source application security, data center security, containers, virtualization and cloud technologies. Tim has spoken globally at many events including OSCON, CloudOpen, Interop, CA World, Cloud Connect, IoT Summit, European Cyber Threat Summit, DevSecCon and CloudNativeCon. Tim is a published O’Reilly Media author.