Making Open Work
May 8–9, 2017: Training & Tutorials
May 10–11, 2017: Conference
Austin, TX

A question of trust: When good containers go bad

Tim Mackey (Synopsys)
3:25pm3:50pm Tuesday, May 9, 2017
Location: Ballroom G
Average rating: **...
(2.50, 4 ratings)

Managing container infrastructure in a production environment is challenged by problems of scale. One of the biggest problems is trust—specifically trust of the application. To put it another way, can you trust that all containers in your Kubernetes or OpenShift cluster are performing the tasks you expect of them? We know that containerization has increased the pace of deployment, but has trust kept pace? If a container becomes compromised in some fashion, how many other containers are at risk and how far has trust been broken?

To answer those questions, you first need to make some assertions: that all containerized applications were subjected to static code analysis and were pen-tested; that you’re able to determine the provenance of the container through signatures and from trusted repositories; and that appropriate perimeter defenses are in place and authorization controls are gating deployment changes. In essence this defines a trust model but forgets a key perspective—the attacker profile. Attackers decide what’s important to them. When defending against them at scale, you need to understand what information they use to design their attacks.

Tim Mackey explores the nature of data center threats, why threat models fail, how malicious attackers design their attacks, when the threat risk increases prior to attack and why information flow matters, and how traditional defenses are inadequate for container workloads. Tim then shares measures you can take to proactively identify risks, including OpenShift integrated tooling to identify container images with increased risk.

Photo of Tim Mackey

Tim Mackey

Synopsys

Tim Mackey is a principal security strategist with the Synopsys Cybersecurity Research Center (CyRC). He joined Synopsys as part of the Black Duck Software acquisition where he worked to bring integrated security scanning technology to Red Hat OpenShift and the Kubernetes container orchestration platforms.

Within his role at Synopsys, he engages with various technical and business communities to understand how application security is evolving with ever-expanding attack surfaces and increasingly sophisticated threats. He specializes in container security, virtualization, cloud technologies, distributed systems engineering and large-scale data center operations. Tim takes the lessons learned from his day-to-day work and discusses them at industry leading conferences such as RSA, OSCON, Open Source Summit, KubeCon, Interop, CA World, Container World, DevSecCon, DevOps Days, DockerCon, and the IoT Summit.

An advocate and thought leader in the Open Source community, Tim often discusses the benefits Open Source development increasingly plays in modern software development and deployment. He educates organizations seeking to understand how their consumption of Open Source software impacts the overall security of the products and services they provide.