►
From YouTube: CNCF SIG Security Meeting 2019-11-06
Description
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
CNCF SIG Security Meeting 2019-11-06
A
B
A
A
A
C
Also
we'll
be
talking
a
bit
more
about
some
of
the
standardization
discussions.
We've
been
having
that
michael
ducey
kicked
off
with
this
presentation
around
run
time,
policy
interface,
so
yeah.
Anyone
who
wants
to
join
or
is
interested
in
policy
issues,
that's
at
3
o'clock
today
and
then
just
a
another
reminder
that
on
December
4th
we're
still
I'm
still
hoping
to
have
radically
open
security
present.
So
those
who
are
interested
in
the
assessment
process
and
security
process,
a
security
review
process
that
should
be
a
good
session
for
that
topic.
That's.
A
C
The
discussion
quickly
zoom
din
to
may
be
standardizing,
not
necessarily
how
the
policies
are
defined
or
interface,
because
that's
a
broad
subject,
area
right:
lots
of
different
domains,
lots
of
different
areas
that
policy
get
applied.
It's
starting
to
look
more
like
how
can
we
define
a
standard
result?
Definitions
is
something
that
you
know
we
could
every
tool
and
every
in
anyone
who
wants
to
ingest
that
stream
of
results
would
have
kind
of
a
standardized,
notation
and
definition
of
what
that
result
might
look
like,
but
again,
it's
all
very,
very
early
discussion.
B
C
C
The
policy
work
group
is
at
3
p.m.
today.
The
the
assessment
discussion
is
coming
December
4th
that
that's
a
presentation
by
radically
open
security,
which
is
the
group
that
did
the
mozilla
moss
security
reviews
and
they
have
some
great
articles
on
their
site,
so
they're,
one
of
their
co-founders
or
the
founder
shoes
hoping
to
present
at
December
4th.
So.
C
They're
doing
audits
with
Mozilla
and,
of
course,
others,
so
it's
really
more
on
presentation
and
what
they
do
and
then
the
best
practices
that
they've
discovered
there
their
premises.
There
are
open
security
reviews,
so
they
don't.
They
don't
try
to
obfuscate
what
they're
doing
they
present
a
lot
of
their
work.
Product
they're,
not
free,
so
they're,
not
volunteers.
They
are,
they
are
paid
by
Mozilla
and
by
other
companies
that
they
do
work
for
as
I
understand
it.
So
it's
really
more
they're
bringing
transparency
to
the
process.
So
it's
not
an
apples
to
apples.
C
F
E
Not
much
sir
I've
been
and
I'm
working
on
the
six
security
intro
sites
for
Q
Kong
other
than
that
not
much
I.
Guess
I
I've
been
looking
at
Santiago's
work
on
the
supply
chain,
I
think
looks
good
yeah
I
think
it's
pretty
much
almost
ready
to
much
I
think.
Well,
once
we
get
Sara
Zarr
GTM,
we
should
be
good
on
that.
A
G
G
Anything
anyway,
Tomas
is
a
solution
for
sick
at
the
kitchen
oncologist
and
it's
different
from
the
other
solutions,
because
it
says
you
and
Kate
the
stick
and
for
specific
application,
and
so
only
applications
running
with
a
specific
service
account
complicated
MMX,
using
cloud
solutions
for
one
kitchen
like
AWS
kms,
so
I
hope
you're
bored.
So
this
is
like
the
high-level
overview
and
we
have
more
than
400
stars
on
get
up,
threat,
modeling
or
the
different
type
of
security
test,
or
that
and
so
basically
I
do
hope.
G
G
B
G
If
you
want
to
guide
me
like
I,
read
the
document,
the
document
to
link
on
the
order
under
get
a
ratio
of
other
things
are
specified
there
and
we
actually
have
most
of
the
things
that
are
there.
This
is
what
I
said.
We
have
that
modeling
a
already
available
on
the
website,
which
includes
also
the
diagram
and
all
that
that
we
have
secured
the
test
and
I
think
this
is
the
stuff
that
Walter
we
have.
It.
B
G
G
G
B
B
Brilliant
thanks,
say:
ash
I
know
we
can
just
didn't
kept
us.
H
I
Yeah,
oh
so
I've
mostly
been
working
on
our
friend
content
or
too
many
parts
of
Yukon
and
I
also
updated
a
PR
for
those
Blackie's.
The
catalogue
and
resources,
I
think
I,
think
Brandon
spotted
they
have
to
be
nice.
We
have
another
possible
youth.
My
understanding
is
that
Sarah
wanted
to
have
a
niche
party
fun.
A
Okay,
I
can
take
a
look
at
it
as
well:
yeah
I'm,
sorry,
I
haven't
yet.
J
Yeah
so
yeah
we
started
to
discuss
control,
plane
versus
data
playing
policies,
in
particular
and
in
the
CNC
F
space.
When
people
talk
about
access
policies,
kubernetes
is
mostly
about
our
bank
and
that
is
fundamentally
just
covering
the
control
plane
and
for
data
been
it's
mostly
about
networking
policies,
so
we
were
thinking
you
know.
Is
there?
Are
there
other
policies
that
are
and,
and
how
can
we
express
and
how
can
we
enforce
the
one
that
we
are
particularly
interested
in
is
is
need
to
know
access
to
to
customer
data
right.
J
So
if
you
have
a
service
that
you
run
on
kubernetes,
how
can
you
make
sure
that
you
are
sree
co-ops
people
cannot
access
the
data
of
the
customer
but
still
have
access
to
the
underlying
infrastructure.
So
that's
what
we
are
looking
at
I'm,
not
sure.
If
there
is
anything
in
C
and
C
F
I,
don't
think
there
is.
K
J
B
J
I
assume
you
need
something
like
that
to
implement
gdpr
I,
don't
know
the
complete
specifics
because,
like
I
said
some
of
the
stuff,
we
can
just
rely
on
existing
infrastructure.
We
have
at
Google
but
I.
Think
if
you
are
a
deployment
on
kubernetes
and
you
need
to
be
gdpr
compliant,
you
need
some
solutions
for.
C
J
G
L
J
F
Right
but
I
I
can
talk
about
this
offline.
It's
not
in
the
stand
up,
but
I
guess
performance
wise.
It
depends
on
how
the
policy
is
you
right
and
the
data
you
are
writing
the
policy
is
over,
but
I
think
it
has
pretty
good
latency
requirements
like
Netflix
uses
it
for
the
same
purpose,
so
we
can
set
about
that
yeah.
L
J
Exactly
especially
if
you're
talking
about
data
right,
the
data
you
may
have
in
as
three
compatible
buckets
at
various
providers
and
having
a
sink
policy
that
allows
you
to
express
your
your
PCI
compliance.
It's
really
really
tricky.
Let
me
write
that
out.
I
have
lots
of
thoughts
on
that,
and
then
we
can
have.
L
L
A
L
Yeah,
so
just
just
one
update,
so
we
are
working
with
TOC,
so
TOC
is
trying
to
be
a
bit
more
proactive
in
trying
to
set
priorities
for
sticks,
and
we
are
the
first
six
that
they're
chosen
to
do
this.
So
Sara
dan
and
I
are
working
with
John
Liz
on
trying
to
try
to
agree
on
a
priority.
So
there
is
iterations
going
on,
but
I'd
wanna
bring
that
to
the
team.
L
A
M
M
M
What
are
you
looking
for?
Just
like
the
hey?
We
had
a
set,
we
had
a
cloud
native
day
and
here's
what
happened.
Yeah.
M
B
N
It's
near
Scott
NIST,
big
data
hi,
it's
mark
the
folks
at
NIST
are
holding
a
conference
yesterday.
Today's
hackathon
thing,
whatever
that
is
on
a
scale
and
I,
wanted
to
mention
it
in
this
group.
Maybe
I
should
put
an
issue
out
there
in
that
there's
the
possible
use
for
disclosing
across
an
ecosystem
like
a
supply
chain.
What
kinds
of
controls
are
being
provided
at
different
levels
in
the
supply
chain
as
a
way
of
supporting
decision
support
across
the
supply
chain.
N
So
in
our
case
it's
you
know,
partners
and
customers
of
ours
that
are
not
consumers,
but
who
have
j
socks
and
alerting
telemetry
of
various
kinds,
but
there's
no
formalism
to
exchange
this
kind
of
information
across
the
decision.
Support
systems
that
we
have.
So
whether
a
scale
can
do
this
or
not,
is
arguable,
but
it's
something
that
we
might
want
to
think
about.
It's
sort
of
the
meta
organizational
take
on
this
problem,
and
maybe
this
is
even
the
wrong
route
for
it,
but
I
thought
I'd
bring
it
up
anyway.
B
N
I
I
Is
it's
literally,
but
now
that
I'm
looking
at
the
schema
I
think
there
could
be
a
lot
of
duplication,
yeah,
yeah.
N
Travel
budget
in
this
company
for
the
likes
of
me
yeah.
What
but
touching
on
the
the
Interop
problem
that
was
just
mention
I
mean
this
is
such
a
huge
problem.
You
know,
since
we
don't
have
open,
c2
or
something
that
the
vendors
have
provided
us
with.
It's
really
hard
to
automate
the
policy
related
things
across
the
different
tools,
so
we
can
invest
millions
of
dollars
in
tools
and
and
then
we're
stuck
with
writing.
Python
API
is
to
get
them
to
be
able
to
ingest
alerts
from
each
other.
N
B
A
J
D
G
Actually,
we
started
production
issue,
excellent.
G
K
G
G
So,
in
order
like
the
general
idea,
what
it
is,
and
basically
we
created
camels
because
we
looked
for
a
good
get
up
solution.
We
worked
a
lot
with
get
ups
and
we
didn't
find
any
good
solutions
that
support
ETOPS
and
he's
secure,
not
existing
solution
like
silicon,
for
example,
stolen
kitchen
kids
on
the
cluster-
and
we
didn't
like
that.
So
we
try
to
create
something
different
and
it's
really
similar
to
how
Travis
walk.
G
Basically,
you
can
carry
this.
You
can
encrypt
this
ticket
for
specific
education.
We
are
using
service
account
as
the
application
identity.
It's
the
IANA
version.
We
think
to
smooth
the
species
at
some
point,
but
its
basic
pretty
much
the
same,
and
then
the
application
can
use
the
token
of
the
service
account
to
authenticate
to
commerce
and
accept
this
ticket.
So
basically
the
flock
from
the
other
side
is
creating
a
service
account
and
kept
it
a
secret
for
this
service
account
and
then
the
user
can
put.
G
E
G
Take
the
captured
data
and
the
service
account
token,
send
it
to
the
server
and
the
server
returned
back
back
the
they
kept
the
data,
and
this
will
walk
only
of
if
the
service
account
is
the
one.
The
second
wasn't
Shepherdsville.
If
it's
a
different
service
account
at
the
kitchen
will
fail-
and
this
won't
make
it
so
powerful
on
one
hand
on
very,
very
simple.
On
the
other
hand-
and
it's
come
from
a
Hebrew
word,
which
means
seeker
and
and
I
think
this
is
the
most
important
part
from
security
point
of
view.
G
Commerce
is
a
very
flattened
permission
model
which
supports
the
culture
world
developers
do
everything,
so
we
don't
have
any
kind
of
super
admin
or
the
need
to
manage
our
back
or
the
user
service
and
permissions
or
the
pods
have
the
same
permissions
or
you
need
to
configure.
Is
the
service
code?
There's
no
need
to
mess
with
anything
else,
and
there
is
no
way
to
decay
to
the
value
while
soon
keep
it
once
it's
encrypted.
G
So
it's
among
a
huge
attack,
vector
and
I,
talked
a
bit
about
the
security
feature
of
the
the
serious
recipes
and
the
sticker
data
to
the
back
end
foil
kitchen
and
get
it
back
injected.
So
the
CLI
and
forth
HTTP.
You
can
opt
out
of
it
and
we
also
added
support
for
certificate
pinning
if
I
can't
want,
they
can
easily
add
certificate
pinning
and
we
use
cloud
and
cloud
provider
kitchen
which
provided
to
Sam
and
I
to
say
turn
in
audio
stuff
and
I
talked
about
the
one-way
encryption
meaning
once
this
ticket
is
encrypted.
G
There
is
no
easy
way
to
decrypt
it
back
on
the
default
indicated
and
we
have
a
lot
of
security
test,
its
ass
dust,
secure,
Pakistan
all
those
times.
We
don't
do
container
stones
because
I
don't
feel
it's
mature
enough,
but
once
it
will
be
mature
enough,
we
will
also
do
that
and
I
talked
a
bit
about
it,
like
my
dad.
I
want
to
show
that
if
you
ever
so,
someone
here
is
familiar
with.
G
For
example,
you
can
see
an
example
tracks,
and
here
we
have
a
virus
the
course
we
added
to
ensure
that
district
will
be
mitigated,
and
you
can
also
go
from
the
control
to
the
relevant
theory
to
develop
on
tracks
and
references
and
all
that
and
we
have
a
security
MV
on
github
for
reporting
security
issues.
It's
basically
goes
to
security
of
to
sort
the
security
game.
G
B
B
E
G
Basically,
for
familar
secrets
or
secret
that
you
generated
on
run
time,
you
can
do
one
of
two
things:
Camas
is
basically
an
API,
so
you
can
either
call
the
API
so
I
kept
it
secret
and
then
put
it
somewhere.
So
your
code
coordinated
or
you
can
generate
it
on
your
API,
whatever
works
better
for
you
and
as
I
said
earlier,
we
do
plan
to
widen
the
u.s.
Eskimos
outside
their
communities.
We
just
need
some
help
in
the
designing
of
how
to
do
it
well
and
I'm
more
familiar
with
kubernetes
than
other
firm
work.
G
So
it's
a
bit
from
your
question
but
I
think
it's
related
to
it.
Ideally,
we
could
do
something
with
second-generation
and
I
did
write
an
internal
tooling
for
and
wrapping
Active
Directory
client
secrets
so
basically
to
interact
with,
as
you
said,
I
create
the
secret
and
kept
it
and
then
the
developer
just
can
take
and
keep
the
ticket
and
put
it
somewhere.
E
I
think
we
we
have
kind
of
similar
issues.
Looking
at
this
like
if
I'm
Ross
secret
stuff
I
can
like
the
approach
that
were
using
is
we
have
these
the
vault
secret
backends,
which
we
used
to
generate
that
the
credentials
which
are
all
secret,
so
we're
kind
of
like
figuring
out
a
way
for
us.
We
just
use
fault,
and
so
we
want
to
kind
of
put
this
put
something
like
that
on
top
of
fault.
G
G
We
know
about
a
few
people
who
tried
it.
We
have
one
person
or
gate
to
put
their
name
on
our
github
repositories.
We
saw
a
few
issues
for
the
communities.
I
think
we
can
say
we
have
almost
any
issues
for
readability.
We
have
people
asking
questions
on
Stack,
so
it's
not
very
popular,
but
it
has
certain
chip
I
think
it's
a
good
candidate,
so
they
cubetto
11
in
the
center.
D
B
L
L
B
B
C
That's
not
my
it's
not
my
presentation
so
much
as
a
open-ended
query
to
those
I
am
engaged
in
trying
to
catalog
and
kind
of
put
together
a
sense
of
a
case
study
around
how
folks
are
actually
managing
our
back
I.
Don't
know
a
Christian
of
this
if
this
was
something
that
you
guys
were
talking
about.
So
if
maybe,
if
you
have
materials
that
you
would
be
interested
in
sharing,
that
might
be
a
great
start,
but
in.
C
A
call
out
to
the
community
here
if
anyone
knows
and
any
good
resources
or
case
studies
of
how
to
do
kind
of
industrial
scale
are
back
how
they're
doing
that
today,
whether
it's
on
a
particular
cloud
like
Google's
or
you
know,
on
on-prem
kubernetes,
how
are
they
integrating
it
with
their
their
other
identity
solutions
and
I'm?
Happy
that
you
know,
as
long
as
people
are
sharing
open
materials,
I'm
happy
to
consolidate
and
represent
that
back
to
the
group
here.
After
my
analysis,
I
would.
J
Be
interested
in
helping
out
with
that
as
well.
No,
not
so
much
in
that
I
I
have
the
data,
but
I
would
be
interested
in
seeing
that
data,
especially
in
terms
of
scale
right.
Some
of
the
stuff
we
see
is
smaller
deployment,
so
I
would
be
interested
to
learn
about
larger
ones.
I
think
Shopify
might
be
one
of
them.
So
if
somebody
has
a
I
could
see
if
I
can
get
a
hold
of
some
of
their
folks.
N
Yeah
I'm
just
gonna,
admit
this
mark.
There
certainly
is
a
scale
problem
that
I
didn't
appreciate
until
we
tackle
in
the
day
job.
Here
it's
such
a
problem
that
and
I'm
not
a
fan
of
our
back,
but
that's
where
we
are
with
this
and
we're
having
to
use
machine
learning
to
figure
out
which
of
the
roles
are
duplicates
and
discontinued.
This,
you
know,
goes
beyond
the
obvious
stuff
of
deleting
roles
for
people
who
don't
work
for
the
business
anymore.
It's
it's.
It's
big
problem
entails
a
lot
of
manual
labor
and
risk
management.
N
It's
very
poorly
integrated
with
application
security,
mostly
the
app
folks,
are
not
engaged
if
they're,
even
around
anymore,
yet
the
roles
linger
on
forever.
So
there's
some
multiple
of
the
number
of
employees
in
the
company,
some
kind
of
odd
inscrutable
formula,
that's
related
to
the
number
of
applications
and
the
number
of
people
who
have
ever
touched
them
and
the
number
of
changes
in
the
organization
that
have
happened
that
result
in
this
permutation
of
you
know
and
we're
talking
about
tens
of
thousands
of
roles,
not
not
in
the
hundreds.
So
it's
it's
a
big
problem.
N
G
N
J
L
H
N
I
think
I,
don't
know
the
answer
to
that.
It's
hard
to
know
where
to
measure
to
know
what
the
overhead
for
that
is,
it's
probably
not
preventing
our
web
apps
from
running,
but
from
a
security
point
of
view,
the
reality
of
managing
the
tools
that
are
doing
the
assurance
tasks
associated
with
identifying
whether
this
role
is
allowed
to
do
a
particular
function
on
the
ops
side.
That
might
be
just
not
scalable
at
all,
so
we
don't
do
it.
N
J
J
I
I
think
so
the
instance
is
I've.
Seen
is
mostly
that
the
business
logic
to
decide
if
you
should
get
get
access
is
just
so
complex
that
it's
difficult
to
have
a
generic
enough
policy
that
can
have
no,
that
in
all
the
places,
so
it's
it's.
It's
typically
a
I
have
business
logic
that
decides.
If
I
give
you
a
token
and
then
the
token
grants
you
access
and
the
token
granting
access
is
a
relatively
straightforward
policy,
rather
business
project,
to
decide
if
you
should
get
the
token
can
then
be
concentrated
in
one
place.
Great.
J
C
N
A
N
If
that
was
sorry,
if
that
was
aimed
at
me,
that
is
partly
a
legacy
that
that
the
lifecycle
management
for
the
rolls
is
not
automated.
So
because
it's
a
manual
process,
the
the
lifecycle
of
the
applications,
creates
a
lot
of
them
that
never
get
archived
or
merged.
So
when
people
move
between
organizations,
you
know
you
could
see
that
there
would
be
risk
and
deleting
access
when
person
a
moves
to
a
different
part
of
the
enterprise.
So
there's
that
the
automation
around
that
kind
of
encourages
leaving
access
open.
N
N
Reorganizations
another
messy
one
too,
like
okay,
let's,
let's
make
fried,
have
its
own
organization.
Oh,
so
we
need
new
groups
for
that.
So
they
now
you
have
the
old
groups
that
were
before
the
reorg
and
the
ones
after
it
good.
N
N
So
that's
I
can
talk
about
that.
That's
a
least
I
can
talk
about
it
vague
way,
it's
ongoing
work
with
the
University
of
Connecticut
at
stores.
So
we
have
a
couple
researchers
with
some
grad
students
that
are
working
on
that
problem
for
us
to
try
to
do
something
rational
with
the
the
work
that
we
have
so
I.
B
Okay,
well,
it
sounds
like
there's
some
interesting
collaborations
there,
potentially
between
you
lot,
which
would
be
interesting,
so
yeah.
Please
do
the
report
back
and
if
anyone,
when
do
you
want
to
open
an
issue
for
people
to
tell
people
about
how
to
contribute
if
they
have
things
that
they
want
to
talk
about
it.