Swimming with the kubectl fish: the why, the how, the what of the CNCF Kubernetes Assessment

Presented at Global AppSec - DC 2019, Sept. 13, 2019, 3:30 p.m. (45 minutes)

Trail of Bits participated in the first wide-scale assessment of Kubernetes for the CNCF. This talk relays the unique challenges presented by both Kubernetes, the focus of the assessment, as well as some of the more interesting findings. We will present three over-arching themes of the Kubernetes code base, and how these patterns influence the system as a whole.

Presenters:

• Stefan Edwards - Trail of Bits
  Stefan performs assurance work across a variety of verticals, from blockchain to IoT to Defense. In addition, he’s heavily involved in our infrastructure and architecture review work, and makes discerning comments in our reports. Prior to Trail of Bits, Stefan worked at nVisium, and prior to that, Aspect Security. In both roles, he conducted systems administration and development, with experience in large Java, XQuery, and C code bases. His research interests focus on programming language theory, formal modeling, and designing security into the base of languages.

Links:

• https://globalappsecdc2019.sched.com/event/UQoP/swimming-with-the-kubectl-fish-the-why-the-how-the-what-of-the-cncf-kubernetes-assessment

Similar Presentations:

• Canterbury Hacker Camp (2022) / Attack on Kubernetes
• HushCon Seattle 2019 / Down the sinkhole with kubernetes
• ToorCon San Diego 20 (2018) / Hacking and Hardening Kubernetes