Upload File

michael pollett bring your own serverless environment · but knowing why not and what’s going on...

  • Home
  • Documents
  • Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would
39
Bring your own serverless environment Michael Pollett

Upload: others

Post on 15-Oct-2020

0 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Bring your own serverless environment

Michael Pollett

Page 2: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Who are Datacamp

Why is this serverless

You’re already doing it

Building a business on serverless

Security detour

Application

Page 3: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

What does DataCamp do?

❏ Online learning platform

❏ Multiple languages/tools

❏ Learn by doing

Page 4: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

What does DataCamp do?

Page 5: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

What does DataCamp do?

Page 6: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Why is this serverless

Page 7: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Why is this serverless

Page 8: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Why is this serverless

Page 9: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Why is this serverless

Hello OSADHello OSAD

Page 10: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Inconspicuous serverless

Page 11: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Inconspicuous Serverless

Page 12: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Building a business on severless

Page 13: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Building a business on serverless

We’ve all done ‘dockerising’

How about a whole business

model based on serverless tech

Page 14: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Behind the scenes

Page 15: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Behind the scenes

Page 16: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Behind the scenes

Page 17: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Behind the scenes

Page 18: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Behind the scenes

Page 19: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Behind the scenes

Page 20: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Behind the scenes

Page 21: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

A world without containers?

Page 22: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

A world without containers

❏ Virtualization

❏ Emulation

❏ Unparsed code

❏ Multiple-choice ??

Page 23: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

The downsides

Page 24: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

The downsides

❏ Security…

❏ Code execution within our environment

❏ Docker as a sandbox

Page 25: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Testing

Page 26: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

AWS Vulnerabilities

Extracting Amazon keys

Page 27: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

AWS Vulnerabilities

Extracting Amazon keys

Page 28: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Mitigations

Page 29: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Mitigations

❏ Lifecycle management

❏ Limited execution time

❏ Containers rarely last more than an hour

❏ Hosts rarely last 2 days

Page 30: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Mitigations

❏ Lifecycle management

❏ Limited execution time

❏ Containers rarely last more than an hour

❏ Hosts rarely last 2 days

❏ Environment isolation

Page 31: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Mitigations

❏ Lifecycle management

❏ Limited execution time

❏ Containers rarely last more than an hour

❏ Hosts rarely last 2 days

❏ Environment isolation

❏ Resource restrictions

❏ Container lockdown

❏ Access restrictions

Page 32: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Mitigations

❏ Lifecycle management

❏ Limited execution time

❏ Containers rarely last more than an hour

❏ Hosts rarely last 2 days

❏ Environment isolation

❏ Resource restrictions

❏ Container lockdown

❏ Access restrictions

❏ Monitoring!

Page 33: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Monitoring!

Page 34: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Accepting risk

❏ Have we eliminated all chances of data extraction

❏ Have we limited the data that could be gained

❏ User able to pivot attack externally

❏ Make it harder than cloud provider

Page 35: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Why would I ever do this?!

Page 36: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Why would I ever do this?!

❏ Generally:

❏ You probably wouldn’t...

❏ But knowing why not and what’s going on is useful

❏ Knowledge of exploit vectors

❏ Secure development lifecycles

Page 37: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would
Page 38: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Why would I ever do this?!

❏ Serverless isn’t always serverless

❏ Concept of simple, runnable code

❏ Enterprise constraints

❏ On-prem

❏ Integration with existing tooling

Page 39: Michael Pollett Bring your own serverless environment · But knowing why not and what’s going on is useful Knowledge of exploit vectors Secure development lifecycles. Why would

Thank You


Pollett Legacy 33

Pollett Legacy 31

Richard Pollett

Lifecycles of protist

Social movements & lifecycles

Product Lifecycles & Adoption Curve

Ariadne: Lifecycles

Digital Lifecycles: Website Design Process

Semantic lifecycles: modelling, application, authoring ... · Semantic lifecycles: modelling, application, authoring, mining 113 • Fifth and finally, the evaluation stage copes

Sea Turtle Lifecycles

Ectoparasite Id and Lifecycles

DRAFT 01 research data and lifecycles

Protocol Lifecycles

Secure Development LifeCycles (SDLC) · Agile & Secure development: a mismatch ? Secure Development LifeCycles (SDLC) February 2014 40 Agile Dev. Security ... Secure Development LifeCycles

Pollett Legacy 30

04 Lifecycles

Star lifecycles poster

421909'18 › library › archives › public › Follett › ... · J:' IP1fo4e gne: Sheik. Rattle and Ro;tl by Ken Pollett 50 minutes Iten Pollett tlotaam Jt. Baytord Close B&wJn

Conflict-Resolution Lifecycles for Governed Decentralized

Nucleosynthesis and stellar lifecycles

MANAGING CORPORATE LIFECyCLES

Mobile Phone Lifecycles – GSMA

LIFECYCLES OF STARS

Product Lifecycles (module 05)

2 16 Seeds Germination Lifecycles

Lifecycles And Internal Anatomy Hummel

Pollett Legacy Epilogue

Curriculum Vitae 5th November 2019 P.K. PollettCurriculum Vitae 5th November 2019 P.K. Pollett Personal details Name Philip (Phil) Keith Pollett Current position Professor Emeritus

Project Management Introduction General PM lifecycles

Pollett Legacy 32

BigBang Lifecycles

Research Lifecycles and RDM

The Demographic Impact of Changing Lifecycles

Section 9 Pollutant Lifecycles and Trends

Content Lifecycles (Lavacon Dublin)