PushContext.mergeGateways methods and the sortConfigByCreationTime function within istio/pilot/pkg/model/push_context.go Impact An attacker that is able to create an Istio Gateway within a Kubernetes cluster gatewaysByNamespace[proxy.ConfigNamespace] } else { configs = ps.allGateways } Listing 1: istio/pilot/pkg/model/push_context.go Recommendation While this issue can likely be remediated by using per-namespace ingress a namespace to use. Each namespace user’s permissions is limited by the following Kubernetes Role object which would provide full read- write access to a participant’s namespace. { "kind": "Role", "apiVersion":

Workload Abstraction A K8s Service and Pods Two separate object with distinct lifecycles Before Workload Entry, a single Istio Service Entry object combined the lifecycles of both the service and the the viable solutions to communicate between Legacy VNFs and new CNFs ● Need a stricter security model for end-to-end key protection #IstioCon Legacy VNF  CNF: Option 1 ● Recommended architecture Protection ● SDS (Secret Discovery Service) ● A stricter security model ○ Protections for inline components & workflows ○ Trust model augmentation ■ Impersonating ■ Secret clear in memory ■ Secret

Spec ● Capture Traffic Management & Routing intent as “Access Point” Specs ○ Leverage Istio object model: Gateway, VirtualService, DestinationRules, etc. apiVersion: apps.cloud.io/v1 kind: AccessPoint

2 Notable findings 3 Project summary 4 Audit scope 6 Overall assessment 7 Fuzzing 9 Threat model 11 Issues found 17 Review of fixes for issues from previous audit 50 Istio SLSA compliance 52 engagement was a holistic security audit that had several high-level goals: 1. Formalise a threat model of Istio to guide the security audit as well as future security audits. 2. Carry out a manual code foundation for a secure product, and it demonstrates that the Istio community has formulated a threat model that is used to assess which parts of Istio are particularly exposed. In this audit, Ada Logics confirmed

Extension Model Mixer #IstioCon Istiod Cluster 1 Istiod Cluster 2 API server API server Ingress Ingress Service A Service B Service B Mirror Simplified Istio Multicluster Model #IstioCon Istio Innovation Simplified installation Simplified control plane New extension Model Unified multicluster model Simplified VM onboarding Simplified troubleshooting #IstioCon 2021: Year of Istio

to you Copyright©2018 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future

you3334 Copyright©2018 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future

”default" route: - destination: host: reviews.prod.svc.cluster.local subset: v1 https://docs.google.com/document/d/1g3AJNYwbh04-BVajshmcWpeLyGUanbRnihIXU6uIiOY Pilot { "virtual_hosts": [ { "name": "reviews.default

Sidecar CRD to save the mesh Stabilizing Istio Main drawback Services must know their dependencies, document and update them. If this wasn’t the case before, Istio may not feel welcoming to users. When

sometime got 503 error (Istio #26990). This is fixed by adding retry mechanism in the Virtual Service object. Future Works ● Migrating Egress TLS origination mechanism to using Egress Gateway, we block because