首页 文库资料 文章资讯  上传文档  发布文章  登录账户

分类

全部云计算&大数据(5)Istio(5)

语言

全部英语(3)英语(2)

格式

全部PDF文档 PDF(5)
 
本次搜索耗时 0.010 秒,为您找到相关结果约 5 个.

  • pdf文档 Istio Security Assessment

    PushContext.mergeGateways methods and the sortConfigByCreationTime function within istio/pilot/pkg/model/push_context.go Impact An attacker that is able to create an Istio Gateway within a Kubernetes cluster gatewaysByNamespace[proxy.ConfigNamespace] } else { configs = ps.allGateways } Listing 1: istio/pilot/pkg/model/push_context.go Recommendation While this issue can likely be remediated by using per-namespace ingress to sensitive data such as private keys. Description One of the primary pillars of a good security model is to limit access to resources on the least- privilege principle, which means restricting access
    0 码力 | 51 页 | 849.66 KB | 1 年前
    3

  • pdf文档 Istio audit report - ADA Logics - 2023-01-30 - v1.0

    2 Notable findings 3 Project summary 4 Audit scope 6 Overall assessment 7 Fuzzing 9 Threat model 11 Issues found 17 Review of fixes for issues from previous audit 50 Istio SLSA compliance 52 engagement was a holistic security audit that had several high-level goals: 1. Formalise a threat model of Istio to guide the security audit as well as future security audits. 2. Carry out a manual code foundation for a secure product, and it demonstrates that the Istio community has formulated a threat model that is used to assess which parts of Istio are particularly exposed. In this audit, Ada Logics confirmed
    0 码力 | 55 页 | 703.94 KB | 1 年前
    3

  • pdf文档 Istio Project Update

    Extension Model Mixer #IstioCon Istiod Cluster 1 Istiod Cluster 2 API server API server Ingress Ingress Service A Service B Service B Mirror Simplified Istio Multicluster Model #IstioCon Istio Innovation Simplified installation Simplified control plane New extension Model Unified multicluster model Simplified VM onboarding Simplified troubleshooting #IstioCon 2021: Year of Istio
    0 码力 | 22 页 | 1.10 MB | 1 年前
    3

  • pdf文档 Is Your Virtual Machine Really Ready-to-go with Istio?

    the viable solutions to communicate between Legacy VNFs and new CNFs ● Need a stricter security model for end-to-end key protection #IstioCon Legacy VNF  CNF: Option 1 ● Recommended architecture Protection ● SDS (Secret Discovery Service) ● A stricter security model ○ Protections for inline components & workflows ○ Trust model augmentation ■ Impersonating ■ Secret clear in memory ■ Secret
    0 码力 | 50 页 | 2.19 MB | 1 年前
    3

  • pdf文档 Istio at Scale: How eBay is building a massive Multitenant Service Mesh using Istio

    ● Capture Traffic Management & Routing intent as “Access Point” Specs ○ Leverage Istio object model: Gateway, VirtualService, DestinationRules, etc. apiVersion: apps.cloud.io/v1 kind: AccessPoint
    0 码力 | 22 页 | 505.96 KB | 1 年前
    3
共 5 条
  • 1
前往
相关搜索词
IstioSecurityAssessmentauditreportADALogics20230130v1ProjectUpdateg2sIstioAtScaleeBaySudhi