-
## Identity Aware Threat Detection and Network Monitoring by using eBPF
Natalia Reka Ivanko, Isovalent
eBPF Summit
## I ntroduction
● Wide variety of eBPF use cases (logging, CPU over overhead)
• Today: Today:
☐ Network Monitoring and Threat Detection
• Use Cases:
☐ Monitor suspicious inbound/outbound connections
☐ External connections to suspicious IP (outbound)
☐ Unauthorized traffic from the Internet
0 码力 |
7 页 |
1.35 MB
| 1 年前 3
-
Table of contents 1
Executive summary 2
Notable findings 3
Project Summary 4
Audit Scope 4
Threat model formalisation 5
Fuzzing 14
Issues found 16
SLSA review 38
Conclusions 40
## Executive different perspectives. To that end, the audit had the following high-level goals:
1. Formalise a threat model of VTA_{admin}.
2. Manually audit the VTA_{admin} code.
3. Manually audit the remaining Vitess a level of synergy; Ada Logics found two CVE's during the audit which the threat model goal helped to assess. The threat model was also a force-multiplier for the fuzzing work that led to the discovery
0 码力 |
41 页 |
1.10 MB
| 2 年前 3
-
Table of contents
Table of contents 1
Executive summary 2
Project Summary 3
Audit Scope 4
Threat model 5
Fuzzing 15
Issues found 17
SLSA 43
Supply-chain mitigations 45
## Executive summary goals:
1. Formalise a threat model of the code assets in scope.
2. Do a manual code audit of the code assets in scope.
3. Evaluate Daprs fuzzing suite against the formalised threat model.
4. Perform a out-of-memory denial of service attack vector. We found the vulnerability after performing the threat modelling goal and understanding the flow of untrusted data through a Dapr deployment, and then adding
0 码力 |
47 页 |
1.05 MB
| 2 年前 3
-
access to sources, as well as received various test-supporting materials. The Dapr team clarified the threat model and precisely communicated their expectations in terms of coverage, pointing Cure53 to certain In order to determine the right way forward, it is important to first establish and agree upon the threat model. For this, Dapr should pose and answer questions such as: What do we need to protect? Where hinting at offering the user a very secure framework, these findings show certain cleavages in modelling. Specifically, the utilized approaches must be configured, adapted and integrated into the application
0 码力 |
19 页 |
267.84 KB
| 2 年前 3
-
summary 2
Notable findings 3
Project summary 4
Audit scope 6
Overall assessment 7
Fuzzing 9
Threat model 11
Issues found 17
Review of fixes for issues from previous audit 50
Istio SLSA compliance The engagement was a holistic security audit that had several high-level goals:
1. Formalise a threat model of Istio to guide the security audit as well as future security audits.
2. Carry out a manual great foundation for a secure product, and it demonstrates that the Istio community has formulated a threat model that is used to assess which parts of Istio are particularly exposed. In this audit, Ada Logics
0 码力 |
55 页 |
703.94 KB
| 2 年前 3
-
Defense-in-depth Strategy
| Security Layer | Security Measures | Threat mitigated/handled | Responsibility |
| Policy and procedure | |
| Malicious code attack that could create or exploit system vulnerabilities (Threat ID #6) |
| Perimeter Security | Use LTE service provide with Carrier traffic (Threat ID #4) |
| Endpoint Security | End point Firewall (nftable) | Unauthorized and malicious communications from untrusted network (Threat ID #2, Threat ID #5) | 0 码力 |
111 页 |
2.94 MB
| 2 年前 3
-
CCPA (California) – Privacy
• PCI DSS – Payment processing
• HIPPA – Healthcare privacy
Advanced Threat Detection
• Endpoint Detection and Response
• Compiler Security Extensions
• Bug bounty programs OPEN_EXISTING, 0);
## BITTER APT group
## Who are they?
A suspected South Asian cyber espionage threat group that has been active since at least 2013. BITTER has targeted government, energy, and engineering to offset and the callback returns an arbitrary value
PrintNightmare & Russia
State-Sponsored Threat Actor
CVE-2021-1675 and CVE-2021-34527
• Remote code execution in Windows Print Spooler
• Privilege
0 码力 |
92 页 |
3.67 MB
| 1 年前 3
-
easily accessible threat of total compromise.
High Implies an immediate threat of system compromise, or an easily accessible threat of large-scale breach.
Medium A difficult to exploit threat of large-scale of a small portion of the application.
Low Implies a relatively minor threat to the application.
Informational No immediate threat to the application. May provide suggestions for application improvement
0 码力 |
51 页 |
849.66 KB
| 2 年前 3
-
Operating environment
☐ Volume of data
Re-keying method
Number of key copies
☐ Personnel turnover
☐ Threat model
New and disruptive technologies, e.g., quantum computers
## Google Cloud
## Kubernetes secrets: summary
- Use encryption based on your threat model, e.g., two layers, like full-disk + application-layer
- Rotate keys regularly to limit the
0 码力 |
52 页 |
2.84 MB
| 1 年前 3
-
that can keep pace with rapidly changing technologies and operations, including the evolving cyber threat. Countless articles and reports have documented the failure of IT programs in the current DoD acquisition & ACAT III(Required for space programs only)|
|Request for Proposal|MAIS & ACAT III|
|System Threat Assessment Report|MAIS & ACAT III|
|Systems Engineering Plan (SEP)|MAIS & ACAT III|
|Test Reengineering|MAIS & ACAT III|Address in Acquisition Strategy and LCSP (Business Case for DBS)|
|Capstone Threat Assessment|MAIS & ACAT III|Address in Acquisition Strategy (Business Case for DBS)|
|Consideration
0 码力 |
74 页 |
3.57 MB
| 1 年前 3
Identity Aware Threat
Detection and Network
Monitoring by using eBPF## Identity Aware Threat Detection and Network Monitoring by using eBPF Natalia Reka Ivanko, Isovalent eBPF Summit ## I ntroduction ● Wide variety of eBPF use cases (logging, CPU over overhead) • Today: Today: ☐ Network Monitoring and Threat Detection • Use Cases: ☐ Monitor suspicious inbound/outbound connections ☐ External connections to suspicious IP (outbound) ☐ Unauthorized traffic from the Internet0 码力 | 7 页 | 1.35 MB | 1 年前3