Seattle, WA
December 10–13, 2018
Click Here for More Information & Registration
View Venue Map
Wednesday, December 12 • 3:40pm - 4:15pm
Scrutinizing SPIRE to Sensibly Strengthen SPIFFE Security - Matt Moyer, Heptio & Evan Gilman, Scytale

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
SPIFFE (Secure Production Identity Framework For Everyone) is an open source standard for giving identities to services in dynamic and heterogeneous environments. SPIRE is an implementation of SPIFFE that provides a solid bedrock for secure infrastructure -- at least that's what we hope! In this talk, we'll attempt to rationalize that notion. We’ll introduce a formalized threat model for SPIRE and show how it helps suggest practical security improvements.

First, we'll introduce the components of SPIFFE and show how applications can use it to build secure service-level authorization systems. Then we'll show how the components of SPIRE work together to enforce useful security properties. Finally, we'll walk through our findings and show some of the incremental improvements we've made to strengthen SPIRE.

avatar for Evan Gilman

Evan Gilman

Engineer, Scytale
Evan Gilman is an engineer with a background in computer networks. With roots in academia, and currently working on the SPIFFE project, he has been building and operating systems in hostile environments his entire professional career. An open source contributor, speaker, and author... Read More →
avatar for Matt Moyer

Matt Moyer

Security Engineer, Heptio
Matt Moyer is an engineer at Heptio working to make Kubernetes more secure. Prior to his current position, he worked in security and infrastructure engineering at a consumer financial services company. He enjoys long passphrases, secure defaults, and writing about himself in the third... Read More →

Wednesday December 12, 2018 3:40pm - 4:15pm
Ballroom 6B