You are viewing content from a past/completed QCon
Untrusted Execution: Attacking the Cloud Native Supply Chain
Should we trust the code we run in production? Not if a motivated attacker can compromise our system’s complex supply chains. While hardened runtimes and detection can mitigate some zero day attacks, malicious internal threat actors and software implants are much harder to detect. Supply chain security looks to address some of these concerns, but with so many signing options available to us, what do we really care about? Our source code, open source dependencies, CI/CD, built containers, vendor software — or the hardware and operating systems we run on? Securing the whole supply chain is a non-trivial task, and requires consideration at all of these levels.In this talk we:
- Undertake a risk-based threat model of supply chain attacks against our systems
- Compare the open source supply chain security controls available to us
- Examine trusted execution environments and their security properties
- Propose an open source solution for end to end supply chain security
Speaker
Francesco Beltramini
Security Engineering Manager @controlplaneio
Francesco Beltramini (@d1gital_f) is a security professional with 10+ years of working experience and deep technical competence matured on a number of high-end projects for both public and private sector organizations. Francesco had the opportunity of working on a variety of technology stacks in designing and implementing complex security architectures in both the IT and OT spaces, from Cloud to mission-critical/safety-critical/high-assurance infrastructure. Francesco enjoys managing teams of highly-skilled security professionals, setting and implementing security objectives, strategy and culture.
From the same track
Session
Microservices
Orchestration vs Choreography, A Guide To Composing Your Monolith
Tuesday Oct 25 / 01:40PM PDT
Microservices promise rapid evolution, operational independence, and technological freedom but come with imperceptible drag factors. Left unchecked, this drag leads to distributed balls of mud – hard to operate, evolve and maintain.
Ian Thomas
VP, Web Architecture @GenesisGlobalX
Orchestration vs Choreography, A Guide To Composing Your Monolith
Session
Microservices
[Recording] Overcomplicated Architecture: Scaling Bottleneck
Tuesday Oct 25 / 02:55PM PDT
As a digital scale-up continues to gain momentum and grow rapidly, one of the key determining factors of success is how quickly they can evolve their product. The business desires to push features to production as fast as possible and prove value to its customers.
Cassandra Shum
Technologist | Architect | Ex-Thoughtworks
[Recording] Overcomplicated Architecture: Scaling Bottleneck
Session
Microservices
Dark Energy, Dark Matter and the Microservices Patterns?!
Tuesday Oct 25 / 11:50AM PDT
Dark matter and dark energy are mysterious concepts from astrophysics that are used to explain observations of distant stars and galaxies.
Chris Richardson
Creator of microservices.io, Java Champion, & Core Microservices Thoughtleader
Dark Energy, Dark Matter and the Microservices Patterns?!
Session
Unconference: Microservices
Tuesday Oct 25 / 10:35AM PDT
What is an unconference?
At QCon SF, we’ll have unconferences in most of our tracks.
Shane Hastie
Global Delivery Lead for SoftEd and Lead Editor for Culture & Methods at InfoQ.com
Unconference: Microservices
Session
Panel: Building Performant Microservice Architectures
Tuesday Oct 25 / 05:25PM PDT
Microservices improve cognitive load, velocity, isolation, and scalability. They also introduce complexity, increased reliance on the network, observability challenges, and, often, request latency.
Chris Richardson
Creator of microservices.io, Java Champion, & Core Microservices Thoughtleader
Ian Thomas
VP, Web Architecture @GenesisGlobalX
Todd Montgomery
Ex Researcher @Nasa, Engineering Fellow @ Adaptive Financial Consulting and a High Performance Distributed Systems Whisperer
Panel: Building Performant Microservice Architectures
