Attack Trees for Containers as a Service (CaaS)

On the heels of platform virtualization comes the proliferation of containers – compartmentalized applications aimed at achieving greater efficiency in packaging, delivering and managing applications. With platform-level virtualization adoption still maturing, the rise of app level virtualization and isolation over shared platform resources is already intriguing many dev shops who are looking in greater efficiencies around environment management and deployment. Security concerns are abound, particularly as the theme of true isolation and priv escalation haunt many early instances of containers. During this talk we’ll look at threat modeling vignettes based upon current implementations and industry use cases around Containers as a Service (CaaS). We’ll explore viable threat patterns around deploying and using containers as well as current and evolving countermeasures for threat mitigation. This talk employs risk centric approaches to threat modeling around containers and tie in many of the more current threat and countermeasures covered from Docker15. The risk centric threat modeling approach will tie in well to security by design intents being fostered into evolving container related controls. This talk will not address in general the general precepts around threat modeling but rather dive into a few deployment scenarios around containers that have been analyzed for viable threat motives, supporting attack patterns, and effective countermeasure options for risk reduction.

VerSprite's Approach to Security

At VerSprite, we approach security from a holistic risk management perspective, understanding security from business and attacker perspectives. Our approach goes beyond assessing security controls. We examine credible threats to understand the likelihood of a real-world abuse case and measure the magnitude of business impact if a breach should occur. By developing a holistic business risk view, security decisions become business decisions. Explore Security Offerings →