Kennedy , profile picture
Uploaded byKennedy
267 views

Chaos engineering for cloud native security

The document discusses chaos engineering as a method to enhance cloud native security by experimenting on systems to identify and resolve vulnerabilities. It emphasizes that traditional security measures are inadequate, and proposes risk-driven fault injection to strengthen cloud infrastructures. The conclusion highlights the importance of adapting security practices to modern challenges in cloud environments.

Download to read offline
Chaos Engineering for Cloud Native Security Kennedy TorkuraBSides Berlin 2020
1 Cloud Native Security the 4Cs of cloud native security Cloud native infrastructure is infrastructure that is hidden behind useful abstractions, controlled by APIs, managed by software, and has the purpose of running applications (cloud native applications). - Kris Nova et. al Cloud native security is about securing cloud native infrastructure.
1 Most cloud security incidents are caused by users ■ User focused security (cloud customer) □ Shared security responsibility model □ Users are responsible for security e.g. configuration of cloud assets ■ CSA Top Threats to Cloud Computing: □ #1- Data breaches – Cloud storage – Cloud IAM □ #2 Misconfiguration and inadequate change control ■ OWASP Top 10 - Security misconfiguration Cloud Security
Cloud Mis-configurations users bucket groups policy policy virtual machine
Cloud Mis-configurations * Deploy time/orchestration ■ Terraform ■ CloudFormation ■ Chef …. ⇒ Visibility into the cloud state ⇒ Validation of the efficiency of security tools
Chaos Engineering Chaos Engineering is the discipline of experimenting on a system in order to build confidence in the system’s capability to withstand turbulent conditions in production - principlesofchaos.org Immunity by Infection -> Vaccination ■ Protect our bodies by introducing disease-like substances ■ Our bodies are tricked to believe the substances are real ■ Our immune systems are triggered to develop appropriate defences
Chaos Engineering ■ Chaos engineering is a fancy name for fault injection ■ Fault injection is a concept that emanates from scientific research ■ Chaos engineering is not about recklessness but entails careful planning, experimentation and observation
Security Chaos Engineering ■ The benefits of chaos engineering go beyond performance and availability aspects of resiliencel ■ Resilience is defined as the “ability to persist dependability” ■ Security is a core attribute of dependability ■ Chaos engineering concepts are also suitable for gaining confidence is security attributes
Risk Driven Fault Injection Risk-driven Fault Injection aims at injecting security faults (perturbations) into cloud systems in order to detect security weaknesses and enable remediations e.g. security hardening
Risk Driven Fault Injection Chaos Actions ■ Create ■ Delete ■ Modify users bucket groups policy policy virtual machine Note Do not delete databases, storage etc
Risk Driven Fault Injection High level architecture of CloudStrike Results of an experiment
Risk Driven Fault Injection Security Fault Engine
Risk Driven Fault Injection start create user Bob get cloud buckets select random bucket create malicious policy assign policy to Bob & bucket end An example of an experiment hypothesis: cloud buckets are secure
DEMO
State Recovery After Experiment
Risk Driven Fault Injection ■ Modes of operation: □ Low- 30% □ Medium - 60% □ High - 90% ■ Attack scenario: chaining of multiple attack points
Conclusion ● Cloud native security entails securing cloud native infrastructures ● Traditional security tooling is not sufficient for the contemporary security challenges ● Security chaos engineering is a viable option for improving cloud native security
Thank you for listening ! Chaos Engineering for Cloud Native Security Email: run2obtain@gmail.com Twitter: @run2obtain Website: http://ktorkura.me/portfolio/ Meduim:https://medium.com/@run2obtain

More Related Content

PDF
The Future of DevSecOps
byStefan Streichsbier
 
PDF
Using security to drive chaos engineering
byDinis Cruz
 
PPTX
The Journey to DevSecOps
bySeniorStoryteller
 
PPTX
DEVSECOPS: Coding DevSecOps journey
byJason Suttie
 
PDF
DevSecOps in 2031: How robots and humans will secure apps together Log
byStefan Streichsbier
 
PDF
A Pragmatic Union: Security and SRE
byJames Wickett
 
PDF
Nick Drage & Fraser Scott - Epic battle devops vs security
byDevSecCon
 
PDF
Blameless Retrospectives in DevSecOps (at Global Healthcare Giants)
byDJ Schleen
 
The Future of DevSecOps
byStefan Streichsbier
 
Using security to drive chaos engineering
byDinis Cruz
 
The Journey to DevSecOps
bySeniorStoryteller
 
DEVSECOPS: Coding DevSecOps journey
byJason Suttie
 
DevSecOps in 2031: How robots and humans will secure apps together Log
byStefan Streichsbier
 
A Pragmatic Union: Security and SRE
byJames Wickett
 
Nick Drage & Fraser Scott - Epic battle devops vs security
byDevSecCon
 
Blameless Retrospectives in DevSecOps (at Global Healthcare Giants)
byDJ Schleen
 

What's hot

PPTX
Benefits of DevSecOps
byFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
PDF
Dos and Don'ts of DevSecOps
byPriyanka Aash
 
PDF
Chaos Engineering - The Art of Breaking Things in Production
byKeet Sugathadasa
 
PDF
Demystifying DevSecOps
byArchana Joshi
 
PDF
Building Security Controls around Attack Models
bySeniorStoryteller
 
PPTX
Elizabeth Lawler - Devops, security, and compliance working in unison
byDevSecCon
 
PPTX
Securing a great DX - DevSecOps Days Singapore 2018
byStefan Streichsbier
 
Benefits of DevSecOps
byFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Dos and Don'ts of DevSecOps
byPriyanka Aash
 
Chaos Engineering - The Art of Breaking Things in Production
byKeet Sugathadasa
 
Demystifying DevSecOps
byArchana Joshi
 
Building Security Controls around Attack Models
bySeniorStoryteller
 
Elizabeth Lawler - Devops, security, and compliance working in unison
byDevSecCon
 
Securing a great DX - DevSecOps Days Singapore 2018
byStefan Streichsbier
 

Similar to Chaos engineering for cloud native security

PDF
Cloud-Native Security
byVMware Tanzu
 
PPTX
Introduction to testing in Cloud / AWS
byJimmy Dahlqvist
 
PDF
Cloud native defined
byKim Clark
 
PDF
The Art of Cloud Native Defense on Kubernetes
byJacopo Nardiello
 
PDF
Building Reliable Cloud Systems through Chaos Engineering
byIJMIT JOURNAL
 
PPTX
Cloud Native Migration Steps
byRanjan Baisak
 
PDF
Chaos engineering for cloud native security - Chaos Carninval 2021
byKennedy
 
PDF
Cloud Native Security: New Approach for a New Reality
byCarlos Andrés García
 
PDF
Container Security Mmanagement
bySuresh Thivanka Rupasinghe
 
PDF
Using security to drive chaos engineering - April 2018
byDinis Cruz
 
PDF
TechEvent 2019: Chaos Engineering - here we go; Lothar Wieske - Trivadis
byTrivadis
 
PDF
BUILDING RELIABLE CLOUD SYSTEMS THROUGH CHAOS ENGINEERING
byIJMIT JOURNAL
 
PDF
BUILDING RELIABLE CLOUD SYSTEMS THROUGH CHAOS ENGINEERING
byIJMIT JOURNAL
 
PDF
Slideshared 4. iucee-inpods cloud engineering
byRavindra Dastikop
 
PDF
Cloud Native Ninja - kickoff.pdf
byNilesh Gule
 
PDF
About an Immune System Understanding for Cloud-native Applications - Biology ...
byNane Kratzke
 
PPTX
Chaos Engineering on Cloud Foundry
byKarun Chennuri
 
PDF
Chaos Engineering - Geert van der Cruijsen.pdf
byGeert van der Cruijsen
 
PDF
Chaos Engineering Here We_Go
byLothar Wieske
 
PPTX
Chaos engineering - The art of breaking stuff in production on purpose
byGeert van der Cruijsen
 
Cloud-Native Security
byVMware Tanzu
 
Introduction to testing in Cloud / AWS
byJimmy Dahlqvist
 
Cloud native defined
byKim Clark
 
The Art of Cloud Native Defense on Kubernetes
byJacopo Nardiello
 
Building Reliable Cloud Systems through Chaos Engineering
byIJMIT JOURNAL
 
Cloud Native Migration Steps
byRanjan Baisak
 
Chaos engineering for cloud native security - Chaos Carninval 2021
byKennedy
 
Cloud Native Security: New Approach for a New Reality
byCarlos Andrés García
 
Container Security Mmanagement
bySuresh Thivanka Rupasinghe
 
Using security to drive chaos engineering - April 2018
byDinis Cruz
 
TechEvent 2019: Chaos Engineering - here we go; Lothar Wieske - Trivadis
byTrivadis
 
BUILDING RELIABLE CLOUD SYSTEMS THROUGH CHAOS ENGINEERING
byIJMIT JOURNAL
 
BUILDING RELIABLE CLOUD SYSTEMS THROUGH CHAOS ENGINEERING
byIJMIT JOURNAL
 
Slideshared 4. iucee-inpods cloud engineering
byRavindra Dastikop
 
Cloud Native Ninja - kickoff.pdf
byNilesh Gule
 
About an Immune System Understanding for Cloud-native Applications - Biology ...
byNane Kratzke
 
Chaos Engineering on Cloud Foundry
byKarun Chennuri
 
Chaos Engineering - Geert van der Cruijsen.pdf
byGeert van der Cruijsen
 
Chaos Engineering Here We_Go
byLothar Wieske
 
Chaos engineering - The art of breaking stuff in production on purpose
byGeert van der Cruijsen
 

Recently uploaded

PDF
Working with Machine Learning in Production
byFrederick Apina
 
PDF
Agentic AI meets Serverless on AWS - AWS User Group Cologne 2025
byVadym Kazulkin
 
PPTX
power point presentation of Soft computing
byyashhjain24
 
PPTX
Lifecycle of Automated Testing: A Step-by-Step Journey from Planning to Repor...
bySophie Lane
 
PDF
Top Django Questions for Preparation .pdf
bysenseacademy2
 
PDF
git - from commit to merge - semcomp beta 2018 workshop
byJoao Marins
 
PDF
PyData Paris keynote: Big ideas shaping scientific Python: the quest for perf...
byRalf Gommers
 
PDF
Cloud-based Hotel PMS_ Why hotels Must Upgrade Now.pdf
byHotelogix
 
PDF
Salesforce Data Migration Services.pdf
byRobert Mark
 
PPTX
Future-Proofing the PMO - Strategic Portfolio Management for 2026 and Beyond
byOnePlan Solutions
 
PPTX
Classify and visualize Jira work to stay focused and foster innovation - Work...
byWork Type Focus
 
PDF
Chpetwr two Health Survey for - (2).pdf
byAhmedAlhadiAbduselam
 
PPTX
Online Growth via Web Scraping SHEIN and Myntra Product Data.pptx
byArcTechnolbs
 
PDF
VADY Smart Decision-Making — Combining AI Precision with Human Expertise
byNewFangledVision
 
DOCX
Ethereum News: ETH Dominates DeFi and Smart Contracts
byCoinography Coionography
 
PDF
Important Features A Leave Management System Should Have
byCitytech Software DMCC
 
PDF
VADY AI-Powered Business Intelligence — Turning Raw Data into Strategic Growth
byNewFangledVision
 
DOCX
From Text to Tune: How AI Music Generators Are Changing the Way We Create Songs
bycooperation2
 
PDF
Softaken OCR Image to Text Extractor Tool
byaimberdphilomena
 
PPTX
College Management System.pptx
bygehlotyash2005
 
Working with Machine Learning in Production
byFrederick Apina
 
Agentic AI meets Serverless on AWS - AWS User Group Cologne 2025
byVadym Kazulkin
 
power point presentation of Soft computing
byyashhjain24
 
Lifecycle of Automated Testing: A Step-by-Step Journey from Planning to Repor...
bySophie Lane
 
Top Django Questions for Preparation .pdf
bysenseacademy2
 
git - from commit to merge - semcomp beta 2018 workshop
byJoao Marins
 
PyData Paris keynote: Big ideas shaping scientific Python: the quest for perf...
byRalf Gommers
 
Cloud-based Hotel PMS_ Why hotels Must Upgrade Now.pdf
byHotelogix
 
Salesforce Data Migration Services.pdf
byRobert Mark
 
Future-Proofing the PMO - Strategic Portfolio Management for 2026 and Beyond
byOnePlan Solutions
 
Classify and visualize Jira work to stay focused and foster innovation - Work...
byWork Type Focus
 
Chpetwr two Health Survey for - (2).pdf
byAhmedAlhadiAbduselam
 
Online Growth via Web Scraping SHEIN and Myntra Product Data.pptx
byArcTechnolbs
 
VADY Smart Decision-Making — Combining AI Precision with Human Expertise
byNewFangledVision
 
Ethereum News: ETH Dominates DeFi and Smart Contracts
byCoinography Coionography
 
Important Features A Leave Management System Should Have
byCitytech Software DMCC
 
VADY AI-Powered Business Intelligence — Turning Raw Data into Strategic Growth
byNewFangledVision
 
From Text to Tune: How AI Music Generators Are Changing the Way We Create Songs
bycooperation2
 
Softaken OCR Image to Text Extractor Tool
byaimberdphilomena
 
College Management System.pptx
bygehlotyash2005
 

Chaos engineering for cloud native security

  • 1.
    Chaos Engineering for CloudNative Security Kennedy TorkuraBSides Berlin 2020
  • 2.
    1 Cloud Native Security the 4Csof cloud native security Cloud native infrastructure is infrastructure that is hidden behind useful abstractions, controlled by APIs, managed by software, and has the purpose of running applications (cloud native applications). - Kris Nova et. al Cloud native security is about securing cloud native infrastructure.
  • 3.
    1 Most cloud securityincidents are caused by users ■ User focused security (cloud customer) □ Shared security responsibility model □ Users are responsible for security e.g. configuration of cloud assets ■ CSA Top Threats to Cloud Computing: □ #1- Data breaches – Cloud storage – Cloud IAM □ #2 Misconfiguration and inadequate change control ■ OWASP Top 10 - Security misconfiguration Cloud Security
  • 4.
  • 5.
    Cloud Mis-configurations * Deploytime/orchestration ■ Terraform ■ CloudFormation ■ Chef …. ⇒ Visibility into the cloud state ⇒ Validation of the efficiency of security tools
  • 6.
    Chaos Engineering Chaos Engineeringis the discipline of experimenting on a system in order to build confidence in the system’s capability to withstand turbulent conditions in production - principlesofchaos.org Immunity by Infection -> Vaccination ■ Protect our bodies by introducing disease-like substances ■ Our bodies are tricked to believe the substances are real ■ Our immune systems are triggered to develop appropriate defences
  • 7.
    Chaos Engineering ■ Chaosengineering is a fancy name for fault injection ■ Fault injection is a concept that emanates from scientific research ■ Chaos engineering is not about recklessness but entails careful planning, experimentation and observation
  • 8.
    Security Chaos Engineering ■The benefits of chaos engineering go beyond performance and availability aspects of resiliencel ■ Resilience is defined as the “ability to persist dependability” ■ Security is a core attribute of dependability ■ Chaos engineering concepts are also suitable for gaining confidence is security attributes
  • 9.
    Risk Driven FaultInjection Risk-driven Fault Injection aims at injecting security faults (perturbations) into cloud systems in order to detect security weaknesses and enable remediations e.g. security hardening
  • 10.
    Risk Driven FaultInjection Chaos Actions ■ Create ■ Delete ■ Modify users bucket groups policy policy virtual machine Note Do not delete databases, storage etc
  • 11.
    Risk Driven FaultInjection High level architecture of CloudStrike Results of an experiment
  • 12.
    Risk Driven FaultInjection Security Fault Engine
  • 13.
    Risk Driven FaultInjection start create user Bob get cloud buckets select random bucket create malicious policy assign policy to Bob & bucket end An example of an experiment hypothesis: cloud buckets are secure
  • 14.
  • 15.
  • 16.
    Risk Driven FaultInjection ■ Modes of operation: □ Low- 30% □ Medium - 60% □ High - 90% ■ Attack scenario: chaining of multiple attack points
  • 17.
    Conclusion ● Cloud nativesecurity entails securing cloud native infrastructures ● Traditional security tooling is not sufficient for the contemporary security challenges ● Security chaos engineering is a viable option for improving cloud native security
  • 18.
    Thank you forlistening ! Chaos Engineering for Cloud Native Security Email: [email protected] Twitter: @run2obtain Website: http://ktorkura.me/portfolio/ Meduim:https://medium.com/@run2obtain