AppSec Europe 2016 has ended
Back To Schedule
Friday, July 1 • 11:35 - 12:20
Attack tree vignettes for Containers as a Service applications and risk centric threat models

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

On the heels of platform virtualization comes the proliferation of containers - compartmentalized applications aimed at achieving greater efficiency in packaging, delivering and managing applications. With platform-level virtualization adoption still maturing, the rise of app level virtualization and isolation over shared platform resources is already intriguing many dev shops who are looking in greater efficiencies around environment management and deployment. Security concerns are abound, particularly as the theme of true isolation and priv escalation haunt many early instances of containers. During this talk we'll look at threat modeling vignettes based upon current implementations and industry use cases around Containers as a Service. We'll explore viable threat patterns around deploying and using containers as well as current and evolving countermeasures for threat mitigation. 

This talk will employ risk centric approaches to threat modeling around containers and tie in many of the more current threat and countermeasures covered from Docker15. The risk centric threat modeling approach will tie in well to security by design intents being fostered into evolving container related controls. This talk will not address in general the general precepts around threat modeling but rather dive into a few deployment scenarios around containers that have been analyzed for viable threat motives, supporting attack patterns, and effective countermeasure options for risk reduction.

avatar for Tony UcedaVelez

Tony UcedaVelez

CEO/ Owner, VerSprite
Tony UV is CEO at VerSprite, an Atlanta based security services firm assisting global MNCs on various areas of cyber security, secure software development, threat modeling, application security, governance, and risk management. Tony has worked and led teams in the areas of application... Read More →

Friday July 1, 2016 11:35 - 12:20 CEST
Room C (Tiziano Ballroom Sec. 2)