Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, July 1 • 11:35 - 12:20
Attack tree vignettes for Containers as a Service applications and risk centric threat models

Sign up or log in to save this to your schedule and see who's attending!

On the heels of platform virtualization comes the proliferation of containers - compartmentalized applications aimed at achieving greater efficiency in packaging, delivering and managing applications. With platform-level virtualization adoption still maturing, the rise of app level virtualization and isolation over shared platform resources is already intriguing many dev shops who are looking in greater efficiencies around environment management and deployment. Security concerns are abound, particularly as the theme of true isolation and priv escalation haunt many early instances of containers. During this talk we'll look at threat modeling vignettes based upon current implementations and industry use cases around Containers as a Service. We'll explore viable threat patterns around deploying and using containers as well as current and evolving countermeasures for threat mitigation. 

This talk will employ risk centric approaches to threat modeling around containers and tie in many of the more current threat and countermeasures covered from Docker15. The risk centric threat modeling approach will tie in well to security by design intents being fostered into evolving container related controls. This talk will not address in general the general precepts around threat modeling but rather dive into a few deployment scenarios around containers that have been analyzed for viable threat motives, supporting attack patterns, and effective countermeasure options for risk reduction.

Speakers
avatar for Tony UcedaVelez

Tony UcedaVelez

CEO/ Owner, VerSprite
Tony UcedaVĂ©lez is CEO at VerSprite, an Atlanta based security services firm assisting global multi-national corporations on various areas of cyber security, secure software development, threat modeling, application security, security governance, and security risk management. Tony has worked and led teams in the areas of application security, penetration testing, security architecture, and technical risk management for various organizations in... Read More →


Friday July 1, 2016 11:35 - 12:20
Room C (Tiziano Ballroom Sec. 2)

Attendees (21)