Zero Trust Networks: Building Secure Systems in Untrusted Networks by Evan Gilman & Doug Barth

Author:Evan Gilman & Doug Barth [Gilman, Evan]
Language: eng
Format: azw3, pdf
Publisher: O'Reilly Media
Published: 2017-06-19T04:00:00+00:00

Build systems can ingest signed code and produce a signed output, but the function(s) applied in between (i.e., the build itself) is generally not protected cryptographically — this is where the most significant attack vector lies.

This particular vector is a powerful one, as shown in Figure 7-3. Without the right processes and validation, subversion of this kind can be difficult or impossible to detect. For instance, imagine a compromised CI/CD system that ingests signed C code, and compiles it into a signed binary, which is then distributed and run in production. Production systems can validate that the binary is signed, but would have no way of knowing if additional malicious code has been compiled in during the build process. In this way, a seemingly secure system can successfully run malicious code in production without detection. Perhaps even worse, the consumers are fooled into thinking the output is safe.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.