Loading…
In-person
11-12 December
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon India 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in India Standard Time (UTC+5:30)To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
or to bookmark your favorites and sync them to your phone or calendar.
strong>Security [clear filter]
arrow_back View All Dates
Thursday, December 12
 

11:30am IST

A Deep Dive Into the Current Runtime Security Landscape - Ankur Kothiwal, CERN
Thursday December 12, 2024 11:30am - 12:05pm IST
The most widely used runtime enforcement techniques today are prone to attackers. Many of these techniques work on the principle of stopping or killing a process in response to an attack, which relies at the mercy of an exploit writer putting little to no effort into avoiding triggering these detection mechanisms. Our discussion will focus on various aspects of runtime security: how it is currently implemented, its shortcomings, and the performance implications associated with these approaches. We'll explore a various range of cloud-based runtime security implementations. We'll expose the attacker's perspective, demonstrating how they can bypass these common runtime security measures. This will equip you to anticipate and counter their tactics. Finally, we will cover recent popular attacks and how appropriate runtime security measures can prevent them in the future.
Speakers
avatar for Ankur Kothiwal

Ankur Kothiwal

Computing Engineer, CERN
Ankur Kothiwal is a Computing Engineer at CERN. He is actively involved in open source, currently serving as a maintainer and a CNCF Ambassador. In the past, he participated in and mentored various open source outreach programs and has also been a committee member for KubeCon Paris... Read More →
Thursday December 12, 2024 11:30am - 12:05pm IST
Convention Centre | Basement Level | Room B202B
  Security
  • Content Experience Level Any

12:20pm IST

Enhance Kubernetes Security with the Common Expression Language (CEL) - Hoon Jo, Megazone
Thursday December 12, 2024 12:20pm - 12:55pm IST
Among the 4C (Cloud, Cluster, Container, Code) security in Kubernetes, there are various techniques to enhance the security of the cluster surface. In particular, Admission Control (webhook) is one of the most flexible and powerful methods. As this trend, there is movement to apply it to various forms of Kubernetes(e.g. GKE, Openshift and so on). In my opinion, one of the easiest and most efficient ways to apply it is to improve security through CEL (Common Expression Language). I believe that the Validating Admission Policy becoming `stable` in v1.30 is part of this proof. So I will show you the CEL DEMO provided by Google Cloud to get a quick and easy understanding of how to improve the security of GKE. Through this exercise, you will learn the basic structure of CEL and the freedom of scope that can be applied, and you will be able to apply it to any other platform with minimal effort.
Speakers
avatar for Hoon Jo

Hoon Jo

Cloud Solutions Architect | Cloud Native Engineer, Megazone
Hoon Jo is Cloud Solutions Architect as well as Cloud Native engineer at Megazone. He has many times of speaker experience for cloud native technologies. And spread out Cloud Native Ubiquitous in the world. He has written several books and latest books is 『CONTAINER INFRASTRUCTURE... Read More →
Thursday December 12, 2024 12:20pm - 12:55pm IST
Convention Centre | Basement Level | Room B202B
  Security

3:45pm IST

Fuzzing for Stability: Uncovering and Mitigating Helm's CVE - Jakub Ciolek, AlphaSense
Thursday December 12, 2024 3:45pm - 4:20pm IST
Join this talk to uncover the story of a high severity CVE-2024-26147 [CVSS: 7.5] discovered in Helm and understand the role of fuzzing in maintaining the ecosystem’s integrity. Through this demonstration, you'll see firsthand the systematic approach used to identify the vulnerability that caused Helm to panic when faced with missing YAML metadata. The issue enabled crashing Helm SDK-based clients over the network and additionally, bricking local Helm client installations. We'll dive into the specific tools and techniques that were instrumental in detecting the issue, focusing on their applicability to your daily work. This session is designed not just to share a discovery but to foster a community-wide commitment to proactive security practices. Learn how these insights can be applied to strengthen the security and reliability of your Kubernetes deployments, ensuring a safer environment for all users of the ecosystem.
Speakers
avatar for Jakub Ciolek

Jakub Ciolek

Senior Tech Lead - Cloud Platform, AlphaSense
Jakub Ciolek is a seasoned Senior Tech Lead at AlphaSense, focused on Kubernetes and open-source innovation. He has made notable contributions to the Go compiler and identified key vulnerabilities in Helm and Argo CD. He is dedicated to driving forward secure, scalable solutions in... Read More →
Thursday December 12, 2024 3:45pm - 4:20pm IST
Convention Centre | Basement Level | Room B202B
  Security

4:50pm IST

SPIFFE as a Glue for Large Scale Telco Deployments: A Nephio Perspective - Rahul Jadhav, AccuKnox
Thursday December 12, 2024 4:50pm - 5:25pm IST
Emerging Telco trends such as ORAN, advanced 5G core demands a disaggregated arch for scaling. Kubernetes based deployments are becoming a norm and much of the open CNCF/LF tooling are playing a major role. The aim of this submission is to talk about the challenges that Nephio(www.nephio.org) SIG-Security team faced about streamlining security operations across multi-cluster multi-region, multi-vendor based deployments. The aim is to talk about specific instances/use-cases where the Nephio management cluster needs to securely interact with regional/edge clusters for the control plane needs. Also why/how the Nephio security team envisaged SPIFFE as a foundational layer to bind multi region together. A particular problem statement in the context of ORAN deployments where SMO (Service Mgmt Orchestation) has to securely interact with IMS (Infra Mgmt Service) for secure creation of infrastructure and the role SPIFFE played in the context would be highlighted.
Speakers
avatar for Rahul Jadhav

Rahul Jadhav

Cofounder, CTO, AccuKnox
An avid coder, a systems engineer working on solutions involving security and performance of cloud-native tech. Contributed towards several open sources including Linux Kernel and worked closely with IETF Standards (such as ROLL, 6lo, LWIG) and Linux Foundation. Taken several projects... Read More →
Thursday December 12, 2024 4:50pm - 5:25pm IST
Convention Centre | Basement Level | Room B202B
  Security
 
  • Filter By Date
  • Filter By Venue
  • Filter By Type
  • Content Experience Level
  • Timezone


Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date -