Breaking the Kubernetes Kill Chain: Host Path Mount
2016 02-04-gingell-iot
1. In the IoT, no T is an Island
Rob Gingell
Resilient Network Systems
2. Today: Island Phase of networking Things
2
Sensors (actuators) attached to network
More “network reachable” than full network citizens
Technology limits / function partitioning
Customer capture: business model and experience management
Usually homogenous / insulated / isolated
Registered to manufacturer services
Generally capable / trusted process between user / manufacturer
Each registration instance weakens privacy: more targets / points of compromise
Data often pre-digested: images vs. data sources
More suitable for viewing than for use by other automata
“Policies” implied / embedded in services presenting data
An “Internet” of Things is inhibited by boundaries that isolate
3. Internet of Things: Composition / Orchestration
3
Heterogeneous: device, manufacturer, operating organization
Dynamic (e.g., on proximities: geographic, topical, functional)
Trust relationship formed quickly and ad hoc: requires low overhead
“Provisioning” too cumbersome
Composition: what interconnection is for
Involves computation / manipulation of data, not presentation
Will drive layers into data / Thing presentation to network
Combination of implied / embedded policies chaotic / weak
A useful IoT needs tools architected of and for the network
4. What’s Required?
4
Preserve privacy: minimize instances of PII
Use the network to make better use of existing stores through trust relationships
“Store” might be degenerate: a datum or single certificate
Partition & Distribute: PEP, PDP, PAP, policy stores
Store → “authority”, trust relationships govern acceptability
→ structure for having, building, maintaining trust relationships
Connect: explicit policies structure connections between authorities
Make policies explicit, separate from things they govern
Enable policy writers to operate directly rather than indirectly
→ platform exists for cross-domain policy execution
Anticipate / embrace heterogeneity
In organization, representation of data / policies / identity
Enable innovation: technology evolving rapidly: biometrics, behavior recognition
“Future-proof” things to gain from refinements in policy / authority technology
Resist search for “one to rule them all”
5. Resilient’s Trust Network (TN)
5
RULES
ENGINES
POLICY
AUTHORITIES
ID ATTRIBUTES
(DIRECTORIES)
AUTHN /
BIOMETRICS
AN UNKNOWN
USER/Thing
A KNOWN
USER/Thing
A PARTIALLY
KNOWN USER/Thing
A
A
A
A
A
A
PEP
(RP/Auth)
PDP Policy Stores/PAP/PIP/PRP
PAP
PAP
PAP
AUTHZ /
CREDENTIALS
6. Other Relevant Characteristics
6
Simplified provisioning – mostly “don’t”
Today: deployed as IAM tool for cross-organizational sharing
Can be useful tool even in today’s “island phase” relationship building
Workflow engine: programmed by policies
“Policies” in TN compile to workflows– machine language for DS policy languages
Other “composing” operations besides trust/identity can be expressed
“Common-carrier” like – “meaning” comes from usage / directories
Not an authority – each subscribed entity is (RP can be authority for selves)
Provides meta-authorities instanced / operated by subscribers / groups
Subscriber-set policies govern access – no super-user, no data retained
Real: functions in real-world environments, threats
Viruses, compromises, administrative lapses will continue to happen
Compromising a component need not compromise policy – expect failures
Usable: (policy protected access to be) auditable, debuggable, meterable (commerce)
Scale: simple components, narrow protocols, predictable interactions / aggregation
Services supporting “policy-protected datum” – privacy applications
Evolving: certificates, use of block chain technology
7. Conclusion: systematic trust maximizes IoT utility
7
“Islands of Things” should not be the limit of our aspirations
IoT interactions can’t tolerate traditional provisioning
Invitation to lax security, privacy, identity and thus trust
Counter with system designed to operate ad hoc and internet scale
Gain leverage from existing mechanisms through workflow integration
Utilize network characteristics for protection – can’t compromise whole
Make policy a first-order mechanism for policy writers
Requires a platform to execute them across boundaries
Avoid “lost in translation” problems in implementation / composition