SlideShare a Scribd company logo

The Confused Deputy Problem

Download as PPTX, PDF
Shay Ben-Haroche
Shay Ben-Haroche

The "Confused Deputy Problem" is a classic pitfall when designing permission systems, and it is still relevant in today's SaaS vendor world. Learn about the problem and its solution with practical examples.

1 of 15
1 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.|Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. The Confused Deputy Problem Shay Ben-Haroche 2020-07-22
2 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| • WIIFM • What is “The Confused Deputy Problem” ? • Example(s) and solution(s) • Why should we care? Agenda
3 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| • Learn a classic security pitfall • Still relevant in the SaaS vendors era • Learn how to protect against it • Potential application for Luminate’s connector WIIFM - What’s in it for me?
4 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| “A ‘confused deputy’ is a legitimate, more privileged computer program that is tricked by another program into misusing its authority on the system. It is a specific type of privilege escalation” (wikipedia) What is “the Confused Deputy Problem”
5 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| Basic Example • Two resources: – Alice can execute compiler, but not write to file (BILL) – Compiler can read-write to file (BILL) • Compiler is a deputy acting on behalf of Alice • Compiler is confused, because it escalates Alice’s privileges and allows her to write to BILL
6 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| • Bundle together the designation of an object and the permission to access that object • In our example - Alice passing the compiler both the filename it wants to write, and a permission token • This is exactly what a capability is (as opposed to ACL) Basic Example - Simple Solution
7 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.|
8 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| • Luminate wants to save AWS costs using CloudSave • CloudSave asks Luminate to provide an IAM role ARN, e.g: arn:aws:iam::123456789:role/CloudSaveRole (The IAM role can only be assumed by CloudSave) • CloudSave has another customer: EvilCorp • When EvilCorp finds/guesses Luminate’s AWS account ID • EvilCorp provides the same IAM role ARN to CloudSave • CloudSave is now a Confused Deputy IAM Role Example
9 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| IAM Role Example
10 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.|
11 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| • Unique GUID per customer • Provided by the vendor (CloudSave) • Cannot be easily guessed • Enforced in the “Condition” section of the IAM role The Solution - External ID
12 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| IAM Role Example - with External ID
13 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.|
14 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| • Classic pitfall, still relevant today • Potential application for Luminate’s connector • Read more: – ACL-based security – Capability-based security – AWS’ blog (with the IAM example) – ACL vs. C-List Summary
15 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.|Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. Thanks! Questions? Shay Ben-Haroche 2020-07-22

Recommended

Azure Arc 概要
Azure Arc 概要Azure Arc 概要
Azure Arc 概要
Kazuki Takai
 
MySQL 4.0で9年動き続けたサーバを リプレイスしてバージョンアップした話
MySQL 4.0で9年動き続けたサーバを リプレイスしてバージョンアップした話MySQL 4.0で9年動き続けたサーバを リプレイスしてバージョンアップした話
MySQL 4.0で9年動き続けたサーバを リプレイスしてバージョンアップした話
Takahiro Okumura
 
TypeScriptで書くLambdaをCDKでいい感じに管理する.pptx
TypeScriptで書くLambdaをCDKでいい感じに管理する.pptxTypeScriptで書くLambdaをCDKでいい感じに管理する.pptx
TypeScriptで書くLambdaをCDKでいい感じに管理する.pptx
ssuser8b389c
 
00_O365_SecureConfigurationAlignment_JP_v1.0.pdf
00_O365_SecureConfigurationAlignment_JP_v1.0.pdf00_O365_SecureConfigurationAlignment_JP_v1.0.pdf
00_O365_SecureConfigurationAlignment_JP_v1.0.pdf
Hisaho Nakata
 
JPC2018[G1]Office 365 と Box で実現する近未来の働き方 ~競合だと思われていたマイクロソフトと Box が協業するワケ~
JPC2018[G1]Office 365 と Box で実現する近未来の働き方 ~競合だと思われていたマイクロソフトと Box が協業するワケ~JPC2018[G1]Office 365 と Box で実現する近未来の働き方 ~競合だと思われていたマイクロソフトと Box が協業するワケ~
JPC2018[G1]Office 365 と Box で実現する近未来の働き方 ~競合だと思われていたマイクロソフトと Box が協業するワケ~
MPN Japan
 
Cloud Firestore を使って、Polling をやめたい話
Cloud Firestore を使って、Polling をやめたい話Cloud Firestore を使って、Polling をやめたい話
Cloud Firestore を使って、Polling をやめたい話
健一 辰濱
 
Yahoo! JAPANのプライベートRDBクラウドとマルチライター型 MySQL #dbts2017 #dbtsOSS
Yahoo! JAPANのプライベートRDBクラウドとマルチライター型 MySQL #dbts2017 #dbtsOSSYahoo! JAPANのプライベートRDBクラウドとマルチライター型 MySQL #dbts2017 #dbtsOSS
Yahoo! JAPANのプライベートRDBクラウドとマルチライター型 MySQL #dbts2017 #dbtsOSS
Yahoo!デベロッパーネットワーク
 
Ws2012フェールオーバークラスタリングdeep dive 130802
Ws2012フェールオーバークラスタリングdeep dive 130802Ws2012フェールオーバークラスタリングdeep dive 130802
Ws2012フェールオーバークラスタリングdeep dive 130802
wintechq
 

Recommended

Azure Arc 概要
Azure Arc 概要Azure Arc 概要
Azure Arc 概要
Kazuki Takai
 
MySQL 4.0で9年動き続けたサーバを リプレイスしてバージョンアップした話
MySQL 4.0で9年動き続けたサーバを リプレイスしてバージョンアップした話MySQL 4.0で9年動き続けたサーバを リプレイスしてバージョンアップした話
MySQL 4.0で9年動き続けたサーバを リプレイスしてバージョンアップした話
Takahiro Okumura
 
TypeScriptで書くLambdaをCDKでいい感じに管理する.pptx
TypeScriptで書くLambdaをCDKでいい感じに管理する.pptxTypeScriptで書くLambdaをCDKでいい感じに管理する.pptx
TypeScriptで書くLambdaをCDKでいい感じに管理する.pptx
ssuser8b389c
 
00_O365_SecureConfigurationAlignment_JP_v1.0.pdf
00_O365_SecureConfigurationAlignment_JP_v1.0.pdf00_O365_SecureConfigurationAlignment_JP_v1.0.pdf
00_O365_SecureConfigurationAlignment_JP_v1.0.pdf
Hisaho Nakata
 
JPC2018[G1]Office 365 と Box で実現する近未来の働き方 ~競合だと思われていたマイクロソフトと Box が協業するワケ~
JPC2018[G1]Office 365 と Box で実現する近未来の働き方 ~競合だと思われていたマイクロソフトと Box が協業するワケ~JPC2018[G1]Office 365 と Box で実現する近未来の働き方 ~競合だと思われていたマイクロソフトと Box が協業するワケ~
JPC2018[G1]Office 365 と Box で実現する近未来の働き方 ~競合だと思われていたマイクロソフトと Box が協業するワケ~
MPN Japan
 
Cloud Firestore を使って、Polling をやめたい話
Cloud Firestore を使って、Polling をやめたい話Cloud Firestore を使って、Polling をやめたい話
Cloud Firestore を使って、Polling をやめたい話
健一 辰濱
 
Yahoo! JAPANのプライベートRDBクラウドとマルチライター型 MySQL #dbts2017 #dbtsOSS
Yahoo! JAPANのプライベートRDBクラウドとマルチライター型 MySQL #dbts2017 #dbtsOSSYahoo! JAPANのプライベートRDBクラウドとマルチライター型 MySQL #dbts2017 #dbtsOSS
Yahoo! JAPANのプライベートRDBクラウドとマルチライター型 MySQL #dbts2017 #dbtsOSS
Yahoo!デベロッパーネットワーク
 
Ws2012フェールオーバークラスタリングdeep dive 130802
Ws2012フェールオーバークラスタリングdeep dive 130802Ws2012フェールオーバークラスタリングdeep dive 130802
Ws2012フェールオーバークラスタリングdeep dive 130802
wintechq
 
Microservices at Mercari
Microservices at MercariMicroservices at Mercari
Microservices at Mercari
Google Cloud Platform - Japan
 
詳説!Azure AD 条件付きアクセス - 動作の仕組みを理解する編
詳説!Azure AD 条件付きアクセス - 動作の仕組みを理解する編詳説!Azure AD 条件付きアクセス - 動作の仕組みを理解する編
詳説!Azure AD 条件付きアクセス - 動作の仕組みを理解する編
Yusuke Kodama
 
S08_Microsoft 365 E5 Compliance による内部不正対策の実践 [Microsoft Japan Digital Days]
S08_Microsoft 365 E5 Compliance による内部不正対策の実践 [Microsoft Japan Digital Days]S08_Microsoft 365 E5 Compliance による内部不正対策の実践 [Microsoft Japan Digital Days]
S08_Microsoft 365 E5 Compliance による内部不正対策の実践 [Microsoft Japan Digital Days]
日本マイクロソフト株式会社
 
20 common security vulnerabilities and misconfiguration in Azure
20 common security vulnerabilities and misconfiguration in Azure20 common security vulnerabilities and misconfiguration in Azure
20 common security vulnerabilities and misconfiguration in Azure
Cheah Eng Soon
 
20200708サーバーレスでのAPI管理の考え方
20200708サーバーレスでのAPI管理の考え方20200708サーバーレスでのAPI管理の考え方
20200708サーバーレスでのAPI管理の考え方
Amazon Web Services Japan
 
セキュリティの都市伝説を暴く
セキュリティの都市伝説を暴くセキュリティの都市伝説を暴く
セキュリティの都市伝説を暴く
Hiroshi Tokumaru
 
AWS IoTを使った双方向通信システムの実装と注意点
AWS IoTを使った双方向通信システムの実装と注意点AWS IoTを使った双方向通信システムの実装と注意点
AWS IoTを使った双方向通信システムの実装と注意点
Kohei MATSUSHITA
 
#ljstudy KVM勉強会
#ljstudy KVM勉強会#ljstudy KVM勉強会
#ljstudy KVM勉強会Etsuji Nakai
 
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装
de:code 2017
 
Software design as a cooperative game with EventStorming
Software design as a cooperative game with EventStormingSoftware design as a cooperative game with EventStorming
Software design as a cooperative game with EventStorming
Alberto Brandolini
 
AWS Black Belt Techシリーズ Amazon Elastic Compute Cloud (Amazon EC2)
AWS Black Belt Techシリーズ Amazon Elastic Compute Cloud (Amazon EC2)AWS Black Belt Techシリーズ Amazon Elastic Compute Cloud (Amazon EC2)
AWS Black Belt Techシリーズ Amazon Elastic Compute Cloud (Amazon EC2)
Amazon Web Services Japan
 
認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜
Masaru Kurahayashi
 
.NETのサポートポリシーのおさらい #csharptokyo
.NETのサポートポリシーのおさらい #csharptokyo.NETのサポートポリシーのおさらい #csharptokyo
.NETのサポートポリシーのおさらい #csharptokyo
Yuta Matsumura
 
AWSを含めたハイブリッド環境の監視の実現 ~zabbixのクラウド対応モジュールHyClops~
AWSを含めたハイブリッド環境の監視の実現 ~zabbixのクラウド対応モジュールHyClops~AWSを含めたハイブリッド環境の監視の実現 ~zabbixのクラウド対応モジュールHyClops~
AWSを含めたハイブリッド環境の監視の実現 ~zabbixのクラウド対応モジュールHyClops~
Daisuke Ikeda
 
KeycloakでFAPIに対応した高セキュリティなAPIを公開する
KeycloakでFAPIに対応した高セキュリティなAPIを公開するKeycloakでFAPIに対応した高セキュリティなAPIを公開する
KeycloakでFAPIに対応した高セキュリティなAPIを公開する
Hitachi, Ltd. OSS Solution Center.
 
Azure 仮想マシンにおける運用管理・高可用性設計のベストプラクティス
Azure 仮想マシンにおける運用管理・高可用性設計のベストプラクティスAzure 仮想マシンにおける運用管理・高可用性設計のベストプラクティス
Azure 仮想マシンにおける運用管理・高可用性設計のベストプラクティス
Yusuke Oi
 
Fido紹介資料
Fido紹介資料 Fido紹介資料
Fido紹介資料
daiyaito
 
[PGConf.ASIA 2018]Deep Dive on Amazon Aurora with PostgreSQL Compatibility
[PGConf.ASIA 2018]Deep Dive on Amazon Aurora with PostgreSQL Compatibility[PGConf.ASIA 2018]Deep Dive on Amazon Aurora with PostgreSQL Compatibility
[PGConf.ASIA 2018]Deep Dive on Amazon Aurora with PostgreSQL Compatibility
Amazon Web Services Japan
 
ZabbixによるAWS監視のコツ
ZabbixによるAWS監視のコツZabbixによるAWS監視のコツ
ZabbixによるAWS監視のコツ
ShinsukeYokota
 
CRX: Container Runtime Executive 
CRX: Container Runtime Executive CRX: Container Runtime Executive 
CRX: Container Runtime Executive 
imurata8203
 
Mainframe APIs and Modern DevOps
Mainframe APIs and Modern DevOpsMainframe APIs and Modern DevOps
Mainframe APIs and Modern DevOps
DevOps.com
 
Using GitHub and Visual Studio Code for Mainframe Development
Using GitHub and Visual Studio Code for Mainframe DevelopmentUsing GitHub and Visual Studio Code for Mainframe Development
Using GitHub and Visual Studio Code for Mainframe Development
DevOps.com
 

More Related Content

What's hot

Microservices at Mercari
Microservices at MercariMicroservices at Mercari
Microservices at Mercari
Google Cloud Platform - Japan
 
詳説!Azure AD 条件付きアクセス - 動作の仕組みを理解する編
詳説!Azure AD 条件付きアクセス - 動作の仕組みを理解する編詳説!Azure AD 条件付きアクセス - 動作の仕組みを理解する編
詳説!Azure AD 条件付きアクセス - 動作の仕組みを理解する編
Yusuke Kodama
 
S08_Microsoft 365 E5 Compliance による内部不正対策の実践 [Microsoft Japan Digital Days]
S08_Microsoft 365 E5 Compliance による内部不正対策の実践 [Microsoft Japan Digital Days]S08_Microsoft 365 E5 Compliance による内部不正対策の実践 [Microsoft Japan Digital Days]
S08_Microsoft 365 E5 Compliance による内部不正対策の実践 [Microsoft Japan Digital Days]
日本マイクロソフト株式会社
 
20 common security vulnerabilities and misconfiguration in Azure
20 common security vulnerabilities and misconfiguration in Azure20 common security vulnerabilities and misconfiguration in Azure
20 common security vulnerabilities and misconfiguration in Azure
Cheah Eng Soon
 
20200708サーバーレスでのAPI管理の考え方
20200708サーバーレスでのAPI管理の考え方20200708サーバーレスでのAPI管理の考え方
20200708サーバーレスでのAPI管理の考え方
Amazon Web Services Japan
 
セキュリティの都市伝説を暴く
セキュリティの都市伝説を暴くセキュリティの都市伝説を暴く
セキュリティの都市伝説を暴く
Hiroshi Tokumaru
 
AWS IoTを使った双方向通信システムの実装と注意点
AWS IoTを使った双方向通信システムの実装と注意点AWS IoTを使った双方向通信システムの実装と注意点
AWS IoTを使った双方向通信システムの実装と注意点
Kohei MATSUSHITA
 
#ljstudy KVM勉強会
#ljstudy KVM勉強会#ljstudy KVM勉強会
#ljstudy KVM勉強会Etsuji Nakai
 
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装
de:code 2017
 
Software design as a cooperative game with EventStorming
Software design as a cooperative game with EventStormingSoftware design as a cooperative game with EventStorming
Software design as a cooperative game with EventStorming
Alberto Brandolini
 
AWS Black Belt Techシリーズ Amazon Elastic Compute Cloud (Amazon EC2)
AWS Black Belt Techシリーズ Amazon Elastic Compute Cloud (Amazon EC2)AWS Black Belt Techシリーズ Amazon Elastic Compute Cloud (Amazon EC2)
AWS Black Belt Techシリーズ Amazon Elastic Compute Cloud (Amazon EC2)
Amazon Web Services Japan
 
認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜
Masaru Kurahayashi
 
.NETのサポートポリシーのおさらい #csharptokyo
.NETのサポートポリシーのおさらい #csharptokyo.NETのサポートポリシーのおさらい #csharptokyo
.NETのサポートポリシーのおさらい #csharptokyo
Yuta Matsumura
 
AWSを含めたハイブリッド環境の監視の実現 ~zabbixのクラウド対応モジュールHyClops~
AWSを含めたハイブリッド環境の監視の実現 ~zabbixのクラウド対応モジュールHyClops~AWSを含めたハイブリッド環境の監視の実現 ~zabbixのクラウド対応モジュールHyClops~
AWSを含めたハイブリッド環境の監視の実現 ~zabbixのクラウド対応モジュールHyClops~
Daisuke Ikeda
 
KeycloakでFAPIに対応した高セキュリティなAPIを公開する
KeycloakでFAPIに対応した高セキュリティなAPIを公開するKeycloakでFAPIに対応した高セキュリティなAPIを公開する
KeycloakでFAPIに対応した高セキュリティなAPIを公開する
Hitachi, Ltd. OSS Solution Center.
 
Azure 仮想マシンにおける運用管理・高可用性設計のベストプラクティス
Azure 仮想マシンにおける運用管理・高可用性設計のベストプラクティスAzure 仮想マシンにおける運用管理・高可用性設計のベストプラクティス
Azure 仮想マシンにおける運用管理・高可用性設計のベストプラクティス
Yusuke Oi
 
Fido紹介資料
Fido紹介資料 Fido紹介資料
Fido紹介資料
daiyaito
 
[PGConf.ASIA 2018]Deep Dive on Amazon Aurora with PostgreSQL Compatibility
[PGConf.ASIA 2018]Deep Dive on Amazon Aurora with PostgreSQL Compatibility[PGConf.ASIA 2018]Deep Dive on Amazon Aurora with PostgreSQL Compatibility
[PGConf.ASIA 2018]Deep Dive on Amazon Aurora with PostgreSQL Compatibility
Amazon Web Services Japan
 
ZabbixによるAWS監視のコツ
ZabbixによるAWS監視のコツZabbixによるAWS監視のコツ
ZabbixによるAWS監視のコツ
ShinsukeYokota
 
CRX: Container Runtime Executive 
CRX: Container Runtime Executive CRX: Container Runtime Executive 
CRX: Container Runtime Executive 
imurata8203
 

What's hot (20)

Microservices at Mercari
Microservices at MercariMicroservices at Mercari
Microservices at Mercari
 
詳説!Azure AD 条件付きアクセス - 動作の仕組みを理解する編
詳説!Azure AD 条件付きアクセス - 動作の仕組みを理解する編詳説!Azure AD 条件付きアクセス - 動作の仕組みを理解する編
詳説!Azure AD 条件付きアクセス - 動作の仕組みを理解する編
 
S08_Microsoft 365 E5 Compliance による内部不正対策の実践 [Microsoft Japan Digital Days]
S08_Microsoft 365 E5 Compliance による内部不正対策の実践 [Microsoft Japan Digital Days]S08_Microsoft 365 E5 Compliance による内部不正対策の実践 [Microsoft Japan Digital Days]
S08_Microsoft 365 E5 Compliance による内部不正対策の実践 [Microsoft Japan Digital Days]
 
20 common security vulnerabilities and misconfiguration in Azure
20 common security vulnerabilities and misconfiguration in Azure20 common security vulnerabilities and misconfiguration in Azure
20 common security vulnerabilities and misconfiguration in Azure
 
20200708サーバーレスでのAPI管理の考え方
20200708サーバーレスでのAPI管理の考え方20200708サーバーレスでのAPI管理の考え方
20200708サーバーレスでのAPI管理の考え方
 
セキュリティの都市伝説を暴く
セキュリティの都市伝説を暴くセキュリティの都市伝説を暴く
セキュリティの都市伝説を暴く
 
AWS IoTを使った双方向通信システムの実装と注意点
AWS IoTを使った双方向通信システムの実装と注意点AWS IoTを使った双方向通信システムの実装と注意点
AWS IoTを使った双方向通信システムの実装と注意点
 
#ljstudy KVM勉強会
#ljstudy KVM勉強会#ljstudy KVM勉強会
#ljstudy KVM勉強会
 
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装
[SC04] あなたのサービスを "ID" で守る! Azure Active Directory の条件付きアクセスの基礎と実装
 
Software design as a cooperative game with EventStorming
Software design as a cooperative game with EventStormingSoftware design as a cooperative game with EventStorming
Software design as a cooperative game with EventStorming
 
AWS Black Belt Techシリーズ Amazon Elastic Compute Cloud (Amazon EC2)
AWS Black Belt Techシリーズ Amazon Elastic Compute Cloud (Amazon EC2)AWS Black Belt Techシリーズ Amazon Elastic Compute Cloud (Amazon EC2)
AWS Black Belt Techシリーズ Amazon Elastic Compute Cloud (Amazon EC2)
 
認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜
 
.NETのサポートポリシーのおさらい #csharptokyo
.NETのサポートポリシーのおさらい #csharptokyo.NETのサポートポリシーのおさらい #csharptokyo
.NETのサポートポリシーのおさらい #csharptokyo
 
AWSを含めたハイブリッド環境の監視の実現 ~zabbixのクラウド対応モジュールHyClops~
AWSを含めたハイブリッド環境の監視の実現 ~zabbixのクラウド対応モジュールHyClops~AWSを含めたハイブリッド環境の監視の実現 ~zabbixのクラウド対応モジュールHyClops~
AWSを含めたハイブリッド環境の監視の実現 ~zabbixのクラウド対応モジュールHyClops~
 
KeycloakでFAPIに対応した高セキュリティなAPIを公開する
KeycloakでFAPIに対応した高セキュリティなAPIを公開するKeycloakでFAPIに対応した高セキュリティなAPIを公開する
KeycloakでFAPIに対応した高セキュリティなAPIを公開する
 
Azure 仮想マシンにおける運用管理・高可用性設計のベストプラクティス
Azure 仮想マシンにおける運用管理・高可用性設計のベストプラクティスAzure 仮想マシンにおける運用管理・高可用性設計のベストプラクティス
Azure 仮想マシンにおける運用管理・高可用性設計のベストプラクティス
 
Fido紹介資料
Fido紹介資料 Fido紹介資料
Fido紹介資料
 
[PGConf.ASIA 2018]Deep Dive on Amazon Aurora with PostgreSQL Compatibility
[PGConf.ASIA 2018]Deep Dive on Amazon Aurora with PostgreSQL Compatibility[PGConf.ASIA 2018]Deep Dive on Amazon Aurora with PostgreSQL Compatibility
[PGConf.ASIA 2018]Deep Dive on Amazon Aurora with PostgreSQL Compatibility
 
ZabbixによるAWS監視のコツ
ZabbixによるAWS監視のコツZabbixによるAWS監視のコツ
ZabbixによるAWS監視のコツ
 
CRX: Container Runtime Executive 
CRX: Container Runtime Executive CRX: Container Runtime Executive 
CRX: Container Runtime Executive 
 

Similar to The Confused Deputy Problem

Mainframe APIs and Modern DevOps
Mainframe APIs and Modern DevOpsMainframe APIs and Modern DevOps
Mainframe APIs and Modern DevOps
DevOps.com
 
Using GitHub and Visual Studio Code for Mainframe Development
Using GitHub and Visual Studio Code for Mainframe DevelopmentUsing GitHub and Visual Studio Code for Mainframe Development
Using GitHub and Visual Studio Code for Mainframe Development
DevOps.com
 
DevOps for Mainframe: Open Source Fast Track
DevOps for Mainframe: Open Source Fast TrackDevOps for Mainframe: Open Source Fast Track
DevOps for Mainframe: Open Source Fast Track
DevOps.com
 
Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024
Anthony Dahanne
 
Making Headless Drupal Serverless
Making Headless Drupal ServerlessMaking Headless Drupal Serverless
Making Headless Drupal Serverless
Amazon Web Services
 
Securing your Amazon SageMaker model development in a highly regulated enviro...
Securing your Amazon SageMaker model development in a highly regulated enviro...Securing your Amazon SageMaker model development in a highly regulated enviro...
Securing your Amazon SageMaker model development in a highly regulated enviro...
Amazon Web Services
 
JFokus 2020 - How to migrate an application to serverless
JFokus 2020 - How to migrate an application to serverlessJFokus 2020 - How to migrate an application to serverless
JFokus 2020 - How to migrate an application to serverless
Marcia Villalba
 
Using GitHub actions on AWS.pptx
Using GitHub actions on AWS.pptxUsing GitHub actions on AWS.pptx
Using GitHub actions on AWS.pptx
Derek Bingham
 
Tip from ConnectED 2015: An intro to IBM Security Directory Integrator for IB...
Tip from ConnectED 2015: An intro to IBM Security Directory Integrator for IB...Tip from ConnectED 2015: An intro to IBM Security Directory Integrator for IB...
Tip from ConnectED 2015: An intro to IBM Security Directory Integrator for IB...
SocialBiz UserGroup
 
Breaking down the Monowhat
Breaking down the MonowhatBreaking down the Monowhat
Breaking down the Monowhat
Amazon Web Services
 
Taking Serverless to the Edge
Taking Serverless to the Edge Taking Serverless to the Edge
Taking Serverless to the Edge
Amazon Web Services
 
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
AWS Summits
 
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Amazon Web Services
 
API Design Principles Essential 
API Design Principles Essential API Design Principles Essential 
API Design Principles Essential 
Oracle Korea
 
Identity and access control for custom enterprise applications - SDD412 - AWS...
Identity and access control for custom enterprise applications - SDD412 - AWS...Identity and access control for custom enterprise applications - SDD412 - AWS...
Identity and access control for custom enterprise applications - SDD412 - AWS...
Amazon Web Services
 
Resiliency and Availability Design Patterns for the Cloud
Resiliency and Availability Design Patterns for the CloudResiliency and Availability Design Patterns for the Cloud
Resiliency and Availability Design Patterns for the Cloud
Amazon Web Services
 
UX STRAT USA 2018 Presentation: Joe Meersman, IBM
UX STRAT USA 2018 Presentation: Joe Meersman, IBMUX STRAT USA 2018 Presentation: Joe Meersman, IBM
UX STRAT USA 2018 Presentation: Joe Meersman, IBM
UX STRAT
 
Taking Serverless to the Edge - SRV330 - Chicago AWS Summit
Taking Serverless to the Edge - SRV330 - Chicago AWS SummitTaking Serverless to the Edge - SRV330 - Chicago AWS Summit
Taking Serverless to the Edge - SRV330 - Chicago AWS Summit
Amazon Web Services
 
IC6284A - The Art of Choosing the Best Cloud Solution
IC6284A - The Art of Choosing the Best Cloud SolutionIC6284A - The Art of Choosing the Best Cloud Solution
IC6284A - The Art of Choosing the Best Cloud Solution
Hendrik van Run
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
Amazon Web Services
 

Similar to The Confused Deputy Problem (20)

Mainframe APIs and Modern DevOps
Mainframe APIs and Modern DevOpsMainframe APIs and Modern DevOps
Mainframe APIs and Modern DevOps
 
Using GitHub and Visual Studio Code for Mainframe Development
Using GitHub and Visual Studio Code for Mainframe DevelopmentUsing GitHub and Visual Studio Code for Mainframe Development
Using GitHub and Visual Studio Code for Mainframe Development
 
DevOps for Mainframe: Open Source Fast Track
DevOps for Mainframe: Open Source Fast TrackDevOps for Mainframe: Open Source Fast Track
DevOps for Mainframe: Open Source Fast Track
 
Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024
 
Making Headless Drupal Serverless
Making Headless Drupal ServerlessMaking Headless Drupal Serverless
Making Headless Drupal Serverless
 
Securing your Amazon SageMaker model development in a highly regulated enviro...
Securing your Amazon SageMaker model development in a highly regulated enviro...Securing your Amazon SageMaker model development in a highly regulated enviro...
Securing your Amazon SageMaker model development in a highly regulated enviro...
 
JFokus 2020 - How to migrate an application to serverless
JFokus 2020 - How to migrate an application to serverlessJFokus 2020 - How to migrate an application to serverless
JFokus 2020 - How to migrate an application to serverless
 
Using GitHub actions on AWS.pptx
Using GitHub actions on AWS.pptxUsing GitHub actions on AWS.pptx
Using GitHub actions on AWS.pptx
 
Tip from ConnectED 2015: An intro to IBM Security Directory Integrator for IB...
Tip from ConnectED 2015: An intro to IBM Security Directory Integrator for IB...Tip from ConnectED 2015: An intro to IBM Security Directory Integrator for IB...
Tip from ConnectED 2015: An intro to IBM Security Directory Integrator for IB...
 
Breaking down the Monowhat
Breaking down the MonowhatBreaking down the Monowhat
Breaking down the Monowhat
 
Taking Serverless to the Edge
Taking Serverless to the Edge Taking Serverless to the Edge
Taking Serverless to the Edge
 
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
 
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
Orchestrating containers on AWS | AWS Summit Tel Aviv 2019
 
API Design Principles Essential 
API Design Principles Essential API Design Principles Essential 
API Design Principles Essential 
 
Identity and access control for custom enterprise applications - SDD412 - AWS...
Identity and access control for custom enterprise applications - SDD412 - AWS...Identity and access control for custom enterprise applications - SDD412 - AWS...
Identity and access control for custom enterprise applications - SDD412 - AWS...
 
Resiliency and Availability Design Patterns for the Cloud
Resiliency and Availability Design Patterns for the CloudResiliency and Availability Design Patterns for the Cloud
Resiliency and Availability Design Patterns for the Cloud
 
UX STRAT USA 2018 Presentation: Joe Meersman, IBM
UX STRAT USA 2018 Presentation: Joe Meersman, IBMUX STRAT USA 2018 Presentation: Joe Meersman, IBM
UX STRAT USA 2018 Presentation: Joe Meersman, IBM
 
Taking Serverless to the Edge - SRV330 - Chicago AWS Summit
Taking Serverless to the Edge - SRV330 - Chicago AWS SummitTaking Serverless to the Edge - SRV330 - Chicago AWS Summit
Taking Serverless to the Edge - SRV330 - Chicago AWS Summit
 
IC6284A - The Art of Choosing the Best Cloud Solution
IC6284A - The Art of Choosing the Best Cloud SolutionIC6284A - The Art of Choosing the Best Cloud Solution
IC6284A - The Art of Choosing the Best Cloud Solution
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
 

Recently uploaded

Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
E-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet DynamicsE-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet Dynamics
Hornet Dynamics
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
brainerhub1
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
Hironori Washizaki
 
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfRevolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
Undress Baby
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
What is Master Data Management by PiLog Group
What is Master Data Management by PiLog GroupWhat is Master Data Management by PiLog Group
What is Master Data Management by PiLog Group
aymanquadri279
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
Rakesh Kumar R
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
Ayan Halder
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Peter Muessig
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
rodomar2
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
Quickdice ERP
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
Hornet Dynamics
 

Recently uploaded (20)

Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
E-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet DynamicsE-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet Dynamics
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
 
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfRevolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
What is Master Data Management by PiLog Group
What is Master Data Management by PiLog GroupWhat is Master Data Management by PiLog Group
What is Master Data Management by PiLog Group
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
 

The Confused Deputy Problem

  • 1. 1 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.|Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. The Confused Deputy Problem Shay Ben-Haroche 2020-07-22
  • 2. 2 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| • WIIFM • What is “The Confused Deputy Problem” ? • Example(s) and solution(s) • Why should we care? Agenda
  • 3. 3 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| • Learn a classic security pitfall • Still relevant in the SaaS vendors era • Learn how to protect against it • Potential application for Luminate’s connector WIIFM - What’s in it for me?
  • 4. 4 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| “A ‘confused deputy’ is a legitimate, more privileged computer program that is tricked by another program into misusing its authority on the system. It is a specific type of privilege escalation” (wikipedia) What is “the Confused Deputy Problem”
  • 5. 5 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| Basic Example • Two resources: – Alice can execute compiler, but not write to file (BILL) – Compiler can read-write to file (BILL) • Compiler is a deputy acting on behalf of Alice • Compiler is confused, because it escalates Alice’s privileges and allows her to write to BILL
  • 6. 6 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| • Bundle together the designation of an object and the permission to access that object • In our example - Alice passing the compiler both the filename it wants to write, and a permission token • This is exactly what a capability is (as opposed to ACL) Basic Example - Simple Solution
  • 7. 7 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.|
  • 8. 8 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| • Luminate wants to save AWS costs using CloudSave • CloudSave asks Luminate to provide an IAM role ARN, e.g: arn:aws:iam::123456789:role/CloudSaveRole (The IAM role can only be assumed by CloudSave) • CloudSave has another customer: EvilCorp • When EvilCorp finds/guesses Luminate’s AWS account ID • EvilCorp provides the same IAM role ARN to CloudSave • CloudSave is now a Confused Deputy IAM Role Example
  • 9. 9 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| IAM Role Example
  • 10. 10 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.|
  • 11. 11 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| • Unique GUID per customer • Provided by the vendor (CloudSave) • Cannot be easily guessed • Enforced in the “Condition” section of the IAM role The Solution - External ID
  • 12. 12 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| IAM Role Example - with External ID
  • 13. 13 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.|
  • 14. 14 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.| • Classic pitfall, still relevant today • Potential application for Luminate’s connector • Read more: – ACL-based security – Capability-based security – AWS’ blog (with the IAM example) – ACL vs. C-List Summary
  • 15. 15 Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.|Broadcom Proprietary and Confidential. Copyright © 2018 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. Thanks! Questions? Shay Ben-Haroche 2020-07-22