We perform an analysis of the OpenStack infrastructure from which we are able to derive a complete strategy for defence-in-depth. We will present a concise system description which explicitly enumerates the assumptions and vulnerabilities present in real systems, and allows us to put each potential defensive measure into context within the architecture of OpenStack.
Our analysis models the way an attacker works within the system, finding chains of weaknesses which lead to a desired goal. Once we can understand and exhibit the consequences of the compromise of any individual component, we may then concentrate our hardening efforts without cognitive bias or naive assumption.
The analysis is interesting because it goes some way towards explaining the "Honeymoon Period" for discovery of system vulnerability (Blaze, Clark et al), and can increase the time between successful exploits by acknowledging that an attack is a constructive proof of vulnerability which must be broken in as many places as possible.
Shevek is an expert programmer who has worked on cutting edge research in systems and security, compilers and language design, algorithms and optimization. He is capable of maintaining a very straight face under questioning on topics including "Why is our printer playing 'happy birthday'?" or "What is that message doing on the side of that building?" His recent work focused on big data infrastructure and analytics, working mostly with Hadoop. He received a Doctorate in Computing on the... Read More →
Paul McMillan has been interested in security from an early age when he realized that it was a lot more fun to hack games than play them (even when the hacking took far more effort). While he doesn't play many games anymore, he has found network and web application security to be just as fun and much more useful. Paul has been working with Django since 2008, and is now a core committer with a focus on improving the security of Django.
Attendance numbers do not account for private attendees. Get there early!