E. Falcão, Matteus V. S. Silva, Clenimar Souza, Andrey Brito
{"title":"使用SPIFFE身份验证本地云应用程序","authors":"E. Falcão, Matteus V. S. Silva, Clenimar Souza, Andrey Brito","doi":"10.5753/sbc.7165.8.3","DOIUrl":null,"url":null,"abstract":"The purpose of this tutorial is to present how cloud-native applications are authenticated with the zero-trust model and the SPIFFE specification. A distributed application is used as study case and its microservices are attested to receive SPIFFE identities that allow mutual authentication according to the zero-trust principles. To illustrate the advantages of zero-trust model with SPIFFE identities in cloud-native computing environments, we leverage both attestation mechanisms based in Kubernetes as well as mechanisms based in Intel SGX (using the SCONE framework).","PeriodicalId":341466,"journal":{"name":"Minicursos do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Autenticando aplicações nativas da nuvem com identidades SPIFFE\",\"authors\":\"E. Falcão, Matteus V. S. Silva, Clenimar Souza, Andrey Brito\",\"doi\":\"10.5753/sbc.7165.8.3\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The purpose of this tutorial is to present how cloud-native applications are authenticated with the zero-trust model and the SPIFFE specification. A distributed application is used as study case and its microservices are attested to receive SPIFFE identities that allow mutual authentication according to the zero-trust principles. To illustrate the advantages of zero-trust model with SPIFFE identities in cloud-native computing environments, we leverage both attestation mechanisms based in Kubernetes as well as mechanisms based in Intel SGX (using the SCONE framework).\",\"PeriodicalId\":341466,\"journal\":{\"name\":\"Minicursos do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais\",\"volume\":\"46 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Minicursos do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5753/sbc.7165.8.3\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Minicursos do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5753/sbc.7165.8.3","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Autenticando aplicações nativas da nuvem com identidades SPIFFE
The purpose of this tutorial is to present how cloud-native applications are authenticated with the zero-trust model and the SPIFFE specification. A distributed application is used as study case and its microservices are attested to receive SPIFFE identities that allow mutual authentication according to the zero-trust principles. To illustrate the advantages of zero-trust model with SPIFFE identities in cloud-native computing environments, we leverage both attestation mechanisms based in Kubernetes as well as mechanisms based in Intel SGX (using the SCONE framework).