使用SPIFFE身份验证本地云应用程序

Minicursos do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais Pub Date : 2021-10-04 DOI:10.5753/sbc.7165.8.3

E. Falcão, Matteus V. S. Silva, Clenimar Souza, Andrey Brito

{"title":"使用SPIFFE身份验证本地云应用程序","authors":"E. Falcão, Matteus V. S. Silva, Clenimar Souza, Andrey Brito","doi":"10.5753/sbc.7165.8.3","DOIUrl":null,"url":null,"abstract":"The purpose of this tutorial is to present how cloud-native applications are authenticated with the zero-trust model and the SPIFFE speciﬁcation. A distributed application is used as study case and its microservices are attested to receive SPIFFE identities that allow mutual authentication according to the zero-trust principles. To illustrate the advantages of zero-trust model with SPIFFE identities in cloud-native computing environments, we leverage both attestation mechanisms based in Kubernetes as well as mechanisms based in Intel SGX (using the SCONE framework).","PeriodicalId":341466,"journal":{"name":"Minicursos do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Autenticando aplicações nativas da nuvem com identidades SPIFFE\",\"authors\":\"E. Falcão, Matteus V. S. Silva, Clenimar Souza, Andrey Brito\",\"doi\":\"10.5753/sbc.7165.8.3\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The purpose of this tutorial is to present how cloud-native applications are authenticated with the zero-trust model and the SPIFFE speciﬁcation. A distributed application is used as study case and its microservices are attested to receive SPIFFE identities that allow mutual authentication according to the zero-trust principles. To illustrate the advantages of zero-trust model with SPIFFE identities in cloud-native computing environments, we leverage both attestation mechanisms based in Kubernetes as well as mechanisms based in Intel SGX (using the SCONE framework).\",\"PeriodicalId\":341466,\"journal\":{\"name\":\"Minicursos do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais\",\"volume\":\"46 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Minicursos do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5753/sbc.7165.8.3\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Minicursos do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5753/sbc.7165.8.3","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

本教程的目的是介绍如何使用零信任模型和SPIFFE规范对云原生应用程序进行身份验证。以一个分布式应用程序为研究案例，对其微服务进行验证，以接收SPIFFE身份，允许根据零信任原则进行相互认证。为了说明在云原生计算环境中使用SPIFFE身份的零信任模型的优势，我们利用了基于Kubernetes的认证机制和基于Intel SGX的机制(使用SCONE框架)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Autenticando aplicações nativas da nuvem com identidades SPIFFE

The purpose of this tutorial is to present how cloud-native applications are authenticated with the zero-trust model and the SPIFFE speciﬁcation. A distributed application is used as study case and its microservices are attested to receive SPIFFE identities that allow mutual authentication according to the zero-trust principles. To illustrate the advantages of zero-trust model with SPIFFE identities in cloud-native computing environments, we leverage both attestation mechanisms based in Kubernetes as well as mechanisms based in Intel SGX (using the SCONE framework).

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Minicursos do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais

自引率

0.00%

发文量