Workshop: Hands-On Container Image Security Mastering Sigstore for Unbreachable Integrity
Download as PPTX, PDF0 likes66 views
The document discusses the importance of container security, highlighting a case study of the Docker Hub breach in 2023, where misconfigured repositories exposed thousands of images containing sensitive authentication secrets. It covers key concepts of containers, common vulnerabilities in containerized environments, and mitigation strategies, emphasizing practices such as image integrity, proper access controls, and the use of Sigstore tools for enhancing software artifact security. The document also outlines best practices for secure container management and the significance of implementing robust security measures to protect the software supply chain.
Workshop: Hands-On Container Image Security Mastering Sigstore for Unbreachable Integrity
- 1. Hands-on Container Image Security: Mastering Sigstore for Unbreachable Integrity - Mohammed Ilyas Ahmed - Syed Aamiruddin
- 2. Defcon > $whoami • DevOps Architect • Author • Advisor • Speaker • Cloud Architect • Author • Consultant • Trainer
- 3. Case Study: Docker Hub Breach • In 2023, a security researcher discovered that thousands of images on Docker Hub, a popular container registry, were leaking authentication secrets and private keys. • The images, which included popular frameworks and libraries, were exposed due to misconfigured Docker Hub repositories. • An attacker could have used these secrets to gain unauthorized access to the affected systems and data. • Misconfigured repositories: The leak was caused by misconfigured Docker Hub repositories, which allowed unauthorized access to sensitive information. • Authentication secrets and private keys: The exposed images contained authentication secrets and private keys, which could be used to gain unauthorized access to systems and data. • Thousands of images affected: The security researcher estimated that thousands of images were affected, including popular frameworks and libraries.
- 4. What are Containers? In DevOps, containers are lightweight, portable, and self-sufficient units that package an application and all its dependencies (such as libraries, configurations, and other required components) to ensure that it runs consistently across different computing environments.
- 5. Key Features of Containers • Isolation • Lightweight • Portability • Consistency • Scalability
- 6. Common Container Technologies • Docker • Kubernetes • Podman • OpenShift
- 7. How do Containers Work? CONTAINERS RUN AS ISOLATED PROCESSES ON A HOST OPERATING SYSTEM, USING OPERATING SYSTEM-LEVEL VIRTUALIZATION TO PROVIDE A SANDBOXED ENVIRONMENT FOR EACH CONTAINER. EACH CONTAINER HAS ITS OWN ISOLATED ENVIRONMENT CONTAINERS SHARE THE SAME KERNEL AS THE HOST OS CONTAINERS ARE HIGHLY PORTABLE AND CAN RUN ON ANY PLATFORM THAT SUPPORTS THE CONTAINER RUNTIME
- 8. Benefits of Using Containers Lightweight and portable Easy to deploy and manage Improved resource utilization Faster development and testing cycles Increased scalability and reliability
- 9. What is Container Security? Container Security refers to the implementation of security measures specifically designed to protect containerized applications, their data, and their underlying infrastructure from threats and vulnerabilities. It encompasses a range of practices, tools, and policies to ensure the security and integrity of containers throughout their lifecycle, from development to deployment and operation.
- 10. Key Aspects of Container Security IMAGE SECURITY RUNTIME SECURITY NETWORK SECURITY CONFIGURATION MANAGEMENT MONITORING AND LOGGING COMPLIANCE AND POLICY ENFORCEMENT
- 11. Common vulnerabilities in containerized environments • Insecure Container Images Container images can contain outdated or vulnerable software components, including libraries and binaries with known security flaws. • Insufficient Isolation Containers on the same host may not be properly isolated, allowing one compromised container to affect others or the host system. • Insecure Defaults Default configurations for container orchestrators or runtime environments can be insecure, exposing them to attacks.
- 12. Common vulnerabilities in containerized environments • Hardcoded Secrets Storing sensitive information such as API keys, passwords, or encryption keys directly in container images or environment variables. • Inadequate Resource Limits Failure to set resource limits on containers can lead to resource exhaustion attacks, where a container consumes excessive CPU, memory, or disk resources. • Untrusted Container Registries Pulling container images from untrusted or compromised registries can introduce malicious code into the environment. • Insecure Communication Insecure communication between containers or between containers and external services can be intercepted or manipulated.
- 13. Common vulnerabilities in containerized environments • Privilege Escalation Containers running with elevated privileges can be exploited to gain access to the host system or other containers. • Outdated Orchestration Tools Using outdated or improperly configured orchestration tools can lead to security gaps. • Improper Access Control Inadequate access control measures can allow unauthorized users to manipulate containerized applications and services.
- 14. Mitigation Strategies Regularly scanning container images for vulnerabilities and using trusted sources. Ensuring proper isolation and applying least privilege principles. Regularly updating container orchestrators and runtime environments. Avoiding hardcoded secrets and using secret management tools. Setting resource limits and monitoring resource usage. Encrypting communication between containers and services. Applying stringent access control policies and regularly reviewing configurations.
- 15. Mitigation Strategies • Insufficient Isolation: Use Kubernetes Pod Security Policies to enforce isolation. • Example: Defining a Pod Security Policy in Kubernetes.
- 16. Mitigation Strategies • Insecure Defaults: Secure Kubernetes API server settings. • Example: Configuring the Kubernetes API server.
- 17. Mitigation Strategies • Improper Access Control: Implement Role- Based Access Control (RBAC) • Example: Defining RBAC roles and bindings in Kubernetes
- 18. Best Practices for Container Security • Use of minimal base images • Regularly updating containers • Implementing access controls • Continuous monitoring and logging
- 19. Action Items REVIEW DOCKER HUB REPOSITORIES FOR MISCONFIGURED SETTINGS AND SENSITIVE INFORMATION EXPOSURE. IMPLEMENT SECURE IMAGE MANAGEMENT PRACTICES, SUCH AS USING SECURE AUTHENTICATION AND AUTHORIZATION MECHANISMS, TO PREVENT SIMILAR INCIDENTS. CONDUCT REGULAR SECURITY AUDITS AND VULNERABILITY ASSESSMENTS TO IDENTIFY AND REMEDIATE POTENTIAL SECURITY RISKS.
- 20. What is Image Integrity? • Image integrity refers to the process of ensuring that a container image has not been tampered with or modified during its creation, transmission, or storage. • Image integrity is crucial for ensuring the security and trustworthiness of containerized applications. • Prevents malicious code injection • Ensures compliance with regulatory requirements • Provides transparency and accountability • Reduces the risk of data breaches and security incidents
- 21. Use Case Examples for Image Integrity Automobile Industry • Use Case: Protecting Firmware Updates • Scenario: An automobile manufacturer deploys firmware updates to vehicle control units (ECUs) through over-the-air (OTA) updates. • Image Integrity Challenge: Ensuring that the firmware images delivered to vehicles are not tampered with during transmission or storage. Any modification to the firmware could compromise vehicle safety or performance. • Solution: Implement digital signatures and hash-based checks to validate the integrity of firmware images. DevSecOps practices include continuous integration of security checks into the update process, verifying signatures before applying updates, and monitoring for unauthorized changes to the firmware repositories. Food Industry • Use Case: Securing Recipe and Ingredient Data • Scenario: A food manufacturer uses automated systems to manage recipes and ingredient data, which are critical for product quality and compliance. • Image Integrity Challenge: Protecting the integrity of digital images or documents that represent recipes and ingredient data from being altered maliciously. Altered data could lead to contamination or quality issues. • Solution: Utilize cryptographic hash functions and digital signatures to ensure the integrity of recipe and ingredient images. Integrate these checks into the CI/CD pipeline of the manufacturing software to prevent unauthorized modifications and verify data integrity during updates.
- 22. Use Case Examples for Image Integrity Supply Container Industry • Use Case: Verifying Container Specifications • Scenario: A logistics company manages supply containers that hold sensitive or valuable goods. Container specifications are stored digitally, including dimensions, materials, and load capacities. • Image Integrity Challenge: Ensuring that digital records or images of container specifications are accurate and have not been altered to misrepresent the container’s capabilities or condition. • Solution: Implement image integrity checks using digital watermarking and cryptographic hashing. Automate the validation process within the DevSecOps pipeline to monitor and verify the accuracy of container images and specifications during updates and when generating reports.
- 23. https://docs.sigstore.dev/about/overview/ What is Sigstore? • An open-source project for securing the software supply chain • Provides tools and infrastructure to enhance software artifact security through signing, transparency, and verification
- 24. Purpose and Goals • Enhancing Trust in Software Artifacts • Building a Transparent Ecosystem • Importance in Software Supply Chain Security • Mitigating Risks • Improving Developer Confidence • Adoption by Industry Leaders
- 25. Key Benefits of Sigstore INCREASED TRANSPARENCY SIMPLIFIED INTEGRATION ENHANCED SECURITY BUILDING TRUST PROMOTING INDUSTRY STANDARDS
- 26. Sigstore tools Cosign: Signing and Verifying Containers and Artifacts Fulcio: The Trusted Digital Certificate Authority Rekor: The Immutable and Secure Transparency Log
- 27. Overview of Cosign • A tool for signing and verifying container images and other artifacts. • Part of the Sigstore project, enabling cryptographic signing without the need for long- term key management. https://www.linkedin.com/pulse/container-supply-chain-security-using-cosign-kms- dinesh-sharma/
- 28. Lab1 : Image integrity with Cosign • docker tag <source-image>:<source-tag> <destination-repo>/<destination-image>:<destination-tag> • docker push <destination-repo>/<image>:<tag> • cosign generate-key-pair • cosign sign --key <private-key-file> <destination-repo>/<image>:<tag> • cosign verify --key <public-key-file> <destination-repo>/<image>:<tag>
- 29. Cheat Commands • docker tag <source-image>:<source-tag> <destination-repo>/<destination- image>:<destination-tag> • docker push <destination-repo>/<image>:<tag> • cosign generate-key-pair • cosign sign --key <private-key-file> <destination- repo>/<image>:<tag> • cosign verify --key <public-key-file> <destination- repo>/<image>:<tag>
- 30. Output
- 31. GCR
- 32. Fulcio • Sigstore’s certificate authority (CA) issues short-lived digital certificates thus eliminating the need for managing long-term private keys. • Tied to OpenID Connect identities, eliminating the need for managing private keys. • Used by Cosign to generate signatures, allowing keyless signing.
- 33. Lab2 Fulcio 1. Set Up OIDC Authentication 2. Use Cosign with Fulcio to sign your Docker image cosign sign --fulcio-url <fulcio-url> --oidc-issuer <oidc-issuer> --oidc-client-id <oidc-client-id> --key <private-key- file> <destination-repo>/<image>:<tag> 3. Verify Signed Docker Image cosign verify --key <public-key-file> <destination-repo>/<image>:<tag>
- 34. Rekor A transparency log that records metadata about signed software artifacts. Provides an immutable, publicly accessible log of all signature entries. Stores metadata, including the hash of the signed artifact and the certificate used to sign it. Entries are immutable and can be queried to verify the history of an artifact.
- 35. Basic Steps for Rekor installation • Install the Rekor CLI • Sign and upload entries with Rekor CLI • Verify entries in the public Rekor Server • Install a Rekor Server locally • Verify entries in the local Rekor Server
- 36. Example: Validate and Track Signatures of OCI Images Using Cosign and Rekor https://stacklok.com/blog/validate-and-track-signatures-of-oci-images-using-cosign-and-rekor
- 37. Best Practices further for GCR • Implement Binary Authorization in GCP • Enable Vulnerability Scanning with trivy • Consider using a private registry within your GCP project to limit external access to your container images. • Fail builds or deployments if images don't meet your security policies (e.g., unsigned images or those with vulnerabilities). • Regularly rotate keys used for signing images and update configurations accordingly.