Evan Gilman

The potential of AI agents should not make us forget that we already have the tools needed to secure them. Just follow the advice of an 11th-century monk, and "start by doing what's necessary." Read more in @PieterKasselman's blog hubs.li/Q037pyqT0 #AI #AISecurity #identity

Pass-the-{token} attacks are still very much relevant. Tokens may change: Cookie, NT Hash, Kerberos ticket, MFA token, ... However, the problem is not in the "token" but in the "pass". We need a solutions to make tokens stay put, such as device and channel binding.

If you're in Seattle for Cloud Native Security Con, come hang out tonight for some bites and good times .. all things workload identity! What is there not to love? See you there!

Put some thoughts together on how to think about ACME and SPIFFE. The TL;DR is: ACME is about proving control of an identifier, while SPIFFE is about assigning and managing identifiers dynamically to enable the authorization of the subjects of those identifiers. unmitigatedrisk.com/?p=820

Wrote this short post yesterday on why multi-factor auth for machines in the form of hardware/software attestation is so important. Lots and lots of breaches involving single factor creds like service account etc...

Episode 166 "Workload Identity, Zero Trust and #SPIFFE (Also Turtles!)" of Cloud Security Podcast where hosts @anton_chuvakin and @_TimPeacock interview Evan Gilman (@evan2645) and Eli Nesterov (@elinesterov), co-founders @spirl_inc about identities cloud.withgoogle.com/cloudsecurity/…

In case you missed the SPIFFE Virtual meetup last month, here are the recordings. Thank you to presenters from Coinbase, Indeed, and HPE for sharing their insights and experiences youtube.com/playlist?list=… #SPIFFE #ZeroTrust

It is 2024 will wouldn't be rolling out new systems using passwords and no MFA would you? Of course not -- It is probably time to rethink the way you do your workload and machine authentication too.

Psst… In case you want to hear me ranting for two hours about secrets, SPIFFE, SPIRE, Turtles, passport, piano, kids, teenagers, and Neurology this is the video recording of today’s Enlightning » youtube.com/watch?v=EB6AJT…

📢 Join me this Friday at 8:00 AM PST! I'm excited to be a special guest on @wiggitywhitney’s livestream. We'll dive into the world of SPIFFE, SPIRE, and turtles 🐢⚡️. 📅 Mark your to Calendar to Enlighten⚡️: tanzu.vmware.com/developer/tv/e… #SPIFFE #SPIRE #ZeroTrust #Security #Tanzu

SSH3 with ACME just naturally solves the classical Trust On First Use problem of SSH for VMs with hostnames such as @Azure VMs. Easily implemented in SSH3 v0.1.6 using @caddyserver's certmagic.✨ Native access to the HTTPS ecosystem in SSH is a real game changer, here's why:

Are you working with SPIFFE and wondering what should go into your SPIFFE ID? Check out our post where we teach you what to consider for your IDs. buff.ly/41RUrIu

Using SPIFFE/SPIRE? Some systems like @IstioMesh have established conventions about how to encode identity with SPIFFE IDs, but you may be wondering how best to construct SPIFFE IDs… this is a GREAT blog from @QuintessenceAnx @spirl_inc spirl.com/blog/how-to-co…

These two are such a fun couple of humans both of them lift others up and share that incredible knowledge they’ve learned everyday! With @evan2645 and @sublimino

In operating system design, the user context in which tasks operate is factored into the design to ensure the desired security properties. In application design, this consideration is often overlooked, with applications usually running as monolithic structures that are blindly trusted to function correctly. The cloud typically employs a microservice-based design, which is similar to approaches used in operating systems. This is great, but unlike operating systems, these components are distributed. This is a important distinction because these micro-services largely still rely on blind trust that these components function as intended. While this blind trust is present in operating systems, it's more tolerable there since it all runs on a single host under a consistent security architecture. In cloud systems, that's seldom the case, exposing systems to attacks and amplifying the blast radius of a compromise when it happens. This misplaced trust in components is often the reason for the frequent tenant boundary violations seen in multi-tenant systems. By adopting cryptographic access controls and cryptographically verifiable auditing in these systems, inspired by how Signal incorporated cryptography and verifiability into messaging, we can move away from this blind trust. This reduces the impact of breaches, enhancing the ability to respond effectively and promptly during security incidents.

SPIFFE Community Day kick-off!

Here are a few key management lessons from decades of successes and failures.

Last call for @SPIFFEio community day in-person attendees!! We'll cover all things workload identity, even some non-SPIFFE stuff 😁 see ya there!

We have some amazing speakers lined up for SPIFFE Community Day next Friday 🙌🙌🙌 you should definitely attend if you're able to! Hybrid event, but in-person attendees in SF will have an unconference bit at the end 😀 see you there! …ecommunityday-fall2023.splashthat.com

Google is going to standardize their Workload identity based on #SPIFFE 🎉 Watch this: youtube.com/clip/UgkxcujMW…