Back To Schedule
Thursday, April 19 • 4:45pm - 5:15pm
Immutability for Cloud Foundry: Security in a Cloud Native World - Nolan Karpinski, Immutable Systems

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In a cloud native environment, with applications that are abstracted from infrastructure such as Cloud Foundry based apps, there is an opportunity to reconsider the fundamental approach to security.

Bracket Computing has been working closely with the Cloud Foundry community to create new tools to harden a CF foundation and make it truly immutable. A truly immutable infrastructure will include controls to assure that stemcells cannot be modified even with the highest levels of privilege. This means that even with root access, a truly immutable infrastructure will resist the attack.

Bracket has developed a unique architecture that applies security and immutability controls via a virtualization layer called the Metavisor that wraps every stemcell. Enforcing immutability with Metavisor means that the controls cannot be bypassed even if an attacker gains root access to the stemcell VM.

This talk will focus on five areas required to achieve infrastructure immutability for CF:

1. Kernel immutability. Critical parts of the kernel such as the system call table should be protected.
2. File immutability. All file changes should be tracked and authorized.
3. Privilege immutability. Privilege changes should be monitored and/or disallowed.
4. Process immutability. Certain processes, for example a web server, should never spawn shells or execute unknown code.
5. Network immutability. Allowed ports and protocols should be static at runtime.


Nolan Karpinski

Product Manager, Immutable Systems
Nolan Karpinski is a Product Manager at Immutable Systems, focusing on server immutability. He is responsible for bringing Immutable Systems's Server Guard product to market. Immutable Systems was founded with a big goal: To deliver enterprise grade security controls without impacting... Read More →

Thursday April 19, 2018 4:45pm - 5:15pm EDT
Meeting Room 257A/B
  Operating Cloud Foundry
  • Experience Level Any