Loading…
In-person
November 12-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Mountain Standard Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
or to bookmark your favorites and sync them to your phone or calendar.
strong>Security [clear filter]
arrow_back View All Dates
Thursday, November 14
 

11:00am MST

From Silicon to Service: Ensuring Confidentiality in Serverless GPU Cloud Functions - Zvonko Kaiser, NVIDIA
Thursday November 14, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | 151 G
With the widespread adoption of cloud computing, concerns about data privacy and infrastructure security are increasing. This session will focus on confidential cloud functions, including serverless environments and GPU-accelerated workloads, to ensure the security of your code and data within the cloud infrastructure. We will explore technologies such as hardware-based Trusted Execution Environments (TEEs) and confidential computing. In addition, we will cover hardware and software attestation to guarantee integrity from the silicon level upwards, complete stack attestation for end-to-end trust, and supply chain security to trace and verify all application components. Participants will learn practical steps to implement confidential serverless functions, utilizing GPUs for high-performance computing while ensuring data integrity and privacy. Join us to discover how to innovate securely, build your own secure cloud functions infrastructure, and enhance your cloud security posture.
Speakers
avatar for Zvonko Kaiser

Zvonko Kaiser

Principal Systems Software Engineer, NVIDIA
Zvonko is a Principal Systems Engineer at NVIDIA, working on the Cloud Native Technologies team. Focusing right now on all things related to confidential computing, especially in the context of accelerators.
From Silicon to Service Ensuring Confidentiality in Serverless GPU Cloud Functions (1) pdf
Thursday November 14, 2024 11:00am - 11:35am MST
Salt Palace | Level 1 | 151 G
  Security

11:00am MST

🚩 Capture The Flag Experience
Thursday November 14, 2024 11:00am - 5:05pm MST
Salt Palace | Level 2 | 255 A
The Capture The Flag (CTF) experience runs concurrently to KubeCon + CloudNativeCon North America 2024!

Delve deeper into the dark and mysterious world of cloud native security! Exploit a supply chain attack and start your journey deep inside the target infrastructure, utilize your position to hunt and collect the flags, and hopefully learn something new and wryly amusing along the way!

Attendees can play three increasingly treacherous and demanding scenarios to bushwhack their way through the dense jungle of cloud native security. Everybody is welcome, from beginner to seasoned veterans, as we venture amongst the low-hanging fruits of insecure configuration and scale the lofty peaks of cluster compromise! Learn more.
Thursday November 14, 2024 11:00am - 5:05pm MST
Salt Palace | Level 2 | 255 A
  Security

11:55am MST

What Agent to Trust with Your K8s: Falco, Tetragon or KubeArmor? - Henrik Rexed, Dynatrace
Thursday November 14, 2024 11:55am - 12:30pm MST
Salt Palace | Level 1 | 151 G
In the CNCF landscape we have plenty of ebpf based security solutions that help us protect our k8s cluster from runtime vulnerabilities. On paper though Falco, Tetragon and KubeArmor look very similar. Eventually you have to make a choice on which one best fits your needs. To give you additional insights to make your decision join this session. We have run extensive benchmarks against those three solutions and will answer the following questions that came out of our testing: - What are the different featuresets? - What about the performance impact of each agent? - Which privileges does each solution need? - What are the pros and cons across the three options?
Speakers
avatar for Henrik Rexed

Henrik Rexed

Cloud Native Advocate, Dynatrace
Henrik is a Cloud Native Advocate at Dynatrace, the leading Observability platform. Prior to Dynatrace, Henrik has worked more than 15 years, as Performance Engineer. Henrik Rexed Is Also one of the Organizer of the conferences named WOPR, KCD Austria and the owner of the Youtube... Read More →
falcovstetragonvskubearmor pdf
Thursday November 14, 2024 11:55am - 12:30pm MST
Salt Palace | Level 1 | 151 G
  Security

2:30pm MST

From Standards to Practice: The Journey to Container Maturity - Carmen Chow & Thomas Robinson, Yelp
Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | 151 G
Yelp runs tens of thousands of Docker containers in Kubernetes. How do we track their vulnerabilities, baseline their security needs, and prioritize our most critical findings? Security standards change constantly, so we need a robust model of container maturity to guide our adoption of these standards in a way that addresses Yelp’s specific needs and risk tolerance. Finally, to maximize our model’s value, over 1,000 engineers must understand its practical guidance well enough to apply it to their daily work. This talk covers designing and incorporating a container maturity model into Yelp’s development lifecycle, along with our strategy for proactively improving our security posture. We believe our experiences will assist others in creating similar models that work for their organizations, help evaluate and assess risks to their own containers, and drive next steps towards future risk evaluation platforms.
Speakers
avatar for Carmen Chow

Carmen Chow

Software Engineer, Yelp
Carmen Chow is a Software Engineer on Yelp’s Infrastructure Security team, where she has worked on cost modeling, data lifecycle tools, and Kubernetes observability. Previously, she was an infrastructure developer responsible for containerizing services and migrating them to Kubernetes... Read More →
avatar for Thomas Robinson

Thomas Robinson

Software Engineer, Yelp
Tom is a software engineer living near Seattle, Washington. Having previously worked in security research and antivirus software, he's spent the last decade helping keep Yelp secure.
Journey to Container Maturity pdf
Thursday November 14, 2024 2:30pm - 3:05pm MST
Salt Palace | Level 1 | 151 G
  Security

3:25pm MST

It's Dangerous to Build It Alone, Take This. - Jeremy Rickard & Ashna Mehrotra, Microsoft
Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | 151 G
You've got high and critical CVEs in open source software packages that are critical to your platform or business. Time is almost up to patch them, and the upstream project hasn't fixed things. If you don't patch, your accreditation might be at risk. You're going to have to do it yourself! But where do you start? Fork the projects? Can you just patch in place? In this session, you'll learn about tools and strategies that can help you respond to CVEs in your container images faster, starting with patching existing images in place with Copacetic and moving on to patching and building projects from scratch. We'll look at challenges to building and testing upstream projects using existing tools and learn from emerging practices in industry. We'll also talk about how to inform your teams to stop using bad images! After this session, you'll have best practices and tools at your disposal, understand some of the pitfalls of owning your entire open source software supply chain.
Speakers
avatar for Ashna Mehrotra

Ashna Mehrotra

Software Engineer, Microsoft
Ashna Mehrotra is a software engineer on the Upstream Security team, working on cloud-native open source security projects at Microsoft.
avatar for Jeremy Rickard

Jeremy Rickard

Principal Software Engineer, Microsoft
Jeremy Rickard is a principal software engineer at Microsoft where he works on the Azure Container Upstream team. He is currently a co-chair for SIG Release and serves on both the CNCF and the Kubernetes Code of Conduct Committees. He was also the Kubernetes 1.20 Release Lead.
KubeCon North America It's Dangerous To Build It Alone pdf
Thursday November 14, 2024 3:25pm - 4:00pm MST
Salt Palace | Level 1 | 151 G
  Security
  • Content Experience Level Any

4:30pm MST

Mish-Mesh: Abusing the Service Mesh to Compromise Kubernetes Environments - Hillai Ben-Sasson & Nir Ohfeld, Wiz
Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | 151 G
Service mesh solutions are common components in almost every large Kubernetes environment. Many engineers and security teams have adopted solutions like Linkerd and Istio to better segment and isolate their Kubernetes networks. In this talk, we will demonstrate how we were able to exploit common misconfigurations and insecure features in popular service mesh solutions, to escalate low-severity vulnerabilities to critical service takeovers. Our real-life examples include several major cloud service providers, where these vulnerabilities allowed us to gain unauthorized access to internal systems and sensitive secrets. This talk will help engineers understand whether their service mesh deployment acts as a proper security barrier, and how to make sure that it does. Security teams – both attackers and defenders – will learn new techniques for hacking Kubernetes environments, and how to properly defend against them.
Speakers
avatar for Hillai Ben-Sasson
avatar for Nir Ohfeld

Nir Ohfeld

Security Researcher, Wiz
Nir Ohfeld is a 25-years-old senior security researcher at Wiz. Ohfeld focuses on cloud-related security research and specializes in research and exploitation of cloud service providers, web applications, application security, and in finding vulnerabilities in complex high-level systems... Read More →
Thursday November 14, 2024 4:30pm - 5:05pm MST
Salt Palace | Level 1 | 151 G
  Security

5:25pm MST

Multi-Tier Security in WasmCloud: From Developer Constraints to Platform Extensibility - Brooks Townsend, Cosmonic
Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | 151 G
In 2024, 96% of codebases contain open source, and 74% of these have high-risk vulnerabilities — a 54% increase from 2023. As open source adoption grows and the cloud native landscape evolves, robust security practices are critical. This session explores wasmCloud, a CNCF platform for distributed WebAssembly applications, focusing on achieving a secure-by-default environment. wasmCloud's multi-tier security model addresses the needs of both developers and platform engineers. Developers work in a deny-by-default mode, requiring explicit declaration of all application capabilities. Platform engineers grant these capabilities in a fine-grained manner and extend security through pluggable services. Grounded in real-world experience and practical demos, you’ll leave this talk with the knowledge to configure and extend security using pluggable services, enabling you to leverage WebAssembly to secure your cloud native applications.
Speakers
avatar for Brooks Townsend

Brooks Townsend

Senior Software Engineer II, Cosmonic
Brooks is a Lead Software Engineer at Cosmonic, focusing on harnessing WebAssembly to alleviate the pains of modern software development. Brooks started his software development career with Critical Stack, a Kubernetes container orchestration platform that is now open source. He joined... Read More →
Multi Tier Security in WasmCloud pdf
Thursday November 14, 2024 5:25pm - 6:00pm MST
Salt Palace | Level 1 | 151 G
  Security
 
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date - 
Clear filter
Monday, November 11
Tuesday, November 12
Wednesday, November 13
Thursday, November 14
Friday, November 15
200 South Entrance (South)
Carson Kitchen
Ember SLC
Flanker Kitchen
Gracie's Bar
Hilton Salt Lake City Center
Hilton Salt Lake City Center - Canyon Conference Room
Hilton Salt Lake City Center, Grand Ballroom A/B
Hyatt Regency | Level 2 | Salt Lake Ballroom A
Hyatt Regency | Level 2 | Salt Lake Ballroom B
Hyatt Regency | Level 2 | Salt Lake Ballroom C
Hyatt Regency | Level 4 | Broadcast Lounge
Hyatt Regency | Level 4 | Regency Ballroom A
Hyatt Regency | Level 4 | Regency Ballroom B
Hyatt | Level 1 | Lobby
Le Meridien Salt Lake City Downtown
Quarters Arcade Bar Downtown
Radisson Hotel Salt Lake City Downtown | Cottonwood Room
Salt Lake Marriott City Center
Salt Palace | Level 1 | 151 D
Salt Palace | Level 1 | 151 G
Salt Palace | Level 1 | 155 B
Salt Palace | Level 1 | 155 E
Salt Palace | Level 1 | Grand Ballroom A
Salt Palace | Level 1 | Grand Ballroom B
Salt Palace | Level 1 | Grand Ballroom G
Salt Palace | Level 1 | Grand Ballroom H
Salt Palace | Level 1 | Hall DE
Salt Palace | Level 1 | Halls A-C + 1-5 | Project Pavilion, Solutions Showcase
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase
Salt Palace | Level 2 | 250 A-C
Salt Palace | Level 2 | 250 AD
Salt Palace | Level 2 | 250 D-F
Salt Palace | Level 2 | 251 AD
Salt Palace | Level 2 | 251 AD and 254 B
Salt Palace | Level 2 | 253 A
Salt Palace | Level 2 | 254 B
Salt Palace | Level 2 | 255
Salt Palace | Level 2 | 255 A
Salt Palace | Level 2 | 255 B
Salt Palace | Level 2 | 255 D | DEI Community Hub
Salt Palace | Level 2 | 255 E
Salt Palace | Level 2 | Room: 252a foyer
Salt Palace | Level 3 | 355 A
Salt Palace | Level 3 | 355 D
Salt Palace | Level 3 | 355 E
Salt Palace | Level 3| 355 B
Squatters Pub Brewery
The Little America Hotel
Venafi Headquarters
Virtual
West Temple Entrance (East)
  • 🚨 Contribfest
  • 🪧 Poster Sessions
  • AI + ML
  • Breaks
  • ⚡ Lightning Talks
  • Cloud Native Experience
  • Cloud Native Novice
  • CNCF-hosted Co-located Events
  • Connectivity
  • Data Processing + Storage
  • Diversity + Equity + Inclusion
  • Emerging + Advanced
  • Experiences
  • Keynote Sessions
  • Maintainer Track
  • Observability
  • Operations + Performance
  • Platform Engineering
  • Project Opportunities
  • Registration
  • SDLC
  • Security
  • Solutions Showcase
  • Sponsor-hosted Co-located Event
  • Tutorials
  • Content Experience Level
  • Advanced
  • Any
  • Beginner
  • Intermediate
  • Presentation Slides Attached
  • Yes