The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in Central European Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.
The process of threat modelling can seem an abstract art, especially regarding scoring and prioritisation. We show how a non-expert can practically validate threat modelling predictions and quantify the relative risk of different attack vectors. After a general introduction, we propose an extensible method that, based on a given threat model: a) generates a Kubernetes-based environment with embedded trip-wires, enabling the detection of real attacker paths without interference, b) exposes these simulated environments to the wild to observe quantitative threat intelligence in action, and c) informs cost-effective decisions for a defensive team. We discuss caveats, emphasise the critical role of automation in scalability across diverse threat models, and live showcase one quantified attack tree utilising Tetragon. To benefit the Kubernetes ecosystem, this accessible framework can be crowd-sourced into an open source threat intelligence capturing network for risk exposure quantification.
Head of the Austrian Open Cloud Community, Technische Universität Wien
Constanze earned her doctorate at the Albert Einstein Institute in relativistic radiation hydrodynamics. After 8 years as a software architect focussed on reimplementing legacy systems with transparent, performant, scalable and defensible designs, she returned to academia for an Austrian-wide... Read More →
Dr. James Callaghan is a Principal Consultant at ControlPlane. He started off working as a Theoretical Physicist, but long nights of coding sparked an interest in how easy it can be for vulnerabilities to creep in, and thus a career in cyber security was born. James then spent a number... Read More →
