Loading…
In-person
19-22 March
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Thursday, March 21 • 14:30 - 15:05
Misconfigurations in Helm Charts: How Far Are We from Automated Detection and Mitigation? - Francesco Minna, Vrije Universiteit Amsterdam & Agathe Blaise, Thales SIX

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.


Infrastructure-as-Code transformed applications into ephemeral deployments of configuration files; for example, Helm charts allow the representation of Kubernetes applications as YAML files. Several tools are available on the market to detect misconfigurations before deployment; to evaluate and compare Helm Chart analyzer tools, we developed an automated pipeline. In this talk, we will show a live demo of the pipeline, and discuss the misconfigurations found, possible mitigations, and functionalities needed by the application. We will also present the evaluation results on the sixty most common Helm Charts from Artifact Hub and seven popular Helm Charts analyzers. Can you guess what is the most common misconfiguration found? Join us to find out! We will also discuss what are the most efficient tools, the shortcomings, and how such tools can be bypassed. Finally, we will conclude with what we can do as a community to achieve automatic security repair of cloud configurations.

Speakers
avatar for Francesco Minna

Francesco Minna

Ph.D. candidate, Vrije Universiteit Amsterdam
Francesco Minna is a Ph.D. candidate at Vrije Universiteit Amsterdam (NL). His research interests include cloud, network, and open-source software security.
avatar for Agathe Blaise

Agathe Blaise

Research engineer, Thales SIX GTS France
Agathe Blaise is currently a research engineer at Thales (Gennevilliers, France). She received the Ph.D. degree in Computer Science from LIP6, Sorbonne University (Paris, France) in 2020 and her Engineering degree in Computer Science from ISEN (Lille, France) in 2017. Her research... Read More →



Thursday March 21, 2024 14:30 - 15:05 CET
Pavilion 7 | Level 7.1 | Room D
  Security