Tools and Techniques for Characterizing Integrity in DevOps Technologies

Abstract

The sheer diversity of devices, software, and users within modern IT environments creates a challenging landscape for administrators. Manual approaches, which were once viable for smaller-scale setups, have become increasingly inadequate as the computing footprint of companies and institutes keeps expanding to more servers and more diverse software stacks. Attempting to manually configure, monitor, and maintain complex systems and networks is not only time-consuming but also error-prone, often introducing security vulnerabilities related to forgotten systems and outdated software.In the face of these challenges, DevOps tools and methodologies offer powerful solutions by turning previously manual steps into code, and using that code to provision, configure, deploy, and monitor computing infrastructure and applications. This not only eliminates the need for error-prone manual configurations but also ensures consistency across environments, reducing the risk of misconfigurations that canlead to security vulnerabilities. While these technologies and tools ensure uniformity of servers and applications across a network, they also become single points of failure. The same DevOps features that enable one secure configuration to provision thousands of secure servers and applications, allow a single insecureconfiguration to provision thousands of identically vulnerable servers.In this project, we draw attention to a previously overlooked element of DevOps tools, that of integrity. DevOps tools typically rely on multiple third parties during the provisioning, deployment, and management of servers and applications. These third parties provide software, configurations, and data necessary during fora given task, and are considered trusted by the DevOps engineers writing configurations. In this proposal, we argue that this trustcan be abused by attackers, since there is currently no way to assess the integrity of these trusted third parties in the days, months, or years afteran IaC configuration was first written. This lack of integrity creates ample opportunities for attackers to perform supply-chain attacks by compromising one or more trusted third parties, and incorporating malicious code and data in any newly provisioned servers and applications.To deal with this lack of integrity of modern DevOps technologies, this project proposes tools and techniques to quantify the reliance of DevOps tools on third parties, measure the extent of the problem in the wild, and then develop countermeasures against integrity abuse. The proposed countermeasures will not only warn DevOps engineers of the compromised integrity of a trusted third party, but also perform access-control on deployed infrastructure, blocking activity that deviates from a known good baseline. These results will be demonstrated with proof-of-concept prototypes that we will quantitatively evaluate based on their ability to identify third-party reliance and detect real and simulated integrity-based attacks. At the same time these prototypes should facilitate easy transition to customers within the Navy and beyond.

Document Details

Document Type

DoD Grant Award

Publication Date

Mar 08, 2024

Source ID

N000142412193

Entities

Tags