KubeCon + CloudNativeCon + Open Source Summit + AI_dev China 2024

Cloud native is rapidly developing towards multi-cloud, hybrid cloud and edge computing, which are becoming key trends in cloud native development. However, in the edge computing scenario, the traditional VPC-based security model is difficult to ensure safe production. There are more and more challenges faced, including weak edge security mechanisms, vulnerable service interfaces exposed to the outside network, vulnerable end device access protocols, and supply chain security risks. In 2023, KubeEdge completed its security audit. This talk will presents the work around the audit, including the threat model, fuzzing efforts and Tips about how to get started with contributing to KubeEdges continued security. Since the completion of the audit, KubeEdge has worked on several initiatives to improve the security of its consumers, and the talk will cover these. One of these initiatives was SLSA L3 compliance, and the presentation will present what has been done and how it helps the community.

云原生正迅速发展为多云、混合云和边缘计算，这些正在成为云原生开发的关键趋势。然而，在边缘计算场景中，传统的基于VPC的安全模型很难确保安全生产。面临的挑战越来越多，包括边缘安全机制薄弱、暴露于外部网络的易受攻击的服务接口、易受攻击的终端设备访问协议以及供应链安全风险。 2023年，KubeEdge完成了安全审计。本次演讲将介绍围绕审计的工作，包括威胁模型、模糊测试工作以及如何开始为KubeEdge持续安全做出贡献的提示。 自完成审计以来，KubeEdge已经开展了多项改进其消费者安全性的倡议，本次演讲将涵盖这些内容。其中一个倡议是SLSA L3合规性，演示将展示已经完成的工作以及它如何帮助社区。