SOSS Fusion 2024

My presentation aims to explain the crucial roles of maintainers and contributors in securing open-source software. The primary objective is to highlight how effective collaboration between these roles ensures open-source projects' quality, usability, and sustainability. The ultimate goal is to empower newcomers and seasoned contributors to take active roles in maintaining and improving the sustainability of open-source software. Drawing from my experiences within various open-source communities, I will emphasize the profound impact of collaborative efforts on project success.

How end users can do a reasonable verification of the SLSA provenance produced by trusted build systems to protect against threats like build from modified source, compromised build process and downloading modified packages

Fuzz testing of compiled binary code is imperative when source code is not available. AFLplusplus is a popular fuzzer, responsible for discovering several vulnerabilities in open/closed source software. While fuzzing, AFLplusplus acquires code coverage feedback by emulating the target binary in QEMU usermode, thereby supporting architecture neutral fuzzing as well. There is however no native instruction hooking and memory control support in QEMU. Albeit, having such ability can greatly benefit binary fuzz testing by patching/fixing roadblock locations that lead to long-running fuzzing campaigns. The current solution is a pythonic wrapper, UNICORN, on QEMU that is understandably slow and, more importantly, requires significant configuration to avail features that are enabled by default in AFLplusplus's raw QEMU mode. In this lightning talk, we will touch upon the QEMU native hooking bridge [https://github.com/AFLplusplus/AFLplusplus/tree/stable/qemu_mode/hooking_bridge]. We will briefly go over its design and implementation. We will then describe its usage with one or more examples. Furthermore, we will demonstrate its superiority over AFLplusplus's UNICORN mode.

Vulnerabilities hidden within open source libs raises risk for containerized workloads. Runtime protection is needed, even for ephemeral applications, because automated attacks spread in seconds. Join SentinelOne as we demonstrate AI-powered threat protection and discuss its place in a CNAPP strategy. By combining agentless insights spanning asset discovery, CSPM, vulnerability management, and more, with the stopping power of a runtime agent, multi-cloud organizations are best equipped to accelerate and secure innovation at scale.

Over the past year, AI has been talk of the town in terms of emerging technology. There is a lot of discussion around how AI technology and capabilities will be utilized both for the betterment and the detriment of our world and those around us. One of the first attempts to manage these risks from a regulatory perspective is the AI Risk Management Framework from NIST. This session will be a crash course on that standard and some preliminary analysis/dialogue around how effective the standard will be.

Slonik, is PostgreSQL’s mascot. Sadly elephants are an endangered species due to poaching and threats to their natural habitat but thankfully conservationists have stepped in to provide safety and security so the species can survive. While this may seem like a stretch, using an open source database like PostgreSQL, the most popular open source database in the world, is also in need of protection from bad and malicious actors, the poachers of data! Join me as we safari into PostgreSQL Database land and discuss the history of database attacks and how Percona is acting as a conservationist creating TDE to give your data one more level of protection.

The GCC steering committee has accepted our project to add COBOL to GCC. This is our story of learning how to interact with a hoary, established project and (we hope) make a significant contribution.

This session will focus on the validation of kubernetes webhook controllers. Currently, testing of these types of controllers is largely the onus of the developers. While the standard unit and end-to-end tests may be sufficient for rolling out a product, the other half of the responsibility lays on the user to independently validate these controllers in their environment. The intent is to lay out a framework that supports how end-users may interrogate these controllers to validate their behaviors, particularly with respect to how that behavior satisfies various controls, e.g., regulated standards or best practices. Our framework looks at using an open source tool, Lula, to add cluster resources, measure the response of the controller, and output a validation of the controller's behavior. The result is a repeatable and scalable evaluation of webhook controllers. This evaluation becomes more critical as environments scale and more complex admission/mutation is introduced. These controllers are often performing critical security functions in the environment and should be continually monitored and evaluated for their efficacy, particularly as the system they exist in evolves.

In recent years, major progress in machine learning (ML) has led to a corresponding boom in the broader artificial intelligence (AI) space, opening up commercial applications in text, image, audio, and video generation. However, data scientists and ML engineers still face many security issues that may lead to arbitrary code execution even in the space of "classical" ML, which often involves classification or regression on tabular data.

This talk will outline some of the model-centric attacks that you should be aware of and hone in on two types of attacks: malicious code injection on pickled model files, and malicious code written and executed by an LLM. We'll create a basic setup for these two attacks and see how Flyte, an open source ML orchestrator, can help mitigate some of the risks associated with these two attacks.

Finally, we'll analyze the limitations of the solutions provided by Flyte, abstract some of the ideas out in an orchestrator-agnostic way, and cover other open source tools, like `safetensors` and `onnx`, which we can leverage on top of Flyte to reduce these risks even further.

The US Department of Defense, like many industrial, academic, and government institutions across the world, are intricately dependent on open source software and seek concrete means to objectively assess the trustworthiness of not only the products of the OSS ecosystem but also the processes enacted by projects to produce that software. One such DoD project, Unified Platform, is developing techniques to evaluate publicly available information from OSS projects to determine the risk levels associated with using the open source software, both now and in the future. Current efforts are concentrating on evaluating a project’s processes, policies, and practices. This includes leveraging tools such as MITRE’s Hipcheck, the Open Source Security Foundation’s Scorecard, and other sources to support Unified Platform's Software Approval Process and Software Supply Chain Practices. This presentation will cover how these techniques are providing the insight needed by this DoD project to address emerging DoD guidance in the use of open source software.

ClearlyDefined is a free service and open source project from the Open Source Initiative (OSI) that helps organizations ensure supply chain compliance and security. Generating SBOMs at scale for each stage on the supply chain, for every build or release, has proven to be a real challenge. And fixing the same missing or wrongly identified licensing metadata over and over again has been a redundant pain for everyone. This is where ClearlyDefined shines, as it makes it really easy for organizations to fetch a cached copy of licensing metadata for each component through a simple API and fix any issues, which is always up-to-date thanks to its crowdsourced database. In this session, we'll provide an introduction to ClearlyDefined and discuss the latest developments. We'll provide case studies of how organizations like GitHub, SAP, Microsoft, and Bloomberg are leveraging ClearlyDefined not only for their own needs internally, but for the benefit of all.

Software supply chain security is more important than ever. Yet maintaining secure container images is challenging, because patch options can be limited: wait impatiently for third-party image updates to be released, especially for images with multi-publisher dependencies, or perform your own full image rebuild, a time and resource-intensive process. Project Copacetic (Copa) reduces turnaround time and complexity for image patching. Copa integrates into existing build infrastructure, giving users greater control over their patching timeline while reducing costs. Using image scanners like Trivy, Copa generates a vulnerability report and identifies necessary OS-level package updates. Copa then updates your target image using Buildkit (Docker’s default builder) by creating a new patch layer on the original image. Copa can even patch distroless images. We’ll demo Copa, including how to integrate it into pipelines, extend its functionality with scanner formats, and exclude scanners to update all outdated packages. You’ll leave ready to keep your images secure. As a newly accepted CNCF sandbox project, Copa invites you to join the community and advance your software security!

Product recalls and Supply Chain Management have been used for decades with great success to help identify the source of unexpected hazards in products (from exploding batteries to spider attracting fuel lines) and protect consumers from these hazards. While developing software can be considerably different than developing and manufacturing physical products, there are lessons to be learned about the importance of properly identifying all the components that are included in a product. In this session, we will cover the importance of versioning both as a consumer and a producer of open source software and its impact on security.

Recently found SCARLETEEL, a new attack pattern starts from a compromised Kubernetes container and spreads to the victim’s AWS account. Let us see how OSS Falco and new plug-in approach can detect this kind of threat in cloud runtime!

While commercial supply chain attacks are becoming more manageable, security teams have a much harder time with open-source software supply chains. This session will provide an attacker's perspective of open-source flows and flaws and dive into several unique supply chain weaknesses. Demos will show the ease of conducting different attacks and provide a perspective on defeating them as defenders.

It surprises no one that attack surfaces expand as swiftly as AI and ML technologies advance, yet the security landscape lags behind. Join us for an eye-opening session where we dive deep into the dark world of AI security through the lens of attackers.

We'll tread carefully between different attacks, accompanied by demos, revealing the strategies and techniques used to compromise AI and LLMs. From reconnaissance and spoofing via supply chain attacks all the way to LLM poisoning, jailbreaking, and compromise—AI attacks are far from just prompt injection. Witness firsthand how attackers exploit vulnerabilities, manipulate AI systems, and leverage AI for malicious purposes.

You will gain a fundamental understanding of AI security and the nature of AI attacks, offering a rare glimpse into the adversarial mindset. By understanding the attacker’s perspective, you will be better prepared for a new era where threats are evolving and attackers are feeling increasingly comfortable in the AI domain.