distributed authorization system a netflix case study
play

Distributed Authorization System: A Netflix case study Manish Mehta - PowerPoint PPT Presentation

Jan 24, 2024 •31 likes •501 views

Distributed Authorization System: A Netflix case study Manish Mehta - Chief Security Architect @ Volterra Torin Sandall - Co-founder of Open Policy Agent project - Software Engineer @ Velocity 2018 June 12-14 Manish Mehta Torin Sandall

  1. Distributed Authorization System: A Netflix case study Manish Mehta - Chief Security Architect @ Volterra Torin Sandall - Co-founder of Open Policy Agent project - Software Engineer @ Velocity 2018 June 12-14

  2. Manish Mehta Torin Sandall Senior Security Engineer @ Netflix Co-founder of the OPA project Chief Security Architect @ Volterra Software Engineer @ Styra manish@ves.io @sometorin Projects: @OpenPolicyAgent • Bootstrapping Identities Projects: • Secrets Management • Open Policy Agent • PKI • Kubernetes • Authentication • Istio (security SIG) • Authorization • Likes: Go, Quality, Good abstractions Velocity San Jose '18

  3. Background - Definitions Transfer $1000 from Account X to Account Y Me My Bank 1. Verify the Identity of the Requester (Authentication or AuthN) 2. Verify that the Requestor is authorized to perform the requested operation (Authorization or AuthZ) These 2 steps do not need to be tied together !! Velocity San Jose '18

  4. Background - Netflix Architecture Netflix Backend - Internal Resources Cloud Provider Resources Customer Partner Resources CDN Employee Velocity San Jose '18

  5. Background - Netflix Architecture Netflix Backend - Internal Resources Cloud Provider Resources Customer Partner Resources CDN Employee Velocity San Jose '18

  6. AuthZ Problem A (simple) way to define and enforce rules that read • Identity I • can/cannot perform • Operation O • on • Resource R • For ALL combinations of I , O , and R in the ecosystem. Velocity San Jose '18

  7. Design Considerations Company Culture Implementation Languages •Freedom and Responsibility •Java, Node JS, Python, Ruby, … Resource Types Latency •REST endpoints, gRPC methods, •Call depth and Service rate SSH, Crypto Keys, Kafka Topics, … Flexibility of Rules Identity Types •Hard-coded structure vs. language-based •VM/Container Services, Batch Jobs, Employees, Contractors, … Capture Intent •Did you actually do what you think you did? Underlying Protocols •Don’t just trust, verify !! •HTTP(S), gRPC, Custom/Binary, … Velocity San Jose '18

  8. High-level Architecture Application Ownership Build Manifest DB Policy DB Policy DB Policy Employee Distributor Distributor Portal Aggregator Management System Service A AuthZ Agent Service B Distributor S Distributor Distributor App S Code H AuthZ Agent App Code Velocity San Jose '18

  9. High-level Architecture Application Ownership Build Manifest DB Policy DB Policy Employee Distributor Distributor Portal Aggregator Management System Service A AuthZ Agent Service B Distributor S Distributor Distributor App S Code H AuthZ Agent App Code Velocity San Jose '18

  10. High-level Architecture Application Ownership Build Manifest DB Policy DB Policy Employee Distributor Distributor Portal Aggregator Management System Service A AuthZ Agent Service B Distributor S Distributor Distributor App S Code H AuthZ Agent App Code Velocity San Jose '18

  11. High-level Architecture Application Ownership Build Manifest DB Policy DB Policy Employee Distributor Distributor Portal Aggregator Management System Service A AuthZ Agent Service B Distributor S Distributor Distributor App S Code H AuthZ Agent App Code Velocity San Jose '18

  12. High-level Architecture Application Ownership Build Manifest DB Policy DB Policy Employee Distributor Distributor Portal Aggregator Management System Service A AuthZ Agent Service B Distributor S Distributor Distributor App S Code H AuthZ Agent App Code Velocity San Jose '18

  13. High-level Architecture Application Ownership Build Manifest DB Policy DB Policy Employee Distributor Distributor Portal Aggregator Management System Service A AuthZ Agent Service B Distributor S Distributor Distributor App S Code H AuthZ Agent App Code Velocity San Jose '18

  14. AuthZ Agent Internals AuthZ Agent Open Policy Agent Engine Request Stager Decision API Periodic updates on policies and associated data Updater Velocity San Jose '18

  15. Example Setup Report Authorization Policy Generator 1. Employees can read their own salary and the salary Payroll Service of anyone who reports to /getSalary/* /getSalary/alice Alice them. /getSalary/bob AuthZ Agent Report Generator Job 2. GET should be able to Read all /getSalary/{user} /getSalary/bob users' salaries App Bob Code POST Performance Review 3. /updateSalary/{user} Application should be able to update all users' salaries Performance /updateSalary/* Review Velocity San Jose '18

  16. Open Policy Agent @OpenPolicyAgent @sometorin

  17. What about RBAC? @OpenPolicyAgent @sometorin

  18. RBAC solves XX% of the problem. @OpenPolicyAgent @sometorin

  19. "Restrict employees from accessing "Allow all HTTP requests the service outside of work hours." from 10.1.2.0/24." "Restrict ELB changes to senior "QA must sign-off on images SREs that are on-call." deployed to the production namespace." "Analysts can read client data but PII must be redacted." RBAC is not enough. "Give developers SSH access to machines listed in JIRA tickets assigned to them." "Prevent developers from running containers with privileged security contexts in the production namespace." "Workloads for euro-bank must be deployed on PCI-certified clusters in the EU." @OpenPolicyAgent @sometorin

  20. Service Policy Policy Query Decision OPA is a general-purpose OPA policy engine. Data Policy (JSON) (Rego) @OpenPolicyAgent @sometorin

  21. Service Enforcement Policy Policy Query Decision Decisions are decoupled OPA from enforcement. Data Policy (JSON) (Rego) @OpenPolicyAgent @sometorin

  22. Node Service OPA Evaluate policies locally. ● Daemon (HTTP API) ● Library (Go) ● Service Mesh (Istio) Node Service OPA @OpenPolicyAgent @sometorin

  23. Node Node Fate Sharing ✔ Low latency Service Service OPA OPA ✔ High availability Node Node Host Failures Service OPA Network Node Node Network Partitions Service OPA Network @OpenPolicyAgent @sometorin

  24. Service Policy and data are Policy Policy Query Decision stored in-memory. OPA No external dependencies during enforcement. Data Policy (JSON) (Rego) @OpenPolicyAgent @sometorin

  25. Service Policy Policy Query Decision Declarative Language (Rego) OPA ● Is Identity I allowed to perform Operation O on Resource R? ● What labels must applied to Deployment X? ● Which users can SSH into production servers? Data Policy (JSON) (Rego) @OpenPolicyAgent @sometorin

  26. "Employees can read their own salaries and the salaries of their subordinates." @OpenPolicyAgent @sometorin

  27. "Employees can read their own salaries [...]" @OpenPolicyAgent @sometorin

  28. "Employees can read their own salaries [...]" Input {"method": "GET", "path": ["salaries", "bob"], "user": "bob"} @OpenPolicyAgent @sometorin

  29. "Employees can read their own salaries [...]" Input allow = true { input.method = "GET" {"method": "GET", "path": ["salaries", "bob"], input.path = ["salaries", employee_id] "user": "bob"} input.user = employee_id } @OpenPolicyAgent @sometorin

  30. "Employees can read their own salaries [...]" Input allow = true { input.method = "GET" {"method": "GET", "path": ["salaries", "bob"], input.path = ["salaries", "bob"] "user": "bob"} input.user = "bob" } @OpenPolicyAgent @sometorin

  31. "Employees can read their own salaries [...]" Input allow = true { input.method = "GET" # OK {"method": "GET", "path": ["salaries", "bob"], input.path = ["salaries", "bob"] # OK "user": "bob"} input.user = "bob" # OK } @OpenPolicyAgent @sometorin

  32. "Employees can read their own salaries [...]" Input allow = true { input.method = "GET" {"method": "GET", "path": ["salaries", "bob"], input.path = ["salaries", employee_id] "user": "alice"} input.user = employee_id } "alice" instead of "bob" @OpenPolicyAgent @sometorin

  33. "Employees can read their own salaries [...]" Input allow = true { input.method = "GET" # OK {"method": "GET", "path": ["salaries", "bob"], input.path = ["salaries", "bob"] # OK "user": "alice"} "alice" = "bob" # FAIL } "alice" instead of "bob" @OpenPolicyAgent @sometorin

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Using Linux perf at Netflix Brendan Gregg Senior Performance Architect Sep 2017 Case Study: ZFS

Using Linux perf at Netflix Brendan Gregg Senior Performance Architect Sep 2017 Case Study: ZFS

Using Linux perf at Netflix Brendan Gregg Senior Performance Architect Sep 2017 Case Study: ZFS is ea/ng my CPU Easy to debug using Ne9lix Vector & flame graphs How I expected it to look: Case Study: ZFS is ea/ng my CPU (cont.)

796 views • 79 slides
Reconstructing Netflix Raghuram SV, Aditya Rao, Kunal Lillaney 600.667 Advanced Distributed

Reconstructing Netflix Raghuram SV, Aditya Rao, Kunal Lillaney 600.667 Advanced Distributed

Reconstructing Netflix Raghuram SV, Aditya Rao, Kunal Lillaney 600.667 Advanced Distributed Systems & Communication Johns Hopkins University Netflix Facts Internet has overtaken cable TV as preferred medium for delivering video content

506 views • 27 slides
Anti-Entropy using CRDTs on HA Datastores Sailesh Mukil Senior Software Engineer, Netflix

Anti-Entropy using CRDTs on HA Datastores Sailesh Mukil Senior Software Engineer, Netflix

Anti-Entropy using CRDTs on HA Datastores Sailesh Mukil Senior Software Engineer, Netflix Timeline Cassandra Multi-region Dynomite adoption 2011 2013 2016 NETFLIX Dynomite Makes non-distributed datastores, distributed NETFLIX

1.14k views • 78 slides
Understanding Issue Correlations: A Case Study of the Hadoop System Jian Huang Xuechen Zhang

Understanding Issue Correlations: A Case Study of the Hadoop System Jian Huang Xuechen Zhang

Understanding Issue Correlations: A Case Study of the Hadoop System Jian Huang Xuechen Zhang Karsten Schwan Why Issue Study Matters? Scalable distributed systems are complex [Yuan et al., OSDI14] Complicated System 2 Why

553 views • 52 slides
Netflix Built Its Own Monitoring System (And You Probably Shouldnt) Roy Rapoport

Netflix Built Its Own Monitoring System (And You Probably Shouldnt) Roy Rapoport

Netflix Built Its Own Monitoring System (And You Probably Shouldnt) Roy Rapoport rsr@netflix.com @royrapoport 6 March 2015 Not So Much About Telemetry I telemetry Architecture track Open Space, 11:30AM, Fleming 3rd Floor

709 views • 56 slides
Distributed File Systems Issues in Distributed File Service Case Studies: Sun

Distributed File Systems Issues in Distributed File Service Case Studies: Sun

CPSC-662 Distributed Computing Distributed File Systems Distributed File Systems Issues in Distributed File Service Case Studies: Sun Network File System Coda File System Web Reading: Coulouris: Distributed

318 views • 12 slides
Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has innovation helped to produce a cost effective remedial design? Challenging contaminant profile Taken a traditional / well understood remedial

910 views • 4 slides
Distributed Coordination What makes a system distributed? Time in a distributed system

Distributed Coordination What makes a system distributed? Time in a distributed system

CPSC-410/611: Operating Systems Distr Coord Distributed Coordination What makes a system distributed? Time in a distributed system How do we determine the global state of a distributed system? Event ordering Mutual exclusion

405 views • 12 slides
Distributed Systems Lecture 13 Case study: CORBA Josva Kleist Unit for Distributed Systems and

Distributed Systems Lecture 13 Case study: CORBA Josva Kleist Unit for Distributed Systems and

Distributed Systems Lecture 13 Case study: CORBA Josva Kleist Unit for Distributed Systems and Semantics Aalborg University DS E02 Lec13 1 CORBA main points CORBA consists of generic services as well as a language- independent RMI

351 views • 33 slides
AADL : a radar case study Back to radar case study Goal: to model a simple radar system

AADL : a radar case study Back to radar case study Goal: to model a simple radar system

AADL : a radar case study Back to radar case study Goal: to model a simple radar system Let us suppose we have the following requirements System implementation is composed by physical devices (Hardware entity): 1. antenna + processor +

589 views • 10 slides
Photobioreactor system case-study Tom a s Stan ek Tom a s Stan ek

Photobioreactor system case-study Tom a s Stan ek Tom a s Stan ek

Photobioreactor system case-study Tom a s Stan ek Tom a s Stan ek Photobioreactor system case-study Tom a s Stan ek Photobioreactor system case-study Overal description Various devices with some autonomous logic and

920 views • 48 slides
Course introduction Defining distributed system s A distributed system is one in which

Course introduction Defining distributed system s A distributed system is one in which

Distributed System s Fall 2 0 0 8 Course introduction Defining distributed system s A distributed system is one in which components located at networked computers communicate and coordinate their actions by passing messages. (Coulouris,

579 views • 42 slides
Socially Constructed Trust for Distributed Authorization Steve Barker, Kings College London

Socially Constructed Trust for Distributed Authorization Steve Barker, Kings College London

Socially Constructed Trust for Distributed Authorization Steve Barker, Kings College London Valerio Genovese, University of Torino, Italy Socially Constructed Trust for Distributed Authorization p.1/17 An Approach A common approach to

631 views • 17 slides
Does Distributed Development Affect Software Quality? An Empirical Case Study of Windows Vista

Does Distributed Development Affect Software Quality? An Empirical Case Study of Windows Vista

Does Distributed Development Affect Software Quality? An Empirical Case Study of Windows Vista By C. Bird, N. Nagappan, P. Devanbu, H. Gall, B. Murphy Presented by Tanja Werthmller 1 Overview 1.What is distributed development - What does

412 views • 12 slides
Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably Authorization answers the question who is allowed to do what ? A first step in the development of an access control system is the

651 views • 53 slides
enterprise REST a case study twitter:@BrandonByars the eight fallacies of distributed

enterprise REST a case study twitter:@BrandonByars the eight fallacies of distributed

enterprise REST a case study twitter:@BrandonByars the eight fallacies of distributed programming the network is reliable topology doesnt change latency is zero there is one administrator bandwidth is infinite

659 views • 48 slides
Integrating crop growth Integrating crop growth simulation and remote simulation and remote

Integrating crop growth Integrating crop growth simulation and remote simulation and remote

Integrating crop growth Integrating crop growth simulation and remote simulation and remote sensing: sensing: some recent experiences some recent experiences Herman van Keulen Herman van Keulen Plant Research International Plant Research

475 views • 16 slides
Resource Efficiency Through Awareness Publishing Public Relations

Resource Efficiency Through Awareness Publishing Public Relations

Resource Efficiency Through Awareness Publishing Public Relations Event Management Lead Generation Communications Graphic Design Digital Media Ronan

627 views • 14 slides
A direct successor to the Westinghouse Iso Phase Bus Plant in Cinn Ohio Credentials 24/7

A direct successor to the Westinghouse Iso Phase Bus Plant in Cinn Ohio Credentials 24/7

A direct successor to the Westinghouse Iso Phase Bus Plant in Cinn Ohio Credentials 24/7 Private Ownership We pick up the phone after 5pm 513-312-8527 Chad Shell 914-968-4440 Bruce Hack Owners Crown Electric In 2006 Crown

2.33k views • 179 slides
AD a r c h i t e c t s HJ A D H J ldo wight ugo azel Leyva Mason dela Rosa Fontanilla

AD a r c h i t e c t s HJ A D H J ldo wight ugo azel Leyva Mason dela Rosa Fontanilla

AD a r c h i t e c t s HJ A D H J ldo wight ugo azel Leyva Mason dela Rosa Fontanilla AIA, LEED AIA, LEED AIA, ASID, IIDA, LEED AIA, LEED, PE architect, marketing director architect, interior designer architect, project manager

528 views • 16 slides
The Structure of Nocturnal Urban Boundary Layer: Study with Nonlocal Mesoscale Model Albert F.

The Structure of Nocturnal Urban Boundary Layer: Study with Nonlocal Mesoscale Model Albert F.

The Structure of Nocturnal Urban Boundary Layer: Study with Nonlocal Mesoscale Model Albert F. Kurbatskiy Institute of Theoretical and Applied Mechanics of Russian Academy of Sciences, Siberian Branch and Novosibirsk State University, Russia

570 views • 43 slides
Boundary and Impurity Effects on Fourth Sound Propagation in Superfluid 3 He Seiji Higashitani

Boundary and Impurity Effects on Fourth Sound Propagation in Superfluid 3 He Seiji Higashitani

Boundary and Impurity Effects on Fourth Sound Propagation in Superfluid 3 He Seiji Higashitani Graduate School of Integrated Arts and Sciences, Hiroshima University Collaborators Hiroshima Univ. K. Nagai Y. Nagato Osaka City Univ. O. Ishikawa

187 views • 14 slides
AMIF Monitoring Committee Mandate and Terms of Reference 2 nd November 2015 Asylum, Migration and

AMIF Monitoring Committee Mandate and Terms of Reference 2 nd November 2015 Asylum, Migration and

AMIF Monitoring Committee Mandate and Terms of Reference 2 nd November 2015 Asylum, Migration and Integration Fund 2014-2020 Co-financing rate: 75% EU Funds 25% Beneficiarys Funds Sustainable Management of Migration Flows Legal Basis: The

471 views • 16 slides
ZANON PRESSURE EQUIPMENT S.R.L. INTRODUCTION The companys activity is designing and

ZANON PRESSURE EQUIPMENT S.R.L. INTRODUCTION The companys activity is designing and

ZANON PRESSURE EQUIPMENT S.R.L. INTRODUCTION The companys activity is designing and manufacturing of components for Oil and Gas, Petrochemical, Off shore, and Fertilizer Industry. Zanon Pressure Equipment S.r.l. has been estabilished in

765 views • 35 slides

More recommend