Least Privilege: Security Gain without Developer Pain

Wednesday, January 17, 2018 - 11:30 am12:00 pm

Travis McPeak, Sr. Security Engineer at Netflix


The principle and benefits of Least Privilege are long established in Computer Security—dating back to the 1970s. Despite this it is far from universally adopted. Technologies used to define and enforce Least Privilege policy are arcane to most in the computing industry. Software developers are incentivized to ship products and features, so they focus on what helps them work fast: wildcards in policies, if they even have one.

Traditional attempts to counter this typically require system administrators or security staff to perform manual reviews and craft security policies in response. As application complexity and development velocity increase it becomes impractical to manually determine Least Privilege ahead of time. A central policy gatekeeper doesn't scale efficiently and is likely to negatively impact delivery velocity.

Our approach at Netflix combines gathering data about how applications interact with their environment and automatically adjusting the permissions in their security policy. Unused permissions are automatically removed from application policies across our environment without manual effort from developers or the security team. This approach gives us the best of both worlds: the security team gets least privilege policies and developers maintain high velocity. During this talk we’ll describe how this works in our environment, challenges we’ve overcome along the way, and recommend other applications for the same methodology.

Travis McPeak, Sr. Security Engineer at Netflix

Travis is a Senior Cloud Security Engineer at Netflix. He enjoys applying automation to solving complex problems that can’t be addressed manually. Travis is currently the OWASP Bay Area chapter lead and a core developer of several open-source security tools including Bandit and Repokid. In the past he has led several initiatives on the OpenStack Security Team and was a founding member of the Cloud Foundry Security Team. When not geeking out on security he enjoys traveling and quality beer and food.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {208139,
author = {Travis McPeak},
title = {Least Privilege: Security Gain without Developer Pain},
booktitle = {Enigma 2018 (Enigma 2018)},
year = {2018},
address = {Santa Clara, CA},
url = {https://www.usenix.org/node/208140},
publisher = {USENIX Association},
month = jan

Presentation Video