Least Privilege: Security Gain without Developer Pain

Explore the challenges and solutions of implementing the Least Privilege principle in computer security through this 17-minute conference talk from USENIX Enigma 2018. Dive into Travis McPeak's insights as a Sr. Security Engineer at Netflix, examining why this long-established concept remains underutilized despite its benefits. Learn about the obstacles faced by developers and security teams in crafting effective security policies, and discover Netflix's innovative approach to automatically adjusting permissions based on application behavior. Gain valuable knowledge on balancing security needs with development velocity, overcoming implementation challenges, and applying similar methodologies in various environments. Understand key concepts such as overprovisioning, role-based access control, and container capabilities while exploring real-world examples and practical solutions for achieving least privilege without hindering developer productivity.

Intro
Target Breach
Data Breach
Why Privilege is Hard
Overprovisioning
Physical vs Software
Abandoned Projects
RoleBased Access Control
Example
Netflix Example
New Permissions
Removing Permissions
Break Applications
Application Permissions
Container Capabilities
Closing Thoughts