The Silence of Summer
With the steamroller of late Spring and early Summer behind us, we enter a quieter period in the authorization world. It’s a slow news week, but there are still a few things to highlight. . .
Upcoming Events
July 23, 2024 from 7:00pm to 9:00 pm PDT
Hyatt Regency Vancouver
(Colocated with IETF’s board game night…)
News Items
Datadog put out an article that gives a basic overview of Azure Policy and then moves to explore how it might be exploited. (Microsoft-specific, of course, but good to think through these scenarios for any authorization policy you might be implementing.)
Rand provided guidance around securing AI models:
The paper claims to:
(1) identify 38 meaningfully distinct attack vectors, (2) explore a variety of potential attacker operational capacities, from opportunistic (often financially driven) criminals to highly resourced nation-state operations, (3) estimate the feasibility of each attack vector being executed by different categories of attackers, and (4) define five security levels and recommend preliminary benchmark security systems that roughly achieve the security levels.
More open source options for using LLMs to translate from normal human language into policy / infrastructure as code are emerging. Salami is one such tool that translates natural language into cloud infrastructure (as code).
A Poem for a Quiet Midsummer
Finally, I ran across this poem earlier this week that seems to fit the je ne sais quoi of the season. (Best paired with a lovely beverage and a clear, moonless sky. . . )
Eruptive lightnings flutter to and fro
Above the heights of immemorial hills;
Thirst-stricken air, dumb-throated, in its woe
Limply down-sagging, its limp body spills
Upon the earth. A panting silence fills
The empty vault of Night with shimmering bars
Of sullen silver, where the lake distils
Its misered bounty.—Hark! No whisper mars
The utter silence of the untranslated stars.
— E. E. Cummings, 1913