how to exploit ci as a means of deployment
play

How to exploit CI as a means of deployment? Breakout session - PowerPoint PPT Presentation

Dec 20, 2022 •102 likes •366 views

How to exploit CI as a means of deployment? Breakout session 26-27th Feb 2018 58th CREST Open Workshop About me - Software Engineer - Interests: code quality, testing, performance, AI/ML, NN, etc... - Strengthening teams and helping them go

  1. How to exploit CI as a means of deployment? Breakout session 26-27th Feb 2018 58th CREST Open Workshop

  2. About me - Software Engineer - Interests: code quality, testing, performance, AI/ML, NN, etc... - Strengthening teams and helping them go faster - Data processing and source code analysis at Mani Sarkar @theNeomatrix369 Prodo.AI

  3. Thank you - Mark Harman - Team behind CoW - UCL - Facebook and other sponsors - Guests and attendees - Prodo.AI - Anyone else not name…

  4. Agenda No agenda really! Discussions in chronological order

  5. Why CI/CD? Because….

  6. Question? About the locality of improvement? Where does GI sit in the CI/CD pipeline?

  7. Answer!!! CI/CD pipeline can be integrated at various points (suggesting changes or repairing)

  8. Answer!!! - Local dev environment: IDE, git hooks - SCM integration - Compile & build step - Test execution step - Deployment step

  9. Deploy patch and analyse Analyse results of patch deployment! Rollback or roll-forward accordingly!

  10. Blue/green deployment Seamlessly apply patch & switch, without users noticing

  11. Canary deployment Gradually apply patch without users realising

  12. Post patch deployment analysis Study the changes and its impact after patch is applied, and feedback to the System

  13. Facebook's Buck - buckbuild.com optimising build and deployment process - caching dependencies - speed up your builds - reproducible builds - correct incremental build

  14. Solution similar to snyk.io - scan / investigate repo(s) - detect vulnerabilities - produces daily/weekly reports - alerts on new / urgent vulnerabilities - eventually raise PR against the repo(s) - contains changes version of one or more affected libraries

  15. Using ML/AI to improve CI/CD process - Using ML to learn and fix the build process: - reads build logs to understand the issue(s) to hand - https://harness.io/2017/11/can-apply-machine-learning-con tinuous-delivery/ - Gathering feedback from CI/CD and feeding it back into the system - https://www.youtube.com/watch?v=iGQpe5FxjOQ

  16. Usage history: benefits Learning from code history and CI usage history from multiple sources, how do we gather such proprietary data?

  17. Transport/transplant vulnerability patches Publish patches to implement and transport/transplant them to F/OSS projects lacking them: - CVE Id - reference to the buggy code - patch to apply to remedy the vulnerabilities

  18. Research question? Patch transport/transplant and improvement: how do we make the process automatic?

  19. Research question? GI: good for first level or last mile improvement?

  20. Research question? Apply GI on itself: automating its own repair/healing process System learning from its environment and feeding back to itself (remembering / memory)

  21. Research question? How to fix flaky tests with noisy test results?

  22. Research question? How to do multi-platform deployments? And how to do it well?

  23. GI Bots Like chatbots ! GI Bots help each other, divide and conquer CI/CD tasks! Interact with other bots and developers Network or swarm of bots !

  24. Closure: Java & JS optimisation project at Google https://developers.google.com/closure/ took over the task of compiling and optimising submitted code applying best practices and optimisation to the code by GI project abandoned after sometime

  25. Citations All images used in this presentation are owned by the respective authors, and most of them come from the https://thenounproject.com

  26. Thank you For your time and attention! We hope you have enjoyed it and found it useful!

Recommend

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop R U Ready? This is my vest this is my CORE. These are all of the things I need as a Marine to be successful during this deployment: Who

453 views • 34 slides
Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop

Presented by: Doretta Richardson Pre-Deployment Brief Got Deployment? 2 Pre-Deployment Workshop R U Ready? This is my vest this is my CORE. These are all of the things I need as a Marine to be successful during this deployment: Who

426 views • 25 slides
Zero Exploit Tolerance By Jamie Butler and Cody Pierce Confidential and Proprietary Who we are

Zero Exploit Tolerance By Jamie Butler and Cody Pierce Confidential and Proprietary Who we are

Zero Exploit Tolerance By Jamie Butler and Cody Pierce Confidential and Proprietary Who we are The exploit problem Modern software vulnerabilities Hardware-assisted exploit Agenda prevention Prior research

674 views • 45 slides
aka Der Hacker und die 7 Geilein 27/03/2018 // Exploit Development for Dummies

aka Der Hacker und die 7 Geilein 27/03/2018 // Exploit Development for Dummies

Ein Blick in die Hexenkche der Exploit Entwickler aka Der Hacker und die 7 Geilein 27/03/2018 // Exploit Development for Dummies https://www.bee-itsecurity.at // Page 2 27/03/2018 // Exploit Development for Dummies

613 views • 48 slides
Hostless Xen Deployment Xen Summit Fall 2007 David Lively dlively@virtualiron.com

Hostless Xen Deployment Xen Summit Fall 2007 David Lively dlively@virtualiron.com

Hostless Xen Deployment Xen Summit Fall 2007 David Lively dlively@virtualiron.com dave.lively@gmail.com Hostless Xen Deployment What Hostless Means Motivation System Architecture Challenges and Solutions

740 views • 36 slides
Q: Exploit Hardening Made Easy Edward J. Schwartz, Thanassis Avgerinos, and David Brumley

Q: Exploit Hardening Made Easy Edward J. Schwartz, Thanassis Avgerinos, and David Brumley

Q: Exploit Hardening Made Easy Edward J. Schwartz, Thanassis Avgerinos, and David Brumley Carnegie Mellon University 8/15/2011 1 Downloading Exploits I found a Exploit control flow hijack exploit online! Evil Ed Windows 7 8/15/2011 2

837 views • 58 slides
IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6 Deployment WG Chair Takashi Arano (Intec NetCore, Inc.) IPv6 Deployment Guideline solves barriers for deployment I cant see IPv6s

319 views • 7 slides
------------ GOOD LUCK ON THE EXAM ----------------- 1) In Buffer Overflow exploit, which of the

------------ GOOD LUCK ON THE EXAM ----------------- 1) In Buffer Overflow exploit, which of the

------------ GOOD LUCK ON THE EXAM ----------------- 1) In Buffer Overflow exploit, which of the following registers gets overwritten with return address of the exploit code? A. EIP B. ESP C. EAP D. EEP Ans: A 2)Which type of scan does not

431 views • 18 slides
Family Communication During Deployment Please download the Family Communication during Deployment

Family Communication During Deployment Please download the Family Communication during Deployment

Family Communication During Deployment Please download the Family Communication during Deployment Worksheet before beginning this class. Family Communication during Deployment (MAR 2103) What are the options? Care E-mail Packages Letters

221 views • 9 slides
Staff Deployment Analysis Staff Deployment Analysis is a tool to enable school

Staff Deployment Analysis Staff Deployment Analysis is a tool to enable school

ICFP Integrated Curriculum Financial Planning Staff Deployment Analysis Staff Deployment Analysis is a tool to enable school leaders/trustees to ensure value for money and efficient use of the funding we currently receive Staff Deployment

517 views • 20 slides
Automatic Exploit Generation an Odyssey Sophia DAntoine CanSecWest 2016 Introduction

Automatic Exploit Generation an Odyssey Sophia DAntoine CanSecWest 2016 Introduction

Automatic Exploit Generation an Odyssey Sophia DAntoine CanSecWest 2016 Introduction Programs have become increasingly difficult to exploit larger, changing surface area mitigations more bytes to siphon through 10/22/2015

652 views • 46 slides
DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW

DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW

5.08.2020 PRESENTATION TO PWS-RCAC TANKER TOWLINE DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW TANKER TOWLINE DEPLOYMENT BAT REVIEW An assessment and evaluation of available technologies and methods for establishing an

1.17k views • 69 slides
www.ServerLIFT.com OSHA Highly recommends USING MECHANICAL MEANS to avoid injury while

www.ServerLIFT.com OSHA Highly recommends USING MECHANICAL MEANS to avoid injury while

Reduce Risk of Work Related Injury Improve Morale Increase Efficiency Reduce Operating Costs Streamline Server Deployment www.ServerLIFT.com OSHA Highly recommends USING MECHANICAL MEANS to avoid injury while lifting equipment heavier

341 views • 7 slides
NMCB Ops Officer Perspective Iraq/Kuwait Deployment Brief to: SAME Mid-Atlantic Regional

NMCB Ops Officer Perspective Iraq/Kuwait Deployment Brief to: SAME Mid-Atlantic Regional

NMCB Ops Officer Perspective Iraq/Kuwait Deployment Brief to: SAME Mid-Atlantic Regional Conference 10 OCT 07 Overview Deployment Overview Deployment Timeline Mission Organization Locations Deployment Highlights

369 views • 26 slides
1 K-means clustering The K-means clustering algorithm can be seen as applying the EM algorithm to

1 K-means clustering The K-means clustering algorithm can be seen as applying the EM algorithm to

Statistical Modeling and Analysis of Neural Data (NEU 560) Princeton University, Spring 2018 Jonathan Pillow Lecture 18 notes: K-means and Factor Analysis Tues, 4.17 1 K-means clustering The K-means clustering algorithm can be seen as

548 views • 3 slides
TheReleaseofProofofConcept CodeintotheWild An exploit

TheReleaseofProofofConcept CodeintotheWild An exploit

TheReleaseofProofofConcept CodeintotheWild An exploit isapieceofsoftware,achunkof data,orsequenceofcommandsthattake

398 views • 24 slides
INFRASTRUCTURE QUALITY, INFRASTRUCTURE QUALITY, DEPLOYMENT, AND DEPLOYMENT, AND OPERATIONS

INFRASTRUCTURE QUALITY, INFRASTRUCTURE QUALITY, DEPLOYMENT, AND DEPLOYMENT, AND OPERATIONS

INFRASTRUCTURE QUALITY, INFRASTRUCTURE QUALITY, DEPLOYMENT, AND DEPLOYMENT, AND OPERATIONS OPERATIONS Christian Kaestner Required reading: Eric Breck, Shanqing Cai, Eric Nielsen, Michael Salib, D. Sculley. The ML Test Score: A Rubric for ML

1.36k views • 124 slides
NAG : Motivating Deployment of Networked Systems Mohit Lad UCLA Deployment of Networked Systems

NAG : Motivating Deployment of Networked Systems Mohit Lad UCLA Deployment of Networked Systems

NAG : Motivating Deployment of Networked Systems Mohit Lad UCLA Deployment of Networked Systems Goal: How do you convince users to deploy applications? Prior work: Lottery System (Sigcomm 07) Probabilistic incentive to motivate

448 views • 7 slides
The SDS Skip Subsea Deployment Systems Ltd. Subsea Deployment Systems Ltd. SUBSEA SKIP An

The SDS Skip Subsea Deployment Systems Ltd. Subsea Deployment Systems Ltd. SUBSEA SKIP An

The SDS Skip Subsea Deployment Systems Ltd. Subsea Deployment Systems Ltd. SUBSEA SKIP An alternative to enhance the recovery of structures, spool pieces, mattresses etc. during decommissioning work Can be used to transport complex

453 views • 30 slides
CONTINUOUS DEPLOYMENT WITH SINGULARITY Large Scale Mission-Critical Service and Job Deployment

CONTINUOUS DEPLOYMENT WITH SINGULARITY Large Scale Mission-Critical Service and Job Deployment

CONTINUOUS DEPLOYMENT WITH SINGULARITY Large Scale Mission-Critical Service and Job Deployment Gregory Chomatas @gchomatas PAAS TEAM Implement & maintain: the deploy & build tools the PAAS platform (mesos clusters) load balancer

623 views • 35 slides
Deployment options Vlad Ionescu BDevOps vladionescu.me Plan Deployment options

Deployment options Vlad Ionescu BDevOps vladionescu.me Plan Deployment options

Deployment options Vlad Ionescu BDevOps vladionescu.me Plan Deployment options Scripts Configuration management Immutable infrastructure Containers Serverless Blatant generalisations Q

1.45k views • 107 slides
Assessing and Improving the Quality of DNSSEC Deployment Deployment Casey Deccio, Ph.D. Sandia

Assessing and Improving the Quality of DNSSEC Deployment Deployment Casey Deccio, Ph.D. Sandia

Assessing and Improving the Quality of DNSSEC Deployment Deployment Casey Deccio, Ph.D. Sandia National Laboratories AIMS-4 CAIDA, SDSC, San Diego, CA Feb 9, 2012 Sandia is a multiprogram laboratory operated by Sandia Corporation, a

913 views • 37 slides
HISD SciPack Deployment Presentation on Outcomes from the Study of a SciPack Deployment in the

HISD SciPack Deployment Presentation on Outcomes from the Study of a SciPack Deployment in the

HISD SciPack Deployment Presentation on Outcomes from the Study of a SciPack Deployment in the Houston Independent School District during School Year 2009-2010 www.edvantia.org SciPack Study Design & Process Selection of SciPacks: After

137 views • 12 slides
Heap Models For Exploit Systems IEEE Security and Privacy LangSec Workshop 2015 Julien Vanegue

Heap Models For Exploit Systems IEEE Security and Privacy LangSec Workshop 2015 Julien Vanegue

Heap Models For Exploit Systems IEEE Security and Privacy LangSec Workshop 2015 Julien Vanegue Bloomberg L.P. New York, USA. May 24, 2015 Big picture : The Automated Exploitation Grand Challenge A Security Exploit is a program taking

451 views • 23 slides

More recommend