Informal security chat with Beyond Identity's CTO Jasson Casey and our host Marketing Empress Reece Guida on why provenance is important.

Transcription

Reece

Hello, everyone, and welcome to "Hot Takes" with me, Reece, the marketing lady. And... 

Jasson

I'm Jasson, I'm the CTO. And I have a screw. 

Reece

Yay. So, you guys, I've been mulling it over, provenance. Sounds like a fancy word, but it's important. Why? Because if you're not thinking about provenance of, you know, credentials, code, you're screwed. You know why? 

Because you're not thinking principally. So, I want you guys to tell me, do you agree with that? Do you vehemently disagree? What does provenance mean to you and why should the listeners be thinking about it? 

Jasson

So, provenance sounds... it does sound fancy, right? It sounds like I need my white jacket and I want a drink served on a doily, and we're probably somewhere in Connecticut. 

Reece

Pinkies out. 

Jasson

Yeah. Pinkies are always out. But what it really means is it's a fancy way of saying origin, like what is the origin of X, and also equally as important, how do you know that thing to be true? So, if we zoom out and we think about just engineering and design principles in general, we say something is principled or not principled. Really what we're saying is in this big zoom-out world, how do you know...like, what is it that you know to be true? 

How do you know that thing to be true? And then show me your reasoning framework, right? 

Reece

This sounds very philosophical. 

Jasson

It does. So it turns out the roots of logic, which are the roots of the math that actually is the roots of computer programming and processors did come out of logic and did come out of that branch of math. And it actually does describe the limitations of what is possible. And that's a whole world that we can kind of get lost in. 

But ultimately, when we say principled, what we really mean is when you design a system or when you're thinking about a system, you have algorithms and you have data. And the algorithms can be wrong, and the data can be wrong, and some combination of the two can be wrong. When we talk about provenance, we talk about really kind of zooming in on that data aspect there, or even the algorithm or the code portion, and saying, what is the origin of this data? 

What is the origin of this code? And how do I know that thing to be true? What is the level of trust that I have to kind of assert or...oh, here's another fancy word, axiomatize, which really just means accept, right? So, for instance, do you accept that two parallel lines never touch? 

That's a great axiom of geometry. It turns out when we're reasoning over systems and whatnot, there are a couple of axioms or a couple of assertions you just have to kind of take at the core. And the whole thing with zero trust and really with what we're talking about with provenance is how do I make that set of things that I have to just assume to be true as small as humanly possible, right? How do I reduce that set of basis, if you will, as small as possible? 

And this is where provenance plays in. It's what is the origin of the data that's going into the function, the algorithm, the system? What is the origin of the algorithm the system is actually executing? And how do I know those things to be true? 

Reece

So if I didn't know those things to be true, like say I'm a developer and there's a problem in production I have to debug. If there's provenance, I'm in a better place than if there wasn't because I'm screwed if there's not and I have to debug this thing. Like, what's a day-to-day example of this mattering? 

Jasson

So, I'm investigating an incident. A service was accessed with an SSH key or using a key bound in an SSH certificate. Who authorized this certificate? What is the origin of the key pair? How do I know the origin to be true? 

So, for instance, let's say the origin of that key pair was created inside of a TPM as a signing key and it was created in a way where the key literally can't move out of the TPM, right? It gets locked in a jail. You send data down and say sign this. You literally can't copy the key out. It's great because the key never ends up in memory. Can't be memory dumped, never ends up in the file system. 

Can't be read or mounted, blah, blah, blah. Anyway, that's another talk. So, how do I know the key that was used was in fact created in the TPM? 

Reece

How do you know? 

Jasson

Can I verify that origin because if I could, that helps me pull the thread versus if this was just kind of a developer create a key, right? It tells me not only was the origin inside of a TPM, but the implications of that is if I trust TPM 2 spec and it was implemented correctly, then in the certificate, I can also see the manufacturer. 

Like, I can see that it was an Infineon chip that in fact created that key pair. This is where I have to trust that Infineon actually executed something correctly. But again, it's very, very small piece of hardware thing that I now have to trust. 

Reece

So, provenance, maybe you could say synonyms are like assurance, accountability. Like, what else is there? 

Jasson

Provenance is origin. What is the origin of this and how do I know it to be true? 

Reece

Everybody loves a good origin story, right? 

Jasson

Was this painting, in fact, a Leonardo da Vinci original, or was it a Nelson sidewalk special? 

Reece

Well, I studied art history and that's actually a huge thing. Like, with Rembrandt, he had so many understudies that art historians and gallerists and resellers would be like, "Oh, yeah, this is a real Rembrandt." No, it was actually done by one of his students. So when you look around, like, you know, at your peers or just the average company, do you think that most people have a handle on provenance? 

Are they thinking about it, or is it something that drastically needs improvement and awareness? 

Jasson

It's a little bit in companies' assurance programs that kind of pick at and inch in that direction. But generally, I don't think people think about this. 

Reece

And why is that? Is it because it's boring? Is it because they're too busy? Like, why isn't there enough attention being devoted to this if it's going to make everybody's lives easier and more simple? 

Jasson

Well, I mean, I was about to say, "Well, this is my opinion on it," but everything is opinion at this point. So, number one is I'd say for a long period of time, most products and most kind of operations are really focused on building things that in their minds are kind of deterministic systems. If you put the same input in, you get the same output. 

And there's never any sort of ambiguity. Now the reality is for the last 20 years of my career, it's almost impossible to run into a system that doesn't have some form of non-determinism that you have to deal with, and some form of production concerns around partitioning that you just kind of have to deal with. And so really considering that part of the problem, really kind of backing up and also consider that people might lie, like, maybe the data has been manipulated in flight or manipulated in a non-obvious way. 

So like, in the crypto world, when I say crypto, now I have to qualify it, I don't mean crypto as in cryptocurrency, I mean like cryptography. 

Reece

Oh, man. 

Jasson

There's this property called integrity. And it's been around for a long time. And it's really this property of how do I know that a thing hasn't necessarily been modified in flight or in transit from the original center. And when we're talking about the whole problem of provenance, it definitely kind of sneaks back in there, but how do I know this actually came from Nelson? 

Why do I know that to be true? And how am I sure that no one has doctored it up or that it wasn't kind of one of Nelson's acolytes just kind of like painting by numbers? So, I guess I'm getting a little bit far-field. The question was really, like, why are people just now starting to pay attention to this? 

I think it's a hard problem. I think it really rears its head when you consider both distributed systems and adversaries that have access to those systems who can lie, right? 

Reece

Yeah. And that's pretty much the landscape these days. Right, guys? 

Jasson

And honestly, it's been the landscape for a long time. I think it's just the cost of not thinking about it is truly high now, right? 

Reece

Yeah. Yeah. And look, we don't want our listeners to have to suffer or be doomed. So, please think about provenance as you're building systems and just every day in your life. It'll do you some good. We will see you guys next week on our very exciting "Hot Takes" episode. 

Who knows what we're going to talk about, but we'll see you there. Thanks for tuning in today. Catch you later. Don't forget to like and subscribe, by the way, or else...