BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.troopers.de//tr26-cfp//speaker//8ALLKJ
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-tr26-cfp-XPCFQJ@cfp.troopers.de
DTSTART;TZID=CET:20260624T141500
DTEND;TZID=CET:20260624T151500
DESCRIPTION:Implementing Kubernetes namespace-based multi-tenancy is challe
 nging\, and its isolation is generally considered less effective than cont
 rol-plane isolation. That's why the latter is often recommended ... and al
 so implemented? Not really\, as workloads such as machine learning\, pipel
 ines\, and scripting capabilities are increasingly common in enterprise en
 vironments. And they can introduce unobvious multi-tenancy in clusters.\n\
 nSo the question is: How can we securely isolate those workloads from each
  other? Pod Security Standards\, Network Policies\, and Admission Controls
  are well adopted\, but are they sufficient?\n\nThe answer is no – this 
 talk presents new vulnerabilities and real-world exploits in Kubeflow\, Is
 tio\, and Traefik that violate trust boundaries between namespaces and wor
 kloads. \n\nWe will discuss these vulnerabilities in detail\, together wit
 h the underlying conditions and root causes that render them exploitable.\
 n\nBased on these examples\, we will present a methodology for assessing c
 omplex environments with isolation problems and provide guidance on mitiga
 ting these issues.
DTSTAMP:20260627T175913Z
LOCATION:Track 3
SUMMARY:How To Break Multi-Tenancy Again and Again in Kubernetes ...and Wha
 t We Can Learn From It - Sven Nobis\, Lorin Lehawany
URL:https://cfp.troopers.de/tr26-cfp/talk/XPCFQJ/
END:VEVENT
END:VCALENDAR