CSY302 Week 13 Advanced

Build Zero Trust controls and secure a cloud supply chain.

Cloud & Infrastructure Security

Track your progress through this week's content

Opening Framing

Cloud infrastructure erased the perimeter. Users, workloads, APIs, and third-party services constantly shift locations and identities. Zero Trust provides the model to operate safely in this reality: every request is authenticated, authorized, and inspected.

At the same time, the software supply chain has become one of the most targeted attack surfaces. Compromising a single dependency, build pipeline, or vendor can cascade across thousands of organizations. This week focuses on building Zero Trust architectures and securing software supply chains in the cloud.

Key insight: Cloud security is no longer about a hardened boundary. It is about trusted identities and verified components.

Building on Prior Knowledge

This week integrates concepts from across the curriculum:

  • CSY101 Week 13: Threat modeling (STRIDE, DFDs) to identify trust boundaries and attack surfaces in Zero Trust architectures
  • CSY203 Week 05: Secure coding and dependency management practices that prevent supply chain compromise
  • CSY301 Week 04: Supply chain intelligence and tracking adversary TTPs for third-party risk
  • CSY303 Week 10: Third-party risk assessment frameworks applied to cloud vendors and dependencies

1) Zero Trust Cloud Architecture

Zero Trust is a strategy, not a single product. It assumes every network is hostile and every access must be verified. 

Zero Trust Principles:

VERIFY EXPLICITLY:
- Authenticate every request
- Evaluate device posture and context
- Use conditional access policies

USE LEAST PRIVILEGE:
- Minimize access by role and scope
- Apply just-in-time elevation
- Rotate secrets and short-lived tokens

ASSUME BREACH:
- Segment networks and workloads
- Monitor continuously
- Limit blast radius by default

Cloud Implementation:
- Identity-centric access (OIDC/SAML federation)
- Service-to-service auth (mTLS, workload identity)
- Micro-segmentation (security groups, service mesh)
- Continuous telemetry and policy enforcement

2) Policy Decision and Enforcement

Zero Trust relies on consistent policy enforcement across identity, network, workload, and data layers. 

Zero Trust Control Plane:

Policy Administration Point (PAP)
  - Defines access policies (who/what/when)

Policy Decision Point (PDP)
  - Evaluates requests using identity + context

Policy Enforcement Point (PEP)
  - Enforces allow/deny decisions at runtime

Signals to evaluate:
- Identity assurance (MFA, risk level)
- Device posture (managed, patched, compliant)
- Network context (geo, ASN, time)
- Workload state (container image, attestation)

Key Architecture Goal:
Policies are portable and enforced consistently
across cloud and SaaS environments.

3) Cloud Supply Chain Risk Map

Supply chain risk is about compromised components and untrusted build paths. The highest leverage attacks target dependencies and pipelines instead of individual systems. 

Supply Chain Exposure Points:

- Source code (malicious commits, leaked tokens)
- Dependencies (typosquatting, compromised packages)
- Build systems (CI runners, artifact repositories)
- Images (base images, container registries)
- IaC modules (Terraform, Helm, CloudFormation)
- SaaS providers (third-party apps, API access)

Defensive Controls:
- SBOMs for every release
- Artifact signing and provenance (SLSA)
- Dependency pinning and allowlists
- Build isolation and short-lived credentials
- Continuous vendor and package monitoring

4) Secure Build and Deployment Pipelines

The pipeline is the factory of trust. Zero Trust and supply chain security require strong controls at build time.

  • Use OIDC to avoid long-lived cloud credentials in CI/CD.
  • Generate SBOMs and attach them to every release.
  • Sign artifacts and verify signatures before deployment.
  • Enforce policy-as-code checks on IaC and containers.
  • Store provenance and require it during promotion.

Key insight: If you cannot prove where an artifact came from, you cannot trust it in production.

Case Study: SolarWinds Orion

The SolarWinds compromise (2020) demonstrated how supply chain attacks bypass perimeter defenses. Adversaries inserted malicious code into a legitimate build process, resulting in trusted updates being distributed to customers.

  • Compromised build pipeline led to signed, trusted binaries.
  • Victims pulled updates through normal patch channels.
  • Defenders lacked provenance and integrity validation.

Lesson learned: Trust must be continuously verified, even for vendors and signed software updates.

Week Outcome Check

By the end of this week, you should be able to:

  • Explain Zero Trust principles in cloud environments
  • Design policy decision and enforcement architecture
  • Apply identity-centric access to cloud workloads
  • Map supply chain exposure points in cloud pipelines
  • Generate and use SBOMs for releases
  • Implement artifact signing and provenance checks
  • Secure CI/CD pipelines with short-lived credentials
  • Translate supply chain lessons into cloud controls

๐ŸŽฏ Hands-On Labs (Free & Essential)

Build Zero Trust controls and secure a cloud supply chain.

๐Ÿ” Cloudflare Zero Trust: Identity-Aware Access

What you'll do: Build an access policy that protects a private app using identity, MFA, and device posture checks.
Why it matters: Zero Trust starts by removing implicit network trust.
Time estimate: 2-3 hours

Open Cloudflare Zero Trust โ†’

๐Ÿ”— GitHub Actions OIDC: Short-Lived Cloud Access

What you'll do: Configure CI/CD to assume a cloud role using OIDC instead of long-lived secrets.
Why it matters: Builds are a prime supply chain target.
Time estimate: 2-3 hours

Open GitHub OIDC Guide โ†’

๐Ÿงพ SBOM + Vulnerability Scan with Syft and Grype

What you'll do: Generate an SBOM for a container image and scan it for vulnerabilities.
Why it matters: You cannot secure what you cannot inventory.
Time estimate: 2-3 hours

Open Syft โ†’

โœ… Sign and Verify Artifacts with Cosign

What you'll do: Sign a container image and verify it before deployment.
Why it matters: Provenance validation blocks tampered artifacts.
Time estimate: 2-3 hours

Open Cosign Docs โ†’

๐Ÿ’ก Lab Strategy: Treat every artifact like untrusted code until it is verified and signed.

Resources

Lab

Complete the following exercises to demonstrate Zero Trust and supply chain security controls in a cloud workflow.

Part 1: Zero Trust Access Policy (LO11)

Create an identity-aware access policy for an internal app. Define required identity signals, conditional access rules, and session restrictions. Include a brief diagram of your policy flow.

Deliverable: Access policy design and decision flow diagram.

Part 2: CI/CD Trust Boundaries (LO11)

Configure a CI/CD job to assume cloud permissions via OIDC and document the trust boundary. Identify which steps produce and sign artifacts.

Deliverable: OIDC configuration proof and pipeline notes.

Part 3: SBOM + Signed Artifact (LO11)

Generate an SBOM for a container image, sign the artifact, and validate the signature before deployment.

Deliverable: SBOM file and signature verification output.

Week 13 Quiz

Test your understanding of Zero Trust Architecture and Supply Chain Security.

Format: 10 multiple-choice questions. Passing score: 70%. Time: Untimed.

Take Quiz

Weekly Reflection

Answer the following prompts in 250-300 words: