Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn how Meta secures billions of production PKI credentials across millions of hosts in this 25-minute conference presentation from USENIX Security '25. Discover Meta's multi-faceted security approach that addresses the vulnerability of private key material to exfiltration by users with root or supervisory access. Explore the implementation of certificate revocation mechanisms, IP binding enforcement, and delegated credentials to prevent unauthorized access to sensitive data. Understand how Meta integrates Trusted Platform Modules (TPMs) with platform attestation and integrity measurements to secure private keys within hardware boundaries. Examine strategies for preventing credential mobility, reducing credential lifetimes from up to 3 months, and increasing the cost of credential exfiltration. Gain insights into how IP binding enforcement ensures credentials remain tied to specific hosts, effectively mitigating risks of unauthorized use across different environments in large-scale production infrastructure.
