Hello everyone. I'm Chen Kabul from College of Technology, pan India, and today I'll be talking about building zero trust, security infrastructure, and rust. I will walk you through what zero trust means and some of the fundamentals of it. What advantages does bring to this problem? We'll also go through some of the building blocks, just provide to build a secure infrastructure. Then we'll look at some implementation patterns and close with some performance numbers from real world implementations. Let's start by looking at zero trust security fundamentals in today's threat landscape of sophisticated threat actors and our advent of ai. We have to always assume a brief scenario for any system infrastructure. This pushes us to lay down some ground rules for zero trust. First and foremost, we cannot trust without verifying the idea of any component. Always design access using lease privilege access, and have a very high standard from monitoring and validation to detect what's happening in your ecosystem. Now with the background of what we intend to achieve, let's see what Rust has to offer when it comes to security. First and foremost, systems built using Rust gets advantage of rust ownership model, which prevent memory vanities, like buffer workflows and use after free. This is a big trust advantage for systems built using rust. Rust. Also provide predictable performance, which helps with real time security decisions using metrics and other telemetry the ecosystem provides. Next, let's talk about rust string type system, which help perform compile time checks for critical controls like authentication. Another advantage of Rust is the security abstractions provided by the language for fast and effective operations when it comes to cryptography, authentication, and authorizations, which is critical to build a secure ecosystem. Rust safety guarantees and performance characteristics makes it as ideal choice for a zero trust architecture implementation. Now let's dive into some of the components which will help us build for zero trust. These rest components are the building blocks of foundation security and helps developers and security engineers achieve their goals. I have broken these components into three categories. First, networking and TLS. Tokyo Russ, TLS Web PKI, and Quinn helps developer build for secure channel implementation with high performance and memory safety TLS implementations on the authentication and IT side Russ Ring and organ two provides the primitive for strong authentication. JSON Web Open and or two RS components help build industry standard authentication mechanism with ease. Last, but one of the most important aspect of security in infrastructure is default network libraries and observative capabilities. Hyper end Tower provides a robust networking stack. While tracing and metrics provides rich performance and diagnostic data for a solid foundation for monitoring and detections, we just talked about how you can use some of Rust core components to build a secure software stack. Now let's talk about a critical NT of zero trust architecture, and that is identity aware proxies. As I mentioned in my opening, one of the fundamentals of Zero Trust architecture is verifying the caller and perform fine, gain authorization decisions, and also enforce policy based on context. Rush provides a perfect ecosystem for search architecture implementation with components like Tower as a middleware choice also, rush trade system is a perfect choice. Choice for a type safe policy implementation, which also enables compile time verification of policy logic, providing very high security assurance for policy checks, and best part is there are no runtime surprises. We touched on the importance of observability for a zero trust architecture. Rust metrics and tracing libraries makes metric data gathering a breeze and comes with a high performance benefit, which enables almost real time analysis of metric data for faster detections without penalizing the performance of our applications. Anomaly detection becomes so much better when you use metrics, data, and rust. Now let's dive a little deeper for the secure communication, implementation and Rust. As I mentioned earlier, rust, TLS is a great candidate for memory Safet, LS implementation, which comes with high performance and eliminates a whole suit of ities, which can be found in other S implementations. Definitely a big win here. Web PK ensures that certificate validation for secure communication is per RFC standards without a risk of wrong configurations and possible authentication, bypass van liberties and Quinn adds the cherry on top. If you want to implement quick protocol for high performance and security, I would highly increase to have a look at that. Overall rush library ecosystem offered its strong typing, compiled time detections of errors makes it a perfect choice for implementing error free and robust secure communication platform and fulfills the foundation needed for a zero trust system. Now let's dive into the complex world of supply chain security, which has caused some of the biggest breaches of our times. You must have definitely had of SolarWinds and how a third party developer system can compromise security of overall secure system. Rust cargo ecosystem ships with all the tooling needed to maintain secure dependencies and ensuring supply chain developes are accounted for while building the environment. Definitely an amazing advantage and make supply chain security management less complex to implement. Let's quickly look into some of the performance characteristic of rusts implementations, as there is often a concern that security comes with a performance price. As you can see, that rust high performance on JW validation with a latency of just 0.3 millisecond. Ability to make conference secure connections at a high scale and the a high availability. High availability provided by no GC pause in memory related crashes makes it a perfect choice for implementing components for zero test architecture. Trust proxy is a perfect example of such an implementation. I would highly encourage to look at Cloudflare's Spin Gora for such an implementation and how CloudFlare has achieved higher security and performance at the same time, and providing the best in class proxy for forest consumers. Let's talk about some of the key takeaways from our presentation before we close. Rest brings lot to the table when it comes to building security sensitive workloads. Critical for zero trust. First compiled. Time enforcement is a superpower when it comes to security assurances. Second, you don't need to compromise and performance. And third, the ecosystem continues to mature when it comes to security focus, implementation. And there is lot of open source contributions in this space. I will highly encourage all of you to evaluate your current stack for bottlenecks related to authentication performance, secure communication performance, and also vulnerability is in those stacks, and evaluate rust for those needs. I'm sure you'll not be disappointed. Thanks for listening my talk, and I wish you best in your security journey.