1. Home
  2. Mapping Frameworks
  3. GCP Home
  4. Binary Authorization

GCP binary_authorization Mappings

Binary Authorization is a service that provides software supply-chain security for container-based applications.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name Notes
binary_authorization Binary Authorization protect significant T1610 Deploy Container
Comments
Based on configured policies, Binary Authorization allows or blocks deployment of container images.
References
  1. https://cloud.google.com/binary-authorization/docs/overview
  2. https://cloud.google.com/binary-authorization/docs/attestations
binary_authorization Binary Authorization protect significant T1053.007 Container Orchestration Job
Comments
Each image has a signer digitally sign using a private key. At deploy time, the enforcer uses the attester's public key to verify the signature in the attestation.
References
  1. https://cloud.google.com/binary-authorization/docs/overview
  2. https://cloud.google.com/binary-authorization/docs/attestations
binary_authorization Binary Authorization protect significant T1612 Build Image on Host
Comments
Each container image generated has a signer digitally sign using a private key to generate the attestation report. At deploy time, the enforcer uses the attester's public key to verify the signature or will block this process.
References
  1. https://cloud.google.com/binary-authorization/docs/overview
  2. https://cloud.google.com/binary-authorization/docs/attestations
binary_authorization Binary Authorization protect significant T1554 Compromise Client Software Binary
Comments
Each image has a signer digitally sign using a private key. At deploy time, the enforcer uses the attester's public key to verify the signature in the attestation.
References
  1. https://cloud.google.com/binary-authorization/docs/overview
  2. https://cloud.google.com/binary-authorization/docs/attestations
binary_authorization Binary Authorization protect significant T1525 Implant Internal Image
Comments
Each image has a signer digitally sign using a private key. At deploy time, the enforcer uses the attester's public key to verify the signature in the attestation.
References
  1. https://cloud.google.com/binary-authorization/docs/overview
  2. https://cloud.google.com/binary-authorization/docs/attestations
binary_authorization Binary Authorization protect significant T1036.001 Invalid Code Signature
Comments
Each image has a signer digitally sign using a private key. At deploy time, the enforcer uses the attester's public key to verify the signature in the attestation.
References
  1. https://cloud.google.com/binary-authorization/docs/overview
  2. https://cloud.google.com/binary-authorization/docs/attestations
binary_authorization Binary Authorization protect significant T1601 Modify System Image
Comments
Each image has a signer digitally sign using a private key. At deploy time, the enforcer uses the attester's public key to verify the signature in the attestation.
References
  1. https://cloud.google.com/binary-authorization/docs/overview
  2. https://cloud.google.com/binary-authorization/docs/attestations
binary_authorization Binary Authorization protect significant T1204.003 Malicious Image
Comments
Each image has a signer digitally sign using a private key. At deploy time, the enforcer uses the attester's public key to verify the signature in the attestation.
References
  1. https://cloud.google.com/binary-authorization/docs/overview
  2. https://cloud.google.com/binary-authorization/docs/attestations