1. Home
  2. Mapping Frameworks
  3. GCP Home
  4. Binary Authorization Capability Group

GCP Binary Authorization Capability Group

All Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name Notes
binary_authorization Binary Authorization protect significant T1036.001 Invalid Code Signature
Comments
Each image has a signer digitally sign using a private key. At deploy time, the enforcer uses the attester's public key to verify the signature in the attestation.
References
  1. ['https://cloud.google.com/binary-authorization/docs/overview'
  2. 'https://cloud.google.com/binary-authorization/docs/attestations']
binary_authorization Binary Authorization protect significant T1053.007 Container Orchestration Job
Comments
Each image has a signer digitally sign using a private key. At deploy time, the enforcer uses the attester's public key to verify the signature in the attestation.
References
  1. ['https://cloud.google.com/binary-authorization/docs/overview'
  2. 'https://cloud.google.com/binary-authorization/docs/attestations']
binary_authorization Binary Authorization protect significant T1204.003 Malicious Image
Comments
Each image has a signer digitally sign using a private key. At deploy time, the enforcer uses the attester's public key to verify the signature in the attestation.
References
  1. ['https://cloud.google.com/binary-authorization/docs/overview'
  2. 'https://cloud.google.com/binary-authorization/docs/attestations']
binary_authorization Binary Authorization protect significant T1525 Implant Internal Image
Comments
Each image has a signer digitally sign using a private key. At deploy time, the enforcer uses the attester's public key to verify the signature in the attestation.
References
  1. ['https://cloud.google.com/binary-authorization/docs/overview'
  2. 'https://cloud.google.com/binary-authorization/docs/attestations']
binary_authorization Binary Authorization protect significant T1554 Compromise Host Software Binary
Comments
Each image has a signer digitally sign using a private key. At deploy time, the enforcer uses the attester's public key to verify the signature in the attestation.
References
  1. ['https://cloud.google.com/binary-authorization/docs/overview'
  2. 'https://cloud.google.com/binary-authorization/docs/attestations']
binary_authorization Binary Authorization protect significant T1601 Modify System Image
Comments
Each image has a signer digitally sign using a private key. At deploy time, the enforcer uses the attester's public key to verify the signature in the attestation.
References
  1. ['https://cloud.google.com/binary-authorization/docs/overview'
  2. 'https://cloud.google.com/binary-authorization/docs/attestations']
binary_authorization Binary Authorization protect significant T1610 Deploy Container
Comments
Based on configured policies, Binary Authorization allows or blocks deployment of container images.
References
  1. ['https://cloud.google.com/binary-authorization/docs/overview'
  2. 'https://cloud.google.com/binary-authorization/docs/attestations']
binary_authorization Binary Authorization protect significant T1612 Build Image on Host
Comments
Each container image generated has a signer digitally sign using a private key to generate the attestation report. At deploy time, the enforcer uses the attester's public key to verify the signature or will block this process.
References
  1. ['https://cloud.google.com/binary-authorization/docs/overview'
  2. 'https://cloud.google.com/binary-authorization/docs/attestations']

Capabilities

Capability ID Capability Name Number of Mappings
binary_authorization Binary Authorization 8