SlideShare ist ein Scribd-Unternehmen logo

Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

Nick Sullivan
Nick Sullivan

In this session we will look in depth into what happens when we throw away the assumption that server hardware is trusted. We discuss advanced techniques for protecting software on untrusted clients and how to apply them to servers running on untrusted hardware. This includes anti-reverse engineering methods, secure key management and how to design a system for renewal.

Technologie
1 von 37
Downloaden Sie, um offline zu lesen
Running Secure Server Software on Insecure Hardware without a Parachute SESSION ID: STU-M06B Nicholas Sullivan Systems Engineer
 CloudFlare
 @grittygrease
What this talk is about ! The web is changing — consolidation at the edge ! Fundamental assumptions about server security are wrong ! How do we design server software with the worst case in mind? ! Distinguish between long and short term secrets ! Devise approaches for protecting each #RSAC !2
Let’s Talk About Web Infrastructure
#RSAC !4
Global Website Traffic #RSAC !5
Global Website Traffic with CDN #RSAC !6
Current Map #RSAC !7
Future Map #RSAC !8
Future Map #RSAC !9
Edge Computing Threat Model
Traditional server threat model ! Assume server is secure ! Add layers of protection to keep attackers out ! Network layer protection ! Operating System Level: principle of least privilege ! Protection against maliciously installed code ! More advanced barriers #RSAC !11
Globally distributed servers ! Less jurisdictional control = less physical security ! Physical access trumps static defense layers ! ! Traditional defenses helpful, but not ideal ! Cannot rely on security of keys ! Single break-in results in immediate compromise #RSAC !12
A More Effective Approach
Approach system security the ‘DRM way’ ! Assume attacker has bypassed all static defenses ! Goal is to refresh secrets before they are compromised ! Split system into long-term secrets and short-term secrets ! Focus on renewability of secrets #RSAC !14
Secrets must be split into two tiers ! Long-term Secrets ! Useful for attacker for long period of time ! Do not store at the edge ! ! Short-term Secrets ! Expire after a short period of time ! Cannot be re-used #RSAC !15
Example: Traditional TLS termination ! TLS handshake with nginx and Apache ! SSL keys on disk ! Read from disk, use in memory ! ! Cryptographic elements at risk if server is compromised ! Private key ! Session key #RSAC !16
TLS revisited for untrusted hardware ! Long term secrets ! Private key ! ! Short term secrets ! Session key ! Session IDs and Session ticket keys ! Credentials to access private keys #RSAC !17
How to Protect 
 Short-term Secrets
Short-term secrets — threat model ! Must live on machines in unsafe locations ! ! ! Memory Control Flow By the time a secret is broken, it should be expired ! Don’t keep secrets in a useable state ! Impose computational cost to retrieve the original secret ! Expire secrets quickly ! #RSAC !19
Techniques from DRM are applicable ! White-box cryptography ! Code obfuscation #RSAC !20
Standard Cryptography Threat Model Eve Alice Bob #RSAC !21
White-box Cryptography Threat Model Eve Alice Bob #RSAC !22
White-box Cryptography Threat Model Aleve Bob #RSAC !23
White-box cryptography ! Hide the cryptographic key from everyone ! Protect against key extraction in the strongest threat model ! ! Takes time to extract key — lots of math ! Choose difficulty based on secret lifetime #RSAC !24
White-box cryptography implementations ! Commercial products ! ! Irdeto, Arxan, SafeNet, etc. Open source ! OpenWhiteBox #RSAC !25
Code obfuscation #RSAC !26
Code obfuscation ! Making reverse engineering difficult ! Compile-time control-flow modification ! Data transformation in memory ! Anti-debugging #RSAC !27
Before #RSAC !28
After #RSAC !29
Code obfuscation implementations ! Commercial products ! ! Arxan, Irdeto, etc. Open source ! Obfuscator-LLVM #RSAC !30
Long-term Secrets
Keyless SSL ! SSL without keys? Surely you’re joking. ! SSL without keys at the edge. That’s better. #RSAC !32
How Keyless SSL Works ! Split the TLS state machine geographically ! Perform private key operation at site owner’s facility (in HSM, etc) ! Perform rest of handshake at edge ! Communicate with signing server over mutually authenticated TLS #RSAC !33
Keyless SSL Diagram #RSAC !34
#RSAC !35
Conclusion
Conclusion ! Untrusted hardware requires a new approach ! Split secrets into long-term and short-term ! Design for rapid renewal — replace secrets faster than they can be broken ! Leverage short-term secrets to access long-term secrets #RSAC !37

Empfohlen

Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsMichele Chubirka
 
Privafy NetEdge
Privafy NetEdgePrivafy NetEdge
Privafy NetEdgePrivafy
 
TrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTWD Industries AG
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Tim Mackey
 
From Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot DataFrom Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot DataDefCamp
 
IoT security
IoT securityIoT security
IoT securityAbhishek Dwivedi
 
Web security 101
Web security 101Web security 101
Web security 101Kristaps Kūlis
 
Covid 19 staying cyber secure
Covid 19 staying cyber secureCovid 19 staying cyber secure
Covid 19 staying cyber securemascot4u
 

Empfohlen

Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsMichele Chubirka
 
Privafy NetEdge
Privafy NetEdgePrivafy NetEdge
Privafy NetEdgePrivafy
 
TrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTWD Industries AG
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Tim Mackey
 
From Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot DataFrom Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot DataDefCamp
 
IoT security
IoT securityIoT security
IoT securityAbhishek Dwivedi
 
Web security 101
Web security 101Web security 101
Web security 101Kristaps Kūlis
 
Covid 19 staying cyber secure
Covid 19 staying cyber secureCovid 19 staying cyber secure
Covid 19 staying cyber securemascot4u
 
The state of wireless security
The state of wireless security The state of wireless security
The state of wireless security Filip Waeytens
 
Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleGuardicore
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementTim Mackey
 
Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis Cybersecurity
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareCSNP
 
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018African Cyber Security Summit
 
Network Security
Network SecurityNetwork Security
Network SecurityADVA
 
Enigma Solutions: The Imagine Solution
Enigma Solutions: The Imagine SolutionEnigma Solutions: The Imagine Solution
Enigma Solutions: The Imagine SolutionAniket Matharasi
 
Capture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseCapture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseFidelis Cybersecurity
 
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemThe Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemPriyanka Aash
 
Trustleap - Mathematically-Proven Unbreakable Security
Trustleap - Mathematically-Proven Unbreakable SecurityTrustleap - Mathematically-Proven Unbreakable Security
Trustleap - Mathematically-Proven Unbreakable SecurityTWD Industries AG
 
Ssl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubSsl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubiplotnikov
 
mod_security introduction at study2study #3
mod_security introduction at study2study #3mod_security introduction at study2study #3
mod_security introduction at study2study #3Naoya Nakazawa
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTamas K Lengyel
 
Global-WAN - The Swiss Neutral Data Haven
Global-WAN - The Swiss Neutral Data HavenGlobal-WAN - The Swiss Neutral Data Haven
Global-WAN - The Swiss Neutral Data HavenTWD Industries AG
 
Fal conunite2019 complete_zero_trust_final
Fal conunite2019 complete_zero_trust_finalFal conunite2019 complete_zero_trust_final
Fal conunite2019 complete_zero_trust_finalBryan Fite
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 
Digital self defense
Digital self defenseDigital self defense
Digital self defenseHenrik Jacobsen
 
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016grecsl
 
CDE Marketplace: SQR Systems
CDE Marketplace: SQR SystemsCDE Marketplace: SQR Systems
CDE Marketplace: SQR SystemsDefence and Security Accelerator
 
Form_8-K_2007-10-18reliance steel & aluminum
Form_8-K_2007-10-18reliance steel & aluminum Form_8-K_2007-10-18reliance steel & aluminum
Form_8-K_2007-10-18reliance steel & aluminum finance32
 
Form_8-K_2008-10-16reliance steel & aluminum
Form_8-K_2008-10-16reliance steel & aluminum Form_8-K_2008-10-16reliance steel & aluminum
Form_8-K_2008-10-16reliance steel & aluminum finance32
 

Weitere ähnliche Inhalte

Was ist angesagt?

The state of wireless security
The state of wireless security The state of wireless security
The state of wireless security Filip Waeytens
 
Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleGuardicore
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementTim Mackey
 
Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis Cybersecurity
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareCSNP
 
Network Security
Network SecurityNetwork Security
Network SecurityADVA
 
Enigma Solutions: The Imagine Solution
Enigma Solutions: The Imagine SolutionEnigma Solutions: The Imagine Solution
Enigma Solutions: The Imagine SolutionAniket Matharasi
 
Capture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseCapture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseFidelis Cybersecurity
 
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemThe Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemPriyanka Aash
 
Trustleap - Mathematically-Proven Unbreakable Security
Trustleap - Mathematically-Proven Unbreakable SecurityTrustleap - Mathematically-Proven Unbreakable Security
Trustleap - Mathematically-Proven Unbreakable SecurityTWD Industries AG
 
Ssl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubSsl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubiplotnikov
 
mod_security introduction at study2study #3
mod_security introduction at study2study #3mod_security introduction at study2study #3
mod_security introduction at study2study #3Naoya Nakazawa
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTamas K Lengyel
 
Global-WAN - The Swiss Neutral Data Haven
Global-WAN - The Swiss Neutral Data HavenGlobal-WAN - The Swiss Neutral Data Haven
Global-WAN - The Swiss Neutral Data HavenTWD Industries AG
 
Fal conunite2019 complete_zero_trust_final
Fal conunite2019 complete_zero_trust_finalFal conunite2019 complete_zero_trust_final
Fal conunite2019 complete_zero_trust_finalBryan Fite
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016grecsl
 

Was ist angesagt? (20)

The state of wireless security
The state of wireless security The state of wireless security
The state of wireless security
 
Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at Scale
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception Solution
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & Ransomware
 
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018
 
Network Security
Network SecurityNetwork Security
Network Security
 
Enigma Solutions: The Imagine Solution
Enigma Solutions: The Imagine SolutionEnigma Solutions: The Imagine Solution
Enigma Solutions: The Imagine Solution
 
Capture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseCapture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception Defense
 
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemThe Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
 
Trustleap - Mathematically-Proven Unbreakable Security
Trustleap - Mathematically-Proven Unbreakable SecurityTrustleap - Mathematically-Proven Unbreakable Security
Trustleap - Mathematically-Proven Unbreakable Security
 
Ssl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech clubSsl Vpn presentation at CoolTech club
Ssl Vpn presentation at CoolTech club
 
mod_security introduction at study2study #3
mod_security introduction at study2study #3mod_security introduction at study2study #3
mod_security introduction at study2study #3
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUF
 
Global-WAN - The Swiss Neutral Data Haven
Global-WAN - The Swiss Neutral Data HavenGlobal-WAN - The Swiss Neutral Data Haven
Global-WAN - The Swiss Neutral Data Haven
 
Fal conunite2019 complete_zero_trust_final
Fal conunite2019 complete_zero_trust_finalFal conunite2019 complete_zero_trust_final
Fal conunite2019 complete_zero_trust_final
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 
Digital self defense
Digital self defenseDigital self defense
Digital self defense
 
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
 
CDE Marketplace: SQR Systems
CDE Marketplace: SQR SystemsCDE Marketplace: SQR Systems
CDE Marketplace: SQR Systems
 

Andere mochten auch

Form_8-K_2007-10-18reliance steel & aluminum
Form_8-K_2007-10-18reliance steel & aluminum Form_8-K_2007-10-18reliance steel & aluminum
Form_8-K_2007-10-18reliance steel & aluminum finance32
 
Form_8-K_2008-10-16reliance steel & aluminum
Form_8-K_2008-10-16reliance steel & aluminum Form_8-K_2008-10-16reliance steel & aluminum
Form_8-K_2008-10-16reliance steel & aluminum finance32
 
Form_8-K_2008-07-17areliance steel & aluminum
Form_8-K_2008-07-17areliance steel & aluminum Form_8-K_2008-07-17areliance steel & aluminum
Form_8-K_2008-07-17areliance steel & aluminum finance32
 
Form_8-K_2008-04-17reliance steel & aluminum
Form_8-K_2008-04-17reliance steel & aluminum Form_8-K_2008-04-17reliance steel & aluminum
Form_8-K_2008-04-17reliance steel & aluminum finance32
 
Alternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure WebAlternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure WebCASCouncil
 
Form_8-K_2009-02-19reliance steel & aluminum
Form_8-K_2009-02-19reliance steel & aluminum Form_8-K_2009-02-19reliance steel & aluminum
Form_8-K_2009-02-19reliance steel & aluminum finance32
 

Andere mochten auch (6)

Form_8-K_2007-10-18reliance steel & aluminum
Form_8-K_2007-10-18reliance steel & aluminum Form_8-K_2007-10-18reliance steel & aluminum
Form_8-K_2007-10-18reliance steel & aluminum
 
Form_8-K_2008-10-16reliance steel & aluminum
Form_8-K_2008-10-16reliance steel & aluminum Form_8-K_2008-10-16reliance steel & aluminum
Form_8-K_2008-10-16reliance steel & aluminum
 
Form_8-K_2008-07-17areliance steel & aluminum
Form_8-K_2008-07-17areliance steel & aluminum Form_8-K_2008-07-17areliance steel & aluminum
Form_8-K_2008-07-17areliance steel & aluminum
 
Form_8-K_2008-04-17reliance steel & aluminum
Form_8-K_2008-04-17reliance steel & aluminum Form_8-K_2008-04-17reliance steel & aluminum
Form_8-K_2008-04-17reliance steel & aluminum
 
Alternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure WebAlternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure Web
 
Form_8-K_2009-02-19reliance steel & aluminum
Form_8-K_2009-02-19reliance steel & aluminum Form_8-K_2009-02-19reliance steel & aluminum
Form_8-K_2009-02-19reliance steel & aluminum
 

Ähnlich wie Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoidOwaspCzech
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoidFilip Šebesta
 
Client side encryption without knowing its limits is a ticking time bomb!
Client side encryption without knowing its limits is a ticking time bomb!Client side encryption without knowing its limits is a ticking time bomb!
Client side encryption without knowing its limits is a ticking time bomb!Priyanka Aash
 
Running Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteRunning Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteCloudflare
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementationsTrupti Shiralkar, CISSP
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosOuthai SAIOUDOM
 
RSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityRSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityScott Carlson
 
Cloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSACloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSAShannon Lietz
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesAspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesPriyanka Aash
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
 
rsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewiczrsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewiczZuzannaKornecka
 
Encryption Techniques
Encryption TechniquesEncryption Techniques
Encryption TechniquesDel Elson
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia PotapenkoFwdays
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17LennartF
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modelingShantanu Mitra
 
Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013javagroup2006
 
Challenges Building Secure Mobile Applications
Challenges Building Secure Mobile ApplicationsChallenges Building Secure Mobile Applications
Challenges Building Secure Mobile ApplicationsMasabi
 

Ähnlich wie Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014 (20)

Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
 
Client side encryption without knowing its limits is a ticking time bomb!
Client side encryption without knowing its limits is a ticking time bomb!Client side encryption without knowing its limits is a ticking time bomb!
Client side encryption without knowing its limits is a ticking time bomb!
 
Running Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteRunning Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without Parachute
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementations
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laos
 
RSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityRSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud Security
 
Cloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSACloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSA
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesAspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security Headaches
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
 
rsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewiczrsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewicz
 
Encryption Techniques
Encryption TechniquesEncryption Techniques
Encryption Techniques
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modeling
 
Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013
 
Challenges Building Secure Mobile Applications
Challenges Building Secure Mobile ApplicationsChallenges Building Secure Mobile Applications
Challenges Building Secure Mobile Applications
 
Ceh v5 module 21 cryptography
Ceh v5 module 21 cryptographyCeh v5 module 21 cryptography
Ceh v5 module 21 cryptography
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 

Mehr von Nick Sullivan

Bringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamBringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamNick Sullivan
 
What's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoWhat's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoNick Sullivan
 
Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Nick Sullivan
 
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23Nick Sullivan
 
An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxyingNick Sullivan
 
White-box Cryptography -BayThreat 2013
White-box Cryptography -BayThreat 2013White-box Cryptography -BayThreat 2013
White-box Cryptography -BayThreat 2013Nick Sullivan
 

Mehr von Nick Sullivan (6)

Bringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamBringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the Mainstream
 
What's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoWhat's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham Go
 
Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3
 
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
 
An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxying
 
White-box Cryptography -BayThreat 2013
White-box Cryptography -BayThreat 2013White-box Cryptography -BayThreat 2013
White-box Cryptography -BayThreat 2013
 

Kürzlich hochgeladen

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014