Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Secure and Distributed
Software
Wouter Joosen, IBBT-DistriNet
Context

Rapid growth of the Internet:

“not just network applications but
distributed software with
new and complex appli...
Secu
Mission             Middl rity
                         eware


              Privacy       Crypt
                   ...
Expertise (1/2)
Secure programming languages (Piessens, Joosen)
Security middleware and component frameworks (Piessens, De...
Expertise (2/2)
Cryptographic algorithms and protocols, foundations of cryptography and
provable security (Rijmen, Preneel...
Relevance

                   Tradition in Flanders: security
                     companies have flourished

 Resulting i...
Evolution and Trends
Systems and applications of growing scale, heterogeneity and
pervasiveness ... “Towards the Internet ...
From the FP7 Work Programme:
”Technology and Tools for Trustworthy ICT”

In highly distributed networked process control s...
Security Team: 9 professors, 80 researchers



Prof. Bart Preneel         Prof. Dave Clarke
Prof. Vincent Rijmen       Pro...
Illustration

AES                            PeCMan
[Open Competition1997-2001]    [IBBT] 2007-2009

            S3MS
    ...
Cryptographic algorithms: Rijndael/AES


                         S S S S S S S S S S S S S S S S
               round


 ...
S3MS:
Security of Software and Services for Mobile Systems


FP6 STREP and beyond
Objective:
   creation of framework and ...
S3MS:
Security by contract in a nutshell
Turbine:
Innovative Digital Identity Solutions
TURBINE aims to develop
innovative digital identity
solutions, combining:
 ...
PecMan:
Introducing Security Service Bus




          Application       Application        Application
           Binding...
PecMan:
An Open Deployment Architecture




                                             AZN Server
                      ...
TAS3

TAS3 focuses on federated identity management

 TAS3 consolidates scattered research inSecurity, Trust,
 Privacy, Di...
TAS3

                    Employability    Employability
Companies                              Portfolio
                ...
HATS:
Advanced software validation tools


 Advanced software validation tools need rigorous
 and unambiguous models

 Abs...
HATS:
   Scaling Formal Methods to Adaptable Systems


                   Software Family
                                ...
Secure Change:
Lifelong Development Cycle
4 Research Programs for ICT Security

Embedded Security

Privacy and Identity Management

Secure Software:
support at the ...
Obvious collaborations


Enabling technologies

Application domains

Industrial collaboration
   Europe
   Flanders
2019 WILL BRING...
THANK YOU
Upcoming SlideShare
Loading in …5
×

I Minds2009 Secure And Distributed Software Prof Wouter Joosen (Ibbt Distrinet Ku Leuven)

613 views

Published on

  • Be the first to comment

  • Be the first to like this

I Minds2009 Secure And Distributed Software Prof Wouter Joosen (Ibbt Distrinet Ku Leuven)

  1. 1. Secure and Distributed Software Wouter Joosen, IBBT-DistriNet
  2. 2. Context Rapid growth of the Internet: “not just network applications but distributed software with new and complex applications crossing the boundaries of organisations…” Hence a boom of security challenges..... (focus of this talk)
  3. 3. Secu Mission Middl rity eware Privacy Crypt ograp hy Watermarking DRM Secure g Programmin Biometric nt es Developme Languag “To be a one stop Secure Risk Management shop for security research”
  4. 4. Expertise (1/2) Secure programming languages (Piessens, Joosen) Security middleware and component frameworks (Piessens, Desmet, Joosen) Secure development process (Scandariato, Joosen) Security monitoring and management (Huygens, Joosen) Security for computer networks and pervasive systems (Verbaeten, Huygens, Preneel, Verbauwhede) Security for ad-hoc and wireless networks (Preneel, Verbauwhede) Privacy enhancing technologies, identity management (De Decker, Preneel) Cryptographic software and software obfuscation (Piessens, Preneel) Cryptographic hardware and embedded systems (Verbauwhede, Preneel, Rijmen) Document security, watermarking and perceptual hashing (Preneel) Trusted computing (Verbauwhede, Preneel)
  5. 5. Expertise (2/2) Cryptographic algorithms and protocols, foundations of cryptography and provable security (Rijmen, Preneel) Risk management (Huygens) Authorisation technologies (Piessens, Joosen, Desmet) Secure System Software (Piessens, Joosen) HW implementation of DRM, watermarking and perceptual hashing (Verbauwhede, Preneel) Side-channel attacks and countermeasures (Verbauwhede, Rijmen, Preneel) Embedded biometry (Verbauwhede, Tuyls) Security for RFID’s, smart-cards, sensor nodes (Verbauwhede, Batina, Preneel) Evaluation of system security, including requirements, security architectures, software, hardware, cryptographic libraries and smart cards (All)
  6. 6. Relevance Tradition in Flanders: security companies have flourished Resulting in a competitive education in a European context Thus a continuous “stream” of human capital can enter the labour market In addition, society urgently needs solutions – e.g. privacy
  7. 7. Evolution and Trends Systems and applications of growing scale, heterogeneity and pervasiveness ... “Towards the Internet of Things” Loosely-coupled ecosystems of services, multi-tenant systems, outsourced deployment, Software as a Service (SaaS). High frequency of change – dynamic adaptations are required. Support for long term evolution “All these trends impose challenges for the development and deployment of software and systems, the challenge of securing these co-evolves with these trends....”
  8. 8. From the FP7 Work Programme: ”Technology and Tools for Trustworthy ICT” In highly distributed networked process control systems and in networks of very high number of things. Understanding threat patterns for pro-active protection. For user-centric and privacy preserving identity management, including for management of risks and policy compliance verification. For management and assurance of security, integrity and availability, also at very long term, of data and knowledge in business processes and services. For assurance and assessment of the trustworthiness of complex and continuously evolving software systems and services. In enabling technologies for trustworthy ICT. This includes cryptography, biometrics; trustworthy communication; virtualisation; and certification methodologies.
  9. 9. Security Team: 9 professors, 80 researchers Prof. Bart Preneel Prof. Dave Clarke Prof. Vincent Rijmen Prof. Bart De Decker Prof. Ingrid Verbauwhede Prof. Christophe Huygens 7 postdocs Prof. Wouter Joosen 40+ doctoral students Prof. Frank Piessens 5 postdocs 30+ doctoral students 9
  10. 10. Illustration AES PeCMan [Open Competition1997-2001] [IBBT] 2007-2009 S3MS [FP6+] 2006-2009 Secure Change [FP7] 2009-2012 Turbine [FP7] 2008-2011 HATS [FP7] 2009-2013 TAS3 [FP7] 2008-2011
  11. 11. Cryptographic algorithms: Rijndael/AES S S S S S S S S S S S S S S S S round round MixColumns MixColumns MixColumns MixColumns S S S S S S S S S S S S S S S S Key Schedule round key length: 16/24/32 bytes block length: . . . Rijndael: 16/24/32 bytes . . AES: 16 bytes round From 2009 onwards all Intel processors will have a hardware AES implementation
  12. 12. S3MS: Security of Software and Services for Mobile Systems FP6 STREP and beyond Objective: creation of framework and technological solutions for secure deployment and execution of mobile applications Outcomes: Definition of the Security by Contract (SxC) paradigm Java ME and .NET CF realizations of all the necessary supporting technologies for SxC
  13. 13. S3MS: Security by contract in a nutshell
  14. 14. Turbine: Innovative Digital Identity Solutions TURBINE aims to develop innovative digital identity solutions, combining: secure, automatic user Name: SMITH identification thanks to Date of birth: ..... electronic fingerprint Identity managed by issuance State, including biometrics, authentication certificates & data protection mechanism reliable protection of the biometrics data through advanced cryptography technology. Mr SMITH + ID1 + I0I 0II I0I 0II II0 00II 0I ID2 + I0I I0I II0 I0I II0 I0I0 I0 ID3 + II0 0II 0II I0I I0I 0II0 I0 ..... Research efforts focus on transformation of a description of fingerprints, so that the result can only be re-generated by the person with the fingerprints. Identities are not invertible
  15. 15. PecMan: Introducing Security Service Bus Application Application Application Binding Binding Binding Authorization & Attribute Requests Security Service Bus Manager Service Authorization & Attribute Requests Authorization Service (XACML)
  16. 16. PecMan: An Open Deployment Architecture AZN Server PDP 1 Metadata Metadata 3P PIP 3P PEP 3P PIP PIP PEP PeCMan PeCMan Metadata 3rd Party 3rd Party Client Server Service Service Service Client MP1 PEP PeCMan Middleware platform 1 Middleware platform 2 Client PDP 2 Client PeCMan Server 1 PeCMan Server 2
  17. 17. TAS3 TAS3 focuses on federated identity management TAS3 consolidates scattered research inSecurity, Trust, Privacy, Digital identities, Authorization, Authentication… TAS3 integrates adaptive business-driven end2end Trust Services based on personal information:Semantic integration of Security, Trust, Privacy components TAS3 provides dynamic view on application-level end2end exchange of personal data:Distributed data repositories
  18. 18. TAS3 Employability Employability Companies Portfolio Repository Schools Private Employment Services Trusted Employability Platform Universities Training Institutes Public Employability Employment Social Services Service Network Providers Social Certification Security Services Services
  19. 19. HATS: Advanced software validation tools Advanced software validation tools need rigorous and unambiguous models Abstract Behavioural Specification Language Adaptability concerns drive its design Formalises successful SWPF development method Behavioural model: concurrency, composability, modularity, deployment Abstract away from programming languages, system architecture
  20. 20. HATS: Scaling Formal Methods to Adaptable Systems Software Family models describes ABS Modeling variability Language Parameter space Domain Feature model System derivation spatial & customization variability models Existing Formal Methods System Product SPEC#, JML, UML, OCL, State Diagrams, ... temporal evolution
  21. 21. Secure Change: Lifelong Development Cycle
  22. 22. 4 Research Programs for ICT Security Embedded Security Privacy and Identity Management Secure Software: support at the implementation level Security Engineering: support throughout the software/hardware engineering process
  23. 23. Obvious collaborations Enabling technologies Application domains Industrial collaboration Europe Flanders
  24. 24. 2019 WILL BRING...
  25. 25. THANK YOU

×