Application security as crucial to the modern distributed trust model

•

0 likes•4,690 views

The document discusses the need for application layer security given three modern trends: scale, hyperconnectivity, and the merger of cyber and physical worlds. It notes that by 2020 there will be billions of connected people and devices generating huge amounts of data. Application security is crucial because isolation defeats connectivity, and ransomware and other malware pose risks. The document argues that software self-defense through mechanisms within devices and applications can help address these issues, providing security that is simple, self-maintaining, and inexpensive.

Technology

© 2017 Intertrust Technologies Corporation. All rights reserved.
Application security as crucial to  
the modern distributed trust model
LINE-Intertrust Security Summit 1 —Tokyo 
May 17, 2017
Dave Maher, CTO Intertrust

© 2017 Intertrust Technologies Corporation. All rights reserved.
Three drivers for Application layer security
2
1. Scale
2. Hyper-connectivity
3. Implications of Merger of the Cyber and Physical worlds

© 2017 Intertrust Technologies Corporation. All rights reserved.
Scale
3
20204
BILLION

Connected People
$4
TRILLION

Revenue Opportunity
25+
MILLION

Apps
25+
BILLION

Embedded and
Intelligent Systems
50
TRILLION

GBs of Data

© 2017 Intertrust Technologies Corporation. All rights reserved.
Hyperconnectivity and dynamic and ephehemeral networks
4

© 2017 Intertrust Technologies Corporation. All rights reserved.
Merger of Cyber and Physical worlds bring huuuuge risks
5

© 2017 Intertrust Technologies Corporation. All rights reserved.
Isolation defeats the purpose of connectivity
6

© 2017 Intertrust Technologies Corporation. All rights reserved.
Ransomware and other malware
7

© 2017 Intertrust Technologies Corporation. All rights reserved.
Software self-defense addresses scale
8
Things must become  
responsible for themselves

© 2017 Intertrust Technologies Corporation. All rights reserved. 9

© 2017 Intertrust Technologies Corporation. All rights reserved.
• Security within the device or application — self-defense

• Security mechanisms that are simple for users, self-maintaining, inexpensive yet strong

• Security can be lightweight yet strong

• Defense-in-depth: Additional layers, including

• Network security where appropriate

• Cloud-based services that can detect patterns of illicit activity

• Protection of application data and device sensor info

• Protection of resources

• Secure delegation: Make it easy to give access to legitimate users but hard for illicit users
Trust models — what we rely on for Safety, Security, Privacy
10

© 2017 Intertrust Technologies Corporation. All rights reserved.
Model for an internet connected thing
11
Sensors
Physical Interfaces
Communications
Security Associations
Remote Controller
Cloud 
Services
Thing
Remote Front Panel Status
Security Manager

© 2017 Intertrust Technologies Corporation. All rights reserved.
• Except by legitimate users

• Part of a defensed in depth strategy

• When a device or application appears on a network, don’t shout out too much

• Incremental and tokenized discovery can keep things friendly for legitimate users

• Protocols can help assure things appear uninteresting to illegitimate users
Make valuable devices diﬃcult to discover
12

© 2017 Intertrust Technologies Corporation. All rights reserved.
Reference Monitor
13
Reference Monitor
Security Associations
Audit Trail
Device ControlsUser

© 2017 Intertrust Technologies Corporation. All rights reserved.
• A Security Association (SA) is the establishment of shared security attributes
between two network entities to support secure communication
• We can use a similar approach for authorization using Message Authentication Codes
• We can include permissions in an SA authorizing use of commands or access to state
and sensor data in a device or application
• Keys are typically part of an SA
• We can use cloud services to simplify SA management and associated key
management for IoT devices and applications
Security Associations
14

© 2017 Intertrust Technologies Corporation. All rights reserved.
Secure Key Vault
15
• Access to applications and devices
can be protected using cryptographic
keys in security associations
• Need a secure place to keep them

© 2017 Intertrust Technologies Corporation. All rights reserved.
• Collect behavior info from devices and applications

• Learn normal behavior

• Detect and classify anomalies

• Determine threat thresholds

• Set alarms and notiﬁcations

• All without tipping oﬀ intruders
Secure Telemetry and Threat Analytics
16

© 2017 Intertrust Technologies Corporation. All rights reserved.
1. When we design applications and IoT devices today we must keep in mind

• Scale

• Hyper-connectivity

• Implications of Merger of the Cyber and Physical worlds

2. We CAN keep things simple and friendly but we must take care
17
Conclusion

© 2017 Intertrust Technologies Corporation. All rights reserved.
Thank you

The Internet of Things and Machine to Machine are growing areas, and security and privacy are prime issues. In this session security challenges are examined around using M2M devices with protocols such as MQTT & CoAP - encryption, federated identity and authorisation models in particular. On the topic of encryption, we’ll examine securing MQTT with TLS, challenges with Arduino, and using hardware encryption for microcontrollers. A key privacy requirement for user-centric IoT use cases will be giving users control over how their things collect and share data. On the Internet, protocols like OAuth 2.0, OpenID Connect & User Managed Access have been defined to enable a privacy-respecting user consent & authorization model. We'll look at the issues with applying these protocols to the M2M world and review existing proposals & activity for extending the above M2M protocols to include federated identity concepts. The session included a live demonstration of Arduino and Eclipse Paho inter-operating secured by OAuth 2.0.

Price: $1,899.00 Length: 2 Days IoT ( Internet of things ) security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT). IoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected. IoT Security Training covers The Internet of Things security and examines IoT conventions, potential dangers, vulnerabilities, abuse, information ruptures, security structure and alleviation. Learn about: IoT Principles: The Internet of Things Overview Principles for Connected Devices IoT Design Principles Principles of IoT Security IoT Attack Areas IoT Vulnerabilities IoT Firmware Analysis IoT Software Weaknesses IoT Security Verification, Validation and Testing IoT Security Assessment on IoT devices Assessing IoT devices attack surfaces Evaluation of IoT device firmware analysis, attack surface, vulnerabilities and exploiting the vulnerabilities. Course Topics Include: Overview and analysis of IoT devices and IoT implementation use cases IoT Architecture IoT Architectural and Design Requirements IoT Security Fundamentals IoT Security Standards NIST Framework: Cyber Physical Systems IoT Governance and Risk Management IoT Security Compliance and Audit IoT Encryption and Key Management IoT Identity and Access Management IoT Security Challenges IoT Security in Critical Infrastructure IoT Security in Personal infrastructure IoT Vulnerabilities Wireless Security applied to IoT ZigBee and Bluetooth Security LTE and Mobile Security Cloud-based web interface security More... Request more information. Visit course link below https://www.tonex.com/training-courses/iot-security-training-iot-security-awareness/

[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy

Nur Shiqim Chok

Internet of Things - Privacy and Security issues

Pierluigi Paganini

Security Fundamental for IoT Devices; Creating the Internet of Secure Things

Design World

Cyberthreats: causes, consequences, prevention

moldovaictsummit2016

Cisco Connect 2018 Vietnam - data center transformation - vn

NetworkCollaborators

AI/ML for Real-time decision-making in IT/OT

Justin Hayward

Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation

NetworkCollaborators

Privacy & Security for the Internet of Things

Gerry Elman

Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation

NetworkCollaborators

Turgay dereli 283286 software eng. ass 2-Turgay Dereli

Conference Security by Design - Gemalto - Security in IoT

Witekio

Arnaud Thiercelin at AI Frontiers : AI in the Sky

AI Frontiers

Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...

NetworkCollaborators

Mobile Security Research Projects Help

Network Simulation Tools

Cisco Connect 2018 Indonesia - Cybersecurity Strategy

NetworkCollaborators

IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...

CableLabs

As IoT insecurity creates vulnerabilities, policymakers become concerned about the health of the Internet. How can public policy address these concerns in a smart way, targeting their efforts to improve IoT security without imposing unnecessary costs across the Internet ecosystem or creating unintended effects? What is the role of government versus industry? Gerald Faulhaber Professor Emeritus, Business Economics & Public Policy, Wharton School https://www.cablelabs.com/informed/

Hacker Proof: Building Secure Software

Cesar Cerrudo

Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011

EASTWEST Public Relations

TechWiseTV Workshop: Encrypted Traffic Analytics

Robb Boyd

FIDO認証で「あんしんをもっと便利に」

LINE Corporation

Prometheus casual talk1

wyukawa

What's hot

IoT Security Awareness Training : Tonex Training

Bryan Len

[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy

Nur Shiqim Chok

Internet of Things - Privacy and Security issues

Pierluigi Paganini

Security Fundamental for IoT Devices; Creating the Internet of Secure Things

Design World

Cyberthreats: causes, consequences, prevention

moldovaictsummit2016

Cisco Connect 2018 Vietnam - data center transformation - vn

NetworkCollaborators

AI/ML for Real-time decision-making in IT/OT

Justin Hayward

Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation

NetworkCollaborators

Privacy & Security for the Internet of Things

Gerry Elman

Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation

NetworkCollaborators

Turgay dereli 283286 software eng. ass 2-Turgay Dereli

Conference Security by Design - Gemalto - Security in IoT

Witekio

Arnaud Thiercelin at AI Frontiers : AI in the Sky

AI Frontiers

Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...

NetworkCollaborators

Mobile Security Research Projects Help

Network Simulation Tools

Cisco Connect 2018 Indonesia - Cybersecurity Strategy

NetworkCollaborators

IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...

CableLabs

Hacker Proof: Building Secure Software

Cesar Cerrudo

Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011

EASTWEST Public Relations

TechWiseTV Workshop: Encrypted Traffic Analytics

Robb Boyd

What's hot (20)

IoT Security Awareness Training : Tonex Training

[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy

Internet of Things - Privacy and Security issues

Security Fundamental for IoT Devices; Creating the Internet of Secure Things

Cyberthreats: causes, consequences, prevention

Cisco Connect 2018 Vietnam - data center transformation - vn

AI/ML for Real-time decision-making in IT/OT

Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation

Privacy & Security for the Internet of Things

Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation

Turgay dereli 283286 software eng. ass 2-

Conference Security by Design - Gemalto - Security in IoT

Arnaud Thiercelin at AI Frontiers : AI in the Sky

Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...

Mobile Security Research Projects Help

Cisco Connect 2018 Indonesia - Cybersecurity Strategy

IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...

Hacker Proof: Building Secure Software

Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011

TechWiseTV Workshop: Encrypted Traffic Analytics

Viewers also liked

FIDO認証で「あんしんをもっと便利に」

LINE Corporation

Prometheus casual talk1

wyukawa

promgen - prometheus managemnet tool / simpleclient_java hacks @ Prometheus c...

Tokuhiro Matsuno

Prometheus on AWS

Mitsuhiro Tanda

ゲーム開発を加速させるクライアントセキュリティ

LINE Corporation

Monitoring Kafka w/ Prometheus

kawamuray

Introduction to the FIDO Alliance

FIDO Alliance

Viewers also liked (7)

FIDO認証で「あんしんをもっと便利に」

Prometheus casual talk1

promgen - prometheus managemnet tool / simpleclient_java hacks @ Prometheus c...

Prometheus on AWS

ゲーム開発を加速させるクライアントセキュリティ

Monitoring Kafka w/ Prometheus

Introduction to the FIDO Alliance

Similar to Application security as crucial to the modern distributed trust model

Introduction to roof computing by Nishant Krishna

CodeOps Technologies LLP

Business Continuity and app Security

Cristian Garcia G.

Mediante el uso del marco de perímetro digital seguro, implementando un modelo “defense-in depth” se logrará la continuidad de las operaciones para evitar que los ataques maliciosos afecten las mismas y proporcionar resiliencia de acceso seguro y de red durante interrupciones, desastres naturales y calamidades. Esto permite a la fuerza de trabajo reanudar rápidamente industrias de actividades críticas y esenciales.

Bridgera enterprise IoT Software Solutions

Ron Pascuzzi

Trends in IoT 2017

Dr Ganesh Iyer

Manage Risk by Protecting the Apps and Data That Drive Business Productivity

Citrix

Secure your Space: The Internet of Things

The Security of Things Forum

The 5 Crazy Mistakes IoT Administrators Make with System Credentials

BeyondTrust

In this presentation from his webinar, Rob Black, CISSP, Founder and Managing Principal of Fractional CISO, explores IoT architectures, the different types of credentials in an IoT system, the common challenges with IoT credential management, and what you can do to mitigate the risks of credential-based attacks. You can also watch the full webinar on-demand here: https://www.beyondtrust.com/resources/webinar/5-crazy-mistakes-administrators-make-iot-system-credentials/

Cybersecurity In IoT Challenges And Effective Strategies.pdf

RahimMakhani2

Strengthen Cloud Security

Lora O'Haver

How Aetna Mitigated 701 Malware Infections on Mobile Devices

Skycure

What is Network Security and Why is it Needed?

lorzinian

Understanding IoT Security: How to Quantify Security Risk of IoT Technologies

Denim Group

IoT devices are proliferating throughout corporate networks raising concerns about security risks they may introduce. However, IoT technologies differ in many ways from most enterprise-ready technologies that currently exist. Understanding the risks that IoT represents and how to best quantify that risk can be a challenge for many security leaders. This webinar provides an overview of IoT architectures, how they differ from existing infrastructure devices, and how best to measure the risk IoT devices represent. It will expose attendees to concepts like Threat Modeling for IoT and provide additional references that will help build a successful IoT security assessment program.

Glenn Lazarus- Why Your Observability Strategy Needs Security Observability

itnewsafrica

MILCOM 2013 Keynote Presentation: Larry Payne

AFCEA International

CeBIT IoT Forum (2017)

Marc Jadoul

Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...

NetworkCollaborators

Cloudy with a Chance of...Visibility, Accountability & Security

Forcepoint LLC

Cloud adoption is driving value into businesses like never before. Trying to manage security and compliance in the use of cloud platforms and applications can be challenging, with visibility being "cloudy" at best. That situation can drive stress and frustration into already overworked security teams. In this session Doug Copley will explain how the latest cloud security platforms can be the foglight to improve visibility and information risk management while enabling organizations to safely adopt those transformative technologies that will advance the mission of the organization.

Cyber Security Intelligence

ijtsrd

As more business activities are being automated and an increasing number of computers are being used to store sensitive information, the need for secure computer systems becomes more apparent. This need is even more apparent as systems and applications are being distributed and accessed via an insecure network, such as the internet. The internet itself has become critical for governments, companies, financial institutions, and millions of everyday users. Networks of computers support a multitude of activities whose loss would all cripple these organizations. As a consequences Cyber Security issues have become national security issues. Protecting the internet is a very difficult task. Cyber Security can be obtained only through systematic development. P. H. Gopi Kannan | A. Karthik | M. Karthikeyan "Cyber Security" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33483.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/33483/cyber-security/p-h-gopi-kannan

Embracing secure, scalable BYOD with Sencha and Centrify

Sumana Mehta

Scalable enterprise mobility solutions: How to give your employees tools they need without sacrificing user experience and security. Consumerization of IT and BYOD are here – and it’s a GOOD thing. Today's dynamic workplaces and hyper-competitive markets drive demand for more mobile productivity solutions. Nearly 70% of enterprise employees report making better decisions, being more productive and happier if they are allowed to use mobile devices and cloud-based tools. Yet, IT organizations often resist these trends because of cost and risk associated with multi-platform, multi-device ecosystem having access to corporate data and resources. In this webinar, product experts from Sencha and Centrify will help your organization embrace BYOD and SaaS in a cost-effective, scalable way. Sencha Space is an advanced platform for securely deploying mobile apps and delivering a consistent, elegant, mobile user experience to end-users. Users can launch any mobile web app, or HTML5 app in a secure, managed environment. Combining Space with secure, Active Directory- or Cloud-Based Identity and Access Management (IAM) from Centrify gives IT visibility and control over mobile platforms and SaaS / in-house apps while improving user experience and reducing security risk.

Making the Case for Stronger Endpoint Data Visibility

dianadvo

As security practitioners, we often get caught up worrying about protecting against the latest threat or patching the latest zero-day, however we should spend at least an equal amount of time understanding the data risks of our users and how to offer both better visibility into endpoint data usage, as well as guidance into good data protection practices. There are a number of different products and vendors that touch on these aspects, but there is no one-stop shop for data protection, and likely never will be. DLP, or Data Loss Prevention, can look at known content types for matches and take protective actions. However, most DLP deployments never moved beyond monitoring due to over-blocking or false positive concerns. Endpoint employee monitoring can take good forensic information, even screenshots to recreate evidence of either inappropriate data usage, or other significant events, though these types of technology are often cumbersome, hard to realize the value and present some serious privacy and ethical concerns. EDR or Endpoint Detection and Response is very threat-focused, with a severe limit on data visibility, and often does little more than capture a checksum of a file, with no content inspection or awareness. UEBA, or User and Entity Behavior Analytics, can often be deployed in conjunction with SIEM or log management capabilities to get a better contextual view of your organization, however, you must first have some semblance of “normal” or a baseline before you can uncover abnormal. Organizations should begin building the case for stronger endpoint data visibility. This improved data visibility must be easy to use, fast to provide actionable answers, not impede other endpoint security capabilities, and most importantly provide the financial impact of endpoint data and the decisions that users make with that data.

Similar to Application security as crucial to the modern distributed trust model (20)

Introduction to roof computing by Nishant Krishna

Business Continuity and app Security

Bridgera enterprise IoT Software Solutions

Trends in IoT 2017

Manage Risk by Protecting the Apps and Data That Drive Business Productivity

Secure your Space: The Internet of Things

The 5 Crazy Mistakes IoT Administrators Make with System Credentials

Cybersecurity In IoT Challenges And Effective Strategies.pdf

Strengthen Cloud Security

How Aetna Mitigated 701 Malware Infections on Mobile Devices

What is Network Security and Why is it Needed?

Understanding IoT Security: How to Quantify Security Risk of IoT Technologies

Glenn Lazarus- Why Your Observability Strategy Needs Security Observability

MILCOM 2013 Keynote Presentation: Larry Payne

CeBIT IoT Forum (2017)

Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...

Cloudy with a Chance of...Visibility, Accountability & Security

Cyber Security Intelligence

Embracing secure, scalable BYOD with Sencha and Centrify

Making the Case for Stronger Endpoint Data Visibility

Recently uploaded

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Neo4j

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Large Language Model (LLM) and it’s Geospatial Applications

Rohit Gautam

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

Microsoft - Power Platform_G.Aspiotis.pdf

Uni Systems S.M.S.A.

UiPath Test Automation using UiPath Test Suite series, part 6

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI. UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities. Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes. What will you get from this session? 1. Insights into integrating generative AI. 2. Understanding how this integration enhances test automation within the UiPath platform 3. Practical demonstrations 4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath Topics covered: What is generative AI Test Automation with generative AI and Open AI. UiPath integration with generative AI Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Mind map of terminologies used in context of Generative AI

Kumud Singh

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Neo4j

Leonard Jayamohan, Partner & Generative AI Lead, Deloitte This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Artificial Intelligence for XMLDevelopment

Octavian Nadolu

In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject. We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup. Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved. The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring. The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise. By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

20240605 QFM017 Machine Intelligence Reading List May 2024

Matthew Sinclair

Recently uploaded (20)

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

GraphRAG is All You need? LLM & Knowledge Graph

PCI PIN Basics Webinar from the Controlcase Team

Large Language Model (LLM) and it’s Geospatial Applications

Introduction to CHERI technology - Cybersecurity

Microsoft - Power Platform_G.Aspiotis.pdf

UiPath Test Automation using UiPath Test Suite series, part 6

Mind map of terminologies used in context of Generative AI

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

Artificial Intelligence for XMLDevelopment

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

The Art of the Pitch: WordPress Relationships and Sales

Monitoring Java Application Security with JDK Tools and JFR Events

Elizabeth Buie - Older adults: Are we really designing for our future selves?

20240605 QFM017 Machine Intelligence Reading List May 2024

Application security as crucial to the modern distributed trust model

1. © 2017 Intertrust Technologies Corporation. All rights reserved. Application security as crucial to   the modern distributed trust model LINE-Intertrust Security Summit 1 —Tokyo  May 17, 2017 Dave Maher, CTO Intertrust

2. © 2017 Intertrust Technologies Corporation. All rights reserved. Three drivers for Application layer security 2 1. Scale 2. Hyper-connectivity 3. Implications of Merger of the Cyber and Physical worlds

3. © 2017 Intertrust Technologies Corporation. All rights reserved. Scale 3 20204 BILLION Connected People $4 TRILLION Revenue Opportunity 25+ MILLION Apps 25+ BILLION Embedded and Intelligent Systems 50 TRILLION GBs of Data

10. © 2017 Intertrust Technologies Corporation. All rights reserved. • Security within the device or application — self-defense • Security mechanisms that are simple for users, self-maintaining, inexpensive yet strong • Security can be lightweight yet strong • Defense-in-depth: Additional layers, including • Network security where appropriate • Cloud-based services that can detect patterns of illicit activity • Protection of application data and device sensor info • Protection of resources • Secure delegation: Make it easy to give access to legitimate users but hard for illicit users Trust models — what we rely on for Safety, Security, Privacy 10

11. © 2017 Intertrust Technologies Corporation. All rights reserved. Model for an internet connected thing 11 Sensors Physical Interfaces Communications Security Associations Remote Controller Cloud  Services Thing Remote Front Panel Status Security Manager

12. © 2017 Intertrust Technologies Corporation. All rights reserved. • Except by legitimate users • Part of a defensed in depth strategy • When a device or application appears on a network, don’t shout out too much • Incremental and tokenized discovery can keep things friendly for legitimate users • Protocols can help assure things appear uninteresting to illegitimate users Make valuable devices diﬃcult to discover 12

14. © 2017 Intertrust Technologies Corporation. All rights reserved. • A Security Association (SA) is the establishment of shared security attributes between two network entities to support secure communication • We can use a similar approach for authorization using Message Authentication Codes • We can include permissions in an SA authorizing use of commands or access to state and sensor data in a device or application • Keys are typically part of an SA • We can use cloud services to simplify SA management and associated key management for IoT devices and applications Security Associations 14

15. © 2017 Intertrust Technologies Corporation. All rights reserved. Secure Key Vault 15 • Access to applications and devices can be protected using cryptographic keys in security associations • Need a secure place to keep them

16. © 2017 Intertrust Technologies Corporation. All rights reserved. • Collect behavior info from devices and applications • Learn normal behavior • Detect and classify anomalies • Determine threat thresholds • Set alarms and notiﬁcations • All without tipping oﬀ intruders Secure Telemetry and Threat Analytics 16

17. © 2017 Intertrust Technologies Corporation. All rights reserved. 1. When we design applications and IoT devices today we must keep in mind • Scale • Hyper-connectivity • Implications of Merger of the Cyber and Physical worlds 2. We CAN keep things simple and friendly but we must take care 17 Conclusion

Application security as crucial to the modern distributed trust model

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (7)

Similar to Application security as crucial to the modern distributed trust model

Similar to Application security as crucial to the modern distributed trust model (20)

More from LINE Corporation

More from LINE Corporation (20)

Recently uploaded

Recently uploaded (20)

Application security as crucial to the modern distributed trust model