This document discusses securing IoT devices using the mbed ecosystem. It notes that IoT security is an important issue as vulnerabilities have been found in deployed systems. The mbed OS provides security for IoT devices through mbed TLS for secure communications, mbed uVisor for device security through isolation, and lifecycle management features. It argues that a platform OS like mbed OS is needed to address the complex security demands of IoT. The document outlines the security features and benefits provided by mbed TLS, mbed uVisor, and how they integrate with mbed OS to deliver comprehensive security for IoT products.
Practical real-time operating system security for the massesMilosch Meriac
Although real-time operating systems are ubiquitous in the industry, OS-level security features are silently absent in most microcontroller systems. As a result, securing these systems against active attackers becomes impractical due to the missing foundations.
We believe security does not need to cost an ARM and a leg in memory resources or device performance. Operating systems for MMU-less low-end microcontrollers should be on par with established security models. High end embedded systems security does not need to be exclusive to Cortex-A/x86 Linux systems.
uVisor is available under Apache License on Github : https://github.com/ARMmbed/uvisor
We will show how spatial isolation of process memories using the ARM v7M Memory Protection Unit (MPU) works - and how it effects interprocess-communication, memory management, thread synchronisation and internal protection of key-material.
We will then introduce temporal isolation for guaranteed operation and device safety even under local attack. To make our point we integrated an advanced security foundation into the vendor-independent RTOS abstraction layer CMSIS-RTOS. Our example implementation - the ARMmbed uVisor for CMSIS-RTOS - is available under the Apache License.
LAS16-112: mbed OS Technical Overview
Speakers: Sam Grove
Date: September 26, 2016
★ Session Description ★
ARM mbed OS is an open source embedded operating system designed
specifically for the “things” in the Internet of Things. It includes all the features you need to develop a connected product based on very small memory footprint ARM Cortex-M microcontrollers, including security,connectivity, an RTOS, and drivers for sensors and I/O devices. You can start developing with mbed OS 5.1.0 today using a choice of 40 different development boards from 11 different providers and a wide choice of toolchains including a complete command line build management and configuration tool mbed CLI, industry standard desktop IDEs or ARM’s free online IDE.
★ Resources ★
Etherpad: pad.linaro.org/p/las16-112
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-112/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
Importance of security
End node security is important in the Internet of Things
mbed provides a platform for IoT with security baked into the core
Entropy is a corner stone for security
Practical real-time operating system security for the massesMilosch Meriac
Although real-time operating systems are ubiquitous in the industry, OS-level security features are silently absent in most microcontroller systems. As a result, securing these systems against active attackers becomes impractical due to the missing foundations.
We believe security does not need to cost an ARM and a leg in memory resources or device performance. Operating systems for MMU-less low-end microcontrollers should be on par with established security models. High end embedded systems security does not need to be exclusive to Cortex-A/x86 Linux systems.
uVisor is available under Apache License on Github : https://github.com/ARMmbed/uvisor
We will show how spatial isolation of process memories using the ARM v7M Memory Protection Unit (MPU) works - and how it effects interprocess-communication, memory management, thread synchronisation and internal protection of key-material.
We will then introduce temporal isolation for guaranteed operation and device safety even under local attack. To make our point we integrated an advanced security foundation into the vendor-independent RTOS abstraction layer CMSIS-RTOS. Our example implementation - the ARMmbed uVisor for CMSIS-RTOS - is available under the Apache License.
LAS16-112: mbed OS Technical Overview
Speakers: Sam Grove
Date: September 26, 2016
★ Session Description ★
ARM mbed OS is an open source embedded operating system designed
specifically for the “things” in the Internet of Things. It includes all the features you need to develop a connected product based on very small memory footprint ARM Cortex-M microcontrollers, including security,connectivity, an RTOS, and drivers for sensors and I/O devices. You can start developing with mbed OS 5.1.0 today using a choice of 40 different development boards from 11 different providers and a wide choice of toolchains including a complete command line build management and configuration tool mbed CLI, industry standard desktop IDEs or ARM’s free online IDE.
★ Resources ★
Etherpad: pad.linaro.org/p/las16-112
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-112/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
Importance of security
End node security is important in the Internet of Things
mbed provides a platform for IoT with security baked into the core
Entropy is a corner stone for security
Resilient IoT Security: The end of flat security modelsMilosch Meriac
Compartmentalizing code and data on low-end MMU-less microcontrollers using the ARM memory protection unit as available on present ARM Cortex-M3 and ARM Cortex-M4 devices.
More information and source code is available at https://github.com/ARMmbed/uvisor . This slideset was presented in November at ARM TechCon 2015.
A practical approach to securing embedded and io t platformsArm
A practical approach to securing embedded & IoT platforms
What can we learn from mobile security and apply to IoT?
Building on proven security principles & Secure Partitioning Manager
What can be done to make the IoT developer’s job easier?
Summary
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...Cohesive Networks
Secure Your Azure Cloud Deployments with VNS3 Overlay Networks
Cohesive Networks CEO Patrick Kerpan and CTO Chris Swan present VNS3 overlay networking to help Microsoft Azure customers and partners better secure cloud deployments in this webinar from Microsoft Azure.
Learn how adding an overlay network to your Microsoft Azure cloud environment can boost security and connectivity. As your cloud environment grows with your business, your network becomes more important and complex.
An overlay network, a software-only network over the top of existing Azure cloud resources, can add controls for enhanced encryption, monitoring, interoperability, and connectivity.
You can create and manage your overlay network using VNS3 from Cohesive Networks. VNS3 is a customizable, layer 4 - 7 virtual networking device you can control to better manage and secure your Azure networks. Connect regions into one logical network, connect directly to customers or partners using secure IPsec tunnels, and ensure encryption for your network components to meeting industry regulations like HIPAA, PCI, or FIPS.
VNS3 even lets you connect your Azure subnets into other cloud providers’ availability zones for truly hybrird cloud flexibility. Join Cohesive Networks CEO and CTO for an in-depth look at overlay networks in Azure, along with real-life demos of our most popular use cases.
Dans le cadre de la 8ème edition des Cyber Security Days 2018, organisée par l'agence nationale de la sécurité informatique, notre partenaire Fortinet-Exclusive Networks a présenté son module "Fortinet Security Fabric".
Does your system run the risk of being attacked?
There is an increasing risk world-wide of sophisticated cyber-attacks being targeted towards critical infrastructure. A successful attack on these networks could have a substantial impact on our society, causing great economic loss or worse. Regardless of if you are upgrading an existing network or building a new one, the security of it should be a major consideration.
Micro-segmentation is a combination of firewalls, subnetting, and using VPNs to create an extremely secure network by locking down each individual device. A system which has implemented micro-segmentation enjoy benefits such as maintaining application security, reduce the attack surface and complying with regulations.
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallShilaThak
The FortiGate 1500D series delivers high-performance next-generation firewall (NGFW) capabilities for large enterprises and service providers. With multiple high-speed interfaces, high-port density, and high-throughput, ideal deployments are at the enterprise edge, hybrid data center core, and across internal segments. The FortiGate 1500D Firewall is a compact, Network Security Appliance ideal for use as both a Next-Generation Firewall and High-Performance Data Center Firewall at the Enterprise Edge. It delivers up to 80 Gbps firewall throughput and ultra-low latency as well as 11 Gbps next-generation threat protection and control over more than 3000 discrete applications
This presentation by Westermo’s Technical Lead Engineers Dakota Diehl and Benjamin Campbell, is an integral part of the Westermo webinar on February 27th 2020, covering 4 easy steps for increased cybersecurity protecting your critical industrial assets. https://www.westermo.com/news-and-events/webinars/4-easy-steps-for-increased-cybersecurity
The webinar, including this presentation, aimed to teach attendees how to improve their security posture and defend against cyber threats at the network edge.
Resilient IoT Security: The end of flat security modelsMilosch Meriac
Compartmentalizing code and data on low-end MMU-less microcontrollers using the ARM memory protection unit as available on present ARM Cortex-M3 and ARM Cortex-M4 devices.
More information and source code is available at https://github.com/ARMmbed/uvisor . This slideset was presented in November at ARM TechCon 2015.
A practical approach to securing embedded and io t platformsArm
A practical approach to securing embedded & IoT platforms
What can we learn from mobile security and apply to IoT?
Building on proven security principles & Secure Partitioning Manager
What can be done to make the IoT developer’s job easier?
Summary
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...Cohesive Networks
Secure Your Azure Cloud Deployments with VNS3 Overlay Networks
Cohesive Networks CEO Patrick Kerpan and CTO Chris Swan present VNS3 overlay networking to help Microsoft Azure customers and partners better secure cloud deployments in this webinar from Microsoft Azure.
Learn how adding an overlay network to your Microsoft Azure cloud environment can boost security and connectivity. As your cloud environment grows with your business, your network becomes more important and complex.
An overlay network, a software-only network over the top of existing Azure cloud resources, can add controls for enhanced encryption, monitoring, interoperability, and connectivity.
You can create and manage your overlay network using VNS3 from Cohesive Networks. VNS3 is a customizable, layer 4 - 7 virtual networking device you can control to better manage and secure your Azure networks. Connect regions into one logical network, connect directly to customers or partners using secure IPsec tunnels, and ensure encryption for your network components to meeting industry regulations like HIPAA, PCI, or FIPS.
VNS3 even lets you connect your Azure subnets into other cloud providers’ availability zones for truly hybrird cloud flexibility. Join Cohesive Networks CEO and CTO for an in-depth look at overlay networks in Azure, along with real-life demos of our most popular use cases.
Dans le cadre de la 8ème edition des Cyber Security Days 2018, organisée par l'agence nationale de la sécurité informatique, notre partenaire Fortinet-Exclusive Networks a présenté son module "Fortinet Security Fabric".
Does your system run the risk of being attacked?
There is an increasing risk world-wide of sophisticated cyber-attacks being targeted towards critical infrastructure. A successful attack on these networks could have a substantial impact on our society, causing great economic loss or worse. Regardless of if you are upgrading an existing network or building a new one, the security of it should be a major consideration.
Micro-segmentation is a combination of firewalls, subnetting, and using VPNs to create an extremely secure network by locking down each individual device. A system which has implemented micro-segmentation enjoy benefits such as maintaining application security, reduce the attack surface and complying with regulations.
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallShilaThak
The FortiGate 1500D series delivers high-performance next-generation firewall (NGFW) capabilities for large enterprises and service providers. With multiple high-speed interfaces, high-port density, and high-throughput, ideal deployments are at the enterprise edge, hybrid data center core, and across internal segments. The FortiGate 1500D Firewall is a compact, Network Security Appliance ideal for use as both a Next-Generation Firewall and High-Performance Data Center Firewall at the Enterprise Edge. It delivers up to 80 Gbps firewall throughput and ultra-low latency as well as 11 Gbps next-generation threat protection and control over more than 3000 discrete applications
This presentation by Westermo’s Technical Lead Engineers Dakota Diehl and Benjamin Campbell, is an integral part of the Westermo webinar on February 27th 2020, covering 4 easy steps for increased cybersecurity protecting your critical industrial assets. https://www.westermo.com/news-and-events/webinars/4-easy-steps-for-increased-cybersecurity
The webinar, including this presentation, aimed to teach attendees how to improve their security posture and defend against cyber threats at the network edge.
The presentation to introduce the Hands-on workshop we ran at Elektor Live! A chance for everyone to experiment with all sorts of interesting hardware.
How to Hunt for Lateral Movement on Your NetworkSqrrl
Once inside your network, most cyber-attacks go sideways. They progressively move deeper into the network, laterally compromising other systems as they search for key assets and data. Would you spot this lateral movement on your enterprise network?
In this training session, we review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.
The problem of generating a sequence of true random bits (suitable for cryptographic applications) from random discrete or analog sources is considered. A generalized
version, including Vector Quantization, of the classical approach by Elias for the generation of truly random bits is
introduced, and its performance is analyzed, both in the finite case and asymptotically. The theory allows us to provide an alternative proof of the optimality of the original
Elias’ scheme. We also consider the problem of deriving
random bits from measurements of a Poisson process and
from vectors of iid Gaussian variables. The comparison with
the scheme of Elias, applied to geometric-like non binary
vectors, originally based on the iso-probability property of permutations of iid variables, confirms the potential of the generalized scheme proposed in our work.
Terra Bruciata: an open source initiative for software correctnessRiccardo Bernardini
Terra Bruciata is an initiative aiming to creating an open source community placing very strong emphasis on software correctness. Our wild dream is to make the third digit of version number useless because patches for bug correction should not be necessary anymore.
This is a slide show (with a peculiar graphical format :-) ) describing the main idea of this initiative.
From Linux kernel livepatches to encryption to ASLR to compiler optimizations and configuration hardening, we strive to ensure that Ubuntu 16.04 LTS is the most secure Linux distribution out of the box.
These slides try to briefly explain:
- what we do to secure Ubuntu
- how the underlying technology works
- when the features took effect in Ubuntu
Threat Intelligence is by far one of the most over-used buzz words in the security industry. Many professionals have very mixed feelings about Threat Intelligence feeds as well. This discussion is around how LogRhythm’s internal security team utilizes Threat Intelligence to operationalize efficiently and streamline Security Operations processes and help improve an organization’s defenses. We will show how you can generate your own Threat Intelligence and create information sharing loops within like industries to fully realize the team's defensive capabilities. On top of the technical aspects around building out a good Threat Intel program, we will discuss how to manage this from a leadership perspective and get buy-in from the top. Most importantly, once these systems are in place, how we can show value to leadership using key performance indicators and leverage this to improve the overall security program.
PHDays '14 Cracking java pseudo random sequences by egorov & soldatovSergey Soldatov
This presentation was delivered at Positive Hack Days '14 in Moscow along with the following demos available on Youtube:
Demo#1: http://www.youtube.com/watch?v=mdOfZMsj4hA
Demo#2: http://www.youtube.com/watch?v=BwXhpjiCTyA
Demo#3: http://www.youtube.com/watch?v=B3EkrmNWeJs
Demo#4: http://www.youtube.com/watch?v=--ZuBUc2F2Y
BKK16-200 Designing Security into low cost IO T SystemsLinaro
….Trust and security are essential for the Internet of Things (IoT) to scale. As your product becomes successful, attraction will be high for it to be hacked and, as a consumer, you'll suffer with consequences if security is not baked into the system, at every level. With IoT, we now need to enable an appropriate level of security for low cost IoT designs done by people with little or no security expertise. In this presentation, you will learn how ARM, Linaro and the ARM partnership are securing these low cost IoT endpoints by providing device security, lifecycle security and communication security, without the need for in-depth security experts…
LAS16-203: Platform security architecture for embedded devicesLinaro
LAS16-203: Platform security architecture for embedded devices
Speakers: Mark Hambleton
Date: September 27, 2016
★ Session Description ★
Heads up on what ARM are doing with the new ARMv8-M architecture from a software perspective.
★ Resources ★
Etherpad: pad.linaro.org/p/las16-203
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-203/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Linaro
Session ID: SFO17-304
Session Name: Demystifying Security Root of Trust Approaches for IoT/Embedded
- SFO17-304
Speaker: Suresh Marisetty
Track: LHG,LITE,Security
★ Session Summary ★
The current trend of IoT market segment is expected to enable and deploy about 50 billion connected devices by year 2020. IoT devices will be deployed across the board to cater to multiple use cases like Home/building Automation, Automotive, a highly fragmented embedded segment: gateways, set top boxes, security cameras, industrial automation, digital signage, healthcare, etc. This trend will bring about a great challenge of securing the connected end point IoT devices from a myriad of physical and remote attacks ex: DDOS Mirai botnet launched through IoT devices like digital cameras and DVR players
Problem Statement: Each use cases has its own IoT device constraints like: Cost, Power, Performance, memory footprint, security objectives, etc. The fundamental basis for any secure IoT and Embedded solution is the Root of Trust (RoT), which provides assurance of the integrity of the system software from: boot and runtime firmware, to OS loader, to the Kernel, to the user Applications. This poses a serious issue and challenges the one-size fits all RoT solution model.
ARM has taken on this challenge head on to come up with a microcontroller security architecture solution that caters to the various IoT devices constraints, by offering ARM Cortex-M family of processors. ARM’s flexible and scalable architecture solution will allow an OEM or Silicon partner to adapt the base security architecture and to extend it in a seamless way. This caters to the requirements of different market segments through add-on hardware, firmware and software security enhancements.
The session will present the ARM’s base security system and software architecture based on the upcoming Cortex V8M solution that will provide a hardware and firmware assisted Trust Zone based Security RoT aka TBSA-M for a range of markets, to include the highly constrained IoT devices. Furthermore, the session will discuss about how the base RoT capability can be extended in a seamless way with additional hardware assisted mechanisms to offer high levels of functionality and/or robustness for less constrained IoT devises with options like TBSA-M+, TBSA-HSM and platform level security software abstraction framework to decouple the chosen RoT capability for various OSes and the Cloud security frameworks.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-304/
Presentation:
Video: https://www.youtube.com/watch?v=aIwmRXFOshs
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
Symposium on Securing the IoT - Security is the future of IoT - mbedAustin Blackstone
Presentation given at Symposium on Securing the IoT in Boston on October 30th 2018 - www.securingthenet.com. Covers the basic of why security is so important in IoT and how security is baked into the Arm Mbed / Pelion ecosystem by default.
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Tony Pearson
This session covers Pervasive Encryption on the IBM Z mainframe platform, Crypto features and concepts, and how to get started with Data Set level encryption. Presented at IBM TechU in Johannesburg, South Africa September 2019 as part of the z/OS Fast Start for Rookies track.
Presentation from Digital Transformation World May 15th 2018 covering:
Understanding the reality of data breaches today
Virtualization security challenges for the CSP 5G network
Key capabilities to create trustworthy 5G virtualized networks
Usage of secure enclaves to create a fabric of trust within the network
How to protect VNFs and enterprise applications, leveraging Intel SGX technology
Next Generation Embedded Systems Security for IOT: Powered by KasperskyL. Duke Golden
In an increasingly connected world full of new IOT technologies, the security risks are becoming the single biggest challenge as we advance toward a fully tech-enabled society. Kaspersky's security strategy is always - SECURE BY DESIGN.
Next Generation Embedded Security for IOT - Powered by Kaspersky Secure OS. This presentation examines our "Secure by Design" alternative to legacy Microsoft / Linux OS - together with an end-to-end IOT security strategy. This presentation was originally given publicly at the CEBIT 2017 Event in Hannover, Germany.
A big challenge for mobile network operators in the new, ever-evolving 5G era is the signaling security of the standardized protocols used in order to exchange data. Telecommunication companies face this challenge and have to be on the verge every time there is a potential hacker attack. What is the best way to approach these striking threats and even to be ready before it occurs?
In our webinar, Positive Technologies will offer you several breakthrough strategies on how to deal with security flaws in telecom.
Our expert will show you the evolution of protocol security, share insights into the potential activities of a hacker and give useful advice about compliance with security standards.
ICC's unified IP data networking solution also layers into its solution security features with a range of capabilities for the customer to select from. Inclusive of WDS, VLANs, DoS attack prevention, and a host of other capabilities, ICC's icXchange networking solutions are full features without additional licensing for enterprise features.
ICC's unified IP data networking solution also layers into its solution security features with a range of capabilities for the customer to select from. Inclusive of WDS, VLANs, DoS attack prevention, and a host of other capabilities, ICC's icXchange networking solutions are full features without additional licensing for enterprise features.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
IoT deployments will not scale without trust
Low priority and dynamic
Very few developers have strong security experience
Even if there is no secure data/privacy issues
and must not be made an option
Updates become the malware infection vector
DDOS flatten battery
In the wall This is not the PC world, no reset, no reinstall
History of engineering closed systems
Somewhat secure thanks to isolation (SW, communication and physical) and obscurity (low volume)
Very little code reuse and design commonality between systems
These “Embedded” norms can’t survive in a successful connected IoT world
When you add networking everything changes
Exposed systems connected to the internet
Managing high complexity in networking stacks requires code reuse and modern dev approach
MCUs need to become accessible to a larger audience of developers
Few developers have security experience
mbed IoT Device Platform is the best starting point
Security is not a black and white thing. It is not either on or off. It must be deployed in proportion to the need for security.
Before security thread-models are defined it is important to have a holistic view of business requirements.
Then appropriate security choices can be made (the cost and effort to be expended on a security solution is a factor here).
Even the most basic application which has static service session information determined at the time of manufacture (e.g. a fixed symmetric key) need fairly sophisticated security functionality. Communication security (as implemented by mbed TLS) enables the device to have basic authentication, confidentiality and integrity for data sent to and from it over the internet. The mbed Cloud Connect service is also provides the security required to use a specific device with a particular cloud application. Many IoT platforms don’t provide much more security than this but at this level it is impossible to securely provision new keys/certificates onto the device or update its firmware. This severely limits the useful lifetime of the device (or risks relying on a device deployment investment with little security protection). Also this limited device security means that valuable secrets can’t safely be stored on the device. As a result this level of security is best suited to disposable devices where the value of device deployment does not need to be maintained and the secrets on the device are low value.
Many applications will demand a larger investment in security. Adding mbed OS uVisor capability enables greater protection of secrets scored on the device and provides greater trust for device identity, integrity. This in combination with mbed Cloud Provision and mbed Cloud Update allows deployed device to flexibly connect to new services and form new secure relationships over its lifetime while keeping pace with changes to security standards and newly discovered protocol vulnrabilites. This protects business investment in large device deployments. At this stage the device can be trusted to implement most common IoT applications and to store important secrets with adequate protection.
Beyond this some specialist applications may require higher levels of security such as resistance to LAB attacks while storing very valluable secrets. This would required the addition of more expensive hardware counter measures and anti-tamper features. This can be supported alongside mbed OS security features.
Mention mbed TLS website with list of vulnerabilities
Third party stacks
The future mbed roadmap will deliver pervasive security across all of our device services (mbed Cloud) and device software (mbed OS; mbed TLS; mbed for X). This security covers many different aspects and exists in may different layers of our mbed IoT Device Platform. Broadly speaking we can categorize all these security aspects into three distinct areas:
Device Security: This comprises of all security aspects implemented in mbed Device Sofware running on IoT end nodes. Our roadmap for this includes SW functionality to implement security related to connectivity, provisioning and device update. These higher level rich protocol/functionality modules will be supported by basic security components that include secure boot; secure storage primitives; low level key management; device identity and cryptographic libraries supporting both full SW implementations and secure interfaces to hardware crypto accelerators. These basic security components can, optionally, reside within and be protected by Trusted Execution Environments (TEE) or secure supervisory kernels such as the mbed OS uVisor when this is supported by the device hardware. This adds additional protection by providing secure isolation of system resources for each software component.
Communication Security: Based on widely deployed and most thoroughly tested security available for internet communication today. mbed Communication Security is implemented by the mbed TLS library which provides all the functionality required to implement the full TLS and DTLS protocols. The mbed TLS library is use in the device software and within the mbed Cloud services. This provide end-to-end communication security from each end node into mbed Cloud across the internet.
Management Security: Implemented within our mbed Cloud services this enables secure lifecycle management for large deployments of end nodes. This will encompass secure device connectivity; secure device provisioning and secure device update services. This is vital to enable IoT deployments to scale. Critically our update service will enable agile security to be implemented across the entire mbed IoT Device Platform. This protects investment in large deployments and enables our IoT security to evolve alongside state of the art internet security. It will also provide secure links into Cloud Application Platforms so that entire IoT applications can be fully secured.