Performance and penetration_testing_with_a_partner_how_to_start!Sasha Kolomiichuk
Even for small and midsize businesses, the security and response times of their IT
systems are critical. Therefore it’s important to run the systems through thorough
testing before launching them into production. But the execution of performance and
penetration testing can be challenging. In-house teams often lack the time, experience
or knowledge of the test tools and test techniques required.
RSA 2015 Realities of Private Cloud SecurityScott Carlson
My 2015 Talk at the RSA US Conference on Private Cloud Security and ways that companies need to think about their cloud as they built it within their private data center
Identity-Based Security and Privacy for the Internet of ThingsPriyanka Aash
The Internet of Things presents both a challenge and opportunity for identity management - a challenge because existing mechanisms for authentication & authorization must be extended and adapted for the particular constraints of devices (both legacy and new) and an opportunity because the devices that users more and more carry with them offer new abilities to enable a more seamless authentication experience for those users. Both of these aspects demand a consistent, cohesive and interoperable identity layer across IoT verticals, platforms, and protocols. Critically, we need an identity layer that acknowledges the full continuum of risk (and so appropriate security measures) that the IoT presents. Good security means knowing who entities (both device & user) are and what they should or should not be allowed to do. Good privacy requires that users will be able to control how their devices collect, store and share data. This talk will examine how existing & new tools (like OAuth, UMA, FIDO, and DLTs) may help meet these fundamental requirements for securing the IoT.
(Source: RSA Conference USA 2018)
Performance and penetration_testing_with_a_partner_how_to_start!Sasha Kolomiichuk
Even for small and midsize businesses, the security and response times of their IT
systems are critical. Therefore it’s important to run the systems through thorough
testing before launching them into production. But the execution of performance and
penetration testing can be challenging. In-house teams often lack the time, experience
or knowledge of the test tools and test techniques required.
RSA 2015 Realities of Private Cloud SecurityScott Carlson
My 2015 Talk at the RSA US Conference on Private Cloud Security and ways that companies need to think about their cloud as they built it within their private data center
Identity-Based Security and Privacy for the Internet of ThingsPriyanka Aash
The Internet of Things presents both a challenge and opportunity for identity management - a challenge because existing mechanisms for authentication & authorization must be extended and adapted for the particular constraints of devices (both legacy and new) and an opportunity because the devices that users more and more carry with them offer new abilities to enable a more seamless authentication experience for those users. Both of these aspects demand a consistent, cohesive and interoperable identity layer across IoT verticals, platforms, and protocols. Critically, we need an identity layer that acknowledges the full continuum of risk (and so appropriate security measures) that the IoT presents. Good security means knowing who entities (both device & user) are and what they should or should not be allowed to do. Good privacy requires that users will be able to control how their devices collect, store and share data. This talk will examine how existing & new tools (like OAuth, UMA, FIDO, and DLTs) may help meet these fundamental requirements for securing the IoT.
(Source: RSA Conference USA 2018)
Things you need to know in implementing security controls to comply with PCI for Hadoop and ancillary applications either through tokenization or encryption.
HIPAA 101 Compliance Threat Landscape & Best PracticesHostway|HOSTING
The healthcare IT landscape is changing daily, and trying to keep up with requirements like HIPAA and HITECH can leave you and your clients extremely vulnerable. Register today to hear more about the current HIPAA threat landscape and learn best practices for protection.
Experts from Hostway and Alert Logic will keep you up-to-date on the latest trends in healthcare IT.
You'll learn about the following:
- The current state of the healthcare IT industry and the role of HIPAA
- Threats associated with the healthcare landscape
- How a security breach can impact your organization
- Security best practices for HIPAA compliant cloud hosting and more!
Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...Nagios
Jared Bird's presentation on providing value with Nagios.
The presentation was given during the Nagios World Conference North America held Sept 25-28th, 2012 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Penetration testing is set of system through which security system is checked to find out how it works during the time of threats. By this all the lope holes are taken out and are sorted out for better performance of the system in preventing hacking.
Elements of the discussion will include:
– Insight into emerging cyber threats
– A profile of today’s evolved hackers: what they are after, why, and how they’re getting what they want
– Strategies and tools you can implement to safeguard against attacks
Présentation de la suite ELK dans un contexte SIEM et zoom sur Wazuh (OSSEC) , IDS open source
Venez découvrir comment être proactif face aux problèmes de cyber sécurité en analysant les données fournies par vos équipements et applications critiques.
BeyondCorp - Google Security for Everyone ElseIvan Dwyer
Presentation given at the Rocky Mountain InfoSec Conference - May 10, 2017.
Gives an overview of Google's BeyondCorp project, why Zero Trust is the right framework to follow, and how to get started at your own company.
Learn more about BeyondCorp at: www.beyondcorp.com
Learn more about ScaleFT at: www.scaleft.com
McAfee - McAfee Application Control (MAC) - WhitelistingIftikhar Ali Iqbal
The presentation provides the following:
- McAfee Company Overview
- McAfee Strategy
- Whitelisting Strategy - Gartner
- McAfee Endpoint Protection
- McAfee Application Control (MAC) Overview
- McAfee Application Control (MAC) Modes
- McAfee Application Control (MAC) Features
- McAfee Application Control (MAC) Trust Model
- McAfee Application Control (MAC) Architecture
- McAfee Application Control (MAC) Licenses & Packaging
Please note all the information is based prior to Aug 2019.
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)Iftikhar Ali Iqbal
The presentation provides the following:
- McAfee Company Overview
- McAfee Strategy
- McAfee Portfolio Overview
- Endpoint Security Challenges
- McAfee Endpoint Protection Platform
- McAfee Active Response Overview
- McAfee Active Response Features
- McAfee Active Response Architecture
- McAfee Active Response Workflow
- McAfee Active Response Licenses & Packaging
Please note all the information is based prior to Aug 2019.
Things you need to know in implementing security controls to comply with PCI for Hadoop and ancillary applications either through tokenization or encryption.
HIPAA 101 Compliance Threat Landscape & Best PracticesHostway|HOSTING
The healthcare IT landscape is changing daily, and trying to keep up with requirements like HIPAA and HITECH can leave you and your clients extremely vulnerable. Register today to hear more about the current HIPAA threat landscape and learn best practices for protection.
Experts from Hostway and Alert Logic will keep you up-to-date on the latest trends in healthcare IT.
You'll learn about the following:
- The current state of the healthcare IT industry and the role of HIPAA
- Threats associated with the healthcare landscape
- How a security breach can impact your organization
- Security best practices for HIPAA compliant cloud hosting and more!
Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...Nagios
Jared Bird's presentation on providing value with Nagios.
The presentation was given during the Nagios World Conference North America held Sept 25-28th, 2012 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Penetration testing is set of system through which security system is checked to find out how it works during the time of threats. By this all the lope holes are taken out and are sorted out for better performance of the system in preventing hacking.
Elements of the discussion will include:
– Insight into emerging cyber threats
– A profile of today’s evolved hackers: what they are after, why, and how they’re getting what they want
– Strategies and tools you can implement to safeguard against attacks
Présentation de la suite ELK dans un contexte SIEM et zoom sur Wazuh (OSSEC) , IDS open source
Venez découvrir comment être proactif face aux problèmes de cyber sécurité en analysant les données fournies par vos équipements et applications critiques.
BeyondCorp - Google Security for Everyone ElseIvan Dwyer
Presentation given at the Rocky Mountain InfoSec Conference - May 10, 2017.
Gives an overview of Google's BeyondCorp project, why Zero Trust is the right framework to follow, and how to get started at your own company.
Learn more about BeyondCorp at: www.beyondcorp.com
Learn more about ScaleFT at: www.scaleft.com
McAfee - McAfee Application Control (MAC) - WhitelistingIftikhar Ali Iqbal
The presentation provides the following:
- McAfee Company Overview
- McAfee Strategy
- Whitelisting Strategy - Gartner
- McAfee Endpoint Protection
- McAfee Application Control (MAC) Overview
- McAfee Application Control (MAC) Modes
- McAfee Application Control (MAC) Features
- McAfee Application Control (MAC) Trust Model
- McAfee Application Control (MAC) Architecture
- McAfee Application Control (MAC) Licenses & Packaging
Please note all the information is based prior to Aug 2019.
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)Iftikhar Ali Iqbal
The presentation provides the following:
- McAfee Company Overview
- McAfee Strategy
- McAfee Portfolio Overview
- Endpoint Security Challenges
- McAfee Endpoint Protection Platform
- McAfee Active Response Overview
- McAfee Active Response Features
- McAfee Active Response Architecture
- McAfee Active Response Workflow
- McAfee Active Response Licenses & Packaging
Please note all the information is based prior to Aug 2019.
Social Media & Metrics (Digital Marketing Today)Julian Gamboa
In Digital Marketing Today, we strive to make students learn the basics of what will be expected of them in a digital marketing internship. Here, we covered the diverse social media platforms available for companies as well as how to measure growth for periods of time.
LinkedIn Workshop: Profiles and Publishing (Digital Marketing Today)Julian Gamboa
In Digital Marketing Today, it is essential for students to market themselves to the best of their abilities so that they can stand out from the pool of applicants during their interviews. In this lecture, we covered how to have a true "All-Star" LinkedIn profile as well as how publishing works and the ways to add it to your portfolio.
Writing RPG Applications Using Cryptographic Services APIsCarsten Flensburg
The need to protect sensitive and private data using cryptographic methods is becoming increasingly important to many organizations. The drivers behind this development are legislation, regulations, standards as well as current types of applications requiring such measures and efforts.
Fortunately, the System i operating system includes a versatile, comprehensive and advanced cryptographic API tool set, being significantly enhanced with each release. This session discusses and demonstrates how to design and build RPG applications using the Cryptographic Services APIs.
Given the wide range of Source Code Analysis Tools, security professionals, auditors and developers alike are faced with the same developers alike are faced with the question: What is the best way to assess a Static Application Security Testing (SAST) tool for deployment?
Choosing the right tool requires different considerations during each stage of the SAST tool evaluation process.
Apache Stratos - Building a PaaS using OSGi and EquinoxPaul Fremantle
Apache Stratos is a PaaS built on top of Equinox and OSGi. Stratos runs all kinds of workloads including Java, OSGi, Tomcat apps, PHP, Node.js, MySQL, Mongo, Cassandra and others.
This session is an introduction to Stratos which will cover:
- How to get started
- Deploying on Amazon AWS and OpenStack Clouds
- Workloads Stratos supports
- Why and how Equinox is used
- Multi-tenancy and security
- Elastic scaling
- How Stratos compares to other PaaS systems
The session will include live demontrations of Stratos.
The session is aimed at those interested in PaaS models, as well as those with a strong interest in OSGi runtimes and Equinox.
Pivotal Cloud Foundry 2.4: A First LookVMware Tanzu
Join Dan Baskette and Jared Ruckle for a view into Pivotal Cloud Foundry (PCF) 2.4 capabilities with demos and expert Q&A. We’ll review the latest features for Pivotal’s flagship app platform, including the following:
- Native zero downtime push and native zero downtime restarts
- Dynamic egress policies
- Operations Manager updates
- Zero downtime stack updates to cflinuxfs3
- Zero downtime OS updates
- New pathways protected by TLS
- New scanning tools to assist with compliance
Plus much more!
Presenters : Dan Baskette, Director, Technical Marketing, Jared Ruckle, Principal Product Marketing Manager
Extra micrometer practices with Quarkus | DevNation Tech TalkRed Hat Developers
How do you know you have improved the performance of your portfolio of applications? By measuring it, of course! The ultimate goal of gathering application metrics is to have a standardized practice that is applicable across multiple microservices and that adds minimal runtime overhead. Join this session to discuss what metrics are available out of the box with the Quarkus micrometer extensions, what (and, more importantly, why) you should customize, and how those pieces of information will impact your development outcomes.
In this talk, you will hear the best practices from analysts at Gartner, engineers at Heroku, and experiences at VSP distilled down into a top ten list of characteristics that applications ought to have to achieve high availability, scalability and flexibility. Target audience includes developers of APIs and web-based applications, the analysts and architects that design them and the infrastructure teams that support them.
Enhancing Password Manager Chrome Extension through Multi Authentication and ...ijtsrd
During the early years of the Internet, people used to have a few passwords for a few important web programmes that they used to shop, study, stay connected, and get work done. Things have gotten a lot more complicated. Last research passs from 2017 found that users had to remember an average of 191 different passwords—just for work—not to mention their own passwords. Users can save their credentials in an organized manner using the proposed system, such as Finance, Shopping, OTT, social networking, and Work. Users can also create new categories for themselves. Furthermore, upon logging in, the user must go through 2FA verification, which sends a unique six digit numeric number to the users authenticator App s .A Time Based One Time Password TOTP, or OTP is a sequence of dynamic numbers that changes with the passage of time. Frequently, these take the form of sic digit numbers that change every 30 seconds. TOTPs are created using a secret seed password that is given to users in the form of a QR code or in plaintext when they register. TOTPs and their seeds are stored on either hardware security tokens or soft tokens, which are apps that show the numbers on mobile devices. TOTP deciphers a code from the secret using Greenwich Mean Time GMT . Karthika Venugopal K | Prof. Priya. N "Enhancing Password Manager Chrome Extension through Multi-Authentication and Device Logs" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-3 , April 2022, URL: https://www.ijtsrd.com/papers/ijtsrd49775.pdf Paper URL: https://www.ijtsrd.com/engineering/information-technology/49775/enhancing-password-manager-chrome-extension-through-multiauthentication-and-device-logs/karthika-venugopal-k
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceSonatype
Recent revisions to the Payment Card Industry (PCI) guidelines now require organizations to address potential vulnerabilities caused by use of open source components in their applications.
Microservices have recently attracted a lot of attention for being the architecture of choice for companies like Uber, Netflix, Spotify, and Amazon. Undoubtedly, this architectural approach has distinct impacts across the SDLC. Many of the core benefits associated with the adoption of microservices actually introduce significant quality challenges. For example:
An increased number of dependencies
Parallel development roadblocks
Impacts to the traditional methods of testing
More potential points of failure
No More Dark Clouds With PaaSword - An Innovative Security By Design FrameworkPaaSword EU Project
Best Demo Award winning presentation given by Dr. Panagiotis Gouvas (UBITECH) at SME Event - Cloud Forward Conference 2016 on October 20 2016, Madrid, Spain.
This is a paper presentation held by Rafael Dowsley at the 1st International Workshop on Cloud Security and Data Privacy by Design (CloudSPD'15) in Limassol, Cyprus.
This is a paper presentation held by Dr. Yiannis Verginadis at the 1st International Workshop on Cloud Security and Data Privacy by Design (CloudSPD'15) in Limassol, Cyprus.
Towards Efficient and Secure Data Storage in Multi-Tenant Cloud-Based CRM Sol...PaaSword EU Project
This is a paper presentation held by Dr. Simone Braun at the 1st International Workshop on Cloud Security and Data Privacy by Design (CloudSPD'15) in Limassol, Cyprus. This paper aims at defining a roadmap to derive a holistic framework providing data privacy and security by design in the context of cloud-based multi-tenant customer relationship management (CRM) systems. As a CRM system developed for SMEs CAS PIA serves as an example for typically occurring data structures and use cases including the innovative concept of user-defined security levels for different data types. A scenario and requirements analysis for motivating the need for a suitable user-context-specific security concept and a data and privacy preserving framework is presented.
PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud ...PaaSword EU Project
This is a paper presentation held by Dr. Yiannis Verginadis at the 5th International Conference on Cloud Computing and Services Science (CLOSER 2015) in Lisbon, Portugal. The authors outline significant security challenges presented when migrating to a cloud environment and described a novel holistic framework that aspires to alleviate these challenges, corresponding to the high level description of the vision of the PaaSword project.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaYara Milbes
Discover the transformative power of the WhatsApp API in our latest SlideShare presentation, "Top 7 Unique WhatsApp API Benefits." In today's fast-paced digital era, effective communication is crucial for both personal and professional success. Whether you're a small business looking to enhance customer interactions or an individual seeking seamless communication with loved ones, the WhatsApp API offers robust capabilities that can significantly elevate your experience.
In this presentation, we delve into the top 7 distinctive benefits of the WhatsApp API, provided by the leading WhatsApp API service provider in Saudi Arabia. Learn how to streamline customer support, automate notifications, leverage rich media messaging, run scalable marketing campaigns, integrate secure payments, synchronize with CRM systems, and ensure enhanced security and privacy.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
2. Outline
PaaSword in a Nutshell
Involved Actors & Threat Landscape
High Level Architecture
Distributed Searchable Encryption Engine
Semantic Authorization Engine
PaaSword18/11/2016 2
3. PaaSword in a Nutshell
Security and Privacy by-design Framework?
It is a framework that if it is adopted it provides increased security and privacy
guarantees
Adopted by whom?
Application Developers (it offers client libraries that have to be used by devs)
DevOps users (it offers management interface for the two offered
mechanisms)
What kind of security guarantees ?
PaaSword18/11/2016 3
4. Involved Actors & Threat Landscape
PaaSword18/11/2016 4
Data can be circumvented/stolen
Internal or external adversary
Execution environment
may be subjected to privilege
escalation
Authorization scheme
may be static or
even hardcoded
5. Framework Security Guarantees
Framework Guarantees
Mitigation of cyber threats that derive by malicious administrators that
administer ‘trusted’ Infrastructural resources
Minimization of breaking a privacy scheme through statistical attacks that rely
on pattern identification
Efficient security Policy enforcement through the decoupling of Policy
Definition and Policy Evaluation
PaaSword18/11/2016 5
6. How?
Two distinct mechanisms
1 – Distributed Searchable Encryption Engine
An engine that allows the transformation of any relational schema to a
fragmentation scheme that respects user-defined privacy constraints
The new schema is functionally equivalent with the original; yet it relies on
multiple IaaS providers
2 – Semantic Policy Authorization Engine
An engine that allows the decoupling of policy enforcement and policy definition
Decoupling is meaningful both during development and execution
PaaSword18/11/2016 6
8. Mechanism 1 - Distributed
Searchable Encryption Engine
Why plain Transparent Encryption Decryption is not enough ?
You loose a lot of SQL expressivity
Vulnerable to statistical attacks
PaaSword18/11/2016 8
PaaSword Annotations PaaSword Controller
9. What are Annotations?
Annotations are a form of metadata that provide data about a
program that is not part of the program itself
They can be used using three different strategies
Source Generation Strategy
Bytecode Transformation Strategy
Runtime Reflection Strategy
PaaSword uses annotations to
Define Entity Model which will be protected using advanced fragmentation
techniques
PaaSword18/11/2016 9
14. Overview Of Policies
14
Policy /Characteristic Where is the TED taking
place?
TED Key Generation TED Key Usage & Sharing
Policy
Modification of target
schema
SQL support
P1 In the PaaS container Generated once during
bootstrapping (in a Tenant
Trusted Zone) and stored
in-memory by the
application
It is recovered by the
memory on demand per
each query execution
No Modification Yes
P2 In the PaaS container One key is generated per
Tenant (in a Tenant
Trusted Zone) and a pair of
user_key container_key is
generated out of this
tenant_key
It is recomposed by the
combination of a user_key
and a container_key per
each query_execution
No Modification Yes
P3 Outside the container in a
Tenant Trusted Zone
Generated once in a
Tenant Trusted Zone
E/D Key is used only in the
Tenant Trusted Zone
No Modification No
P4 In the PaaS container Generated once during
bootstrapping (in a Tenant
Trusted Zone) and stored
in-memory by the
application
It is recovered by the
memory on demand per
each query execution
Modifications required No
P5 In the PaaS container One key is generated per
Tenant (in a Tenant
Trusted Zone) and a pair of
user_key container_key is
generated out of this
tenant_key
It is recomposed by the
combination of a user_key
and a container_key per
each query_execution
Modifications required No
16. Mechanism 2 – Semantic Policy
Authorization Engine
Why not an existing authorization engine?
Based on authorization metamodel
MAC, DAC, RBAC, ABAC
ABAC is considered dominant (from NIST)
Which Standard? and which Implementation of the Standard?
De-facto ABAC standard is XA-CML
Limitations of reference Implementation
Balana Engine (pure syntactic execution of rules)
PaaSword18/11/2016 16