A talk given at the EclipseCon 2014 M2M day.
This deck addresses a number of aspects of security for IoT devices and applications and also looks at using federated identity for IoT including MQTT
More and more IoT vulnerabilities are found and showcased at security events. From connected thermostats to power plants!
Insecurity became the favorite subject for creating catchy IoT headlines: "Connected killer toaster", "Fridges changed into spamming machines","Privacy concerns around connected home".
We will explore the five challenges one has to face when building a secure IoT solution:
- hardware security: how to avoid rogue firmwares and keep your security keys safe?
- upgrade strategy: you can't secure what you can't update!
- secure transport: no security without secure transports.
- security credentials distribution: how to distribute security keys to a fleet with millions of devices?
- cloud vulnerability mitigation, how to keep your fleet of devices safe from the next Heartbleed?
Current enterprise infrastructure provides solutions for handling application security but are they really matching the IoT challenge? Could running a PKI client on a low power wireless sensor node be an option?
Despite those difficulties, we will show how a modern IoT device management standard like Lightweight M2M with DTLS is the way for building a secur-first IoT solutions. It provides a solution for upgrading your device, distributing your security keys and comes with a full range of cryptography cipher suites, from PSK algorithm for very constrained devices to high level of security using X.509 certificates.
Furthermore for adding security to your solution we will present you ready to use opensource libraries for implementing secure IoT servers and devices. The way for quickly releasing your next catchy connected product.!
Ultimately we will showcase Wakaama and Leshan, the Eclipse IoT Lightweight M2M implementation maybe your next best friend in the troubled water of Internet-Of-Things security!
IoT Security Imperative: Stop your Fridge from Sending you SpamAmit Rohatgi
We've all heard the continuing news about or been victims of hacked passwords, data breaches, identity theft and lost privacy, because our heavy reliance on Internet connectivity. Our digital world necessitates ever improving security. But now we're on the cusp of a major revolution where our appliances, cars, clothes and the very fabric of our lives (no pun intended) are also connected. Software and silicon designers must take active design measures for ensuring user data. In this talk, Amit Rohatgi, president of the prpl Foundation, will outline the market and technical challenges as well as the essential measures in the design phase for securing our ever-more-connected digital world. He will also discuss why open-source is appropriately suited for addressing theses challenge and how the prpl Foundation is tackling this from the ground-up.
Your Thing is Pwned - Security Challenges for the IoTWSO2
The Internet of Things and Machine to Machine are growing areas, and security and privacy are prime issues. In this session security challenges are examined around using M2M devices with protocols such as MQTT & CoAP - encryption, federated identity and authorisation models in particular.
On the topic of encryption, we’ll examine securing MQTT with TLS, challenges with Arduino, and using hardware encryption for microcontrollers. A key privacy requirement for user-centric IoT use cases will be giving users control over how their things collect and share data. On the Internet, protocols like OAuth 2.0, OpenID Connect & User Managed Access have been defined to enable a privacy-respecting user consent & authorization model. We'll look at the issues with applying these protocols to the M2M world and review existing proposals & activity for extending the above M2M protocols to include federated identity concepts.
The session included a live demonstration of Arduino and Eclipse Paho inter-operating secured by OAuth 2.0.
Presented at Internet of Things Stream Conference 2015 in San Francisco by Mark Benson on April 2nd, 2015.
ABSTRACT: The growth of IoT is occurring at an incredible rate, justly raising alarms about security and privacy issues as we become increasingly reliant on these intelligent, interconnected devices in our lives and businesses. How are we to protect billions of devices from attacks and intrusions that could compromise our personal privacy, public safety, or business viability? Building an IoT solution involves securing sensors, devices, networks, cloud platforms, web applications, and mobile applications for diverse industries. This presentation examines the landscape of emerging security challenges posed by connected devices and offers a catalog of security deployment patterns that have been successfully used by some of the world’s most well known OEMs to deploy connected product fleets.
In developing for IoT, security is not often the highest priority: APIs exposed without care and devices deployed with default passwords become gateways to your network and your data. Many best practices can be used to thwart attacks on your devices, but they have to be thought through from the first architectural design. This session covers many recent IoT attacks, their consequences, and how they could have been prevented. It also explores the many security levels one device can have, from totally exposed to completely secured against physical tampering and identity theft.
More and more IoT vulnerabilities are found and showcased at security events. From connected thermostats to power plants!
Insecurity became the favorite subject for creating catchy IoT headlines: "Connected killer toaster", "Fridges changed into spamming machines","Privacy concerns around connected home".
We will explore the five challenges one has to face when building a secure IoT solution:
- hardware security: how to avoid rogue firmwares and keep your security keys safe?
- upgrade strategy: you can't secure what you can't update!
- secure transport: no security without secure transports.
- security credentials distribution: how to distribute security keys to a fleet with millions of devices?
- cloud vulnerability mitigation, how to keep your fleet of devices safe from the next Heartbleed?
Current enterprise infrastructure provides solutions for handling application security but are they really matching the IoT challenge? Could running a PKI client on a low power wireless sensor node be an option?
Despite those difficulties, we will show how a modern IoT device management standard like Lightweight M2M with DTLS is the way for building a secur-first IoT solutions. It provides a solution for upgrading your device, distributing your security keys and comes with a full range of cryptography cipher suites, from PSK algorithm for very constrained devices to high level of security using X.509 certificates.
Furthermore for adding security to your solution we will present you ready to use opensource libraries for implementing secure IoT servers and devices. The way for quickly releasing your next catchy connected product.!
Ultimately we will showcase Wakaama and Leshan, the Eclipse IoT Lightweight M2M implementation maybe your next best friend in the troubled water of Internet-Of-Things security!
IoT Security Imperative: Stop your Fridge from Sending you SpamAmit Rohatgi
We've all heard the continuing news about or been victims of hacked passwords, data breaches, identity theft and lost privacy, because our heavy reliance on Internet connectivity. Our digital world necessitates ever improving security. But now we're on the cusp of a major revolution where our appliances, cars, clothes and the very fabric of our lives (no pun intended) are also connected. Software and silicon designers must take active design measures for ensuring user data. In this talk, Amit Rohatgi, president of the prpl Foundation, will outline the market and technical challenges as well as the essential measures in the design phase for securing our ever-more-connected digital world. He will also discuss why open-source is appropriately suited for addressing theses challenge and how the prpl Foundation is tackling this from the ground-up.
Your Thing is Pwned - Security Challenges for the IoTWSO2
The Internet of Things and Machine to Machine are growing areas, and security and privacy are prime issues. In this session security challenges are examined around using M2M devices with protocols such as MQTT & CoAP - encryption, federated identity and authorisation models in particular.
On the topic of encryption, we’ll examine securing MQTT with TLS, challenges with Arduino, and using hardware encryption for microcontrollers. A key privacy requirement for user-centric IoT use cases will be giving users control over how their things collect and share data. On the Internet, protocols like OAuth 2.0, OpenID Connect & User Managed Access have been defined to enable a privacy-respecting user consent & authorization model. We'll look at the issues with applying these protocols to the M2M world and review existing proposals & activity for extending the above M2M protocols to include federated identity concepts.
The session included a live demonstration of Arduino and Eclipse Paho inter-operating secured by OAuth 2.0.
Presented at Internet of Things Stream Conference 2015 in San Francisco by Mark Benson on April 2nd, 2015.
ABSTRACT: The growth of IoT is occurring at an incredible rate, justly raising alarms about security and privacy issues as we become increasingly reliant on these intelligent, interconnected devices in our lives and businesses. How are we to protect billions of devices from attacks and intrusions that could compromise our personal privacy, public safety, or business viability? Building an IoT solution involves securing sensors, devices, networks, cloud platforms, web applications, and mobile applications for diverse industries. This presentation examines the landscape of emerging security challenges posed by connected devices and offers a catalog of security deployment patterns that have been successfully used by some of the world’s most well known OEMs to deploy connected product fleets.
In developing for IoT, security is not often the highest priority: APIs exposed without care and devices deployed with default passwords become gateways to your network and your data. Many best practices can be used to thwart attacks on your devices, but they have to be thought through from the first architectural design. This session covers many recent IoT attacks, their consequences, and how they could have been prevented. It also explores the many security levels one device can have, from totally exposed to completely secured against physical tampering and identity theft.
Application layer Security in IoT: A SurveyAdeel Ahmed
Internet of Things (IoT) is the future as we are
advancing towards an era of intelligent ambiance where daily
life objects will be communicating to each other for the sake of
convenience in our lives. But the comfort as a result of technology
demands certain measures for the safety of these devices from
wrong hands. The issue of security remains hot as we step further
in this vast area of technological advancement since it can directly
influence one’s personal security. Different techniques have been
adopted to incorporate security in IoT communication stack
for the purpose of confidentiality, identification, data integrity,
authentication, authorization and non-repudiation which are
the fundamental security traits worth considering. This paper
discusses the different application layer protocols by comparing
them on the basis of these traits.
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsDesign World
In this webinar we will discuss the state of security for IoT devices, the threats that exists for IoT devices and the challenges for building secure IoT devices. We will also discuss the technologies available to ensure your IoT device is secure.
An overview of Secure IoT development using Java technologies. A brief overview of some recent attacks, some considerations on what to consider and the related Java technologies
This talk revisits the 2016 Mirai attack which targeted IoT devices including IP cameras, WiFi-connected refrigerators, home routers, and more. The resulting botnet was used to attack Dyn’s DNS platform, which affected many websites including Twitter, SoundCloud, Airbnb, and Spotify.
You will learn and discuss the answers to these questions and more:
• What is the current state of Mirai and Mirai variants?
• What Distributed Denial of Service (DDoS) defenses do you have in place?
• How can you prepare to detect and defend against them botnet malware?
• What is recommended in the September 2018 NISTIR Draft,
Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks.
Security in the Internet Of Things.
Every IoT project must be designed with security in mind. Identity Relationship Management is a must for a successful IoT implementation.
IoT Security – Executing an Effective Security Testing Process EC-Council
Deral Heiland CISSP, serves as a the Research Lead (IoT) for Rapid7. Deral has over 20 years of experience in the Information Technology field, and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst. Over the last 10+ years Deral’s career has focused on security research, security assessments, penetration testing, and consulting for corporations and government agencies. Deral also has conducted security research on a numerous technical subjects, releasing white papers, security advisories, and has presented the information at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, RSAC, Hack In Paris. Deral has been interviewed by and quoted by several media outlets and publications including ABC World News Tonight, BBC, Consumer Reports, MIT Technical Review, SC Magazine, Threat Post and The Register.
IOT Security. Internet of Things impact is everywhere from your bedroom to office. Everyone should be aware about iot security to run it without any hassle and security risk.
Why you should take IOT security training course ?
Learn about risks of unsecured enterprise and home IoT devices connecting to the Internet and able to share the information they generate.
Iot security training covers these topics :
Device and platform vulnerabilities,
Authentication and authorization,
Web interface and software,
Transport encryption,
Management issues,
Privacy and security enhancements and other iot issues
Iot and security risks :
Most serious IoT security risks involve software. Software attacks can exploit entire systems, steal information, alter data, deny service and compromise or damage devices.
In a phishing attack, for example, Attackers also use malware, such as viruses, worms and Trojans, to damage or delete data, steal information, monitor users and disrupt key system functions.
Learn about:
IoT Principles
Principles of IoT Security
IoT Attack Areas
IoT Vulnerabilities
IoT Firmware Analysis
IoT Software Weaknesses
IoT Security Verification, Validation
Assessing IoT devices attack surfaces
Evaluation of IoT device firmware analysis, attack surface, vulnerabilities and exploiting the vulnerabilities
Request more information.
Visit tonex.com for iot security training course and workshop detail.
https://www.tonex.com/training-courses/iot-security-training-iot-security-awareness/
Enabling Data Protection through PKI encryption in IoT m-Health DevicesCharalampos Doukas
Short presentation about a gateway-based solution for medical data encryption and the Internet of Things. Paper presented at 12th IEEE International Conference on BioInformatics and BioEngineering
Internet of Things: Identity & Security with Open StandardsGeorge Fletcher
While the Internet of Things (IoT) is growing significantly in the number of devices and capabilities, there is little thought given to security by the manufacturers and software developers for these devices. This talk will explore one mechanism, using open standards, to add a layer of security and convenience for devices connecting to a personal cloud including the challenges that exist to make it a reality.
This is a working document for presentation to Cyber Security Professionals concerning a tactical mindset in securing cyberspace within organizations. High level, can add in case studies, more content to come Dec 2010 for the European, UK and German presentation. Feel free to respond to add to brief. Requires Notes
Practical Security with MQTT and Mosquittonbarendt
Windy City Things 2016 Talk on MQTT a popular Publish/Subscribe (Pub/Sub) protocol for Internet of Things (IoT) systems, and practical security solutions, particularly using the Open Source Mosquitto Broker.
Application layer Security in IoT: A SurveyAdeel Ahmed
Internet of Things (IoT) is the future as we are
advancing towards an era of intelligent ambiance where daily
life objects will be communicating to each other for the sake of
convenience in our lives. But the comfort as a result of technology
demands certain measures for the safety of these devices from
wrong hands. The issue of security remains hot as we step further
in this vast area of technological advancement since it can directly
influence one’s personal security. Different techniques have been
adopted to incorporate security in IoT communication stack
for the purpose of confidentiality, identification, data integrity,
authentication, authorization and non-repudiation which are
the fundamental security traits worth considering. This paper
discusses the different application layer protocols by comparing
them on the basis of these traits.
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsDesign World
In this webinar we will discuss the state of security for IoT devices, the threats that exists for IoT devices and the challenges for building secure IoT devices. We will also discuss the technologies available to ensure your IoT device is secure.
An overview of Secure IoT development using Java technologies. A brief overview of some recent attacks, some considerations on what to consider and the related Java technologies
This talk revisits the 2016 Mirai attack which targeted IoT devices including IP cameras, WiFi-connected refrigerators, home routers, and more. The resulting botnet was used to attack Dyn’s DNS platform, which affected many websites including Twitter, SoundCloud, Airbnb, and Spotify.
You will learn and discuss the answers to these questions and more:
• What is the current state of Mirai and Mirai variants?
• What Distributed Denial of Service (DDoS) defenses do you have in place?
• How can you prepare to detect and defend against them botnet malware?
• What is recommended in the September 2018 NISTIR Draft,
Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks.
Security in the Internet Of Things.
Every IoT project must be designed with security in mind. Identity Relationship Management is a must for a successful IoT implementation.
IoT Security – Executing an Effective Security Testing Process EC-Council
Deral Heiland CISSP, serves as a the Research Lead (IoT) for Rapid7. Deral has over 20 years of experience in the Information Technology field, and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst. Over the last 10+ years Deral’s career has focused on security research, security assessments, penetration testing, and consulting for corporations and government agencies. Deral also has conducted security research on a numerous technical subjects, releasing white papers, security advisories, and has presented the information at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, RSAC, Hack In Paris. Deral has been interviewed by and quoted by several media outlets and publications including ABC World News Tonight, BBC, Consumer Reports, MIT Technical Review, SC Magazine, Threat Post and The Register.
IOT Security. Internet of Things impact is everywhere from your bedroom to office. Everyone should be aware about iot security to run it without any hassle and security risk.
Why you should take IOT security training course ?
Learn about risks of unsecured enterprise and home IoT devices connecting to the Internet and able to share the information they generate.
Iot security training covers these topics :
Device and platform vulnerabilities,
Authentication and authorization,
Web interface and software,
Transport encryption,
Management issues,
Privacy and security enhancements and other iot issues
Iot and security risks :
Most serious IoT security risks involve software. Software attacks can exploit entire systems, steal information, alter data, deny service and compromise or damage devices.
In a phishing attack, for example, Attackers also use malware, such as viruses, worms and Trojans, to damage or delete data, steal information, monitor users and disrupt key system functions.
Learn about:
IoT Principles
Principles of IoT Security
IoT Attack Areas
IoT Vulnerabilities
IoT Firmware Analysis
IoT Software Weaknesses
IoT Security Verification, Validation
Assessing IoT devices attack surfaces
Evaluation of IoT device firmware analysis, attack surface, vulnerabilities and exploiting the vulnerabilities
Request more information.
Visit tonex.com for iot security training course and workshop detail.
https://www.tonex.com/training-courses/iot-security-training-iot-security-awareness/
Enabling Data Protection through PKI encryption in IoT m-Health DevicesCharalampos Doukas
Short presentation about a gateway-based solution for medical data encryption and the Internet of Things. Paper presented at 12th IEEE International Conference on BioInformatics and BioEngineering
Internet of Things: Identity & Security with Open StandardsGeorge Fletcher
While the Internet of Things (IoT) is growing significantly in the number of devices and capabilities, there is little thought given to security by the manufacturers and software developers for these devices. This talk will explore one mechanism, using open standards, to add a layer of security and convenience for devices connecting to a personal cloud including the challenges that exist to make it a reality.
This is a working document for presentation to Cyber Security Professionals concerning a tactical mindset in securing cyberspace within organizations. High level, can add in case studies, more content to come Dec 2010 for the European, UK and German presentation. Feel free to respond to add to brief. Requires Notes
Practical Security with MQTT and Mosquittonbarendt
Windy City Things 2016 Talk on MQTT a popular Publish/Subscribe (Pub/Sub) protocol for Internet of Things (IoT) systems, and practical security solutions, particularly using the Open Source Mosquitto Broker.
These slides from my talk at the buildingIoT conference discuss how to secure communication with the Internet of Things protocol "MQTT". It discusses Network, Host, Application and Data Security and also covers advanced topics like OAuth 2.0 and X509 client certificate authentication.
MQTT - MQ Telemetry Transport for Message QueueingPeter R. Egli
Description of message queueing (MQ) protocol for the transport of telemetry data (MQTT - MQ Telemetry Transport).
MQTT is a protocol designed to fit the needs of Internet of Things scenarios. It is lightweight and efficient, but still affords all the features required for reliable messaging between wireless sensor / actor nodes and applications. MQTT decouples producer and consumer of data (sensors, actors and applications) through message brokers with publish / subscribe message queues called topics. MQTT supports different levels of quality of service thus providing the flexibility to adapt to the different needs of applications.
Further features like will and retain messages make MQTT well suited for sensor network scenarios as well as for lightweight enterprise messaging applications.
Open source implementations like Eclipse paho provide ample code for integrating MQTT in your own applications.
The Considerations for Internet of Things @ 2017Jian-Hong Pan
物聯網是一門透過通訊,將端點蒐集到的資料,集中關聯分析,並將分析結果用以決策並回饋的工程藝術。
本次的分享將從物聯網的目的當作進入點,接著分享可能的佈署架構。並概述目前各個常用的通訊標準、協定,以及其所屬的角色。
除此之外,也會分享去年到柏林參加Linux Foundation舉辦的Open IoT Summit Europe 2016的心得。
在此,帶回一些國外對於物聯網節點的佈署、更新或維護的看法、作法。
另外,也會分享一些物聯網可能需要考量的資訊安全議題。
IoT is a kind of engineering art, which analyzes the collected data from
the device nodes through the communication and has the result for the
decision making and feedback.
This sharing goes for the purpose of IoT and it's deployment structure.
Then, the slide introduces the most used communication standards or
protocols in IoT and their roles.
Besides, also shares what I have got from the Open IoT Summit Europe 2016
which was held by Linux Foundation in Berlin last year.
It introduces how will the device nodes be deployed, updated and maintained.
Finally, the slide provides some security issues that should be considered
in IoT.
Presentation of the status of my PhD in 2012 done to ABLE group at Carnegie Mellon.
Years later from that appeared
https://github.com/iTransformers/netTransformer
Industrial IoT Mayhem? Java IoT Gateways to the RescueEurotech
Industrial IoT comes with great expectations for operational efficiency, promising improved asset utilization and productivity gains. IIoT challenges include reliability, security, low maintenance, long lifecycle, and integration into heterogeneous and fragmented systems. This session proposes some architectural patterns that can be leveraged to overcome these challenges. It introduces, at the center of the solution, Java-powered IoT gateways and modular IoT application frameworks such as the open source Eclipse Kura. Incorporating a live demonstration, the presentation highlights some of the latest Eclipse Kura features such as a pluggable device model for fieldbus protocols, visual data flow, and connectivity across various IoT cloud service providers.
JavaOne 2016 - Presentation by Dave Woodard and Walt Bowers
Open source building blocks for the Internet of Things - Jfokus 2013Benjamin Cabé
The Eclipse M2M Industry Working Group (http://m2m.eclipse.org) is an open-source initiative delivering a set of building blocks for creating IoT solutions. This talk will walk you through the different projects and technologies this group is developing (from embedded application framework, to communication protocols, including development tools) and a live demo will show you how you can very quickly combine the components we provide with Open-Source Hardware platforms (Arduino & Raspberry Pi) to build a complete solution. Join us if you want to learn more about the Lua programming language, the MQTT protocol, and all the cool technologies that we use :)
Test Execution Infrastructure for IoT Quality analysisAxel Rennoch
Recently IoT testing becomes a popular topic in the industry and academic context. New challenges have been identified and existing test methods and techniques need to be collected, optimized and applied. Furthermore, innovative software development approaches are under consideration and partly implemented. However automated test execution still need powerful means and infrastructure. Open source projects like the Eclipse IoT-Testware project can provide valuable tools for advanced testing in IoT. The presentation gives an overview and first results with our IoT test Infrastructure.
Presenter - Boris Cherkasskiy
The industry-wide demand to collect and present machine statistical and performance data is continually growing. While it’s possible to IoT-enable a machine with the use of an Intelligent Gateway or by utilizing an MES system, it might be cost-prohibitive for a small machine.
This session will present a solution that allows you to push data from an S7-1200 PLC directly to the cloud via standard MQTT protocol. Attendees will gain a quick path to Industry 4.0 using standard IoT protocol to connect a custom machine (or a cell/line) to an existing and fast-growing IoT infrastructure.
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?Julien Vermillard
M2M/IoT is rapidly growing and since its early days different “standard” protocols have emerged (e.g. OMA-DM, TR-069, MQTT, …) or are emerging (e.g. CoAP or Lightweight M2M). Understanding which protocol to use for which application can be intimidating, therefore we propose to give an overview of these protocols to help you understand their goals and characteristics. We’ll present common M2M use cases and why they usually require more than just one protocol ; we will also see whether CoAP associated with Lightweight M2M allows to forge “one protocol to rule them all”.
this is a power point presentation on chat applicationmdprince1262
this is a power point presentation on chat application it was a minor academic project in my college in order to exchange sessional or mid exams by making some small/ minor project and present through the presentation and on the basis of performance of presentation students are getting marks, its a great approach to motivate students to do projects
This presentation goes through several topics areas that are of specific interest in developing IoT Gateway solutions. IoT is a popular area of development that presents unique challenges like hardware and operating system selection, product life-cycle support and maintainability, software architectural solutions, connectivity, security, secure updates, and API availability. We discuss technologies and concepts like Hardware acceleration support, Linux kernel maintenance, Edge networking, LXC/Docker/KVM, Zigbee, 6loPAN, BLE, IoTivity, Allseen Alliance, SELinux and Trusted boot.
The aim of the presentation is to give an overview of the challenges in building an IoT Gateway and the Solutions available using Embedded Linux.
This presentation was delivered at LinuxCon Japan 2016 by Jim Gallagher
Apache Stratos - Building a PaaS using OSGi and EquinoxPaul Fremantle
Apache Stratos is a PaaS built on top of Equinox and OSGi. Stratos runs all kinds of workloads including Java, OSGi, Tomcat apps, PHP, Node.js, MySQL, Mongo, Cassandra and others.
This session is an introduction to Stratos which will cover:
- How to get started
- Deploying on Amazon AWS and OpenStack Clouds
- Workloads Stratos supports
- Why and how Equinox is used
- Multi-tenancy and security
- Elastic scaling
- How Stratos compares to other PaaS systems
The session will include live demontrations of Stratos.
The session is aimed at those interested in PaaS models, as well as those with a strong interest in OSGi runtimes and Equinox.
Making Apache Tomcat Multi-tenant, Elastic and MeteredPaul Fremantle
Are you running Tomcat on the Cloud? What can you do to make Tomcat really take advantage of the cloud? In this session we will discuss how to make Tomcat a native cloud runtime - one that is optimized to run "in" the cloud rather than just "on top" of the cloud. First we will look at what is important for any runtime that wants to truly be cloud native: multi-tenancy, self-service, elasticity, metering and billing, dynamic discovery and side-by-side versioning. Then we will explore how to make Tomcat work in this way. Based on experiences making Tomcat run in a cloud environment as part of Stratos, an Open Source project based on Tomcat and OSGi, we will look at the real issues, solutions, as well as exploring future work in this area.
To really take advantage of cloud, software must be optimized to run in the cloud. This presentation explores what it means to be "Cloud Native" and looks at a real open source project that has built a complete Cloud Native platform. Cloud is not just a better way to run existing software, there are core enhancements that need to be made to software to enable it to run really effectively in a cloud environment. Often the first thought is about massive scalability, but actually there are other key enablers: multi-tenancy, metering, dynamic distribution, self-service and incremental deployment and testability. This presentation explores these enablers and looks at how an Open Source project (Carbon) built on Apache technology was re-built to be cloud native. The presentation will cover not just the concepts but dive into the practical issues in making a cloud native system and also explore which Apache technologies can help along the way.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Securing the Internet of Things
1. Securing the Internet of Things
Paul Fremantle
CTO, WSO2 (paul@wso2.com)
PhD researcher, Portsmouth University
(paul.fremantle@port.ac.uk)
@pzfreo
Paul Madsen*
Technical Architect, PingIdentity
(pmadsen@pingidentity.com)
@paulmadsen
*Paul M helped me with the initial content, but I take responsibility for anything you don’t like in this slide deck.
2.
3. About me
• CTO and Co-Founder
WSO2
– Open Source Middleware
platform
• Part-time PhD looking at
security
• Working in Apache for
14 years
• Working with Cloud,
SOA, APIs, MQTT, IoT
3
11. So what is different about IoT?
• The longevity of the device
– Updates are harder (or impossible)
• The size of the device
– Capabilities are limited – especially around crypto
• The fact there is a device
– Usually no UI for entering userids and passwords
• The data
– Often highly personal
• The mindset
– Appliance manufacturers don’t think like security experts
– Embedded systems are often developed by grabbing existing
chips, designs, etc
12. Physical Hacks
A Practical Attack on the MIFARE Classic:
http://www.cs.ru.nl/~flaviog/publications/Attack.MIFARE.pdf
Karsten Nohl and Henryk Plotz. MIFARE, Little Security, Despite Obscurity
20. Crypto on small devices
• Practical Considerations and Implementation
Experiences in Securing Smart Object Networks
– http://tools.ietf.org/html/draft-aks-crypto-sensors-02
32. CoAP
• Constrained Application Protocol
– http://tools.ietf.org/html/draft-ietf-core-coap-18
– REST-like model built on UDP
– Californium project coming soon to Eclipse IoT
• No authentication or authorization
– Relies on DLTS or data in the body
39. Why OAuth2?
• Widely implemented
• Pretty good
– Of course there is never 100% agreement
– Or certainty with security protocols
• Not just HTTP:
– http://tools.ietf.org/html/draft-ietf-kitten-sasl-
oauth-12
– OAuth2 used with SSL
40.
41.
42. Why FIAM for IoT?
• Can enable a meaningful consent mechanism
for sharing of device data
• Giving a device a token to use on API calls
better than giving it a password
– Revokable
– Granular
• May be relevant for both
– Device to cloud
– Cloud to app
43. Two aspects using OAuth with IoT
• On the device
– Tokens are good
– Limiting the access of the device
• On the cloud
– Putting users in control of their data
– Just good current practice
• Demo with MQTT
– But not just for MQTT
– Also for the cloud, CoAP, and other protocols too
44. Demo components
Mosquitto
(Open Source MQTT
Broker)
Acting as “Resource
Server”
Mosquitto_py_auth
mqtt-oauth2.py
IdP
WSO2 Identity
Server
ESB
Introspection
API
Refresher.py
Arduino
CreateToken.py
1
2
3
4
5
6
46. Lessons learnt
• MQTT and MPU / I2C code is 97% of Duemilanove
– Adding the final logic to do OAuth2 flow pushed it to 99%
– No TLS in this demo is a big issue
• Different Oauth2 implementations behave differently
(e.g. changing the refresh token every time you refresh)
• Need to be able to update the scope of token if this will
work for long term embedded devices
• The refresh flow should not really go via the Resource
server
– Easy fix
• MQTT should have a well defined model for sending a
message to just one client (securely)
48. Summary
• Think about security with your next device
• We as a community need to make sure that
the next generation of IoT devices are secure
• We need to create exemplars
– Shields
– Libraries
– Server software
– Standards