The document presents Jean Yang's approach to preventing information leaks called Jeeves. Jeeves factors out security and privacy policies from application code to reduce opportunities for leaks. Programmers specify high-level policies about how sensitive data can flow rather than handling policies within code. The Jeeves runtime then automatically enforces policies to manage how information is released based on the viewer. This allows policy-agnostic programming while still providing formal guarantees about information flow.
Philly ETE 2016: Securing Software by Constructionjxyz
The high-profile attacks and data-breaches of the last few years have shown us the importance of securing our software. While it is good that we are seeing more tools that can analyze systems for vulnerabilities, this does not help the programmer write secure code in the first place. To prevent security from becoming a bottleneck–and expensive security mistakes from becoming increasingly probable–we need to look to techniques that allow us to secure software by construction.
This talk has two parts. First, I will present technical ideas from research, including my own, that help secure software by construction. Even though these are reasonable ideas, however, the gap between academia and industry often prevents these ideas from becoming realized in practice. Second, I will discuss what prevents longer-term security solutions from being commercialized, how we started the Cybersecurity Factory accelerator bridge the research/industry gap, and how we can work together to address the issues that remain.
http://2016.phillyemergingtech.com/session/securing-software-by-construction/
In the software engineering world, change is the only constant. And in the course of the last decades, the frequency of that change has exploded. What Agile has brought to software teams, DevOps is now bringing to the entire organization. And the results speak for themselves. The DevOps high-performers are killing it. Insane deploy frequencies of features, high reliability of applications, and high productivity of cross-functional teams have amplified the speed at which ideas become a reality.
In parallel, Application Security was doing its own thing and to a large part remained oblivious to all the impressive improvements that were happening in software engineering. Because breaking an application doesn’t need any knowledge of how it was created in the first place.
This talk will cover anti-patterns that are preventing application security from being adopted by development teams, such as:
* Signals versus Noise
* Lost in Translation
* Make it easy
Global CISO Forum 2017: How To Measure Anything In Cybersecurity RiskEC-Council
Richard is a security executive with ~20 years experience ranging from start-ups to global organizations. He is currently the CISO/VP of Trust for Twilio and most recently the VP/GM Cybersecurity and Privacy for GE Healthcare. His background is in Information Security, Digital Risk Management and Product Development with an analytics bent. His current focus is developing quantitatively informed strategies, building agile teams that scale and making digital risk measurable. Likewise, he recently co-authored a decision analysis book called “How To Measure Anything In Cybersecurity Risk” (Wiley 2016) This book targets those looking to improve risk management strategies using predictive analytics.
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Programbugcrowd
This webcast will analyze the key differences between the penetration testing and bug bounty models and explore why one company replaced their pen tests over the last three years.
Uncertainty Quantification in Complex Physical Systems. (An Inroduction)Ogechi Onuoha
An Introduction to the focus of my research. I presented this to the members of the Pipeline research group, University of Lagos Nigeria. I will be making subsequent presentations as well as paper reviews on the same topic.
Philly ETE 2016: Securing Software by Constructionjxyz
The high-profile attacks and data-breaches of the last few years have shown us the importance of securing our software. While it is good that we are seeing more tools that can analyze systems for vulnerabilities, this does not help the programmer write secure code in the first place. To prevent security from becoming a bottleneck–and expensive security mistakes from becoming increasingly probable–we need to look to techniques that allow us to secure software by construction.
This talk has two parts. First, I will present technical ideas from research, including my own, that help secure software by construction. Even though these are reasonable ideas, however, the gap between academia and industry often prevents these ideas from becoming realized in practice. Second, I will discuss what prevents longer-term security solutions from being commercialized, how we started the Cybersecurity Factory accelerator bridge the research/industry gap, and how we can work together to address the issues that remain.
http://2016.phillyemergingtech.com/session/securing-software-by-construction/
In the software engineering world, change is the only constant. And in the course of the last decades, the frequency of that change has exploded. What Agile has brought to software teams, DevOps is now bringing to the entire organization. And the results speak for themselves. The DevOps high-performers are killing it. Insane deploy frequencies of features, high reliability of applications, and high productivity of cross-functional teams have amplified the speed at which ideas become a reality.
In parallel, Application Security was doing its own thing and to a large part remained oblivious to all the impressive improvements that were happening in software engineering. Because breaking an application doesn’t need any knowledge of how it was created in the first place.
This talk will cover anti-patterns that are preventing application security from being adopted by development teams, such as:
* Signals versus Noise
* Lost in Translation
* Make it easy
Global CISO Forum 2017: How To Measure Anything In Cybersecurity RiskEC-Council
Richard is a security executive with ~20 years experience ranging from start-ups to global organizations. He is currently the CISO/VP of Trust for Twilio and most recently the VP/GM Cybersecurity and Privacy for GE Healthcare. His background is in Information Security, Digital Risk Management and Product Development with an analytics bent. His current focus is developing quantitatively informed strategies, building agile teams that scale and making digital risk measurable. Likewise, he recently co-authored a decision analysis book called “How To Measure Anything In Cybersecurity Risk” (Wiley 2016) This book targets those looking to improve risk management strategies using predictive analytics.
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Programbugcrowd
This webcast will analyze the key differences between the penetration testing and bug bounty models and explore why one company replaced their pen tests over the last three years.
Uncertainty Quantification in Complex Physical Systems. (An Inroduction)Ogechi Onuoha
An Introduction to the focus of my research. I presented this to the members of the Pipeline research group, University of Lagos Nigeria. I will be making subsequent presentations as well as paper reviews on the same topic.
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...Outpost24
Our security experts present how to step up your cyber hygiene best practice to prevent targeted hacking attempts from remote code execution to network exploitation.
Outpost24 webinar - Improve your organizations security with red teamingOutpost24
Our Red Teaming expert Hugo van den Toorn explains the key elements of a red team operations, what companies can expect from the assessment and how to benefit from the ‘moment of truth’
Machine learning is a powerful tool with many well-suited applications for malware detection, classification, and risk quantification. Despite its reputation as a "black box" component to an enterprise security solution, designing a robust machine learning model for malware detection is an involved process: its success hinges on understanding the problem you're trying to solve, the underlying data you utilize, and most importantly, its limitations.
In this Malware Most Wanted session, we analyze working models discuss the strengths, pitfalls, and high-level trade-offs of using machine learning for successful malware detection.
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...Adrian Sanabria
Enterprise security teams are facing numerous challenges because of evolving threat vectors bypassing existing technology, deluge of alerts, and lack of skilled resources to stop advanced threats. Even if enterprises have a budget to bring in outside incident response and forensics teams to stop the bleeding, by then, damages and loss have already occurred.
Security teams must change the shape of their security program to stop threats at the earliest and all stages of the attacker lifecycle. Join 451 Research Senior Analyst, Adrian Sanabria, and Director of Products at Endgame, Mike Nichols, talk about how earliest prevention and instant detection can change the shape and outcome of enterprise security program.
This talk will outline strategies for:
• Prioritizing the alerts and events that really matter
• Identifying parts of the investigation workflow that can be automated
• Building a detection methodology that creates confidence and continuously improves defenses
Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...Black Duck by Synopsys
Seldom a month goes by where the NVD entries don’t break 1,000, and March 2017 is no exception. The vulnerability of the week is CVE-2017-2636, a serious security flaw in Linux kernel that appears to have been around since 2009. More on that story follows.
In security, rules and thresholds create an excess of security alerts. This slows down security teams, and buries real threats to the enterprise. Analytics, in contrast, will take billions of events and distill them into a handful of true threat leads. This presentation explains—through case studies—how to use statistical methods to validate threats and reduce false positives.
Are We Secure? Answering the UnanswerableJustin Berman
Security teams struggle every day to measure the impact they have on the risk a company faces. What if you test yourself by being the adversary? What if we made that scalable and repeatable? What would we do with all that data? How would it change the way we measure ourselves?
This talk by Stefan Streichsbier, Co-Founder of GuardRails.io, provides a brief history of how development, operations and security testing have become highly complex. It continues to outline the key problems with traditional security solutions and why in 2020 companies around the world are still figuring out a good way to manage security as part of rapid development cycles. Specifically, the big challenge of introducing and fixing new security issues versus tackling the existing security dept of existing applications.
To quote Bishop Desmond Tutu, “There comes a point where we need to stop just pulling people out of the river. We need to go upstream and find out why they’re falling in.”
After setting the stage, the remainder of the talk will focus on the paradigm shift that security solutions have to incorporate in order to solve the problem of sustainably secure applications on all layers. This will explore how the elements of Speed, Just in time training, and Data science have to be leveraged to empower development teams around the globe to get ahead for once and finally become able to move fast and be safe at the same time.
The 3 core takeaways for the audience are:
1.) Where security practices have gone wrong so far.
2.) What new technologies will cause a paradigm shift in how security is applied at scale.
3.) How security will look like in 5-10 years.
A New Approach to Threat Detection: Big Data Security Analytics Interset
Learn how to distill billions of events into a handful of security leads. Security analytics powered by machine learning is proven to make your SOC more efficient. This presentation includes four case studies.
Learn about Information security life cycle can improve infrastructure security. Keep Safe and protect your important files and data with Vulsec’s security life cycle framework. Visit https://www.vulsec.com/security-life-cycle/
Over 9 billion components will be downloaded this year from the Sonatype Central Repository, representing a fundamental shift from "writing" to "assembling" applications.
Three thousand (3000) respondents to Sonatype's 2013 OSS Software Survey reported that at least 80% of their applications are comprised of components. Learn how this major shift to component assembly is driving the need for much more sophisticated component management. http://www.sonatype.com/clm/why-clm
Even though large breaches have hit headline news in years past, some companies are still on the fence about investing in cybersecurity. As a security practitioner (or jack of all trades) how can you be expected to cover your assets with zero budget? Thankfully, there are plenty of open-source tools out there that will allow you to secure your organization. Come join me as I discuss how you can track your network assets, perform vulnerability assessments, prevent attacks with intrusion prevention systems, and even deploy HIDS. We will also jump into finding sensitive data and PII in your network, as well as incident response tools and automation. All it costs is your time (and maybe a VM or two). You really can drastically improve the security posture of your network with little to no budget, and you’ll have fun doing it! OK, maybe it won’t be fun, but at least you’ll learn something, right?
Live 2014 Survey Results: Open Source Development and Application Security Su...Sonatype
Over 3,300 participated! The final results of our 4th Annual Open Source and Application Security Survey are in. Adrian Lane from Securosis and Brian Fox from Sonatype provide a detailed breakdown of the findings from a developer and an application security perspective. They discuss policies, practices, and breaches as well as how organizations can use these results to create constructive conversations to feed their open source security management practices. Get more details on the survey - http://www.sonatype.com/about/2014-open-source-software-development-survey
The DevOps Panel - Innotech Austin CD SummitErnest Mueller
The Agile Admins - Ernest Mueller, James Wickett, Karthik Gaekwad, and Peco Karayanev - share some thoughts and answer panel questions on the state of DevOps at the CD Summit happening at Innotech Austin 2016.
DevSecOps & Security Chaos Engineering - "Knowing the Unknown" -
"Resilience is the story of the outage that didn’t happen". - John Allspaw
Our systems are becoming more and more distributed, ephemeral, and immutable in how they function in today’s ever-evolving landscape of contemporary engineering practices. Not only are we becoming more complex but the rate of velocity in which our systems are now interacting, and evolving is making the work more challenging for us humans. In this shifted paradigm, it is becoming problematic to comprehend the operational state, health and safety of our systems.
In this session Aaron will uncover what Chaos Engineering is, why we need it, and how it can be used as a tool for building more performant, safe and secure systems. We will uncover the importance of using Chaos Engineering in developing a learning culture through system experimentation. Lastly, we will walk through how to get started using Chaos Engineering as well as dive into how it can be applied to cyber security and other important engineering domains.
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...Outpost24
Our security experts present how to step up your cyber hygiene best practice to prevent targeted hacking attempts from remote code execution to network exploitation.
Outpost24 webinar - Improve your organizations security with red teamingOutpost24
Our Red Teaming expert Hugo van den Toorn explains the key elements of a red team operations, what companies can expect from the assessment and how to benefit from the ‘moment of truth’
Machine learning is a powerful tool with many well-suited applications for malware detection, classification, and risk quantification. Despite its reputation as a "black box" component to an enterprise security solution, designing a robust machine learning model for malware detection is an involved process: its success hinges on understanding the problem you're trying to solve, the underlying data you utilize, and most importantly, its limitations.
In this Malware Most Wanted session, we analyze working models discuss the strengths, pitfalls, and high-level trade-offs of using machine learning for successful malware detection.
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...Adrian Sanabria
Enterprise security teams are facing numerous challenges because of evolving threat vectors bypassing existing technology, deluge of alerts, and lack of skilled resources to stop advanced threats. Even if enterprises have a budget to bring in outside incident response and forensics teams to stop the bleeding, by then, damages and loss have already occurred.
Security teams must change the shape of their security program to stop threats at the earliest and all stages of the attacker lifecycle. Join 451 Research Senior Analyst, Adrian Sanabria, and Director of Products at Endgame, Mike Nichols, talk about how earliest prevention and instant detection can change the shape and outcome of enterprise security program.
This talk will outline strategies for:
• Prioritizing the alerts and events that really matter
• Identifying parts of the investigation workflow that can be automated
• Building a detection methodology that creates confidence and continuously improves defenses
Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...Black Duck by Synopsys
Seldom a month goes by where the NVD entries don’t break 1,000, and March 2017 is no exception. The vulnerability of the week is CVE-2017-2636, a serious security flaw in Linux kernel that appears to have been around since 2009. More on that story follows.
In security, rules and thresholds create an excess of security alerts. This slows down security teams, and buries real threats to the enterprise. Analytics, in contrast, will take billions of events and distill them into a handful of true threat leads. This presentation explains—through case studies—how to use statistical methods to validate threats and reduce false positives.
Are We Secure? Answering the UnanswerableJustin Berman
Security teams struggle every day to measure the impact they have on the risk a company faces. What if you test yourself by being the adversary? What if we made that scalable and repeatable? What would we do with all that data? How would it change the way we measure ourselves?
This talk by Stefan Streichsbier, Co-Founder of GuardRails.io, provides a brief history of how development, operations and security testing have become highly complex. It continues to outline the key problems with traditional security solutions and why in 2020 companies around the world are still figuring out a good way to manage security as part of rapid development cycles. Specifically, the big challenge of introducing and fixing new security issues versus tackling the existing security dept of existing applications.
To quote Bishop Desmond Tutu, “There comes a point where we need to stop just pulling people out of the river. We need to go upstream and find out why they’re falling in.”
After setting the stage, the remainder of the talk will focus on the paradigm shift that security solutions have to incorporate in order to solve the problem of sustainably secure applications on all layers. This will explore how the elements of Speed, Just in time training, and Data science have to be leveraged to empower development teams around the globe to get ahead for once and finally become able to move fast and be safe at the same time.
The 3 core takeaways for the audience are:
1.) Where security practices have gone wrong so far.
2.) What new technologies will cause a paradigm shift in how security is applied at scale.
3.) How security will look like in 5-10 years.
A New Approach to Threat Detection: Big Data Security Analytics Interset
Learn how to distill billions of events into a handful of security leads. Security analytics powered by machine learning is proven to make your SOC more efficient. This presentation includes four case studies.
Learn about Information security life cycle can improve infrastructure security. Keep Safe and protect your important files and data with Vulsec’s security life cycle framework. Visit https://www.vulsec.com/security-life-cycle/
Over 9 billion components will be downloaded this year from the Sonatype Central Repository, representing a fundamental shift from "writing" to "assembling" applications.
Three thousand (3000) respondents to Sonatype's 2013 OSS Software Survey reported that at least 80% of their applications are comprised of components. Learn how this major shift to component assembly is driving the need for much more sophisticated component management. http://www.sonatype.com/clm/why-clm
Even though large breaches have hit headline news in years past, some companies are still on the fence about investing in cybersecurity. As a security practitioner (or jack of all trades) how can you be expected to cover your assets with zero budget? Thankfully, there are plenty of open-source tools out there that will allow you to secure your organization. Come join me as I discuss how you can track your network assets, perform vulnerability assessments, prevent attacks with intrusion prevention systems, and even deploy HIDS. We will also jump into finding sensitive data and PII in your network, as well as incident response tools and automation. All it costs is your time (and maybe a VM or two). You really can drastically improve the security posture of your network with little to no budget, and you’ll have fun doing it! OK, maybe it won’t be fun, but at least you’ll learn something, right?
Live 2014 Survey Results: Open Source Development and Application Security Su...Sonatype
Over 3,300 participated! The final results of our 4th Annual Open Source and Application Security Survey are in. Adrian Lane from Securosis and Brian Fox from Sonatype provide a detailed breakdown of the findings from a developer and an application security perspective. They discuss policies, practices, and breaches as well as how organizations can use these results to create constructive conversations to feed their open source security management practices. Get more details on the survey - http://www.sonatype.com/about/2014-open-source-software-development-survey
The DevOps Panel - Innotech Austin CD SummitErnest Mueller
The Agile Admins - Ernest Mueller, James Wickett, Karthik Gaekwad, and Peco Karayanev - share some thoughts and answer panel questions on the state of DevOps at the CD Summit happening at Innotech Austin 2016.
DevSecOps & Security Chaos Engineering - "Knowing the Unknown" -
"Resilience is the story of the outage that didn’t happen". - John Allspaw
Our systems are becoming more and more distributed, ephemeral, and immutable in how they function in today’s ever-evolving landscape of contemporary engineering practices. Not only are we becoming more complex but the rate of velocity in which our systems are now interacting, and evolving is making the work more challenging for us humans. In this shifted paradigm, it is becoming problematic to comprehend the operational state, health and safety of our systems.
In this session Aaron will uncover what Chaos Engineering is, why we need it, and how it can be used as a tool for building more performant, safe and secure systems. We will uncover the importance of using Chaos Engineering in developing a learning culture through system experimentation. Lastly, we will walk through how to get started using Chaos Engineering as well as dive into how it can be applied to cyber security and other important engineering domains.
PLDI 2016 Presentation on Jacqueline Web Frameworkjxyz
We present an approach for dynamic information flow control across the application and database. Our approach reduces the amount of policy code required, yields formal guarantees across the application and database, works with existing relational database implementations, and scales for realistic applications. In this paper, we present a programming model that factors out information flow policies from application code and database queries, a dynamic semantics for the underlying {\lambda}^JDB core language, and proofs of termination-insensitive non-interference and policy compliance for the semantics. We implement these ideas in Jacqueline, a Python web framework, and demonstrate feasibility through three application case studies: a course manager, a health record system, and a conference management system used to run an academic workshop. We show that in comparison to traditional applications with hand-coded policy checks, Jacqueline applications have 1) a smaller trusted computing base, 2) fewer lines of policy code, and 2) reasonable, often negligible, additional overheads.
Cybersecurity: How to Use What We Already Knowjxyz
Slides from my PSR keynote on how to secure software by bridging the gap between research and practice.
Video: https://t.co/mRr4CMrfKN
Event: https://iapp.org/conference/privacy-security-risk-2015
The presentation is design to provide answer to the very basic question "What is Business Analysis?", it is designed to guide the professionals who want to enter into BA profession or have started working as BA's.
Business analyst interview questions and answersRobin G
Prepare better for your interview with this comprehensive set of 'Business Analyst Interview Questions and Answers'.
Courtesy : http://thebusinessanalystjobdescription.com
Business Analyst Interview Questions with Answers, Business Analysis Interview Questions with answers, BA Interview Questions, Interview questions for business analyst, Business Analyst interview questions and answers, Real interview questions for business analysts, Hard interview questions during Business Analyst Interview, How to crack business analyst interview, BA Interview questions,
Top 85 business analyst interview questions and answers pdf
free pdf download ebook
business analyst cover letter, business analyst interview questions, business analyst job description, business analyst resume, business analyst skills, how to become business analyst
This presentation on batch process analytics was given at Emerson Exchange, 2010. A overview of batch data analytics is presented and information provided on a field trail of on-line batch data analytics at the Lubrizol, Rouen, France plant.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2023/09/responsible-ai-tools-and-frameworks-for-developing-ai-solutions-a-presentation-from-intel/
Mrinal Karvir, Senior Cloud Software Engineering Manager at Intel, presents the “Responsible AI: Tools and Frameworks for Developing AI Solutions” tutorial at the May 2023 Embedded Vision Summit.
Over 90% of businesses using AI say trustworthy and explainable AI is critical to business, according to Morning Consult’s IBM Global AI Adoption Index 2021. If not designed with responsible considerations of fairness, transparency, preserving privacy, safety and security, AI systems can cause significant harm to people and society and result in financial and reputational damage for companies.
How can we take a human-centric approach to design AI solutions? How can we identify different types of bias and what tools can we use to mitigate those? What are model cards, and how can we use them to improve transparency? What tools can we use to preserve privacy and improve security? In this talk, Karvir discusses practical approaches to adoption of responsible AI principles. She highlights relevant tools and frameworks and explores industry case studies. She also discusses building a well-defined response plan to help address an AI incident efficiently.
While vulnerability assessment tools can identify unpatched or misconfigured code bases, these tools overlook a large portion of an organization's attack surface: known vulnerabilities in applications that are built in-house.
Evolution of software; Characteristics of software; Software applications; Components of software; Software myths; Software problems; Software reuse; Overview of risk management; Process visibility; Professional responsibility.
How to Use Open Source Technologies in Safety-critical Digital Health Applica...Shahid Shah
Presented at 3rd Annual Open Source EHR Summit - Key Takeaways:
* Outcomes driven care (vs. fees for service or volume driven care) is in our future
* Because outcomes now matter more than ever, open source digital health solutions are even more important
* There are new realities of patient populations driving open source even faster
* How to use open source reliably and and securely in a safety-critical environment like medical devices
How to Use Open Source Technologies in Safety-critical Medical Device PlatformsShahid Shah
There is a great deal of fear and angst in the medical device vendor community about the use open source in safety-critical products. This presentation provides advice on why the fear is misplaced and how to proceed with using open source in safety-critical medical devices.
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...Mike Spaulding
Signatures are dead! We need to focus on machine learning, artificial intelligence, math models, lions, tigers and bears, Oh My!! - STOP!! - How many times have we heard all these buzzwords at conferences, or our managers saying that solution X will solve all our problems. I don't know about you, but I was tired of listening to the hype and the over-use of these terms that really made no sense.
One thing is true, signatures are dead. Today's malware is created with obfuscation and deception and our opponents do not play fair. Do you blame them? They want to get in. Who needs to rob a bank anymore at gun point when the security door is left open and traps are easy to bypass. Thank you Powershell! So what's the answer? Is it Next Generation AV or EDR, or it is Security 101? Over the past 5 months, we have invested significant time building a business case for an Endpoint protection system - understand the problem, creating testing scenarios to evaluate 5 solutions in the market. Over 30,000 pieces of malware were put to the test from our internal private collection, as well as known and unknown samples freely available. With all of the marketing hype, brochureware and buzzwords, it's hard to know what's the real deal. As we talk to colleagues from other companies, one thing is clear, many still struggle with good testing methodologies, what malware to test and how to test their endpoint security.
We will discuss key considerations used in our decision-making process. Testing malware for our company was important, but it was not our only testing criteria. We looked at the ease of installation on the agent, use of their UI, SaaS, on-prem, hybrid, reporting, performance of agent using different system resources, how much the agent replied on their cloud intelligence compared to on-box performance, powershell scenarios, and a variety of other factors. Companies additionally need to take into consideration the cost of any potential new infrastructure, cost per seat, professional services, one off costs, 1, 2, 3 year terms and other factors. Ultimately, we want to extend our resources to help others in the industry and discuss key differences between the solutions that were evaluated.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
3. Jean Yang / Jeeves 3
All Kinds of People Are
Writing All Kinds of
Code
Open source
lines of code
Journalists
Medical
researchers
Social
scientists
Children
4. Jean Yang / Jeeves 4
Even Trained
Developers Leak
Information
5. Why Aren’t Existing
Approaches Enough?
Jean Yang / Jeeves 5
Exploit
Patch
But leaves system
builders a step
behind.
Defensive
protection
But people are still
showing the data
wrong.
Encrypting
Data
6. My Approach:
Privacy by Construction
Jean Yang / Jeeves 6
Factor out security and privacy to
reduce opportunity for leaks.
• Programmer specifies high-level policies about
how sensitive data can be used.
• Rest of program is policy-agnostic.
• System manages policies automatically.
8. Even Seemingly Simple
Policies Have Subtleties
Jean Yang / Jeeves 8
Guests Carol Strangers
Surprise
party for
Carol at
Chuck E.
Cheese.
Pizza with
Alice/Bob.
Private event
at Chuck E.
Cheese.
Policy: Must be guest. Policies can depend on
sensitive values and other
policies.Policy: Only visible to
hosts until finalized.
Problem:
9. Enforcing Policies Can
Leak Information!
Jean Yang / Jeeves 9
Guests
Surprise
party at
Chuck E.
Cheese.
Policy: Only visible to
hosts until finalized.
Policy: Must be guest.
Guest list finalized
Guests can’t see
event
Guests can see
event
• Subtle mistake:
check for policy 1
neglects
dependency on
policy 2.
• Problem arises
when programmers
trusted to get
dependencies right.
1
2
10. Policies Are Intertwined
Across the Code
Jean Yang / Jeeves 10
“What is the most
popular location
among friends 7pm
Tuesday?”
Update to
event
subscribers
• Track information flow through derived values.
• Track where derived values flow.
Problem:
11. Jean Yang / Jeeves 11
“Policy Spaghetti”
in Real Systems
Code from
HotCRP
conference
management
system
Highlighted: conditional permissions checks everywhere.
13. Jean Yang / Jeeves 13
Programming model
provides mathematical
guarantees.
Implementation strategy is
practically feasible.
Automatic Enforcement
with Jeeves
The well-intentioned programmer
writes same code no matter what
policies are.
14. Jeeves Factors Out
Policies
Jean Yang / Jeeves 14
• Centralized policies.
• Policy-agnostic
program.
• Runtime
differentiates
behavior.
Model View Controller
15. Policy-Agnostic
Programming in Jeeves
Jean Yang / Jeeves 15
Application Code
Separate from policies.
policies
Sensitive values
encapsulate multiple
behaviors.
Policies describe rules for
how values may flow to
output contexts.
16. .guests [ ]
Jeeves Supports
Expressive Policies
def isNotCarol(oc): return oc !=
Jean Yang / Jeeves 16
Output context can be of arbitrary type.
def isGuest(oc): return oc in .guests
A policy is an arbitrary function that takes the
output context and returns a Boolean value.
Policies can depend on sensitive values.
17. 17Jean Yang / Jeeves
==
true false
print { } print { }
true false
Jeeves Programming
Model
Programmer
writes policy-
agnostic
programs.
Runtime
propagates values
and policies.
Runtime
produces
differentiated
output based on
the viewer.
Programmer
specifies policies
and facets.
1 2
4
3
18. The Jeeves
Programming Model
• Well-defined runtime semantics
for policy-agnostic programming
with information flow policies.
• Can be implemented standalone
or embedded as a library.
• Has been adapted across
runtimes in web frameworks.
Jean Yang / Jeeves 18
20. 20Jean Yang / Jeeves
if == :
x += 1
return x
x = 0
print { } print { }
1 0
Jeeves Execution Model
Runtime
propagates
values and
policies.
Runtime
solves for
values to show
based on
policies and
viewer.
21
Runtime simulates simultaneous multiple
executions.
21. Using Policies to
Produce Outputs
Jean Yang / Jeeves 21
print { }
0
( != ) ? 1 : 0
policy( )
Jeeves uses
policies to defacet
appropriately.
1 0
def isNotCarol(oc):
return oc !=
22. Jean Yang / Jeeves 22
print { }
( == ) ? :
policy( )
def isMaybeCarol(oc):
return oc ==
But What About
Dependencies?
Possible solutions:
( == ) ? :
( == ) ? :
Jeeves runtime
will pick the secret
value if allowed.
Need to find a
fixed point!
23. Jean Yang / Jeeves 23
Using Constraints to
Handle Dependencies
Label Policy
a def isGuest(oc):
return oc in .guests
𝑎 = 𝑠𝑒𝑐𝑟𝑒𝑡 ⇒ in .guests
policy( )
𝑎 ∈ {𝑠𝑒𝑐𝑟𝑒𝑡, 𝑝𝑢𝑏𝑙𝑖𝑐}
print { }
𝑎 = 𝑠𝑒𝑐𝑟𝑒𝑡 ⇒ 𝑓𝑎𝑙𝑠𝑒
¬(𝑎 = 𝑠𝑒𝑐𝑟𝑒𝑡)
⊢
⊢
0
1 0
a
• Constraints contain
only Boolean
variables.
• Always a consistent
assignment.
Evaluated with
respect to state
at time of
output.
24. Tracking Policies
Through Execution
Jean Yang / Jeeves 24
if == :
a
x += 1
true false
a
if :
x += 1
x = xold+1 xold
a
Labels follow values
through all
computations, including
conditionals and
assignments.
25. Web server code
Target Domain:
Database-Backed Web
Applications
Jean Yang / Jeeves 25
Application Queries Database
26. Facets in the Application
and Database
Jean Yang / Jeeves 26
Application
Queries
select * from Users
where location =
SQL
Database
Application All data SQL
Databaseselect * from Users
Database
queries can
leak
information!
Impractical
and
potentially
slow!
Solution: Use object-relational mapping to facet the
database. Map facets onto non-faceted relational database.
28. Jean Yang / Jeeves 28
Django-like
data schema
for describing
fields.
Policy for
‘location’ field.
Helper
functions for
policy include
queries.
Public value for
‘location’ field.
29. Compare to Django
Jean Yang / Jeeves 29
Conference
management system
Course manager Health record
manager
(based on
representative
HIPAA fragment)
Implemented in
Jacqueline
32. CMS Running Times
Jean Yang / Jeeves 32
Tests from Amazon AWS machine via HTTP requests from another machine.
0
0.05
0.1
0.15
0.2
0 500 1000
Timetoshowpage(s)
Papers in database
Single paper
Jacqueline Django
0
2
4
6
8
10
12
0 500 1000
Timetoshowpage(s)
Papers in database
All Papers
Jacqueline Django
33. Policy-Agnostic
Programming in Jeeves
Jean Yang / Jeeves 33
Design of a policy-
agnostic
programming
language
[POPL ‘12]
Semantics and
guarantees
[PLAS ’13]
Web framework,
and case studies
[in submission]
==
Other functionality
Policies
Sensitive
values
34. Python/DBCore team
Language evaluation and case studies
Semantics
Jeeves Team
Jean Yang / Jeeves 34
Armando
Solar-Lezama
Thomas AustinCormac
Flanagan
Travis
Hance
Benjamin
Shaibu
Pat Long &
Jesse Klimov
Lena
Abdalla
Amadu
Durham
Ariel
Jacobs
Scala
Kuat
Yessenov
Jean
Yang
35. Applying Policy-
Agnostic Ideas at Home
1. Associate policies with data.
2. Make rest of program aware of
data’s policies.
Jean Yang / Jeeves 35
It pays to think about policy enforcement
systematically: can get end-to-end guarantees—
often with negligible overheads!
Works not just for security and privacy, but also for
other customization!
36. Parting Thoughts
By reducing opportunity for
programmer error, we can
eliminate whole classes of
information leaks.
Jean Yang / Jeeves 36
http://jeeveslang.org
Editor's Notes
Hi. I’m Jean. Today, I’m going to talk about how to prevent information leaks.
TRANSITION: Before we talk about leaks, let’s talk about data.
.
There’s more and more data coming from all kinds of places.
Sources include social media, electronic health records, online courses, and wearable devices.
TRANSITION: To process all this data, all kinds of people have started writing all kinds of code.
The lines of open source code have been growing exponentially since the early 90s.
It’s not just professional developers coding anymore, but also medical researchers, social scientists, journalists, and even children.
TRANSITION: This is great news from an information processing perspective, but not so much from an information leak perspective.
Even trained developers leak information.
We’re not at all surprised when information is leaked—everything from our social media data to our dental records.
TRANSITION: You might be wondering why people haven’t already solved the problem of securing our data.
Well, people can encrypt the data, but often the issue isn’t that people aren’t protecting their data at all, but that they’re showing it under the wrong circumstances.
This leaves us with the strategy of finding exploits and developing patches, but this leaves system builders always a step behind.
TRANSITION: The goal of my work is to help programmers show data correctly.
I want to prevent information leaks by factoring privacy out from the rest of the program.
I want to allow the programmer to specify high-level policies about how sensitive data can be shown. I want the rest of the program to be agnostic to these policies and I want the system to automatically manage these policies.
In this model, the attacker is the user and the programmer is not assumed to be malicious.
TRANSITION: Before we talk about how to make this happen, let’s talk about what’s hard.
Suppose we have a social calendar like Google Calendar, but with more sharing and searching features.
Let’s say Alice and Bob want to throw a surprise party for Carol.
TRANSITION: Now I’ll explain how even seemingly simple policies have are subtle interactions that the programmer can easily get wrong.
The guests should be able to see that there’s a surprise party and that it happens to be at Chuck E. Cheese.
Carol, the subject of the surprise party, is on her own guest list. She should be able to see that she’s having pizza with Alice and Bob, but not necessarily where it is.
Others should be able to see that there’s a private event at Chuck E. Cheese so they know not to go there.
The guest list might have a policy that a viewer has to be on the guest list to see the list. To allow hosts to play around with potential guest lists before finalizing, there might be an additional policy that the list is visible only to hosts until it is finalized.
These policies depend on both sensitive values and other policies.
TRANSITION: Now let me explain how enforcing these policies can leak information.
I said before that only guests should be able to see full event information and only hosts should know who is on the guest list until the list is finalized.
Potential guests shouldn’t be able to see event information until the event is finalized.
An easy mistake, however, is to neglect the connection between the two policies and show event information to potential guests who don’t end up being invited.
This bug can arise whenever programmers are trusted to keep track of policy dependencies. There was an analogous bug reported in the HotCRP conference management system. When I worked at Facebook, I learned that this kind of problem is pretty common in the real world.
TRANSITION: Not only do policies have dependencies on each other, but they are also deeply intertwined across the code.
If the user can access events not just directly, but also perform searches, the programmer needs to track how sensitive values flow into derived values. For instance, only people who can see that their friends are at Chuck E. Cheese 7pm Tuesday can see that that’s the most popular location among their friends.
It’s also increasingly common to share the result of a search not just to a single user, but to a set of users.
To prevent leaks, the programmer needs to track not just how sensitive values are computing derived values, but also where derived values are flowing.
TRANSITION: In real systems, reasoning about policies and functionality together can be a real mess.
Here are two screen shots from the HotCRP conference management system. I don’t expect you to read the code, but I want you to see how conditional access checks are intertwined with the program.
You’ve all probably used this or a similar system to submit and review academic papers. You may be familiar with policies about who can see the titles of papers, the names of authors, and the bodies of reviews. What I’ve highlighted are checks about roles like this. On the right there even dynamically generated SQL queries. In HotCRP, policies are in at least 24 of the 82 files.
To implement a policy or to fix a bug, the programmer has to touch many parts of the code.
TRANSITION: You might say this is just a software engineering problem, but the issue isn’t that developers don’t know how to fix these policies.
But the thing is, developers know how to enforce policies.
The problem is that they have to enforce the same policy over and over again across the program. And if there’s one thing we know in software engineering, it’s that doing something over and over again is error-prone.
TRANSITION: My work addresses this issue by factoring policy implementation out of programs.
In this talk I describe Jeeves, a language for automatically enforcing information flow policies.
The goal of Jeeves is to help the well-intentioned programmer write the same code no matter what the policies are.
I will describe the design of a policy-agnostic language and web framework and its mathematical guarantees about what it means to enforce policies.
I have implemented Jeeves as libraries in Scala and Python and as a Python web framework. I describe the web framework and case studies I’ve built on top of it.
TRANSITION: In Jeeves, there is no policy spaghetti.
Here is the Jeeves web framework code for the calendar example I’ve described. I don’t expect you to read this code and later I will show some of it in more detail.
In Jeeves, the policies are centralized, the rest of the program is policy-agnostic, and the runtime differentiates the behavior.
TRANSITION: Now I’m going to tell you how this works.
Sensitive values in Jeeves encapsulate multiple behaviors.
Policies describe rules for how sensitive values and derived values may flow to different output contexts. I’m going to use this hut notation to denote policies guarding two facets of a sensitive value.
The rest of the program is policy-agnostic. The programmer needs to know that different values may be flowing through the program, for instance a GPS location or a city, but the programmer does not have to know the policies determining this flow.
The programmer can then rely on the runtime to enforce the policies.
TRANSITION: A major contribution of Jeeves is that it supports expressive policies.
Jeeves policies are arbitrary Boolean functions that take an argument corresponding to the output context. This output context can be of arbitrary type.
Because policies are arbitrary functions, they can capture dependencies on sensitive values. For instance, we can have a policy protecting a guest list that the viewer must be a member of the sensitive list. I describe later how Jeeves handles these policies.
TRANSITION: The Jeeves programming model works as follows.
The programmer specifies policies and the different facets of sensitive values.
The programmer writes policy-agnostic programs that can use faceted values interchangeably with other values. These programs can contain mutable state.
The runtime propagates the values and policies and produces differentiated outputs based on the viewer. Computation sinks like print and write to file take an additional argument corresponding to the output context.
TRANSITION: So this is what we mean when we say Jeeves.
Jeeves is a programming model with a well-defined runtime semantics for policy-agnostic programming with information flow policies.
It can be implemented as a standalone interpreter or as a library. I have implemented Jeeves as libraries in Scala and Python.
I have also adapted the programming model across the multiple runtimes of a web framework. I’ll describe a bit later how this works.
TRANSITION: For now, I will describe how Jeeves works in a single runtime.
To conclude, Jeeves is taking us closer to a world in which programmers, freed from the burden of having to enforce privacy policies across the program, can finally focus on functionality. You can find more information and code online!
The runtime propagates values and policies and solves for values to show based on the policies and the viewer.
I picked this snippet of code to illustrate indirect flows. Here we are setting a variable x to zero and incrementing it if the sensitive location value is equal to Chuck E Cheese. Even if the location doesn’t leak directly, the programmer can infer its value by examining x. I’m going to describe how Jeeves prevents indirect flows.
TRANSITION: But first let’s talk about how Jeeves enforces policies at outputs.
For computation sinks like print and write to file, the Jeeves runtime uses the policies to defacet appropriately.
For simple policies, the Jeeves runtime plugs the output channel into the relevant policy functions and then produces an output.
Here the policy says the viewer can’t be Carol, so when it is Carol, the system shows the public output.
TRANSITION: Now let’s look at what happens when policies can depend on sensitive values.
Suppose instead we had a policy checking whether the output context is equal to a sensitive value with a Carol facet and an unknown stranger facet, and that this is the policy protecting the value itself. While this may seem like a contrived example, this sort of dependency arises with the guest list example I described before.
When we plug in Carol as the viewer and we go to check the equality, we get stuck because there’s a mutual dependency between this value and the policy itself. We need to find the fixed point.
There are actually two possible solutions: the sensitive value behaves as Carol or the sensitive value behaves as the stranger. The policies allow both, so the system uses the more secret value, in this case Carol. The Jeeves runtime will always try to show the secret facet if the policies allow.
TRANSITION: Now I’ll describe how the Jeeves runtime uses constraints to handle these dependencies.
To use constraints, we introduce labels that get mapped to policies. Labels can take on the values “secret” and “public” and guard the faceted values. To produce outputs, the system evaluates the policies with respect to the output channel and the state at the time of output. Here, if we’re trying to show the guest list to the stranger, we get the constraint “a is secret” implies the stranger is a guest. This stranger is not a guest, so we get “a is secret” implies false, and so a cannot be secret.
Some things to note are that constraints contain only Boolean free variables corresponding to the labels. Also, there’s always a consistent assignment to labels. We can always assign everything to be public.
TRANSITION:
All values computed from sensitive values are associated with the same policies. All assignments occurring under conditional branches are associated with the assumptions that were made to enter that branch. This way, all values computed from sensitive values can be shown only according to the policies.
TRANSITION: To make sure that our runtime is enforcing the policies even when there are these subtle interactions, we have defined a dynamic semantics for Jeeves.
Web applications often leak information by revealing the results of arbitrary database queries, for instance through a search interface. It doesn’t matter how much policies are enforced in the application when a single query can subvert our guarantees.
One way to take advantage of language-based solutions like Jeeves is to load all the data into the application and use the enforcement there. Language-based approaches often assume a single runtime so this is what you have to do. The issue is that doing all the work in the application is slow and we often can’t load the database into memory.
Our solution is the facet the database. Object-relational mappings typically support a uniform data representation between the application and database and mediate a set of queries. We have implemented a Jeeves-based object-relational mapping that supports a uniform facet representation and mediates policy-agnostic queries. We do this by augmenting standard SQL tables with metadata to do facet bookkeeping and storing multiple rows for a single faceted value. This allows the programmer to write application code and database queries without worrying about the policies.
TRANSITION: We have built a web framework based on this using the model-view-controller paradigm.
Web applications often leak information by revealing the results of arbitrary database queries, for instance through a search interface. It doesn’t matter how much policies are enforced in the application when a single query can subvert our guarantees.
One way to take advantage of language-based solutions like Jeeves is to load all the data into the application and use the enforcement there. Language-based approaches often assume a single runtime so this is what you have to do. The issue is that doing all the work in the application is slow and we often can’t load the database into memory.
Our solution is the facet the database. Object-relational mappings typically support a uniform data representation between the application and database and mediate a set of queries. We have implemented a Jeeves-based object-relational mapping that supports a uniform facet representation and mediates policy-agnostic queries. We do this by augmenting standard SQL tables with metadata to do facet bookkeeping and storing multiple rows for a single faceted value. This allows the programmer to write application code and database queries without worrying about the policies.
TRANSITION: We have built a web framework based on this using the model-view-controller paradigm.
The application layer of our web framework runs according to the semantics I described.
The programmer is responsible for specifying the policies once, along with the database schemas. The runtime keeps track of the viewer. All values input through the frontend go directly to the database, where they are associated with policies. All values pass back through the Jeeves runtime before display so Jeeves can figure out which value to show. The Jeeves web framework is responsible for keeping track of who is looking.
TRANSITION: Now let’s go back to the policy code in the calendar example.
Here I show how to implement Jacqueline policies and how they can contain arbitrary database queries.
On top I show the data schema for describing Jacqueline fields. We define the name, location, time, and description fields for an event, as well as the “visibility” field where the user can specify whether an event is visible to everyone or only guests. The fields of the event are the secret values by default.
The programmer can introduce a facet by specifying a function to compute a public value from the current row. Here we show the public value for any “location” field is “undisclosed location.”
To specify when the actual location is to be shown versus this public value, the programmer can declare a policy. The policy takes as arguments the current row and an output context argument. Here, our policy says that if the event visibility is “guests only,” then the secret location field can be shown if the viewer is a host or a guest.
Whether the viewer is a host or guest is computed using regular database queries. It’s important to note, however, that the policies are enforced throughout these queries so the programmer can be sure that they do not leak information!
TRANSITION: We’ve implemented the following systems using our web framework.
We’ve built a conference management system that we deployed for a small workshop, a course manager, and a health record manager.
We compared the conference management system implementation to an implementation written using the standard Django Python web framework and found that Jacqueline reduces the overall amount of policy code. Instead of having to implement policies as checks and filters across the program, the programmer needs to specify them only once.
TRANSITION: Before I show you some numbers, let’s do a quick demo of our conference management system.
To evaluate the feasibility of the paradigm in the web setting, we created a web framework called Jacqueline for policy-agnostic programming in web servers.
TRANSITION: The main problem we solved was addressing the issue of how to extend the model across applications and databases.
Make new account for my host.
Submit a paper.
Log in as admin and see that the paper is not there.
Change policy; refresh.
TRANSITION: We took some measurements to see how this conference management system scales.
We ran these tests on an Amazon AWS machine by sending multiple HTTP requests from another machine and averaging over them.
We compare the time it takes to show a single paper in Jacqueline vs. a Django conference management system with hand-implemented policies. The times for Jacqueline are actually better because the Django implementation requires multiple passes over some query results to apply policy checks.
We then compare the time it takes to show all papers. In this case, both implementations are resolving policy checks with database queries for each data item being shown. There is a 1.5x slowdown with Jacqueline.
TRANSITION: We learned the following from running our systems.
TRANSITION: To summarize, the goal of this work is to allow the programmer to focus on functionality.
My advisor Armando, our students, and our collaborators.
Here are some ways to apply the ideas I’ve been working on to your existing systems.
What I’ve shown is that it’s useful—and possible—to associate policies directly with data and to make the rest of the program aware of the policies.
A higher-level takeaway is that it pays to think about policy enforcement systematically. We can get end-to-end guarantees, often with negligible overheads.
TRANSITION: To summarize, I have demonstrated the feasibility of an approach that reduces programmer error to eliminate whole classes of information leaks.
With more work, automatically managing privacy and security policies can be as practical and common as automatically managing memory.
It’s incredibly exciting that language technologies have brought us to the point where we can even think about factoring out global, intertwined concerns like privacy.
And I look forward to thinking about other ways we can make programmers’ lives easier by helping them focus on what’s interesting about their code.