Slides from the article presentation at the 15th International Conference of Information Security and Cryptology -- ICISC2012 held on November 28 - November 30, 2012 in Seoul, South Korea
Ideas about Checkpointing for Android
> Resume to stored state for faster Android boot time
> Better product field trial experience due to regular
> Deploy problematic states for engineering analysis and
debugging transparently
> Q&A stress test purpose
Ideas about Checkpointing for Android
> Resume to stored state for faster Android boot time
> Better product field trial experience due to regular
> Deploy problematic states for engineering analysis and
debugging transparently
> Q&A stress test purpose
The lecture by Bjoern Doebel for Summer Systems School'12.
IPC mechanisms and memory management in Fiasco.OC and L4Re
SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security.
1. http://ksyslabs.org/
A Framework for Efficient Rapid Prototyping by Virtually Enlarging FPGA Resou...Shinya Takamaeda-Y
A Framework for Efficient Rapid Prototyping by Virtually Enlarging FPGA Resources (ReConFig2014@Cancun, Mexico)
flipSyrup, a new framework for rapid prototyping is proposed.
The lecture by Bjoern Doebel for Summer Systems School'12.
L4Linux, DDEkit, POSIX compatabls
SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security.
1. http://ksyslabs.org/
The lecture by Bjoern Doebel for Summer Systems School'12.
IPC mechanisms and memory management in Fiasco.OC and L4Re
SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security.
1. http://ksyslabs.org/
A Framework for Efficient Rapid Prototyping by Virtually Enlarging FPGA Resou...Shinya Takamaeda-Y
A Framework for Efficient Rapid Prototyping by Virtually Enlarging FPGA Resources (ReConFig2014@Cancun, Mexico)
flipSyrup, a new framework for rapid prototyping is proposed.
The lecture by Bjoern Doebel for Summer Systems School'12.
L4Linux, DDEkit, POSIX compatabls
SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security.
1. http://ksyslabs.org/
Pre-Launch Planning: Priming Your Pharma Brand For Profit And Success (mini)Eularis
In today’s environment, Pharmaceutical companies find themselves in a bind. Until recently, if drugs made over $500 Million in annual revenue within 3 to 5 years of launch, they were considered hugely successful. They were a support to an extensive company portfolio and a component of greater company profit.
However, things have changed. The standards for a successful drug have become much higher and much more dangerous. With so many revenue-producing drugs going off patent, companies are facing large holes in their balance sheets and sales that are increasingly slow.
Plus, with the stakes high and available funds low, pipelines are drying up. Add to this the closer scrutiny of safety issues, the rise of Generics, slower physician acceptance and adoption of new therapies, and the Pharma Industry is in trouble.
More and more, companies are expecting marketers to be instrumental at the key moment of launch, and marketers are under extreme pressure. To deliver on the high hopes of Pharmaceutical brand launch, companies must engage in comprehensive pre-launch planning.
In this report we analyze why launch is increasingly important, the issues involved in pre-launch planning, including key organizational strategies, marketing tactics, regulatory considerations, global issues, and methods for ensuring the most effective plans.
July 2018 talk to SW Data Meetup by Rob Vesse, Software Engineer, Cray Inc, discussing open source technologies for data science on high performance systems (Spark, Hadoop, PyData ecosystem, containers, etc), focusing on some of the implementation and scaling challenges they face.
Kernel Recipes 2018 - Mitigating Spectre and Meltdown (and L1TF) - David Wood...Anne Nicolas
Spectre and Meltdown vulnerabilities are part of a class of hardware flaws which have existed for years, but which have only recently been discovered.
David will describe the problems, and explain the techniques used for mitigating them in software — from improvements in the CPU through hypervisors, OS kernels, compilers and what can be done within applications themselves.
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kuniyasu Suzaki
IWSEC2014(The 9th International Workshop on Security 弘前) で"Kernel Memory Protection by an Insertable Hypervisor which has VM Introspection and Stealth Breakpoints"
Before your newly developed R algorithms can be used in a real-life production system, some additional challenges need to be tackled. In this presentation I will discuss the integration of R algorithms in the .NET back-end of the cash supply chain optimization solution of c-Quilibrium, one of our customers. Specific topics that will be addressed include how to set up the communication between R and .NET, parallelization of the R algorithms, encryption of the R code, and logging of the algorithm’s status and results.
Core Scheduling for Virtualization: Where are We? (If we Want it!)Dario Faggioli
Clever scheduling of virtual CPUs on Symmetric MultiThreaded systems for, among other things, making highly impractical side-channel attacks even more unpractical, is no new idea. Unfortunately, via exploiting L1TF and MDS vulnerabilities in Intel CPUs, impractical is becoming practical!
But, instead than disabling SMT, we can avoid that VM share cores. This is called core-scheduling, and implementing it requires quite some scheduler changes. Nevertheless, work toward that is being done for both KVM and Xen (and other hypervisors have it already).
After an overview of L1TF and MDS, we will see how core-scheduling may help and why it is so tricky to implement (although in different ways) for both KVM and Xen.
We will show numbers from performance evaluation of the currently available implementations. In fact, all this only matters if performance are better than turning SMT off.
The trials and tribulations of providing engineering infrastructure TechExeter
by Olly Stephens, ARM.
This talk is a reflection on the things I’ve learnt having spent the last 17 years (and counting) providing infrastructure to the engineering communities at ARM Ltd.
ARM engineering engages in a wide variety of engineering disciplines to produce, enable and support it’s products. This, in turn, creates varied demand on the internal infrastructure required to enable it. From large HPC clusters that have been used in pretty much the same way for 20+ years, through weird and wacky custom pieces of hardware, to the modern infrastructure required for efficient software development.
The talk will discuss some of the challenges of providing and evolving the internal infrastructure needed for ARM to function, and reflect on changes resulting from more recent enablers such as cloud computing and home working.
From the FreshTech 2017 conference by TechExeter
www.techexeter.uk
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Trusted Launch of Generic Virtual Machine Images in Public IaaS Environments
1. Trusted Launch
of Generic Virtual Machine Images
in Public IaaS Environments
Nicolae Paladi1*, Christian Gehrmann1,
Mudassar Aslam1, Fredric Morenius2
1
Swedish Institute of Computer Science
2
Ericsson Research
2. 2
Contents
1. Infrastructure-as-a-Service
2. Problem Setting
3. Attacker Model
4. Related Work
5. Protocol Description
6. Protocol Implementation
7. Conclusion
-
u re
ct
ru -
st a
fra as- vice
In r
Se
3. 3
Infrastructure-as-a-Service
• A 'cloud computing' service model (NIST:2011):
Provision processing, storage, networks.
Deploy and run arbitrary software
No control over underlying cloud infrastructure
Control over OS, storage, deployed applications.
Limited control of select networking components.
rio
e na d s
Sc an tion
i
in
def
4. 4
Scenario and Definitions
Scheduler
(S)
Compute Compute Compute
Host Host Host
(CH) (CH) (CH)
Hardware Hardware Hardware
Client (C) f
rie te
B o M
N TP
on
5. 5
A Brief Note on TPM
•
Trusted platform module v1.2 as specified by TCG
•
v2.0 is currently under review
•
Tamper-evident
•
16+ PCRs as volatile or non-volatile storage
Four operations: Signing / Binding / Sealing / Sealed-sign
em
o bl ng
Pr etti
S
6. 6
Problem Setting
• “Consumer is able to deploy and run arbitrary software, which can
include operating systems and applications.”
•
Client can launch VMs for sensitive computations.
•
Trusted VM launch – the correct VM is launched in a IaaS
platform on a host with a known software stack verified to not
have been modified by malicious actors.
•
How do we ensure a trusted VM launch in an untrusted
IaaS environment?
er
ta c k el
At od
M
7. 7
Attacker Model
• (Ar) has root access to IaaS hosts.
• (Ar) has no physical access.
• (Ar) has no access to CH's memory.
• (Ar) can act maliciously or in good faith.
ck
tta ario
A n
e
Sc 1
• (A ) can be a person/malicious software/code bug.
8. 8
Attack scenario 1
Remote Attacker
Scheduler
Ar
(S)
Trusted
Compute Compute
Host Host
(CH) (CH)
Hardware Hardware Hardware
Client (C) ck
tta ario
A n
e
Sc 2
9. 9
Attack scenario 2
Remote Attacker
Ar
Compute Compute
Host Host
(CH) (CH)
Hardware Hardware Hardware
Client (C) ed
lat rk
Re o
W
11. 11
Trusted VM Launch Protocol:
Trusted Third Party
•
Trusted Third Party (TTP) – trusted by C and IaaS, able
to assess the SP of CH according to predefined guidelines.
•
Security profile (SP) – verified setup of an VM, trusted by
the Participants.
•
Currently no fine-grained scale of SP available.
•
Limited to only matching the measurements with
reference values.
g
Bi e
e r
Th ictu
P
12. The big picture
3.
(S)
1.
4.
5.
2.
CH CH CH
6.
HW
HW HW +
TPM l
Client (C) c o ion
to t
ro crip
P s 1)
e (
D
13. 13
Trusted VM Launch Protocol:
Protocol Details (1)
l
c o ion
to t
ro crip
P s 2)
e (
D
14. 14
Trusted VM Launch Protocol:
Protocol Details (2)
l
co ion
to t
ro rip
P sc 3)
e (
D
15. 15
Trusted VM Launch Protocol:
Protocol Details (3)
l
c o ion
to t
ro crip
P s 4)
e (
D
17. 18
Trusted VM Launch Protocol:
OpenStack
•
Protocol was implemented in OpenStack
•
Open Source IaaS deployment and management
platform.
•
Large user base and multiple industry contributors
•
“Essex” release as baseline.
•
Aimed to have a minimal footprint in terms of code
modifications.
•
Implementation changed 4 components
involved in the launch process (presented next). l n
co atio
to t
r o en
P m )
e
pl (1
Im
18. 19
Trusted VM Launch Protocol:
Protocol Implementation (1)
Affected components:
•
Nova SQL db – global security profile per compute host.
•
Dashboard – request compute host attestation, minimum
SP, TTP’s URL and Token upload.
•
Scheduler – SimpleScheduler to schedule VM launches on
trusted CH with the requested–or stricter–SP.
•
Nova compute – support communication with TPM through
TSS, encryption/decryption and VM image integrity
assessment. l n
co tatio
to
ro en
P e m 2)
pl (
Im
19. 20
Trusted VM Launch Protocol:
Protocol Implementation (2)
•
TrustedComputingPools (currently in blueprints)
will introduce TPM support in OpenStack
•
Trusted IaaS provider with untrusted nodes.
•
Node attestation offered as “premium service”.
•
Node attestation performed by IaaS provider itself.
n
u si o
n cl
Co
20. 21
Conclusion
•
A trusted VM launch protocol available assuming
an untrusted IaaS platform + TPM + physical
security of the hosts.
•
Fairly close to ongoing industrial implementation
but offers stricter security guarantees.
•
Fine-grained attestation process on the TTP side
still a research challenge.