H2020 symbiote project
|
|
- Alisha Osborne
- 5 years ago
- Views:
Transcription
1 Grant Agreement No H2020 symbiote project Security in federated IoT Environment Mikołaj Dobski, PSNC Euro-CASE 2017, Poznań
2 Agenda symbiote project overview Interoperability goals & software architecture Security layer(s) CDD & symbiote s AD Data streams mining Constraints Concept drift & its detectors 2
3 symbiote Overview Architecture: general overview Interoperability aspects Level 1-4 components Auth(n/z) approaches 3
4 A simple interoperable IoT app Universal light switch on your mobile phone switch on/off the lights wherever you go (at home, in the office, in public spaces ) but of course, only if you are allowed to do so 4
5 Platforms monetizing their resources Temperature sensor X at coordinates (, ) IoT Platform A IoT Platform B Room A Temperature service of room at building Z 5
6 High-level architecture 6
7 Interoperability Aspects Application Domain Cloud Domain Smart Space Domain Level 1: syntactic and semantic interoperability Level 2: organizational interoperability Level 3: dynamic smart spaces Smart Device Domain Level 4: roaming devices 7
8 SECURITY IN SYMBIOTE Challenges and solutions
9 Main goal and approach Target goal: multi-domain access right composition Users registered in one or more platforms are authorized to access resources exposed elsewhere Is registered in Platforms A & B Can access to resources in Platform C User/App Platform A Platform B Platform C 9
10 Layers (0) AD Authorization Authentication Baseline 10
11 Layers (1) AD Authorization Authentication Baseline 11
12 Baseline security Secure coding Audits TLS 12
13 Layers (2) AD Authorization Authentication Baseline 13
14 Authentication layer X.509 JWT PKI 14
15 JSON Web Tokens Well-known structure used for storing user s attributes New claims added by symbiote Three kinds of tokens Authorization JWS: home, foreign, guest Home Token Acquisition JWS Client Authentication JWS 15
16 Auth(N) with challenge-response 16
17 Layers (3) AD Authorization Authentication Baseline 17
18 Authorization layer Resources protected through the Attribute- Based Access Control (ABAC) paradigm User s attributes stored in trusted data structures, i.e., JSON Web Tokens (JWT) Access Policies assigned to each resource User s attributes processable through a Mapping Function 18
19 Auth(Z) with ABAC policies 19
20 Attributes Mapping Type: HOME born : 1990 Platform B Type: FOREIGN isover18 : True Platform A 20
21 MDARC Platform A User : Alice Subscription : valid Access granted Platform B User: Bob Subscription : valid 21
22 Layers (4) AD Authorization Authentication Baseline 22
23 Anomaly Detection layer Netflix OSS Events Logging Statistics 23
24 Behavioral patterns Decision Tree Root Traffic Components Resources Identity Events User_1 Log_1 Search Core AAM Registry User_n API Session_1... AAMs Resource_1 External... RAP... Resource_n Session_n Log_n 24
25 Temporal patterns Search AAMs Data flow Platform 25
26 Identified AD threats Core Platform_1 Platform_2 26
27 Open questions Platform usage statistics (GDPR) What is an anomaly? Quality of AD service Decision tree building algorithm Anomaly confirmation algorithm 27
28 Provided software AD Authorization Authentication Baseline 28
29 Security components Authentication & Authorization Managers (PKI CAs) Issuing credentials (X.509 certs and JWTs) Authenticating platforms and users (by credentials validation) Managing credentials translation (Attributes mapping function) Security Handlers Reference Cryptography operations implementation Managing a key store with clients certificates Generating client s Auth(N) payloads Matching ABAC policies against received Auth(Z) payloads Anomaly Detection Module Continuously building APIs temporal and behavioral usage models to detect anomaly spikes 29
30 Thank you! Questions? H2020 symbiote github.com/symbiote-h2020
31 CONCEPT DRIFT & ANOMALY DETECTION Where humans and rules are not enough
32 AD pros and cons Gains Costs 32
33 HANDLING DATA AND DATA STREAMS A bit of theory
34 Data Data Mining Data Stream Mining Sir Ronald Aylmer Fisher s Iris data set 34
35 DSM constraints Mohamed Gaber and João Gama, University of Porto, State-of-the-art in data stream mining
36 Windowing / batches Dariusz Brzezinski. Mining data streams with concept drift. Master s thesis, Poznan University of Technology, Poznan, Poland,
37 Inspiration decision trees J.R. Quinlan, Centre for Advanced Computing Sciences, New South Wales Institute of Technology, Australia, Induction of Decision Trees,
38 CONCEPT DRIFT When things start to change
39 Events attributes space 39
40 Concept drift types 40 Dariusz Brzezinski. Mining data streams with concept drift. Master s thesis, Poznan University of Technology, Poznan, Poland, 2010.
41 CD Detector inspiration DDM EDDM DDF 41
42 Demand driven framework P s l P D l PS = 100% l dt , Active mining of data streams, Wei Fan et al. 2008, An active learning method for mining time-changing data streams, Huang 2011, Semi-supervised approach to handle sudden concept drift in enron data, Kmieciak & Stefanowski 2014, Active learning from partly labeled data streams, Master s thesis, Dobski
symbiote Towards an IoT Framework for Semantic and Organizational Interoperability
Grant Agreement No 688156 symbiote Towards an IoT Framework for Semantic and Organizational Interoperability Ivana Podnar Žarko, Sergios Soursos, Ivan Gojmerac, Elena Garrido Ostermann, Gianluca Insolvibile,
More informationCIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products
CIAM: Need for Identity Governance & Assurance Yash Prakash VP of Products Key Tenets of CIAM Solution Empower consumers, CSRs & administrators Scale to millions of entities, cloud based service Security
More informationArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT
ArcGIS Enterprise Security: An Introduction Randall Williams Esri PSIRT Agenda ArcGIS Enterprise Security for *BEGINNING to INTERMIDIATE* users ArcGIS Enterprise Security Model Portal for ArcGIS Authentication
More informationISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems
ISACA Silicon Valley APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems Why Should You Care About APIs? Because cloud and mobile computing are built
More informationSecuring MQTT. #javaland
Securing MQTT #javaland 2017 www.bestppt.com INTRODUCTION Dominik Obermaier @dobermai Disclaimer Obligatory Disclaimer: All security suggestions and guidelines in this talk are collected from real-world
More informationBEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN
SESSION ID: GPS-R09B BEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN Sid Desai Head of Business Development Remme.io @skd_desai Agenda Our relationship to our digital-selves Evolution of Authentication
More informationARCHITECTURING AND SECURING IOT PLATFORMS JANKO ISIDOROVIC MAINFLUX
ARCHITECTURING AND SECURING IOT PLATFORMS JANKO ISIDOROVIC CEO @ MAINFLUX Outline Internet of Things (IoT) Common IoT Project challenges - Networking - Power Consumption - Computing Power - Scalability
More informationSECURING A MARATHON INSTALLATION 2016
MesosCon EU 2016 - Gastón Kleiman SECURING A MARATHON INSTALLATION 2016 2016 Mesosphere, Inc. All Rights Reserved. 1 Gastón Kleiman Distributed Systems Engineer Marathon/Mesos contributor gaston@mesosphere.io
More informationAuthorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin
Master s Thesis Authorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin Tomas Nilsson Department of Electrical and Information Technology, Faculty of Engineering, LTH, Lund University,
More informationScaling Trust with Millions of Containers: Microsegmentation Strategies for Authorization
Scaling Trust with Millions of Containers: Microsegmentation Strategies for Authorization 1 About Me Drupal Security Team Database Maintainer Service Mgmt for RHEL/Ubuntu Committer Scalable CGroups Management
More informationTableau Server Security in Depth
Welcome # T C 1 8 Tableau Server Security in Depth Kacper Reiter Sr. Software Engineer Server and Cloud Platform Dinç Çiftçi Software Engineer Server and Cloud Platform Agenda General security model
More informationThe Web of Things. Breakout session on service descriptions. Dave Raggett, W3C 1/27
The Web of Things Breakout session on service descriptions Dave Raggett, W3C 1/27 The Web of Things A huge variety of potential application domains including... 2/27 Perils of Fragmentation Advances in
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationDigital signatures: How it s done in PDF
Digital signatures: How it s done in PDF Agenda Why do we need digital signatures? Basic concepts applied to PDF Digital signatures and document workflow Long term validation Why do we need digital signatures?
More informationVerasys Enterprise Security and IT Guide
Verasys Enterprise Johnson Controls Milwaukee WI, USA www.verasyscontrols.com LIT-12013026 March 2018 Contents Introduction... 3 Microsoft Azure security and privacy... 5 Security... 5 Privacy...5 Compliance...5
More informationArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith
ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration
More informationSentinet for BizTalk Server SENTINET
Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server 1 Contents Introduction... 2 Sentinet Benefits... 3 SOA and API Repository... 4 Security... 4 Mediation and Virtualization... 5 Authentication
More informationTrust. Trustworthiness Trusted. Trust: Who? What? When? Why? How?
Trust Trustworthiness Trusted Trust: Who? What? When? Why? How? 1 Certification / Assessment is a spectrum GAFAT Websites Apps Self Asserted Basic Check Self Certified Independent Verification Independently
More informationUSING OPENSTACK TO INTEGRATE NON-OPENSTACK SERVICE JUNHO YOON, ANDREW LIU, JACK NING
USING OPENSTACK TO INTEGRATE NON-OPENSTACK SERVICE JUNHO YOON, ANDREW LIU, JACK NING AGENDA INTRODUCTION MOTIVATIONS INTEGRATE AUTHN/AUTHZ INTEGRATE PLATFORM UI INTEGRATE PLATFORM COMMUNICATION CONTINOUS
More informationBeyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development
Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development Part1 - PSA Tech Seminars 2017 Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat
More informationSingle Sign-On Architectures. Jan De Clercq Senior Member of Technical Staff Technology Leadership Group Hewlett-Packard
Single Sign-On Architectures Jan De Clercq Senior Member of Technical Staff Technology Leadership Group Hewlett-Packard Agenda Trusted Security Infrastructures SSO: What and Why? SSO Architectures Extending
More informationEn partenariat avec CA Technologies. Genève, Hôtel Warwick,
SIGS Afterwork Event in Geneva API Security as Part of Digital Transformation Projects The role of API security in digital transformation Nagib Aouini, Head of Cyber Security Services Defense & Cyber Security
More informationOverview SENTINET 3.1
Overview SENTINET 3.1 Overview 1 Contents Introduction... 2 Customer Benefits... 3 Development and Test... 3 Production and Operations... 4 Architecture... 5 Technology Stack... 7 Features Summary... 7
More informationAPI Security. PHP Tek Rob Richards
API Security PHP Tek 2012 Rob Richards rrichards@mashery.com Who am I? Rob Richards Mashery Email: rrichards@mashery.com Twitter: @mashery Slides: www.cdatazone.org WWW Danger! Danger! Traditional Web
More informationHow to return control over user data back to the user The rethink framework
How to return control over user data back to the user The rethink framework Anastasius Gavras Eurescom GmbH Online Webinar 21. June 2017 This project has received funding from the European Union s Horizon
More informationFUJITSU Cloud Service K5 - API Management Service Description
FUJITSU Cloud Service K5 - API Management Service Description August 8, 2018 1. API Management Service Overview API Management Service is built on Apigee Edge, an integrated API platform product provided
More informationConnecting the Unconnected: IoT Made Simple
Connecting the Unconnected: IoT Made Simple Max Amordeluso Head of Solutions Architecture AWS EU/EC @maxamorde Internet of Things Internet of Things Why so much interest? Smarter Products That Get Better
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationMQTT Broker API. This guide will get you started in connecting your devices to WolkAbout IoT Platform.
MQTT Broker API Getting started This guide will get you started in connecting your devices to WolkAbout IoT Platform. Terminology Before you start, you should make yourself familiar with the common terms
More informationDEVELOPMENT OF A SOFIA2 CLIENT (KP) FOLLOWING THE MODEL KP ARCHITECTURE
DEVELOPMENT OF A SOFIA2 CLIENT (KP) FOLLOWING THE MODEL KP ARCHITECTURE May 2016 Version 1 DEVELOPMENT OF KP MODEL Page 1/18 INDEX INDEX... 2 STEP 1 GETTING FAMILIAR WITH SOFIA2'S BASIC CONCEPTS... 3 STEP
More informationAWS IoT Overview. July 2016 Thomas Jones, Partner Solutions Architect
AWS IoT Overview July 2016 Thomas Jones, Partner Solutions Architect AWS customers are connecting physical things to the cloud in every industry imaginable. Healthcare and Life Sciences Municipal Infrastructure
More informationOffice 365 and Azure Active Directory Identities In-depth
Office 365 and Azure Active Directory Identities In-depth Jethro Seghers Program Director SkySync #ITDEVCONNECTIONS ITDEVCONNECTIONS.COM Agenda Introduction Identities Different forms of authentication
More informationFederated Web Services with Mobile Devices
Federated Web Services with Mobile Devices Rajeev Angal Architect Sun Microsystems Pat Patterson Architect Sun Microsystems Session TS-6673 Copyright 2006, Sun Microsystems, Inc., All rights reserved.
More informationMapping of FedRAMP Tailored LI SaaS Baseline to ISO Security Controls
Mapping of FedRAMP Tailored LI SaaS Baseline to ISO 27001 Security Controls This document provides a list of all controls that require the Cloud Service Provider, Esri, to provide detailed descriptions
More informationArcGIS for Server: Security
DevSummit DC February 11, 2015 Washington, DC Michael Sarhan Esri msarhan@esri.com Agenda Review Basic Security Workflow - ArcGIS Server Roles and Identity Stores - Authentication - Authorization: Securing
More informationArcGIS Enterprise: Portal Administration BILL MAJOR CRAIG CLEVELAND
ArcGIS Enterprise: Portal Administration BILL MAJOR CRAIG CLEVELAND Agenda Welcome & Introduction to ArcGIS Enterprise Portal for ArcGIS - Basic Configuration - Advanced Configuration - Deploying Apps
More informationGIOTTO. Design and Architecture
GIOTTO Buildings form an essential part of our lives, and provide many services that make our indoor environment comfortable, productive and enjoyable. With advances in communication and computing, buildings
More informationA Proposed Standard for Entity Attestation draft-mandyam-eat-00. Laurence Lundblade. November 2018
A Proposed Standard for Entity Attestation draft-mandyam-eat-00 Laurence Lundblade November 2018 1 EAT Overall System Entity (e.g., Chip, Device ) Immutable private key for signing. Stored securely on
More informationSingapore s National Digital Identity (NDI):
Singapore s National Digital Identity (NDI): Leaving no one behind Kwok Quek Sin Director, National Digital Identity Programme Government Technology Agency PART 1 INTRODUCTION TO NDI Better Living For
More informationChapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing
Chapter 6: Digital Certificates Introduction Methods PKI Digital Certificate Passing Prof Bill Buchanan OBE http://asecuritysite.com/crypto06 http://asecuritysite.com/encryption Identity on the Internet
More informationCryptologic and Cyber Systems Division
Cryptologic and Cyber Systems Division OVERALL BRIEFING IS Someone Scraped My Identity! Is There a Doctrine in the House? AF Identity, Credential, and Access Management (ICAM) August 2018 Mr. Richard Moon,
More informationTHE FUTURE OF AUTHENTICATION FOR THE INTERNET OF THINGS
THE FUTURE OF AUTHENTICATION FOR THE INTERNET OF THINGS FIDO ALLIANCE WEBINAR MARCH 28, 2017 1 INTRODUCTION TO THE FIDO ALLIANCE ANDREW SHIKIAR SENIOR DIRECTOR OF MARKETING MARCH 28, 2017 2 THE FACTS ON
More informationINDIGO-Datacloud Identity and Access Management Service
INDIGO-Datacloud Identity and Access Management Service RIA-653549 Presented by Andrea Ceccanti (INFN) andrea.ceccanti@cnaf.infn.it WLCG AuthZ WG Meeting Dec, 14th 2017 IAM overview INDIGO IAM The Identity
More informationRamnish Singh IT Advisor Microsoft Corporation Session Code:
Ramnish Singh IT Advisor Microsoft Corporation Session Code: Agenda Microsoft s Identity and Access Strategy Geneva Claims Based Access User access challenges Identity Metasystem and claims solution Introducing
More informationSecuring your Standards Based Services. Rüdiger Gartmann (con terra GmbH) Satish Sankaran (Esri)
Securing your Standards Based Services Rüdiger Gartmann (con terra GmbH) Satish Sankaran (Esri) Agenda What are your security goals? Access control Standards and interoperability User management and authentication
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationUser Directories. Overview, Pros and Cons
User Directories Overview, Pros and Cons Overview Secure ISMS can operate with one or more of the following user directories. Secure ISMS Users (ISMS) Internal users local to the Secure ISMS application
More informationAuthentication. Katarina
Authentication Katarina Valalikova @KValalikova k.valalikova@evolveum.com 1 Agenda History Multi-factor, adaptive authentication SSO, SAML, OAuth, OpenID Connect Federation 2 Who am I? Ing. Katarina Valaliková
More informationHigh Level Interoperability Testing
High Level Interoperability Testing For the Web of Things Dave Raggett F-Interop is an international project supported by the European Union s Horizon 2020 programme under Grant Agreement
More informationWhat s New for Oracle Internet of Things Cloud Service. Topics: Oracle Cloud. What's New for Oracle Internet of Things Cloud Service Release 17.4.
Oracle Cloud What's New for Oracle Internet of Things Cloud Service Release 17.4.5 E70360-16 December 2017 What s New for Oracle Internet of Things Cloud Service As soon as new and changed features become
More informationNational Identity Exchange Federation. Terminology Reference. Version 1.0
National Identity Exchange Federation Terminology Reference Version 1.0 August 18, 2014 Table of Contents 1. INTRODUCTION AND PURPOSE... 2 2. REFERENCES... 2 3. BASIC NIEF TERMS AND DEFINITIONS... 5 4.
More informationSecuring Modern API and Microservice Based Applications by Design A closer look at security concerns for modern applications Farshad Abasi / Forward
Securing Modern API and Microservice Based Applications by Design A closer look at security concerns for modern applications Farshad Abasi / Forward Security / 2018-11-22 About Me Farshad Abasi Based in:
More informationThomas Burke. Darek Kominek Marketing Manager, Matrikon (Honeywell) President, OPC Foundation OPC Foundation
Thomas Burke President, OPC Foundation Darek Kominek Marketing Manager, Matrikon (Honeywell) The mission of the OPC Foundation is to manage a global organization in which users, vendors and consortia collaborate
More informationDesign and development of a distributed, secure and resilient vault management system
Design and development of a distributed, secure and resilient vault management system Mathonet G. University of Liège, Belgium June 2017 Mathonet G. (University of Liège, Belgium) Design and development
More informationQualys Cloud Platform (VM, PC) v8.x Release Notes
Qualys Cloud Platform (VM, PC) v8.x Release Notes Version 8.18.1 April 1, 2019 This new release of the Qualys Cloud Platform (VM, PC) includes improvements to Vulnerability Management and Policy Compliance.
More informationAuthority Tokens for ACME. IETF 101 ACME WG Jon - London - Mar 2018
Authority Tokens for ACME IETF 101 ACME WG Jon - London - Mar 2018 STIR and ACME What is STIR? Secure Telephone Identity (Revisited) ART Area WG Providing cryptographic authentication for telephone calls
More informationSecuring ArcGIS Server Services An Introduction
2013 Esri International User Conference July 8 12, 2013 San Diego, California Technical Workshop Securing ArcGIS Server Services An Introduction David Cordes & Derek Law Esri - Redlands, CA Agenda Security
More informationAPI Security Management with Sentinet SENTINET
API Security Management with Sentinet SENTINET Overview 1 Contents Introduction... 2 Security Mediation and Translation... 3 Security Models... 3 Authentication... 4 Authorization... 5 Bidirectional Security
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationDistributing Secrets. Securely? Simo Sorce. Presented by. Red Hat, Inc.
Distributing Secrets Securely? Presented by Simo Sorce Red Hat, Inc. Flock 2015 Historically Monolithic applications on single servers potentially hooked to a central authentication system. Idm Distributing
More informationM2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres
M2M / IoT Security Eurotech`s Everyware IoT Security Elements Overview Robert Andres 23. September 2015 The Eurotech IoT Approach : E2E Overview Application Layer Analytics Mining Enterprise Applications
More informationServer-based Certificate Validation Protocol
Server-based Certificate Validation Protocol Digital Certificate and PKI a public-key certificate is a digital certificate that binds a system entity's identity to a public key value, and possibly to additional
More informationThales e-security. Security Solutions. PosAm, 06th of May 2015 Robert Rüttgen
Thales e-security Security Solutions PosAm, 06th of May 2015 Robert Rüttgen Hardware Security Modules Hardware vs. Software Key Management & Security Deployment Choices For Cryptography Software-based
More information#RSAC #RSAC Thing Thing Thing Thing Thing Thing Edge Edge Gateway Gateway Cut costs Create value Find information in data then act Maintain Things Enrol Authorized Users & Things Authentication
More informationIdentity & Policy (for Security, Privacy and Trust)
Identity & Policy (for Security, Privacy and Trust) October 28th, 2008 Liberty Alliance Wrbcast Rakesh Radhakrishnan Principle Architect (Telco) Technology Lead (Telco) Sun Microsystems, Inc. 1 Agenda
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationUnbound and Oasis KMIP Interoperability
Unbound and Oasis KMIP Interoperability Thad Roemer, Solutions Architect April 2018 What does KMIP do? Security Applications or Appliances Key Material & Metadata Transport KMIP Key Management Server Create,
More informationNew Approaches to Connected Device Security
New Approaches to Connected Device Security Erik Jacobson Architecture Marketing Director Arm Arm Techcon 2017 - If you connect it to the Internet, someone will try to hack it. - If what you put on the
More informationDTLS-HIMMO: Efficiently Securing a PQ world with a fully-collusion resistant KPS
DTLS-HIMMO: Efficiently Securing a PQ world with a fully-collusion resistant KPS Oscar Garcia-Morchon, Ronald Rietman, Sahil Sharma, Ludo Tolhuizen, Jose Luis Torre-Arce Philips Research, The Netherlands
More informationSecuring ArcGIS Services
Federal GIS Conference 2014 February 10 11, 2014 Washington DC Securing ArcGIS Services James Cardona Agenda Security in the context of ArcGIS for Server Background concepts Access Securing web services
More informationExam : Implementing a Cloud Based Infrastructure
Exam 70-414: Implementing a Cloud Based Infrastructure Course Overview This course teaches students about creating the virtualization infrastructure, planning and deploying virtual machines, monitoring,
More informationTechnical Brief. A Checklist for Every API Call. Managing the Complete API Lifecycle
Technical Brief A Checklist for Table of Contents Introduction: The API Lifecycle 2 3 Security professionals API developers Operations engineers API product or business owners Apigee Edge 7 A Checklist
More informationECE 646 Lecture 3. Key management
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution Using the same key for multiple
More informationBring Your Own Device Part I Yuqing Zhao 趙宇清 Protocol Test Suite Developer Microsoft Corporation
Bring Your Own Device Part I Yuqing Zhao 趙宇清 Protocol Test Suite Developer Microsoft Corporation What s BYOD Device Public Cloud Device Enterprise On-Premise Cloud BYOD Protocols and Test Design
More informationLIPPU-API: Security Considerations
LIPPU-API: Security Considerations Interoperability of ticket and payment systems project 27th of November 2017 1 Contents 1 Introduction... 2 2 Threat modeling... 2 3 Layered security architecture and
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name:_Unversity of Regina Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCertificate Enrollment for the Atlas Platform
Certificate Enrollment for the Atlas Platform Certificate Distribution Challenges Digital certificates can provide a secure second factor for authenticating connections from MAP-wrapped enterprise apps
More informationPro s and con s Why pins # s, passwords, smart cards and tokens fail
Current Authentication Methods Pro s and con s Why pins # s, passwords, smart cards and tokens fail IDENTIFYING CREDENTIALS In The Physical World Verified by Physical Inspection of the Credential by an
More informationTEN LAYERS OF CONTAINER SECURITY
TEN LAYERS OF CONTAINER SECURITY Tim Hunt Kirsten Newcomer May 2017 ABOUT YOU Are you using containers? What s your role? Security professionals Developers / Architects Infrastructure / Ops Who considers
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More information70-742: Identity in Windows Server Course Overview
70-742: Identity in Windows Server 2016 Course Overview This course provides students with the knowledge and skills to install and configure domain controllers, manage Active Directory objects, secure
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationUsing the Horizon vrealize Orchestrator Plug-In
Using the Horizon vrealize Orchestrator Plug-In VMware Horizon 6 version 6.2.3, VMware Horizon 7 versions 7.0.3 and later Modified on 4 JAN 2018 VMware Horizon 7 7.4 You can find the most up-to-date technical
More informationProtecting Keys/Secrets in Network Automation Solutions. Dhananjay Pavgi, Tech Mahindra Ltd Srinivasa Addepalli, Intel
Protecting Keys/Secrets in Network Automation Solutions Dhananjay Pavgi, Tech Mahindra Ltd Srinivasa Addepalli, Intel Agenda Introduction Private Key Security Secret Management Tamper Detection Summary
More informationDeveloping Solutions for Google Cloud Platform (CPD200) Course Agenda
Developing Solutions for Google Cloud Platform (CPD200) Course Agenda Module 1: Developing Solutions for Google Cloud Platform Identify the advantages of Google Cloud Platform for solution development
More informationThe Open Application Platform for Secure Elements.
The Open Application Platform for Secure Elements. Java Card enables secure elements, such as smart cards and other tamper-resistant security chips, to host applications, called applets, which employ Java
More informationEnabling Grids for E-sciencE. EGEE security pitch. Olle Mulmo. EGEE Chief Security Architect KTH, Sweden. INFSO-RI
EGEE security pitch Olle Mulmo EGEE Chief Security Architect KTH, Sweden www.eu-egee.org Project PR www.eu-egee.org EGEE EGEE is the largest Grid infrastructure project in the World? : 70 leading institutions
More informationMINIMUM SECURITY CONTROLS SUMMARY
APPENDIX D MINIMUM SECURITY CONTROLS SUMMARY LOW-IMPACT, MODERATE-IMPACT, AND HIGH-IMPACT INFORMATION SYSTEMS The following table lists the minimum security controls, or security control baselines, for
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationTAS 3 Architecture. Sampo Kellomäki Symlabs , ServiceWave, Stockholm
TAS 3 Architecture Sampo Kellomäki (sampo@symlabs.com), Symlabs 23.11.2009, ServiceWave, Stockholm The research leading to these results has received funding from the European Community s Seventh Framework
More informationOctober J. Polycom Cloud Services Portal
October 2018 3725-42461-001J Polycom Cloud Services Portal Copyright 2018, Polycom, Inc. All rights reserved. No part of this document may be reproduced, translated into another language or format, or
More informationHARDWARE SECURITY MODULES (HSMs)
HARDWARE SECURITY MODULES (HSMs) Cryptography: The basics Protection of data by using keys based on complex, randomly-generated, unique numbers Data is processed by using standard algorithms (mathematical
More information4.2. Authenticating to REST Services. Q u i c k R e f e r e n c e G u i d e. 1. IdentityX 4.2 Updates
4.2 Authenticating to REST Services Q u i c k R e f e r e n c e G u i d e In IdentityX 4.1, REST services have an authentication and signing requirement that is handled by the IdentityX REST SDKs. In order
More informationWindows IoT Security. Jackie Chang Sr. Program Manager
Windows IoT Security Jackie Chang Sr. Program Manager Rest Physical access to a device will not give access to data Data & Control Execution Data owner has full control over data processing Motion Transport
More informationFUJITSU Cloud Service K5 - API Management Service Description
FUJITSU Cloud Service K5 - API Management Service Description March 22, 2018 1. API Management Service Overview API Management Service is built on Apigee Edge, an integrated API platform product provided
More informationA privacy-preserving authentication service using mobile devices
A privacy-preserving authentication service using mobile devices Mihai Togan Security Software Architect certsign Context Mobile devices Present everywhere What to consider High performance Computing power
More informationClearPass. ClearPass Extension Universal Authentication Proxy. ClearPass Extension Universal Authentication Proxy TechNote
ClearPass Extension Universal Authentication Proxy TechNote ClearPass Extension Universal Authentication Proxy ClearPass TechNote ClearPass Extension Universal Authentication Proxy - TechNote 1 ClearPass
More informationIdentity Management In Red Hat Enterprise Linux. Dave Sirrine Solutions Architect
Identity Management In Red Hat Enterprise Linux Dave Sirrine Solutions Architect Agenda Goals of the Presentation 2 Identity Management problem space What Red Hat Identity Management solution is about?
More informationopenid connect all the things
openid connect all the things @pquerna CTO, ScaleFT CoreOS Fest 2017-2017-07-01 Problem - More Client Devices per-human - Many Cloud Accounts - More Apps: yay k8s - More Distributed Teams - VPNs aren
More information