HACK MY CHIP: A RED TEAM BLUE TEAM APPROACH FOR SOC SECURITY. David HELY Grenoble INP Esisar LCIS, Valence
|
|
|
- Lindsey Stanley
- 6 years ago
- Views:
Transcription
1 Hack My chip: A red Team Blue Team Approach 1 HACK MY CHIP: A RED TEAM BLUE TEAM APPROACH FOR SOC SECURITY David HELY Grenoble INP Esisar LCIS, Valence david.hely@grenoble-inp.fr
2 Hack My chip: A red Team Blue Team Approach 2 Red Team vs Blue Team What is this approach? Given a System The Red Team develops attacks The Blue Team develops countermeasures In order to define and validate: New security test-benches New countermeasures What is not this approach? A hacking competition on commercial/industrial products A promotion of hacking
3 Hack My chip: A red Team Blue Team Approach 3 Why such an Approach? Security exploits are sensitive Few «real world» attacks and secure system are available A need for security test suites Hacking is a «dynamic» activity New exploits/attacks are frequently created This requires recurrent update of security testbench Students are creative and enthusiastic Challenging security issues may arise Pedagogic approach Practical way to get hands on Security Issues Motivating and Challenging for students
4 Hack My chip: A red Team Blue Team Approach 4 CSAW: Embedded System Challenge (1) International Student Competition based on the Red Team/Blue Team Approach Participation of Esisar Students 2016 subjects: Secure Processor Design
5 Hack My chip: A red Team Blue Team Approach 5 CSAW: Embedded System Challenge (2) Objectives: Demonstrating software vulnerabilities on a given processor system: OpenRISC Modifying the processor hardware in order to secure it against such attacks: How hardware can Thwart software vulnerabilities?
6 Hack My chip: A red Team Blue Team Approach 6 CSAW: Embedded System Challenge (2) Hardware mitigations for memory corruption and control flow integrity attacks in Embedded Systems System Baseline OpenRisc based Embedded System running Linux on an FPGA Red Team: Design software exploits for Linux programs running on an OpenRISC system Blue Team: Design and Implement hardware-based mitigations for the OpenRISC processor to protect against different exploitation methods
7 Hack My chip: A red Team Blue Team Approach 7 CSAW: Embedded System Challenge (3) Evaluation: Practical Evaluation Each team plays both roles Attacks are played on each secure embedded system A team scores when its attack succeeds or when its defense resists Evaluation by a panel of industry expert Each teams presents the solution in front of a panel of industry expert judges which evaluates the countermeasures based on: Cost, performance, integration, efficiency
8 Hack My chip: A red Team Blue Team Approach 8 CSAW: Embedded System Challenge (4) Outcomes: A practical Evaluation Platform for Embedded System Security Design : A set of exploits for evaluation Different countermeasures designed and Evaluated Ready to use for both Research and Teaching Activities From an Academic point of view: Valuable Experience in embedded System Security for the students New materials for teaching Activities New Materials for On-going and Future research From an industrial Point of view Identification of promising students Access to the platforms and associated materials
9 Hack My chip: A red Team Blue Team Approach 9 Existing/On-Going Platforms (1) Side channel Attacks EM and Power Analysis Different Ciphers: AES, DES, ECC, PRESENT Different Implementations: SW and HW Fault Attacks Simulation based Fault Injection Work on both models and countermeasures
10 Hack My chip: A red Team Blue Team Approach 10 Existing/On-Going Platforms (2) Secure RFID In System Evaluation of Secure RFID protocol Lightweight Cryptography, RFID Robustness Secure Processor Design SoC Lifecycle Security HW support to SW security
11 Hack My chip: A red Team Blue Team Approach 11 Conclusions Such Platforms and Activities are essential for Teaching and Research in the fields of IoT security in order to : Promote hardware security issues and solution in modern IoT devices Support solutions development (Research and Technology Transfer) Keep Defense Designers up to date of hackers capabilities Perform in System Evaluation of hardware based security solutions
SIDE CHANNEL ANALYSIS : LOW COST PLATFORM. ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI
SIDE CHANNEL ANALYSIS : LOW COST PLATFORM ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI THE CEA Military Applications Division (DAM) Nuclear Energy Division (DEN) Technological Research Division
CSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
Certified Ethical Hacker V9
Certified Ethical Hacker V9 Certificate: Certified Ethical Hacker Duration: 5 Days Course Delivery: Blended Course Description: Accreditor: EC Council Language: English This is the world s most advanced
STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences
STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences Undergraduate Programs - Bachelor B.S. Computer Game Design Upon completion of the B.S. degree in Computer Game Design, students
Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices
Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices Dr. Johann Heyszl, Head of Hardware Security Department Fraunhofer-Institute for Applied and Integrated Security
Implementation Tradeoffs for Symmetric Cryptography
Implementation Tradeoffs for Symmetric Cryptography Télécom ParisTech, LTCI Page 1 Implementation Trade-offs Security Physical attacks Cryptanalysis* Performance energy Throughput Latency Complexity *
SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS
SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS Christoph Krauß, christoph.krauss@aisec.fraunhofer.de Dagstuhl Seminar 11441: Science and Engineering of CPS, November 2011 Overview Introduction Securing
Rating Attack Potential for Smartcards
Rating Attack Potential for Smartcards Alain MERLE, CEA-LETI Technical manager of CESTI LETI on behalf of ISCI (JHAS) group CESTI LETI 1 The ISCI group (International Security Certification Initiative)
Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits
Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits Hassan Eldib, Meng Wu, and Chao Wang CAV, July 23, 2016 Cryptographic Algorithm: an example Plaintext Chip Ciphertext 0110 1001 1011
Security in sensors, an important requirement for embedded systems
Security in sensors, an important requirement for embedded systems Georg Sigl Institute for Security in Information Technology Technical University Munich sigl@tum.de Fraunhofer AISEC Institute for Applied
UC Santa Barbara. Organizing Large Scale Hacking Competitions
Organizing Large Scale Hacking Competitions Outline Hacking Competitions Overview UCSB s ictf History 2003 2007 Competitions 2008 Competition 2009 Competition Lessons Learned Final Remarks HACKING COMPETITIONS
System-level threats: Dangerous assumptions in modern Product Security. Cristofaro
System-level threats: Dangerous assumptions in modern Product Security Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid Me Cristofaro Mune (@pulsoid) - Product Security Consultant/Researcher - Keywords:
Embedded/Connected Device Secure Coding. 4-Day Course Syllabus
Embedded/Connected Device Secure Coding 4-Day Course Syllabus Embedded/Connected Device Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted
Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Secure Java Web Application Development Lifecycle - SDL (TT8325-J) Day(s): 5 Course Code: GK1107 Overview Secure Java Web Application Development Lifecycle (SDL) is a lab-intensive, hands-on Java / JEE
Course 831 EC-Council Certified Ethical Hacker v10 (CEH)
Course 831 EC-Council Certified Ethical Hacker v10 (CEH) Duration: 5 days What You Get: CEH v10 Certification exam voucher 5 days of high quality classroom training 18 comprehensive modules 40% of class
MASP Chapter on Safety and Security
MASP Chapter on Safety and Security Daniel Watzenig Graz, Austria https://artemis.eu MASP Chapter on Safety & Security Daniel Watzenig daniel.watzenig@v2c2.at Francois Tuot francois.tuot@gemalto.com Antonio
Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Securing Java/ JEE Web Applications (TT8320-J) Day(s): 4 Course Code: GK1123 Overview Securing Java Web Applications is a lab-intensive, hands-on Java / JEE security training course, essential for experienced
Application. Security. on line training. Academy. by Appsec Labs
Application Security on line training Academy by Appsec Labs APPSEC LABS ACADEMY APPLICATION SECURITY & SECURE CODING ON LINE TRAINING PROGRAM AppSec Labs is an expert application security company serving
ISDP 2018 Industry Skill Development Program In association with
ISDP 2018 Industry Skill Development Program In association with Penetration Testing What is penetration testing? Penetration testing is simply an assessment in a industry computer network to test the
Secure boot under attack: Simulation to enhance fault injection & defenses
Secure boot under attack: Simulation to enhance fault injection & defenses Martijn Bogaard Senior Security Analyst martijn@riscure.com / @jmartijnb Niek Timmers Principal Security Analyst niek@riscure.com
Certified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
Controlled Fault Injection: Wishful Thinking, Thoughtful Engineering,
Controlled Fault Injection: Wishful Thinking, Thoughtful Engineering, or just LUCK? FDTC 2017 Panelists: Ilia Polian, Marc Joye, Ingrid Verbauwhede Marc Witteman, Johann Heyszl The Fault Attack Process
CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security
CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships About SANS The SANS (SysAdmin, Audit, Network, Security) Institute Established in 1989 Cooperative research
Threat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017
Threat analysis Tuomas Aura CS-C3130 Information security Aalto University, autumn 2017 Outline What is security Threat analysis Threat modeling example Systematic threat modeling 2 WHAT IS SECURITY 3
C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified
EC-Council C T Certified I A Threat Intelligence Analyst CERTIFIED THREAT INTELLIGENCE ANALYST PROGRAM BROCHURE 1 Predictive Capabilities for Proactive Defense! Cyber threat incidents have taken a drastic
Ultra-Lightweight Cryptography
Ultra-Lightweight Cryptography F.-X. Standaert UCL Crypto Group European brokerage event, Cryptography Paris, September 2016 Outline Introduction Symmetric cryptography Hardware implementations Software
COSADE Conference Series
COSADE Conference Series Past, Present, and Future Sorin A. Huss 1 / 24 Initiators Werner Schindler Sorin Alexander Huss 2 / 24 Constructive Side-Channel Analysis and Secure Design Time Period 2010 to
ITSY 2330 Intrusion Detection Course Syllabus
ITSY 2330 Intrusion Detection Course Syllabus Instructor Course Reference Number (CRN) Course Description: Course Prerequisite(s) Course Semester Credit Hours (SCH) (Lecture, Lab) Name: Hung Le Tel: Office:
Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability
Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability Communications and Embedded Systems Department Southwest Research Institute Gary Ragsdale, Ph.D., P.E. August 24 25,
Securing IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region
Securing IoT devices with STM32 & STSAFE Products family Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region 2 The leading provider of products and solutions for Smart Driving and
Web Security Vulnerabilities: Challenges and Solutions
Web Security Vulnerabilities: Challenges and Solutions A Tutorial Proposal for ACM SAC 2018 by Dr. Hossain Shahriar Department of Information Technology Kennesaw State University Kennesaw, GA 30144, USA
Advisory: Students should have already taken MICROCOMPUTER APPLICATIONS II - 431
Cyber Security I - CoSci 411 Los Angeles Mission College - Spring 2018 Instructor: Javier Rios E-mail: rios.javier@gmail.com E-mail communications will be will receive a response within 24 hours. Advisory:
Hardware Acceleration for Cryptographic Functions
Hardware Acceleration for Cryptographic Functions (AES Algorithm) By: Ahmed Moussa Outline Introduction Why Accelerate Cryptographic Functions? Why Hardware Acceleration? Approaches Literature Review Problem
Secure Development Lifecycle
Secure Development Lifecycle Strengthening Cisco Products The Cisco Secure Development Lifecycle (SDL) is a repeatable and measurable process designed to increase Cisco product resiliency and trustworthiness.
Chapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
EC-Council C EH. Certified Ethical Hacker. Program Brochure
EC-Council TM C EH Program Brochure Target Audience This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the
Embedded Systems: Projects
November 2016 Embedded Systems: Projects Davide Zoni PhD email: davide.zoni@polimi.it webpage: home.dei.polimi.it/zoni Contacts & Places Prof. William Fornaciari (Professor in charge) email: william.fornaciari@polimi.it
Securing IoT devices with Hardware Secure Element. Fabrice Gendreau EMEA Secure MCUs Marketing & Application Manager
Securing IoT devices with Hardware Secure Element Fabrice Gendreau EMEA Secure MCUs Marketing & Application Manager 2 A global semiconductor leader 2016 revenues of $6.97B Listed: NYSE, Euronext Paris
EM Analysis in the IoT Context: Lessons Learned from an Attack on Thread
EM Analysis in the IoT Context: Lessons Learned from an Attack on Thread Daniel Dinu 1, Ilya Kizhvatov 2 1 Virginia Tech 2 Radboud University Nijmegen CHES 2018 Outline 1 Introduction 2 Side-Channel Vulnerability
MICROCIRCUIT SECURITY
MICROCIRCUIT SECURITY Everything begins in the chip. Sawblade Ventures, LLC Austin, Texas Chip Security Vulnerability: How to Close the Gap Between Design Software & Design Hardware CTEA Electronics Symposium
Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017
Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017 ITD 3443 Network Security Students will provide Cyber Defense while understanding Cyber Threats. Their attack types
Why Crowdsourced Security?
Why Crowdsourced Security? Highlights There is a fundamental imbalance between the creativity and motivations of cyber attackers, and those of enterprise security defenders. rowdsourced Security is a powerful
Presented by National CyberWatch Center March 31, April 1 & 2, 2016 Johns Hopkins University Applied Physics Lab Laurel, Maryland
Presented by National CyberWatch Center March 31, April 1 & 2, 2016 Johns Hopkins University Applied Physics Lab Laurel, Maryland 2016 SPONSOR BROCHURE WHAT IS THE NATIONAL CYBERWATCH CENTER MID-ATLANTIC
Secure Design Methodology and The Tree of Trust
Secure Design Methodology and The Tree of Trust Secure Embedded Systems Group ECE Department Virginia Tech The new Cool: Reverse Engineering... Microsoft Zune (http://bunniestudios.com) Under the Hood
Stack Overflow. Faculty Workshop on Cyber Security May 23, 2012
Stack Overflow Faculty Workshop on Cyber Security May 23, 2012 Goals Learn to hack into computer systems using buffer overflow Steal sensitive data Crash computer programs Lay waste to systems throughout
Certified Ethical Hacker (CEH)
Certified Ethical Hacker (CEH) COURSE OVERVIEW: The most effective cybersecurity professionals are able to predict attacks before they happen. Training in Ethical Hacking provides professionals with the
MIAOW: An Open Source GPGPU
MIAOW: An Open Source GPGPU www.miaowgpu.org Vinay Gangadhar, Raghu Balasubramanian, Mario Drumond, Ziliang Guo, Jai Menon, Cherin Joseph, Robin Prakash, Sharath Prasad, Pradip Vallathol, Karu Sankaralingam
CompTIA Cybersecurity Analyst+
CompTIA Cybersecurity Analyst+ Course CT-04 Five days Instructor-Led, Hands-on Introduction This five-day, instructor-led course is intended for those wishing to qualify with CompTIA CSA+ Cybersecurity
RiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
DIS10.1 Ethical Hacking and Countermeasures
DIS10.1 Ethical Hacking and Countermeasures ABOUT DIS Why choose Us. Data and internet security council is the worlds top most information security certification body. Our uniquely designed course for
CEH: CERTIFIED ETHICAL HACKER v9
CEH: CERTIFIED ETHICAL HACKER v9 SUMMARY The Certified Ethical Hacker (CEH) program is the core of the most desired information security training system any information security professional will ever
Trustzone Security IP for IoT
Trustzone Security IP for IoT Udi Maor CryptoCell-7xx product manager Systems & Software Group ARM Tech Forum Singapore July 12 th 2017 Why is getting security right for IoT so important? When our everyday
Lightweight Privacy Preserving Authentication for RFID Using a Stream Cipher
Lightweight Privacy Preserving Authentication for RFID Using a Stream Cipher Olivier Billet, Jonathan Etrog, and Henri Gilbert Orange Labs RFID systems tags readers back end many types of systems system
Hardware-Level Security for the IoT. Mark Zwolinski March 2017
Hardware-Level Security for the IoT Mark Zwolinski March 2017 Outline Background, IoT, Hardware/Software, Threats/Risks Hardware-level security PUFs Anomaly detection Summary IoT / Embedded Systems Not
ECE 646 Cryptography and Computer Network Security. Kris Gaj Research and teaching interests:
646 Cryptography and Computer Network Security Course web page: Google Kris Gaj 646 Kris Gaj Research and teaching interests: cryptography network security computer arithmetic FPGA & ASIC design and testing
CyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
Introducing Cyber Resiliency Concerns Into Engineering Education
Introducing Cyber Resiliency Concerns Into Engineering Education Mr. Tom McDermott Georgia Tech Research Institute Mr. Barry Horowitz University of Virginia NDIA 20 th Annual Systems Engineering Conference
CyberVista Certify cybervista.net
ONLINE CYBERSECURITY CERTIFICATION TRAINING CyberVista Certify ONLINE CYBERSECURITY CERTIFICATION TRAINING CyberVista Certify CyberVista offers the industry s most comprehensive cybersecurity training
Master of Cyber Security, Strategy and Risk Management. CECS PG Information Session April 17, 2018
Master of Cyber Security, Strategy and Risk Management CECS PG Information Session April 17, 2018 2 Program Purpose Provide a working understanding of information, network and software security, across
Cisco s Security Dojo: Raising the Application Security Awareness of 20,000+ Chris Romeo, Security Journey; formerly of Cisco Systems
Cisco s Security Dojo: Raising the Application Security Awareness of 20,000+ Chris Romeo, Security Journey; formerly of Cisco Systems Chris Romeo @edgeroute Chris Romeo, CEO / Principal Consultant 20 years
SECURITY CRYPTOGRAPHY Cryptography Overview Brochure. Cryptography Overview
SECURITY CRYPTOGRAPHY Cryptography Overview Brochure Cryptography Overview DPA-resistant and Standard Cryptographic Hardware Cores DPA (Differential Power Analysis) Resistant Hardware Cores prevent against
FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES
, suitable for DFA on AES Jonas Krautter, Dennis R.E. Gnad, Mehdi B. Tahoori 10.09.2018 INSTITUTE OF COMPUTER ENGINEERING CHAIR OF DEPENDABLE NANO COMPUTING KIT Die Forschungsuniversität in der Helmholtz-Gemeinschaft
DIS10.1:Ethical Hacking and Countermeasures
1 Data and Information security Council DIS10.1:Ethical Hacking and Countermeasures HACKERS ARE NOT BORN, THEY BECOME HACKER About DIS :Data and Internet Security Council DIS is the Globally trusted Brand
Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring
Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy.
EC-Council C EH. Certified Ethical Hacker. Program Brochure
EC-Council TM H Program Brochure Course Description The (CEH) program is the core of the most desired information security training system any information security professional will ever want to be in.
CRN150 Fundamentals of Network Security
CRN150 Fundamentals of Network Security Course Information Credits 3 Washburn University Institute of Technology 5724 SW Huntoon Street Topeka, Kansas 66604 Phone: 785.670.3441 Office Fax: 785.273.7080
Dynamic program analysis
Dynamic program analysis Pierre.Girard@gemalto.com RE-TRUST workshop Meudon, March 19, 2009 Mission of the day Give an overview of tools and procedures for dynamic software analysis in an industrial security
Sofware & System Security. Group. Davide Balzarotti Aurélien Francillon
Sofware & System Security Group S3@eurecom Davide Balzarotti Aurélien Francillon Professors The S3 Group Professors The S3 Group Embedded Systems Security The S3 Group The S3 Group Operating Systems &
Preface. Structure of the Book
When the first edition of this book was published back in 2008, the scope was anything to do with smart cards and security tokens in the widest sense. The aim was in fact to provide a complete story, looking
ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
Pervasive Computing and the Future of Crypto Engineering
Pervasive Computing and the Future of Crypto Engineering I&C Seminar, EPFL December 15, 2003 Christof Paar Ruhr-Universität Bochum www.crypto.rub.de Contents 1. Very Brief History of Crypto Applications
Security of Embedded Systems
Security of Embedded Systems Matthias Schunter, Intel Labs, Ahmad Sadeghi, TU Darmstadt + Teams (F. Brasser, L. Davi, P. Koeberl, S. Schulz, et. al.) 1 2015 Intel Corporation What is an Embedded System?
Introduction. Competencies. This course provides guidance to help you demonstrate the following 6 competencies:
This course supports the objective assessments for the Outside vendor certification for EC-Council Certified Ethical Hacker. The course covers 6 competencies and represents 3 competency units. Introduction
Security enhancing CAN transceivers. Bernd Elend Principal Engineer March 8 th, 2017
Bernd Elend Principal Engineer March 8 th, 2017 Introduction: SECURITY REQUIRES A LAYERED APPROACH NXP s 4 + 1 Layer approach for vehicle cyber security: Multiple security techniques, at different levels
Syllabus of ENPM 691: Secure Programming in C
Syllabus of ENPM 691: Secure Programming in C Spring Semester 2018 Instructor: Dharmalingam Ganesan, PhD Contact: dganesan@umd.edu Class hours: Thursday 7:00 PM to 9:40 PM Class location: TBA Course Description:
Connecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
Certified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
August 18-19, 2018 (Saturday-Sunday)
August 18-19, 2018 (Saturday-Sunday) ORGANIZED BY: HUMAN RESOURCE DEVELOPMENT CENTER & SCHOOL OF COMPUTER & SCIENCE ENGINEERING LOVELY PROFESSIONAL UNIVERSITY PHAGWARA, PUNJAB. BACK DROP AND RATIONALE
TRAINING CURRICULUM 2017 Q2
TRAINING CURRICULUM 2017 Q2 Index 3 Why Security Compass? 4 Discover Role Based Training 6 SSP Suites 7 CSSLP Training 8 Course Catalogue 14 What Can We Do For You? Why Security Compass? Role-Based Training
90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
Faculty Activity Reporting Reference Guide
Faculty Activity Reporting Goals & Achievements Screens Prepared by The Office of Institutional Research 2016 TABLE OF CONTENTS Page Number Goals Screen 2 Top Achievements Screen 5 Miscellaneous 8 Goals
Web Hacking: Attacks And Defense By Stuart McClure, Saumil Shah
Web Hacking: Attacks And Defense By Stuart McClure, Saumil Shah Intended for a course that is teaching students how and where web-based applications are particularly vulnerable. The authors explain the
Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 9 Performing Vulnerability Assessments
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments Objectives Define risk and risk management Describe the components of risk management List
Engineering Your Software For Attack
Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.
EXAMINATION [The sum of points equals to 100]
![EXAMINATION [The sum of points equals to 100]](/thumbs/81/84053690.jpg "EXAMINATION [The sum of points equals to 100]")
Student name and surname: Student ID: EXAMINATION [The sum of points equals to 100] PART I: Meeting Scheduling example Description: Electronic meeting Scheduling system helps meeting initiator to schedule
Product Security. for Consumer Devices. Anton von Troyer Codenomicon. all rights reserved.
Product Security Anton von Troyer for Consumer Devices About Codenomicon Founded in Autumn 2001 Commercialized the academic approach built since 1996 Technology leader in security test automation Model-based,
Hardware Security Challenges and Solutions. Mike Bartley TVS, Founder and CEO
Hardware Security Challenges and Solutions Mike Bartley TVS, Founder and CEO Agenda Some background on your speaker and testing safety related systems Threats and solutions Verifying those solutions Bare
Cryptography for the Internet of Things. Kenny Paterson Information Security
Cryptography for the Internet of Things Kenny Paterson Information Security Group @kennyog; www.isg.rhul.ac.uk/~kp What is the Internet of Things? The Internet of Things (IoT) is the network of physical
Fault injection attacks on cryptographic devices and countermeasures Part 1
Fault injection attacks on cryptographic devices and countermeasures Part 1 Israel Koren Department of Electrical and Computer Engineering University of Massachusetts Amherst, MA Outline Introduction -
Flash Memory Bumping Attacks
Flash Memory Bumping Attacks Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Data protection with integrity check verifying memory integrity without compromising
Penetration testing.
Penetration testing Penetration testing is a globally recognized security measure that can help provide assurances that a company s critical business infrastructure is protected from internal or external
Hacker Academy UK. Black Suits, White Hats!
Hacker Academy UK Black Suits, White Hats! Cyber Security Training and Services Do your devices Protect you against Cyber-attacks? Chinese hackers have allegedly stolen 50 terabytes of data on F-35 aircraft,
Configuring BIG-IP ASM v12.1 Application Security Manager
Course Description Configuring BIG-IP ASM v12.1 Application Security Manager Description The BIG-IP Application Security Manager course gives participants a functional understanding of how to deploy, tune,
Medical Device Safety in a Connected World
Mr. Clark Fortney Senior Software Engineer Medical Device Safety in a Connected World IoT Expo June 6-8 2017 1 Clark Fortney My Background 20 years designing systems & software for medical devices at Battelle.
A Developer's Guide to Security on Cortex-M based MCUs
A Developer's Guide to Security on Cortex-M based MCUs 2018 Arm Limited Nazir S Arm Tech Symposia India Agenda Why do we need security? Types of attacks and security assessments Introduction to TrustZone
RiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017
PENETRATION TESTING OF AUTOMOTIVE DEVICES Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017 Imagine your dream car 2 Image: 2017 ESCRYPT. Exemplary attack demonstration only. This is NOT
Trust & Privacy: Information Security and Identity Management for Autonomous Vehicles. March 31, failure analysis & prevention
failure analysis & prevention Trust & Privacy: Information Security and Identity Management for Autonomous Vehicles March 31, 2016 A leading engineering & scientific consulting firm dedicated to helping
Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks. Carlos García Cordero Sascha Hauke Max Mühlhäuser Mathias Fischer
Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks Carlos García Cordero Sascha Hauke Max Mühlhäuser Mathias Fischer The Beautiful World of IoT 06.03.2018 garcia@tk.tu-darmstadt.de
Are Your Systems Vulnerable to Hacker Attacks? Achieving Success through Shared Experience
Are Your Systems Vulnerable to Hacker Attacks? Achieving Success through Shared Experience BC Ministry of Technology, Innovation and Citizens Services Information Security Branch Agenda The Red Team /