From Design to Resign: Securing the Electronics Lifecycle
|
|
- Sheena Bennett
- 6 years ago
- Views:
Transcription
1 SESSION ID: STR1-R11 From Design to Resign: Securing the Electronics Lifecycle Edna Conway Chief Security Officer, Global Value Chain Cisco Systems, Dr. Mark Tehranipoor Intel Charles E. Young Preeminence Endowed Chair Professor in Cybersecurity ECE, University of Florida
2 The Impact of Digital Transformation Operations Technology Information Technology Business Operations Enterprise Culture 3 rd Party Ecosystem 2
3 Transportation Electronics: The Heart of Digital Transformation Manufacturing Operations Center Energy
4 The Fundamentals: Ecosystem Awareness Damage the brand Industrial Espionage Fraud Game the Stock Price Confidential Data Pivot Through us to Attack Customers Steal IP Steal Customer Data Exploit the Network 4
5 The Fundamentals: Know Your Systems Lifecycle & the Technology Within It A p p l i c a t i o n Concept Development Production Utilization Support Retirement Source: NIST SP Recursive Iterative Concurrent Parallel Sequenced Execution
6 The Fundamentals: Understand the Information and Communications (ICT) Value Chain Design Plan Source Make Quality Deliver Sustain End of Life And The Electronics Supply Chain Within It Design Fabrication Assembly Distribution Lifetime End of Life 6
7 The Fundamentals: Identify Who Is In Your ICT Value Chain Open Source Software Software Licensors HW Component Suppliers Cloud Service Providers Logistics Partners OEMs/ODMs IOT Devices Manufacturing Partners Channel/Distributors Repair /Refurbishment Partners Scrap Partners Recycling Partners 7
8 The Fundamentals: Identify the Threats Threats Manipulation Unauthorized Control Espionage Unauthorized Visibility Disruption Denial of Service 8
9 The Fundamentals: Translate Threats to Exposures Exposures Taint Alteration allowing unauthorized control or content visibility Counterfeit Raw materials, finished goods or services which are not authentic IP Misuse Unauthorized disclosure of intellectual property Information Security Breach Unauthorized access to confidential information 9
10 The Fundamentals: The Basics of Hardware Vulnerability System has susceptibility or flaw Attacker gains access to the flaw Attacker Exploit ACCESS GRANTED REDUCED SYSTEM INFORMATION ASSURANCE 10
11 Example Security Attacks on Hardware Trojans Untrusted Foundry Counterfeit ICs Physical Attack Side-channel Fault Injection Reverse Engineering Fake Parts 11
12 Integrity Breaches Across the Electronics Supply Chain Cloned ICs Overuse IPs Remarked ICs false performance and reliability Overproduced ICs Cloned ICs reverse engineered from authentic IC Design Fabrication Assembly Distribution Lifetime End of Life Cloned ICs reverse engineered from authentic IC Overproduced ICs Remarked ICs false performance and reliability Recycled ICs reuse of scrap ICs refurbished ICs represented as new
13 Protection Throughout the Lifecycle Protection Solutions Design Fabrication Assembly Distribution Lifetime End of Life Forward Trust Establishing trust between IP vendors, SoC integrators, Foundry and Assembly + PUF + ECID Unique IDs for chip and system level authentication in the supply chain 13
14 Unique IDs Design Fabrication Assembly Distribution Lifetime End of Life PUF + ECID 14
15 Innovative Solutions: Chip ID Linked to Electronic Device Electronic Chip IDs (ECID) can uniquely identify the device Unclonable IDs acting as a fingerprint data can be read at multiple stages and provide similar results (requires fuzzy logic to compare) Fingerprints include: PUFs (Physical Unclonable Functions) Repeatable test data SRAM startup signatures PUFs can generate encryption keys, enabling the chip itself to act as a root-of-trust + ECID = Identity (Always the same for a specific chip) UID = Fingerprint (Always similar for a specific chip) 15
16 Physical Unclonable Function (PUF) PUF Exploits Inherent Process Variations in Devices (entropy is translated to unique signature) PUF suffers reliability issues (can t reproduce signature through lifetime) Environmental Variation Aging, Wearout Aging impact can be improved Aging resistant design Reliable RO-pair formation Ring Oscillator PUF 16
17 Physical Unclonable Function (PUF) SRAM-PUF: SRAM is based on a bi-stable latch which will retain its values as long as the circuit is powered. A mismatch between the inverter pairs affecting their power-up states. It maps a challenge to a response. Memory PUF 17
18 Authentication Throughout Lifecycle Available Now (Market Leaders) IC & Multi Chip Boards Rework Systems In-Use Returns N Test & Process data Test Rework Genealogy Performance data Usage Data Reliability Data Cross-industry platform connecting electronics supply chain to semiconductor identity 18
19 Authentication Hub OCM Trusted Foundry Or OSAT Untrusted CM Board / System Untrusted OEM Trusted Customer (Home + Business) Enrollment and Authentication Hub 19
20 Protection Throughout the Lifecycle Design Fabrication Assembly Distribution Lifetime End of Life FORTIS + 20
21 Logic Obfuscation Key Gates CUK[i] A 1 g 0 A 2 g 2 A 3 A 4 A n g 1 a) Original Netlist g 3 Y 1 A 1 g 0 A 2 g 2 A 3 A 4 g 1 X D 1/0 k i 0 D/D g 3 D/D Y 1m A n b) Obfuscated netlist 21
22 Logic Obfuscation FSM based Approach Add an obfuscated mode on top of the original transition functionality. Obfuscation pattern guides the circuit to normal mode. Transition arc K3 offers the sole design route from obfuscated mode to normal mode Obfuscation also protects original functionality prevents IP Piracy from an untrusted foundry Bhunia, et. al., HARPOON: an obfuscation-based SoC design methodology for hardware protection, TCAD
23 Design-to-Fab Trust Risk IP Piracy Sell Another SoC Designer 3PIP 1 License Sell SoC Design Contract Chips 3PIP 2 3PIP n Trust SoC Designer Trust #chips Foundry/ Assembly IP Owners IP Overuse #chips Supply Chain #chips IC Overproduction 23
24 Establishing Forward Trust Encrypted and Locked Sell Another SoC Designer 3PIP 1 License Sell SoC Design Contract Chips 3PIP 2 3PIP n Trust SoC Designer Trust #chips Foundry/ Assembly IP Owners Need Keys from 3PIP Owners #chips Supply Chain #chips Need Keys from SoC Designers 24
25 Challenges How to lock a netlist which activates test before unlocking? How to securely transfer the keys from 3PIP owners and SoC designer to the foundry and assembly? 3PIP 1 3PIP 2 3PIP n License Sell Trust Encrypted and Locked SoC Design SoC Designer Sell Contrac t Trust #chips Another SoC Designer Chips Foundry/ Assembly How to protect an 3PIP from unwanted modification? IP Owners Need Keys from 3PIP Owners #chips Supply Chain #chips Need Keys from SoC Designers 25
26 FORTIS -- Framework Gate-level Netlist Lock Insertion Test Pattern Generation 3PIPs RTL Modified RTL Test Patterns Gate-level Netlist Lock Insertion Test Pattern Generation In-house IP RTL Modified RTL Test Patterns Other in-house IPs Simulation SoC Test Pattern Repository GDSII Fabrication Package Test Defect Free Chips Wafer Test Packaging Functional Activation RTL Gate-level Netlist Test Pattern Generation Test Patterns IP Owners Trust SoC Designer Trust Foundry/ Assembly 26
27 Test Before IC Activation A 1 g 0 A 2 g 2 SE A 3 A 4 A n g 1 a) Original Netlist g 3 Y 1 CUK[i] 0 SI 1 CLK D FF i Q I 1 1 A 1 g 0 A 2 g 2 A 3 A 4 g 1 CUK[i] X D 1/0 k i 0 D/D g 3 D/D Y 1m A 1 g 0 A 2 g 2 A 3 A 4 A n g 1 X D c) Proposed Netlist k i D 0 g 3 D Y 1m A n b) Obfuscated netlist 27
28 Key Transfer: Chip Side System on a Chip 1 m TRNG KC pri (.) m 4 K S sig(m) 2 {m,sig(m)} + 3 KD pub (.) 5 OTP IK + 6 KD pub (K S ) 7 TK= {IK,KD pub (K S )} CUK OTP 14 TK = K S (CUK) 28
29 Key Transfer: SoC Designer Side System on a Chip Designer 8 TK= {IK,KD pub (K S )} IK - 9 OTP K S 10 sig(m) - KC pub (.) Compare m 11 KD pub (K S ) KD pri (.) 12 Yes K S TK = K S (CUK) 13 OTP CUK 29
30 IP Overuse System on a Chip 30
31 Call to Action: A Secure Ecosystem Chip Design Chip Foundry Chip Assembly PCB Assembly System Assembly Government?? Academia EDA Company 3PIP Vendors Security IP Vendors 31
32 Stay Aware Internet of things was mobilised for internet outage, says Dyn 'Internet Of Things' Hacking Attack Led To Widespread Outage Of Popular Websites Counterfeit electronics: Another security threat from China Obama to Sign Bill Combating Counterfeit Chips Unregulated E-waste Exports Fuel Counterfeit Electronics That Undermine U.S. National Security Hackers create more IoT botnets with Mirai source code House panel to tackle security of internet-connected devices World's Biggest Mirai Botnet Is Being Rented Out For DDoS Attacks After Dyn cyberattack, lawmakers seek best path forward 32
33 Global Public-Private Responses EU Horizon 2020 U.S. Initiatives Global Standards 33
34 What Can We Do Together Map the Who, What & Where of Your Electronics Ecosystem Monitor Geo-political and Industry Trends Join In Demanding Root of Trust Implement Protection Techniques Innovate with the Electronics Lifecycle in Mind
35 Back-up for Possible Use 35
36 IP Vendors Distributed Across the Globe Long and globally distributed supply chain of hardware IPs makes SoC design increasingly vulnerable to diverse trust/integrity issues.
Cybersecurity Solution in Hardware
Cybersecurity Solution in Hardware Ujjwal Guin Department of Electrical and Computer Engineering Auburn University, AL, USA Cybersecurity Solution in Hardware 2 2/55 Outline Motivation Counterfeiting and
More information$263 WHITE PAPER. Flexible Key Provisioning with SRAM PUF. Securing Billions of IoT Devices Requires a New Key Provisioning Method that Scales
WHITE PAPER Flexible Key Provisioning with SRAM PUF SRAM PUF Benefits Uses standard SRAM Device-unique keys No secrets reside on the chip No key material programmed Flexible and scalable Certifications:
More informationCybersecurity in Acquisition
Kristen J. Baldwin Acting Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) Federal Cybersecurity Summit September 15, 2016 Sep 15, 2016 Page-1 Acquisition program activities must
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationSECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS
SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS Christoph Krauß, christoph.krauss@aisec.fraunhofer.de Dagstuhl Seminar 11441: Science and Engineering of CPS, November 2011 Overview Introduction Securing
More informationHardware-Level Security for the IoT. Mark Zwolinski March 2017
Hardware-Level Security for the IoT Mark Zwolinski March 2017 Outline Background, IoT, Hardware/Software, Threats/Risks Hardware-level security PUFs Anomaly detection Summary IoT / Embedded Systems Not
More informationOutline. Trusted Design in FPGAs. FPGA Architectures CLB CLB. CLB Wiring
Outline Trusted Design in FPGAs Mohammad Tehranipoor ECE6095: Hardware Security & Trust University of Connecticut ECE Department Intro to FPGA Architecture FPGA Overview Manufacturing Flow FPGA Security
More informationResearch Institute in Secure Hardware & Embedded Systems (RISE) Professor Máire O Neill
Research Institute in Secure Hardware & Embedded Systems (RISE) Professor Máire O Neill Source: Ericsson Mobility Report, Nov 2016 Need for Hardware Security Demand for Hardware Security research & innovation
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationSeagate Supply Chain Standards and Operational Systems
DATA IS POTENTIAL Seagate Supply Chain Standards and Operational Systems Government Solutions Henry Newman May 9 2018 Supply Chain Standards and Results Agenda 1. 2. SUPPLY CHAIN REQUIREMENTS AND STANDARDS
More informationSecure Split-Test for Preventing IC Piracy by Untrusted Foundry and Assembly
1 Secure Split-Test for Preventing IC Piracy by Untrusted Foundry and Assembly Gustavo K. Contreras, Md. Tauhidur Rahman, and Mohammad Tehranipoor Dept. of Electrical & Computer Engineering University
More informationThe Honest Advantage
The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents
More informationSecure and Trusted SoC: Challenges and Emerging Solutions
2013 14th International Workshop on Microprocessor Test and Verification Secure and Trusted SoC: Challenges and Emerging Solutions Abhishek Basak 1, Sanchita Mal-Sarkar 2, Swarup Bhunia 1 1 Case Western
More informationSecure Product Design Lifecycle for Connected Vehicles
Secure Product Design Lifecycle for Connected Vehicles Lisa Boran Vehicle Cybersecurity Manager, Ford Motor Company SAE J3061 Chair SAE/ISO Cybersecurity Engineering Chair AGENDA Cybersecurity Standards
More informationOverview of Protections against IC Counterfeiting and Hardware Trojan Horses
Overview of Protections against IC Counterfeiting and Hardware Trojan Horses 1 of 43 Outline IC Counterfeiting Overview of the threat Detection methods Prevention methods Hardware Trojan Horses Types Detection
More informationChip Lifecycle Security Managing Trust and Complexity
Chip Lifecycle Security Managing Trust and Complexity Dr. Martin Scott July 2016 Connected Endpoints Are The New Mobile 2 50 billion connected devices by 2020 Unprecedented Data Proliferation Cloud Endpoint
More informationElectronic Component Authentication Technology
Tom Bergman Cyber Program Manager Cyber Innovation Unit bergmant@battelle.org 614.424.7988 Battelle Barricade Electronic Component Authentication Technology Battelle - Serving a Broad Range of Clients
More information21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING
WWW.HCLTECH.COM 21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING THE AGE OF DISRUPTION: THE AGE OF CYBER THREATS While the digital era has brought with it significant advances in technology, capabilities
More informationDelivering High-mix, High-volume Secure Manufacturing in the Distribution Channel
Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel Steve Pancoast Vice President, Engineering Secure Thingz Inc Rajeev Gulati Vice President and CTO Data IO Corporation 1
More informationProcurement Language for Supply Chain Cyber Assurance
Procurement Language for Supply Chain Cyber Assurance Procurement Language for Supply Chain Cyber Assurance Introduction For optimal viewing of this PDF, please view in Adobe Acrobat. This document serves
More informationSecuring IoT devices with Hardware Secure Element. Fabrice Gendreau EMEA Secure MCUs Marketing & Application Manager
Securing IoT devices with Hardware Secure Element Fabrice Gendreau EMEA Secure MCUs Marketing & Application Manager 2 A global semiconductor leader 2016 revenues of $6.97B Listed: NYSE, Euronext Paris
More informationSecuring IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region
Securing IoT devices with STM32 & STSAFE Products family Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region 2 The leading provider of products and solutions for Smart Driving and
More informationAchieving End-to-End Security in the Internet of Things (IoT)
Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationProvisioning secure Identity for Microcontroller based IoT Devices
Provisioning secure Identity for Microcontroller based IoT Devices Mark Schaeffer, Sr. Product Marketing Manager, Security Solutions Synergy IoT Platform Business Division, Renesas Electronics, Inc. May
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationIntegrated Circuits Metering for Piracy Protection and Digital Rights Management: An Overview
Integrated Circuits Metering for Piracy Protection and Digital Rights Management: An Overview Farinaz Koushanfar Electrical and Computer Engineering Rice University, Houston, TX farinaz@rice.edu ABSTRACT
More informationDr. Ajoy Bose. SoC Realization Building a Bridge to New Markets and Renewed Growth. Chairman, President & CEO Atrenta Inc.
SoC Realization Building a Bridge to New Markets and Renewed Growth Dr. Ajoy Bose Chairman, President & CEO Atrenta Inc. October 20, 2011 2011 Atrenta Inc. SoCs Are Driving Electronic Product Innovation
More informationTAN Jenny Partner PwC Singapore
1 Topic: Cybersecurity Risks An Essential Audit Consideration TAN Jenny Partner PwC Singapore PwC Singapore is honoured to be invited to contribute to the development of this guideline. Cybersecurity Risks
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationA Perspective on the Role of Open-Source IP In Government Electronic Systems
A Perspective on the Role of Open-Source IP In Government Electronic Systems Linton G. Salmon Program Manager DARPA/MTO RISC-V Workshop November 29, 2017 Distribution Statement A (Approved for Public Release,
More informationAbout ERPScan. ERPScan and Oracle. ERPScan researchers were acknowledged 20+ times during quarterly Oracle patch updates since 2008
1 2 About ERPScan 3 ERPScan and Oracle ERPScan researchers were acknowledged 20+ times during quarterly Oracle patch updates since 2008 Totally 100+ Vulnerabilities closed in Oracle Applications o Oracle
More informationVulnerabilities in online banking applications
Vulnerabilities in online banking applications 2019 Contents Introduction... 2 Executive summary... 2 Trends... 2 Overall statistics... 3 Comparison of in-house and off-the-shelf applications... 6 Comparison
More informationThink Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe
Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity
More informationSupply Chain (In)Security
Supply Chain (In)Security IEEE Cybersecurity Speaker Chris Webb Partner, Security Practice Orange County, California 20+ years of experience developing, securing, and managing enterprise systems. Specializes
More informationSecurity in sensors, an important requirement for embedded systems
Security in sensors, an important requirement for embedded systems Georg Sigl Institute for Security in Information Technology Technical University Munich sigl@tum.de Fraunhofer AISEC Institute for Applied
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationMeasuring and Evaluating Cyber Risk in ICS Components, Products and Systems
Measuring and Evaluating Cyber Risk in ICS Components, Products and Systems Copyright 2018 UL LLC. All rights reserved. No portion of this material may be reprinted in any form without the express written
More informationData Management and Security in the GDPR Era
Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini
More informationVideo-Aware Networking: Automating Networks and Applications to Simplify the Future of Video
Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video The future of video is in the network We live in a world where more and more video is shifting to IP and mobile.
More informationASIC, Customer-Owned Tooling, and Processor Design
ASIC, Customer-Owned Tooling, and Processor Design Design Style Myths That Lead EDA Astray Nancy Nettleton Manager, VLSI ASIC Device Engineering April 2000 Design Style Myths COT is a design style that
More informationE-guide Getting your CISSP Certification
Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International
More informationEBV Personalization Services for Security Devices
Infineon Security Partner Network Partner Use Case EBV Personalization Services for Security Devices Secured generation and storage of personalized OEM certificates in the OPTIGA Trust E for sophisticated
More informationGlobal Information Security Survey. A life sciences perspective
Global Information Security Survey A life sciences perspective Introduction Welcome to the life sciences perspective on the results from Creating trust in the digital world: EY s Global Information Security
More informationBrussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security
Cyber Resiliency Minimizing the impact of breaches on business continuity Jean-Michel Lamby Associate Partner - IBM Security Brussels Think Brussels / Cyber Resiliency / Oct 4, 2018 / 2018 IBM Corporation
More informationStrong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing LANCEN LACHANCE VICE PRESIDENT PRODUCT MANAGEMENT GLOBALSIGN WHAT YOU WILL LEARN TODAY 1 2 3 Examining of security risks with smart connected products Implementing
More informationExpress Monitoring 2019
Express Monitoring 2019 WHY CHOOSE PT EXPRESS MONITORING PT Express Monitoring provides a quick evaluation of the current signaling network protection level. This service helps to discover critical vulnerabilities
More informationTechnical Conference on Critical Infrastructure Protection Supply Chain Risk Management
Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Remarks of Marcus Sachs, Senior Vice President and the Chief Security Officer North American Electric Reliability
More informationSOLUTIONS How to Keep Your Information and Operational Technology Protected and Prepared
CYBER SUPPLY CHAIN RISK MANAGEMENT SOLUTIONS How to Keep Your Information and Operational Technology Protected and Prepared The Evolution of the IT Supply Chain The issues facing today s users and buyers
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationResearch Institute in Secure Hardware & Embedded Systems (RISE) Máire O Neill
Research Institute in Secure Hardware & Embedded Systems (RISE) Máire O Neill UK Research Institutes in Cyber Security RISE is 1 of 4 multi-institutional Research Institutes in Cyber Security funded by
More informationSales Presentation Case 2018 Dell EMC
Sales Presentation Case 2018 Dell EMC Introduction: As a member of the Dell Technologies unique family of businesses, Dell EMC serves a key role in providing the essential infrastructure for organizations
More informationCybersecurity with Automated Certificate and Password Management for Surveillance
Cybersecurity with Automated Certificate and Password Management for Surveillance October 2017 ABSTRACT This reference architecture guide describes the reference architecture of a validated solution to
More informationDevelopment and Evaluation of Hardware Obfuscation Benchmarks
Journal of Hardware and Systems Security (2018) 2:142 161 https://doi.org/10.1007/s41635-018-0036-3 Development and Evaluation of Hardware Obfuscation Benchmarks Sarah Amir 1 Bicky Shakya 1 Xiaolin Xu
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationBUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology
BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology ebook BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS
More informationImproving Logic Obfuscation via Logic Cone Analysis
Improving Logic Obfuscation via Logic Cone Analysis Yu-Wei Lee and Nur A. Touba Computer Engineering Research Center University of Texas, Austin, TX 78712 ywlee@utexas.edu, touba@utexas.edu Abstract -
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationCloud Security Standards and Guidelines
Cloud Security Standards and Guidelines V1 Document History and Reviews Version Date Revision Author Summary of Changes 0.1 May 2018 Ali Mitchell New document 1 May 2018 Ali Mitchell Approved version Review
More informationInformation and Communication Technology (ICT) Supply Chain Security Emerging Solutions
Information and Communication Technology (ICT) Supply Chain Security Emerging Solutions Nadya Bartol, CISSP, CGEIT UTC Senior Cybersecurity Strategist Agenda Problem Definition Existing and Emerging Practices
More informationSDR Guide to Complete the SDR
I. General Information You must list the Yale Servers & if Virtual their host Business Associate Agreement (BAA ) in place. Required for the new HIPAA rules Contract questions are critical if using 3 Lock
More informationNIST Compliance Controls
NIST 800-53 Compliance s The following control families represent a portion of special publication NIST 800-53 revision 4. This guide is intended to aid McAfee, its partners, and its customers, in aligning
More informationReduced Overhead Gate Level Logic Encryption
Reduced Overhead Gate Level Logic Encryption Kyle Juretus Drexel University Philadelphia, Pennsylvania 19104 kjj39@drexel.edu Ioannis Savidis Drexel University Philadelphia, Pennsylvania 19104 isavidis@coe.drexel.edu
More informationNDIA SE Conference 2016 System Security Engineering Track Session Kickoff Holly Dunlap NDIA SSE Committee Chair Holly.
NDIA SE Conference 2016 System Security Engineering Track Session Kickoff Holly Dunlap NDIA SSE Committee Chair Holly. Dunlap@Raytheon.com This document does not contain technology or Technical Data controlled
More informationInnovation policy for Industry 4.0
Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda
More informationEnhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationMICROCIRCUIT SECURITY
MICROCIRCUIT SECURITY Everything begins in the chip. Sawblade Ventures, LLC Austin, Texas Chip Security Vulnerability: How to Close the Gap Between Design Software & Design Hardware CTEA Electronics Symposium
More informationSummary of Cyber Security Issues in the Electric Power Sector
Summary of Cyber Security Issues in the Electric Power Sector Jeff Dagle, PE Chief Electrical Engineer Energy Technology Development Group Pacific Northwest National Laboratory (509) 375-3629 jeff.dagle@pnl.gov
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationCyber Intelligence Professional Certificate Program Booz Allen Hamilton 2-Day Seminar Agenda September 2016
Cyber Intelligence Professional Certificate Program Booz Allen Hamilton 2-Day Seminar Agenda 21-22 September 2016 DAY 1: Cyber Intelligence Strategic and Operational Overview 8:30 AM - Coffee Reception
More informationSECURITY CRYPTOGRAPHY Cryptography Overview Brochure. Cryptography Overview
SECURITY CRYPTOGRAPHY Cryptography Overview Brochure Cryptography Overview DPA-resistant and Standard Cryptographic Hardware Cores DPA (Differential Power Analysis) Resistant Hardware Cores prevent against
More informationSecurity
Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationManaged Application Security trends and best practices in application security
Managed Application Security trends and best practices in application security Adrian Locusteanu, B2B Delivery Director, Telekom Romania adrian.locusteanu@telekom.ro About Me Adrian Locusteanu is the B2B
More informationIntroduction. The Safe-T Solution
Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6 Introduction As the world becomes much more digital and global,
More informationEffective Strategies for Managing Cybersecurity Risks
October 6, 2015 Effective Strategies for Managing Cybersecurity Risks Larry Hessney, CISA, PCI QSA, CIA 1 Everybody s Doing It! 2 Top 10 Cybersecurity Risks Storing, Processing or Transmitting Sensitive
More informationThe rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services
The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services Major Trends of 2014 And relevant changes in Threat Scenario Most Target Countries and Sectors
More informationIntroduction to Device Trust Architecture
Introduction to Device Trust Architecture July 2018 www.globalplatform.org 2018 GlobalPlatform, Inc. THE TECHNOLOGY The Device Trust Architecture is a security framework which shows how GlobalPlatform
More informationTWELVEDOT SECURITY DESIGN.BUILD.SECURE
TWELVEDOT SECURITY DESIGN.BUILD.SECURE 1 AGENDA About Us The Threat Landscape IoT Standards Using an ISMS Approach Testing and Evaluation Privacy Considerations 2 ABOUT US - YOW based company - Global
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationCybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY
Cybersecurity THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY Gary Meshell World Wide Leader Financial Services Industry IBM Security March 21 2019 You have been breached; What Happens Next 2 IBM Security
More informationCloud Security Standards
Cloud Security Standards Classification: Standard Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January 2018 Next
More informationHEALTH IN ECSO (European Cyber Security Organisation) 18 October 2017
HEALTH IN ECSO (European Cyber Security Organisation) 18 October 2017 ABOUT THE EUROPEAN CYBERSECURITY PPP A EUROPEAN PPP ON CYBERSECURITY The European Commission has signed on July 2016 a PPP with the
More informationBuilding Trust in the Internet of Things
AN INTEL COMPANY Building Trust in the Internet of Things Developing an End-to-End Security Strategy for IoT Applications WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Recent security breaches
More informationMitigating Security Breaches in Retail Applications WHITE PAPER
Mitigating Security Breaches in Retail Applications WHITE PAPER Executive Summary Retail security breaches have always been a concern in the past, present and will continue to be in the future. They have
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationA Novel Approach to RFID Authentication: The Vera M4H Unclonable RFID IC
A Novel Approach to RFID Authentication: The Vera M4H Unclonable RFID IC Presenter: Vivek Khandelwal, Vice President of Marketing & Business Development 1 Agenda» Company Overview» PUF Technology Overview»
More informationSystemic Cyber Risk and Cyber Insurance. February 14, 2018
Systemic Cyber Risk and Cyber Insurance February 14, 2018 Questions 1. How big is the problem? 2. Have recent massive attacks affected the industry? 3. Where is the market headed? 4. How will government
More informationSoftware & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management
Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management Joe Jarzombek, PMP, CSSLP Director for Software & Supply
More informationLive Demo: A New Hardware- Based Approach to Secure the Internet of Things
SESSION ID: CCS-W04 Live Demo: A New Hardware- Based Approach to Secure the Internet of Things Cesare Garlati Chief Security Strategist prpl Foundation @CesareGarlati Securing the Internet of (broken)
More informationSecurity Terminology Related to a SOC
Security Terminology Related to a SOC Cybersecurity literacy is crucial for practicing proper security hygiene. As business leaders develop fluency in the language of information security (infosec), they
More informationIdentity-Based Cyber Defense. March 2017
Identity-Based Cyber Defense March 2017 Attackers Continue to Have Success Current security products are necessary but not sufficient Assumption is you are or will be breached Focus on monitoring, detecting
More informationPerspectives on Cybersecurity
Perspectives on Cybersecurity Beau Woods Cyber Safety Innovation Fellow, Atlantic Council Leader, I Am The Cavalry (.org) 2019 Winter Conference February 2, 2019 What s at stake Mirai took out large parts
More informationTrojan-tolerant Hardware & Supply Chain Security in Practice
Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge
More informationCompliance vs Competence: Cyber Security Management for Data Centers. Dr. Suku Nair University Distinguished Professor and Chair, SMU
Compliance vs Competence: Cyber Security Management for Data Centers Dr. Suku Nair University Distinguished Professor and Chair, SMU Cyber Landscape Technology Trends Organizations /Nation States Social
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 1 Introduction to Security Objectives Describe the challenges of securing information Define information security and explain why
More informationMartijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain
Merritt Maxim Principal Analyst Forrester Martijn Loderus Director & Global Practice Partner for Advisory Consulting Janrain Merritt and Martijn will share insights on Digital Transformation & Drivers
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationCyber Security Brian Bostwick OSIsoft Market Principal for Cyber Security
Cyber Security Presented by Brian Bostwick OSIsoft Market Principal for Cyber Security Cyber Security Trauma in the News Saudi Aramco Restores Network After Shamoon Malware Attack Hacktivist-launched virus
More informationExecutive Summary. (The Abridged Version of The White Paper) BLOCKCHAIN OF THINGS, INC. A Delaware Corporation
2017 Executive Summary (The Abridged Version of The White Paper) BLOCKCHAIN OF THINGS, INC. A Delaware Corporation www.blockchainofthings.com Abstract The Internet of Things (IoT) is not secure and we
More information