protecting data in untrusted locations
play

Protecting Data in Untrusted Locations An exercise in Real World - PowerPoint PPT Presentation

Aug 22, 2022 •300 likes •714 views

Protecting Data in Untrusted Locations An exercise in Real World threat modeling. Jan Schaumann 99CE 1DC7 770A C5A8 09A6 @jschauma 0DCD 66CE 4FE9 6F6B D3D7 Me. Errday. Obligatory James Mickens This World of Ours reference.

  1. Protecting Data in Untrusted Locations An exercise in “Real World” threat modeling. Jan Schaumann 99CE 1DC7 770A C5A8 09A6 @jschauma 0DCD 66CE 4FE9 6F6B D3D7

  2. Me. Errday.

  4. Obligatory James Mickens “This World of Ours” reference. Threat Model https://t.co/Ej94YI4Ovr

  5. Obligatory James Mickens “This World of Ours” reference. Threat Model https://t.co/Ej94YI4Ovr

  7. Tweeters gonna tweet

  8. https://t.co/ykdsHGV84r

  9. https://t.co/ykdsHGV84r

  10. https://t.co/ykdsHGV84r

  11. Threat Model Threat Actors: • hackeris vulgaris • organized crime (fsvo “organized”) • local governments or intelligence services • foreign governments or intelligence services

  12. Threat Model Assets: • Physical Equipment • Local Service Access Point • Access/Entry point to Infrastructure • TLS keys

  13. Access/Entry point to Infrastructure • physically protected systems • no “secrets” permanently stored on systems • traffic severely restricted • all traffic must be mutually authenticated

  15. Obligatory XKCD comic. This also works. https://www.xkcd.com/538/

  17. TLS keys

  18. TLS keys Y U NO HSM?

  19. No time to explain - get in the llama!

  23. Booting First time: • boot into single-user mode • generate TPM-backed CSR • submit CSR to service in datacenter • cert generated, used to encrypt client puppet key • encrypted puppet key stored in host image Nth time: • iPXE via TLS • init script decrypts puppet key using TPM • puppet does its thing

  24. “Reflections on Trusting Trust” Obligatory reference. http://cm.bell-labs.com/who/ken/trust.html

  25. Wile E. Coyote has an MBA. Cost of Attack Wile’s ROI Value of Asset

  26. Wile E. Coyote has an MBA. Cost of Attack Wile’s ROI Value of Asset

  27. Raising the cost of attack Wile E. Coyote needs: • physical access • ability to attack running system • persistent undetected presence

  28. Wile E. Coyote has an MBA. Cost of Attack Wile’s ROI Value of Asset

  29. Wile E. Coyote has an MBA. Cost of Attack Wile’s ROI Value of Asset

  30. Reducing the value of TLS keys • Forward Secrecy • tightly scoped certificates • short-lived • alert if observed outside of expected env

  31. Possible scenarios • hardware compromised prior to us racking it • resources compromised through temporary physical access (ACME backdoor) • ACME fake hole, ACME rocket powered roller skates, ACME do-it- yourself tornado kit, ACME earthquake pills, ...

  34. Lessons: You can’t just rub some crypto on it. http://youtu.be/YsY2-yi5W74

  35. Lessons: Know your assets, know your adversaries.

  40. Thanks! (now get in the llama!) Jan Schaumann 54FE 193F 64ED DD0B CFDE @jschauma 40D6 1983 626F 1E52 3D3A

Recommend

Hails: Protecting Data Privacy in Untrusted Web Applications Daniel B. Giffin, Amit Levy, Deian

Hails: Protecting Data Privacy in Untrusted Web Applications Daniel B. Giffin, Amit Levy, Deian

Hails: Protecting Data Privacy in Untrusted Web Applications Daniel B. Giffin, Amit Levy, Deian Stefan, David Terei, John Mitchell, David Mazires, and Alejandro Russo Web platforms are great ! They allow third-party developers to build apps

714 views • 54 slides
Chip-Secured Data Access: Confidential Data on Untrusted Servers L. Bouganim, P. Pucheral

Chip-Secured Data Access: Confidential Data on Untrusted Servers L. Bouganim, P. Pucheral

Chip-Secured Data Access: Confidential Data on Untrusted Servers L. Bouganim, P. Pucheral University of Versailles The need for Open Trusted Data Stores PAGE 2 Virtual teams distributed among space, time and organizations

394 views • 12 slides
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras

Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras

Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules or library untrusted

797 views • 46 slides
Deserialization of untrusted data in Java Analysis, current solutions & a new approach

Deserialization of untrusted data in Java Analysis, current solutions & a new approach

Deserialization of untrusted data in Java Analysis, current solutions & a new approach Apostolos Giannakidis OWASP London Meetup @apgiannakidis 18th May 2017 1 Whois Security Architect at Waratek Application security

587 views • 46 slides
MEDIA KIT COVERAGE LOCATIONS English Language Locations Chinese Language Locations Melbourne

MEDIA KIT COVERAGE LOCATIONS English Language Locations Chinese Language Locations Melbourne

SUPER FAST 15 MINS 1300 733 215 UNLIMITED DATA sales@netbaywifi.com.au MEDIA KIT COVERAGE LOCATIONS English Language Locations Chinese Language Locations Melbourne CBD Melbourne CBD Glen Waverly VIC Glen Waverly - VIC Metro

268 views • 5 slides
Learning from Untrusted Data Moses Charikar, Jacob Steinhardt, Gregory Valiant Symposium on the

Learning from Untrusted Data Moses Charikar, Jacob Steinhardt, Gregory Valiant Symposium on the

Learning from Untrusted Data Moses Charikar, Jacob Steinhardt, Gregory Valiant Symposium on the Theory of Computing June 19, 2017 (Icon credit: Annie Lin) Motivation: data poisoning attacks: 1 (Icon credit: Annie Lin) Motivation: data

621 views • 48 slides
Sharing and Protecting Data to Improve Student Outcomes Community Schools Community of Practice

Sharing and Protecting Data to Improve Student Outcomes Community Schools Community of Practice

Sharing and Protecting Data to Improve Student Outcomes Community Schools Community of Practice Nov. 16, 2017 Agenda Why sharing and protecting student data matters Sharing data deep dive Protecting data deep dive Tips

313 views • 30 slides
Protecting Your Identity, Data, and Assets 1 Its Not a Matter of If, but When 17.6

Protecting Your Identity, Data, and Assets 1 Its Not a Matter of If, but When 17.6

Protecting Your Identity, Data, and Assets 1 Its Not a Matter of If, but When 17.6 million 63% Identity fraud is a serious issue. people experienced of confirmed data Fraudsters have identity theft in 2014 breaches involved stolen

605 views • 29 slides
Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work

Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work

Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work with Alessandro Chiesa Eli Ben-Sasson Daniel Genkin 1 Technion Cryptoday June 16, 2011 Motivation 3 Motivation INTEGRITY CONFIDENTIALITY

725 views • 50 slides
Robust Learning from Untrusted Sources Nikola Konstantinov Christoph H. Lampert ICML, June 2019

Robust Learning from Untrusted Sources Nikola Konstantinov Christoph H. Lampert ICML, June 2019

Robust Learning from Untrusted Sources Nikola Konstantinov Christoph H. Lampert ICML, June 2019 Konstantinov, Lampert; IST Austria Robust Learning from Untrusted Sources Poster 156 1 / 13 Motivation Collecting data for machine learning

386 views • 28 slides
Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds Frank Wang (MIT

Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds Frank Wang (MIT

Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds Frank Wang (MIT CSAIL) , James Mickens (Harvard), Nickolai Zeldovich (MIT CSAIL), Vinod Vaikuntanathan (MIT CSAIL) 1 Motivation Boston Marathon NY Marathon

1.12k views • 95 slides
Towards Application Security on Untrusted Operating Systems Dan R. K. Ports Tal Garfinkel MIT

Towards Application Security on Untrusted Operating Systems Dan R. K. Ports Tal Garfinkel MIT

Towards Application Security on Untrusted Operating Systems Dan R. K. Ports Tal Garfinkel MIT CSAIL & VMware VMware Motivation Many applications handle sensitive data financial, medical, insurance, military... credit cards, medical

712 views • 25 slides
Protecting Sensitive Data Implementation of a Sensitive Data Manager Recommendation Briefed

Protecting Sensitive Data Implementation of a Sensitive Data Manager Recommendation Briefed

Protecting Sensitive Data Implementation of a Sensitive Data Manager Recommendation Briefed Presidents Executive Council on 13 Jan: recommended to proceed with deploying a Sensitive Data Manager tool on all UND owned computers to

321 views • 6 slides
Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data Tyler Hunt , Zhiting Zhu,

Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data Tyler Hunt , Zhiting Zhu,

Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data Tyler Hunt , Zhiting Zhu, Yuanzhong Xu, Simon Peter, Emmett Witchel 1 Disease risk assessment: Trust issues D i s e a s e R i s k 2 Disease risk assessment: Trust

766 views • 57 slides
P Protecting Confidential Data on i C fid i l D Personal Computers with S p torage g

P Protecting Confidential Data on i C fid i l D Personal Computers with S p torage g

P Protecting Confidential Data on i C fid i l D Personal Computers with S p torage g Capsules Kevin Borders, Eric Vander Weele, Billy Lau, and Atul Prakash Problem: Malicious S oftware Computing becomes pervasive, so is malware

524 views • 29 slides
Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data

Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data

Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data Protecting Personal Data Privacy & Security Project HIPAA: What it is Health Insurance Portability and Accountability Act of 1996 Also known as

445 views • 26 slides
S100WG4-4.14 Location of data point in cell ISO 19123 and S-100 make the locations of the data

S100WG4-4.14 Location of data point in cell ISO 19123 and S-100 make the locations of the data

S100WG4-4.14 Location of data point in cell ISO 19123 and S-100 make the locations of the data points in grids coincident with the vertices of the grid (grid points). Project teams want the ability to specify where the data (sample)

110 views • 10 slides
What are we protecting? Student Data (SSN, Grades, DOBs, Credit card) Employee Data

What are we protecting? Student Data (SSN, Grades, DOBs, Credit card) Employee Data

Freeze your credit will stop someone from opening a new line of credit in your name FREE! You can unfreeze your credit at any time Get an annual copy of your credit report and review it ALSO FREE! What are we protecting? Student

885 views • 31 slides
Data Sharing Enabling innovation Protecting people Geof Heydon October 2018 1 Data

Data Sharing Enabling innovation Protecting people Geof Heydon October 2018 1 Data

Data Sharing Enabling innovation Protecting people Geof Heydon October 2018 1 Data Driving Smarter Community Success AGENDA Smarter Community Data sharing NSW Government Data Task Force and ACS Data Sharing technical committee

641 views • 25 slides
By Hi-Link Technology Group Data Center Locations Data Center Facilities Tier III type

By Hi-Link Technology Group Data Center Locations Data Center Facilities Tier III type

By Hi-Link Technology Group Data Center Locations Data Center Facilities Tier III type facility with redundant N+1 infrastructure Multiple Tier 1 network carriers SSAE 16 and PCI/HIPAA compliance Battery and Generator Backup

231 views • 20 slides
Protecting Australias red meat industry with interactive data visualisation Grant Carlson

Protecting Australias red meat industry with interactive data visualisation Grant Carlson

Protecting Australias red meat industry with interactive data visualisation Grant Carlson Development Manager Binh (James) Tham Lead Solution Architect Integrity Systems Company YOW! Data 2018 About us About us Livestock Production

444 views • 25 slides
Protecting Your Data Presented by: Shawn Davis Adjunct Professor - Illinois Institute of

Protecting Your Data Presented by: Shawn Davis Adjunct Professor - Illinois Institute of

Sen. Cristina Castros Cybersecurity Forum Protecting Your Data Presented by: Shawn Davis Adjunct Professor - Illinois Institute of Technology Dir. of Digital Forensics Edelson PC Data Collection & Tracking Staying Safe Online

594 views • 41 slides
Access Control in Untrusted Cloud Storage using Unidirectional Re-encryption Zach Kissel, Jie

Access Control in Untrusted Cloud Storage using Unidirectional Re-encryption Zach Kissel, Jie

Access Control in Untrusted Cloud Storage using Unidirectional Re-encryption Zach Kissel, Jie Wang University of Massachusetts Lowell The Cloud Cloud storage makes many promises: Data can be accessed anywhere at any time No

698 views • 42 slides
Pr Protecting Ourselves, Pr Protecting Ot Other hers Pa Part 1: Wha What to Wear at Work k

Pr Protecting Ourselves, Pr Protecting Ot Other hers Pa Part 1: Wha What to Wear at Work k

6/2/20 HealthMatters in our Homes Pr Protecting Ourselves, Pr Protecting Ot Other hers Pa Part 1: Wha What to Wear at Work k and nd Wh Why 1 During this presentation, we will: Summarize what COVID-19 is, how it spreads, and who

463 views • 19 slides

More recommend