Science! By Infotiv - Cybersecurity

Vi laddar för ett nytt Science! By Infotiv den 7e december.

Tid: 7/12 kl 16.00 – 18.00.

Ett hybridevent: välj om du vill komma till vårt mysiga kontor eller vara med online.

Föredragen kommer att hållas på engelska.

Mingel och fika från klockan 15.30. After work med enklare mat och något gott att dricka på Infotivs kontor efter föredragen.

Se separat anmälan för att deltaga på plats (anmäl dig gärna till båda eventen om du ska vara med på plats)

See separate event to sign up for joining on site (please sign up for both events if you will join on site)

HasTEE - Confidential Computing on Trusted Execution Environments with Haskell
Robert Krook
Abstract:
An important topic of cybersecurity is that of protecting data. Data generally exists in one of three states. Data can be at rest, in transit, or in use. Protecting data in the first two states are generally achieved using encryption. Protecting data in the third state, data in use, is tricker. While data is being used it must be loaded up into RAM, where it may be wrongfully leaked by a compromised operating system.

In this talk I will discuss how we can use trusted execution environments to protect data in use, thus engaging in confidential computing. The techniques I will describe are promising, but also unecessarily complicated. The programming models for these techniques are complicated and give off boilerplate-vibes. I will present recent work by my collaborators and myself where we try to make confidential computing more accessible by removing burdens from the developers shoulders.

HasTEE is a Haskell framework where you write a single application, describing both the sensitive and non-sensitive computations, and where the compiler partitions the application automatically for you into
one trusted component and an untrusted one. The trusted component executes inside an Intel SGX enclave, and the untrusted component executes normally. The partitioning is very light-weight and requires no
modifications of the Haskell compiler.

Robert Krook is a PhD student in the functional programming unit at Chalmers University of Technology. He is a student in the Octopi project, whose aim is to research tools and techniques for
developing safe and secure IoT applications.

His research has revolved around writing and executing functional programming languages on exotic platforms, such as IoT devices and hardware-enforced trusted execution environments. More specifically,
he has researched topics such as Real-Time programming on IoT-devices, Confidential Comptuing on Trusted Execution Environments, and Property-Based Testing for Testing Compilers. His interests mainly concern property-based testing, compiler development, programming-language design, and cybersecurity.

Defense in Depth using Secure by Design
Daniel Deogun
Even a seemingly innocent piece of code can contain several vulnerabilities that might take down an entire system. We all know how to deal with SQL-injection and cross-site scripting, but why is that not enough? On the latest OWASP Top 10 list, insecure design has emerged on fourth place – a strong indication that we need a new approach.
I believe, as developers we need to learn how to apply defence in depth in code. We need to find out how to create a multilayer defence that is stronger than its parts.

So, in this session, I will explore how to create such as defence by looking at a seemingly innocent piece of code, walk through its vulnerabilities, and mitigate them using interlocking patterns from Secure by Design.

Daniel Deogun is the author of the book Secure by Design and has been in the industry for 20+ years. He strongly believes security is a quality aspect and is passionate about how craftsmanship can drive security in software. Throughout his career, Daniel has worked with everything from patient critical software to enterprise applications in the cloud to high performance software in various industries. Combining this with his passion for tech has made him a frequent speaker at conferences all over the world. Daniel is currently Chief Academy Officer at Omegapoint Group.