Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jim Stikeleather Chief Innovation Officer November 22, 2010 Technical Exchange: Defending the Cloud in a Hostile Environment.

Published bySilvia Park Modified over 8 years ago

Similar presentations

Presentation on theme: "Jim Stikeleather Chief Innovation Officer November 22, 2010 Technical Exchange: Defending the Cloud in a Hostile Environment."— Presentation transcript:

1 Jim Stikeleather Chief Innovation Officer November 22, 2010 Technical Exchange: Defending the Cloud in a Hostile Environment

2 Security Cloud Security Legacy Issues Security Technology –Point solutions, Point processes, Physicality –Standards “nice to have” –Interoperability HW/SW –Maginot Line approach Governments –Economic risk / reward balance –Jurisdictional conflict (internal and external) –Geopolitical boundaries in cyberspace Enterprise –Parochialisms – image; legal; technology; competitive –ROI – Ford Pinto Approach –Secrecy – Unsafe at any Speed (Nader) The Jungle (Sinclair) Individuals –Reasonable, rational, prudent –Consumerization of IT/ Reversing the technology innovation flow 2

3 Unique to Cloud The multi-tennent problem –Bad news – larger suspect list (insiders) / lowest common denominator –Good news – distributed risk on break in / more focused resources The role collapse problem –Good news – fewer points of intersection (cracks) –Bad news – loss of separation of duties Shared Technology –Good news – Focus on quality, fix once fixed everywhere –Bad news – Break once, broken everywhere Outdated compliance rules Rewriting applications – stateless / ReSTful Cloud attack factories 3

4 Approaches Model checking, formal methods, and software analysis detect errors and, in the case of very simple systems, rigorously verify behavior as long as the foundational assumptions are correct. Most realistic cyber systems are too complex for rigorous verification, but can benefit from non-exhaustive analysis that will find a few of the straightforward vulnerabilities. Encapsulation, sandboxing, and virtual machines provide a way to “surround” otherwise unpredictable software, hardware, and networks with software or hardware that is more trusted. A common but often ineffective example is a network firewall. Complexity science drawing on biological and other analogues is the least exploited but possibly the most promising approach. Biological metaphors are part of the cyber lexicon: virus, worm, etc. Models of complex cyber systems and their emergent behavior are needed to understand the cybersecurity problem. 4

5 www.disa.mil 5 www.afcea.org Thank you Jim Stikeleather, Chief Innovation Officer stike_stikeleather@Dell.com

Download ppt "Jim Stikeleather Chief Innovation Officer November 22, 2010 Technical Exchange: Defending the Cloud in a Hostile Environment."

Similar presentations

A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII.

A Model for When Disclosure Helps Security: What is Different About Computer & Network Security? Peter P. Swire Ohio State University George Mason CII.
A Model for When Disclosure Helps Security Peter P. Swire Ohio State University Stanford Cybersecurity Conference November 22, 2003.

A Model for When Disclosure Helps Security Peter P. Swire Ohio State University Stanford Cybersecurity Conference November 22, 2003.
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.

 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.
Firewall Query Engine and Firewall Comparison Engine Mohamed Gouda Alex X. Liu Computer Science Department The University of Texas at Austin.

Firewall Query Engine and Firewall Comparison Engine Mohamed Gouda Alex X. Liu Computer Science Department The University of Texas at Austin.
Ch.5 It Security, Crime, Compliance, and Continuity

Ch.5 It Security, Crime, Compliance, and Continuity
MSIT 458: Information Security & Assurance By Curtis Pethley.

MSIT 458: Information Security & Assurance By Curtis Pethley.
Security Track Day 1 Richard Stiennon Chief Research Analyst IT-Harvest Blog: ThreatChaos.com twitter.com/stiennon IT-Harvest Confidential.

Security Track Day 1 Richard Stiennon Chief Research Analyst IT-Harvest Blog: ThreatChaos.com twitter.com/stiennon IT-Harvest Confidential.
Controls for Information Security

Controls for Information Security
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Approaches to ---Testing Software Some of us “hope” that our software works as opposed to “ensuring” that our software works? Why? Just foolish Lazy Believe.

Approaches to ---Testing Software Some of us “hope” that our software works as opposed to “ensuring” that our software works? Why? Just foolish Lazy Believe.
Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.

Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.
SANS Technology Institute - Candidate for Master of Science Degree Implementing and Automating Critical Control 19: Secure Network Engineering for Next.

SANS Technology Institute - Candidate for Master of Science Degree Implementing and Automating Critical Control 19: Secure Network Engineering for Next.
SecureAware Building an Information Security Management System.

SecureAware Building an Information Security Management System.
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
PREPAREDNESS AND RESPONSE TO CYBER THREATS REQUIRE A CSIRT By Jaco Robertson, Marthie Lessing and Simon Nare*

PREPAREDNESS AND RESPONSE TO CYBER THREATS REQUIRE A CSIRT By Jaco Robertson, Marthie Lessing and Simon Nare*

Similar presentations

Ads by Google