The whole world is connected through IoT, so we need to have a closer look into security, especially in these systems. Would you want someone on the other side of the world controlling the heating, light or burglar alarm of your house? Same goes for all the software we are writing. Customers entrust us information about themselves and we have to make sure that this information stays secure.
Watch the videos from the Privacy and Security track at GOTO Berlin 2016 below.
Securing IoT Connected Device Applications
with Ian Massingham, Chief Evangelist, EMEA for Amazon Web Services
As the development and deployment of connected devices applications accelerates more and more organisations are making use of micro controllers and sensor hardware for safety critical and privacy sensitive applications.
In this session, AWS Technical Evangelist Ian Massingham explores the solutions for authentication and authorisation and for scalable support for cryptography that AWS has delivered as a component of the AWS IoT Service. The session includes a demo featuring C and Python IoT clients communicating securely via a scalable and serverless MQTT gateway.
Container and Microservice Security
with Adrian Mouat, Chief Scientist at Container Solutions
The security of containers has been a hotly discussed topic. This talk explains the main concerns around container security, and offer some best practices and guidance for addressing them.
The guiding philosophy is “defence in depth”; no one layer or tool should be relied upon to provide complete security.
The topics covered include:
- The isolation guarantees of containers
- Making sure your images haven’t been tampered with
- How to limit the resources that containers can access
- How to audit and monitor containers
- Using VMs and containers together to maximize security and efficiency
- How to safely share secrets (API keys, passwords) with containers
Safety vs Security: How to Create Insecure Safety-Critical System
with Alexander Timorin, ICS Security Researcher at Kaspersky Lab
In this talk, Alexander discusses the typical design, implementation and support issues related to mission-critical systems used in power, transportation, and other industries. Based on SCADA StrangeLove group 0-day research and publicly disclosed vulnerability statistics, Alexander highlights bad code practice which is unfortunately very common in industrial control systems.
He then discusses why developers should not rely only on safety standards and formal methods (like B-method) if they want to create secure systems.
Fixing the web with the global Blockchain trust machine
with Dr. Jutta Steiner, COO and Co-Founder of Ethcore
For the last few months, every day there has been a new announcement of a major corporate (successfully ?) trialing blockchain technology in a Proof-of-Concept. For anyone outside of the blockchain space and hype, it has become difficult to discern the signal from the noise. We give a brief introduction into the true technical innovation of these open multi-user platforms and present several use cases where businesses can benefit: From IT security to data privacy to IoT.
Secure my Socks: Exploring Microservice Security in an Open Source Sock Shop
with Dr. Phil Winder, Consultant, Engineer and Scientist at Winder Research and Development Ltd.
Microservices are often lamented as “providing enough rope to hang yourself”, which gives the impression that microservices are inherently insecure. But if we do microservices right, we can improve security with a range of measures all designed to prevent further intrusion and disruption.
In this talk, you will discover a reference microservices architecture – the sock shop – which we will abuse in order to investigate microservice security on the Kubernetes orchestrator and Weave Net, a software-defined networking product from Weaveworks. Despite covering a range of topics, it will focus on the demonstration of two key areas: network policy and secure containers.
This talk is intended for a technical audience such as engineers, developers and architects, but will be of interest to anyone who has a stake in application and information security.
You will leave this talk with not only an understanding of some aspects of microservice security but also the knowledge of how to implement these findings. Furthermore, you will be able to test and demonstrate these ideas yourself through the use of a reference microservices application on an orchestrator of your choice.