Annual Computer Security Applications Conference (ACSAC) 2016

Full Program »

Case Studies I

Thursday, 8 December 2016
10:30 - 12:00

Club Room

Chair: Cynthia Bauer, NSA

Hackers and Evil Doers – How to Keep Your Digital Experience Safe and Secure on the Cloud, Bob McCandless, Blue Iron Network
Do you worry about the security of data on the cloud? Have you considered deploying a cloud environment but worry that your information may be unprotected? Could computing has gotten a bad reputation in the media for being an unsecured form of storing data remotely on the internet. As such, cybersecurity as it pertains to cloud computing has become a complex topic that requires attention. This session will cover details of several current large scale cyber attacks against enterprise business entities. This does not mean all cloud hosting is at risked of being hacked. It does however raise concerns about the security of data being hosted on the cloud. Is the information really safe? It all depends on the precautions taken by the individual or enterprise. Specifics concerning the steps and techniques your organization should employ to minimize the severity of attacks against your enterprise and recover operational capability after an assault occurs will be discussed. Deployment strategies, security solutions, monitoring suggestions, threat mitigation, back-up strategies and much more will be addressed. Attendees get a first hand look at real world examples of deploying and managing a digital platform in a private or hybrid cloud environment. All questions pertaining to the risks associated with cloud computing will be addressed by a leading expert in the field. The information and tools necessary to make informed decisions when evaluating cloud solutions and companies can aid in the prevention of cyber attacks. Additionally, should the worst occur and a cyber attack is perpetrated, these tools will assist in maintaining operational capabilities and recovering quickly with 100% up-time. If you are thinking of deploying a private or hybrid cloud solution, or have concerns about your existing cloud environments then this session is one you can't afford to miss. Come learn from real life examples and gain the expertise to dive into the cloud without the risk of losing your shirt!

Encrypting the Brain of IOT, Ed Yu, Overnest, Inc.
Source code not only contains intellectual property but also proprietary algorithms that access and process sensitive data. As we move to the age of AI and IOT, our source code is essentially the brain. The source code gives hackers the blueprint of the system that not only making breaches much easier but also allows them to modify the code without detection. Unfortunately, almost none of the source code management systems are built with security in mind and as a result, it's extremely difficult to protect source code from hackers without significantly impacting the workflow of developers who need to access the source code. In this case study, we will present how we applied encryption to source code without impacting the way source code is shared, compiled, and worked on. We will talk about how we overcome the fundamental flaws of encryption as a security instrument such as key management and sharing. We will also talk about lessons learned and where to go from here.

Impact of the Physical Web and Beacons in the Classroom and College, Debasis Bhattacharya, University of Maui College

Beacons are small transmitters that can be fixed to any physical place or thing, and can emit a short burst of data using Bluetooth Low Energy (BLE) protocol. This case study examines the utility and security of beacons, in a college or educational environment. Focus is on the practical, cost-effective and secure implementation of beacons.

The Physical Web is a project announced by Google's Chrome team that essentially provides a framework to discover "smart" physical objects (e.g. vending machines, classroom, conference room, cafeteria, bus stop etc.) and interact with specific, contextual content without having to resort to downloading a specific app. A common app such as the open source and freely available Physical Web app on the Google Play Store or the BKON Browser on the Apple App Store, can access nearby beacons.

A current work-in-progress at the University of Maui College is developing a campus-wide prototype of beacon technology using the Eddystone-URL protocol and beacons from Estimote, Radius Networks and BKON. The project is also incorporating security issues using the new and emerging Eddystone Ephemeral-ID (EID) protocol from Google.

 

Powered by OpenConf®
Copyright©2002-2016 Zakon Group LLC