Loading…
This event has ended. View the official site or create your own event + mobile app → Check it out
This event has ended. Create your own
View analytic
Thursday, April 19 • 4:40pm - 5:20pm
A Security Analysis of the OpenStack Infrastructure (Seacliff AB)

Sign up or log in to save this event to your list and see who's attending!


We perform an analysis of the OpenStack infrastructure from which we are able to derive a complete strategy for defence-in-depth. We will present a concise system description which explicitly enumerates the assumptions and vulnerabilities present in real systems, and allows us to put each potential defensive measure into context within the architecture of OpenStack. 

Our analysis models the way an attacker works within the system, finding chains of weaknesses which lead to a desired goal. Once we can understand and exhibit the consequences of the compromise of any individual component, we may then concentrate our hardening efforts without cognitive bias or naive assumption.

The analysis is interesting because it goes some way towards explaining the "Honeymoon Period" for discovery of system vulnerability (Blaze, Clark et al), and can increase the time between successful exploits by acknowledging that an attack is a constructive proof of vulnerability which must be broken in as many places as possible.

Speakers
avatar for Shevek

Shevek

Shevek is an expert programmer who has worked on cutting edge research in systems and security, compilers and language design, algorithms and optimization. He is capable of maintaining a very straight face under questioning on topics including "Why is our printer playing 'happy birthday'?" or "What is that message doing on the side of that building?" His recent work focused on big data infrastructure and analytics, working mostly with Hadoop. He received a Doctorate in Computing on the...
Read More →
PM

Paul McMillan

Paul McMillan has been interested in security from an early age when he realized that it was a lot more fun to hack games than play them (even when the hacking took far more effort). While he doesn't play many games anymore, he has found network and web application security to be just as fun and much more useful. Paul has been working with Django since 2008, and is now a core committer with a focus on improving the security of Django.

Thursday April 19, 2012 4:40pm - 5:20pm
Seacliff AB (Bayview Level, Hyatt Regency Hotel)

Attendees (52)

Attendance numbers do not account for private attendees. Get there early!


Remove this from your schedule?
This session is full and you may not be able to get back in.
Remove
Cancel