Presentation is loading. Please wait.

Presentation is loading. Please wait.

Friday December 7, 2007 SoBeNeT project 5 th User group meeting 07/12/2007.

Published byTrevor McCormick Modified over 9 years ago

Similar presentations

Presentation on theme: "Friday December 7, 2007 SoBeNeT project 5 th User group meeting 07/12/2007."— Presentation transcript:

1 Friday December 7, 2007 SoBeNeT project 5 th User group meeting 07/12/2007

2 Friday December 7, 2007 2 Agenda 16:00hWelcoming 16:10hProject overview and status 16:40hCLASP, SDL and TouchPoints compared 17:00hSoProTo – A software protection tool 17:20hRun-time enforcement of security policies on the.NET framework 17:40hDiscussion and wrap-up 18:00hDrink

3 Friday December 7, 2007 3 Overview 1.Project context 2.Overview of main results 3.Valorization program 4.Outlook on finalization

4 Friday December 7, 2007 4 I. Context: project in a nutshell IWT SBO project (2003-2007)  Extended until April 2008 Context: availability of security components (still evolving but relatively mature) Goal: to enable the development of secure software applications 4 Research tracks:  Programming and Composition Technology  Software engineering – “full life cycle”  Tamper and analysis resistance  Shielding and interception

5 Friday December 7, 2007 5 The project’s user group 3E Agfa Alcatel Application Engineers Cryptomatic EMC 2 Inno.com Johan Peeters bvba Microsoft L-SEC NBB OWASP-Belgium Philips PWC Siemens UZ Gasthuisberg Zetes User group  Channel for direct feedback on the execution of the project  Primary audience for dissemination  Possible channel for validation and valorization Composition:

6 Friday December 7, 2007 6 Evolution of the user group (Wouter: update - remove ?) Frequent contacts with active members, have also led to collaborative research projects Still new members showing up  Custodix  Cronos  … Hard to organize plenary meetings 

7 Friday December 7, 2007 7 II. Project status @End of fourth project year Significant amount of results  Academic: scientific publications at all levels several completed PhD’s involvement in national and international events  Broader dissemination: workshops and courses Project execution is on schedule  Taking into account the project extension  Priorities were fine-tuned during execution Industrial validation:  Spin-off projects  Opportunities for feedback  Continuous interest in practical validation !

8 Friday December 7, 2007 8 Looking Back… Year 1 Project support activities  Vulnerability study and classification  Inception of case studies Feasibility study of engineering application-level security with AOSD Study of techniques for tamper and analysis resistance Study of interception techniques

9 Friday December 7, 2007 9 Headlines of Year 2 Model for addressing code injection vulnerabilities Interrelations between point solutions in track I (Languages and composition)  E.g., security contracts as a language extension and a vehicle for reasoning on composition  Focus on component frameworks Activating the software engineering track  Study activities (incl. workshops) Architecture for management and monitoring Survey of attack methods and options in application protocols First industrial validations

10 Friday December 7, 2007 10 Headlines of Year 3 Release of dnmalloc Support for different types of security contracts  CAS, data dependencies, concurrency Fine-tuning of modularized access control Study of AOP security implications Refinement of secure development process activities (leveraged, among others, by results of other tracks) Improved techniques for tamper and analysis resistance Security management and monitoring applied to the.Net platform

11 Friday December 7, 2007 11 Headlines Y4: Track 1 General model for security contracts (PhD)  Language specification and static verification based on Spec# Access Control Interfaces (PhD)  Security-tuned composition mechanism based on AOSD technology AOPS, a permission system for dealing with AOP risks Security architecture for third-party applications on mobile devices

12 Friday December 7, 2007 12 Headlines Y4: Track 2 In-depth study and comparison of SDL, CLASP and Touchpoints has resulted in the activity matrix Analysis and systematic support for security principles in process activities Towards automated transition from requirements -> architecture Survey of security patterns

13 Friday December 7, 2007 13 Headlines Y4: Track 3 New techniques and attacks  Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings [SAC 2007]  Remote attestation on legacy operating systems with trusted platform modules [REM 2007]  Software Security Through Targeted Diversification [CoBaSSA 2007] SoProTo - Software Protection Tool  White-box cryptography  Obfuscation transformations

14 Friday December 7, 2007 14 Headlines Y4: Track 4 Application protocol checker Integration of protocol checker in application-level firewall

15 Friday December 7, 2007 15 Some numbers Over 100 publications in 4 years (>10 researchers involved) 3 PhD’s completed, more coming up (Co-)organization of >10 dissemination events  Project specific workshops  International conferences and workshops >5 spin-off projects with industrial partners Intensive contacts with >10 partners from user group

16 Friday December 7, 2007 16 III. Valorization A number of results are applicable in practical settings  C/C++ memory allocator  Protocol checking for web applications  SSE process comparison  Library of analysis / tamper resistance techniques National and international contact networks Several spin-of projects have been created

17 Friday December 7, 2007 17 Some of the spin-off projects Pecman Bcrypt EHIP II (possibly starting in 2008)

18 Friday December 7, 2007 18 Pecman: Personal Content Management Project summary  A user-centric solution enabling uniform storage and manipulation of personal data as well as universal access to this data Security-specific expectations  Security service bus: an architectural approach for crosscutting security enforcement  User-level policies, and their translation to system-level policies http://projects.ibbt.be/pecman

19 Friday December 7, 2007 19 BCRYPT: Belgian Fundamental Research on Cryptology and Information Security Project summary  Interuniversity Attraction Pole (IAP) Concrete expectations  Fundamental research: discrete mathematics, cryptographic algorithms and protocols, watermarking, secure software, and secure hardware.  Application areas: secure documents, ultra low power crypto for sensor networks, ambient intelligence and RFID, mobile terminals, DRM and trusted computing https://www.cosic.esat.kuleuven.be/bcrypt/

20 Friday December 7, 2007 20 Industry segments System Integrators and consultants (software development on a project base) Product development companies  Traditional Embedded systems  Telecom  Other  (boundaries are vague) Other stakeholders in software applications: business owner, system manager

21 Friday December 7, 2007 21 Upcoming events December 18-19, 2007Remote EnTrusting by RUn-time Software auThentication (RE-TRUST) - Workshop, Leuven March 3-7, 2008Secure Application Development course, Leuven July 22, 2008Advanced Applications for the Electronic Identity Card (ADAPID) – Workshop, Leuven July 23-25, 2008The 8th Privacy Enhancing Technologies Symposium (PETS 2008), Leuven To be announcedOWASP event on secure software development processes

22 Friday December 7, 2007 22 IV. Outlook Finalization headlines  Provably correct inliner  Improvement of verification techniques  Validation of AOP permission system  SoProTo Extended analysis front-end Self-encrypting code module Opportunities for validation ? Incubation of SoBeNeT II (SEC SODA)

23 Friday December 7, 2007 23 SECSODA Stands for SECure of SOftware in Distributed Applications … IWT SBO Proposal  Due January 2008  Project: 2008-2012

24 Friday December 7, 2007 24 Research Themes Programming and Composition Technology Software Engineering 4 Security Tamper and Analysis Resistance Verification Application case studies Extensions of practical technologies and methodologies (WS, SOA,.NET, …) mailto: {bartd, wouter}@cs.kuleuven.be

25 Friday December 7, 2007 Thank you! http://sobenet.cs.kuleuven.be/ Questions?

26 Friday December 7, 2007 26 Agenda 16:00hWelcoming 16:10hProject overview and status 16:40hCLASP, SDL and TouchPoints compared 17:00hSoProTo – A software protection tool 17:20hRun-time enforcement of security policies on the.NET framework 17:40hDiscussion and wrap-up 18:00hDrink

Download ppt "Friday December 7, 2007 SoBeNeT project 5 th User group meeting 07/12/2007."

Similar presentations

Strategy and Project Management in the Academic Setting What best practices from industry can be applied within the academic setting?

Strategy and Project Management in the Academic Setting What best practices from industry can be applied within the academic setting?
<<replace with Customer Logo>>

<<replace with Customer Logo>>
1 Copyright © 2010 AQA and its licensors. All rights reserved. Introduction to the new specification GCSE Computer Science Paul Varey.

1 Copyright © 2010 AQA and its licensors. All rights reserved. Introduction to the new specification GCSE Computer Science Paul Varey.
ECM RFP 101 Presented by: Carol Mitchell C.M. Mitchell Consulting.

ECM RFP 101 Presented by: Carol Mitchell C.M. Mitchell Consulting.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Assurance through Enhanced Design Methodology Orlando, FL 5 December 2012 Nirav Davé SRI International This effort is sponsored by the Defense Advanced.

Assurance through Enhanced Design Methodology Orlando, FL 5 December 2012 Nirav Davé SRI International This effort is sponsored by the Defense Advanced.
SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.

SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.
Security Controls – What Works

Security Controls – What Works
Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.

Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.
Reseach in DistriNet (department of computer science, K.U.Leuven) General overview and focus on embedded systems task-force.

Reseach in DistriNet (department of computer science, K.U.Leuven) General overview and focus on embedded systems task-force.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
SE curriculum in CC2001 made by IEEE and ACM: Overview and Ideas for Our Work Katerina Zdravkova Institute of Informatics

SE curriculum in CC2001 made by IEEE and ACM: Overview and Ideas for Our Work Katerina Zdravkova Institute of Informatics
R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.

R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Fundamentals of Information Systems, Second Edition

Fundamentals of Information Systems, Second Edition
Merlin ITEA Symposium 2006. 2006Merlin Overview2 Problem domain Companies hardly develop embedded products completely on their own Embedded systems need.

Merlin ITEA Symposium Merlin Overview2 Problem domain Companies hardly develop embedded products completely on their own Embedded systems need.
Project supported by YESS 2009 Young Engineering Scientist Symposium « Identity Management » Cryptography for the Security of Embedded Systems Ambient.

Project supported by YESS 2009 Young Engineering Scientist Symposium « Identity Management » Cryptography for the Security of Embedded Systems Ambient.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
DiscoverU Plan. Discover. Share. dartmouth ∙ digital arts ∙ computer science ∙ native american program.

DiscoverU Plan. Discover. Share. dartmouth ∙ digital arts ∙ computer science ∙ native american program.

Similar presentations

Ads by Google