Welcome to Science! By Infotiv on December 7

Do you want to attend really sharp lectures on technology? For free? YES! Welcome to the next Science! By Infotiv on December 5.

This time we have two lecturers: Robert Krook who lectures on the topic "HasTEE - Confidential Computing on Trusted Execution Environments with Haskell" and Daniel Deogun who lectures on the topic "Defense in Depth using Secure by Design".

Time: 7/12 at 16.00 - 18.00

Mingle and coffee from 15.30

After work at Infotiv's office after the presentations. Light food and drinks

Hybrid event: choose whether you want to come to our cozy office or participate online.

Registration and info: https://bit.ly/3seNBQ7

HASTEE - CONFIDENTIAL COMPUTING ON TRUSTED EXECUTION ENVIRONMENTS WITH HASKELL

Robert Krook

Abstract:

An important topic of cybersecurity is that of protecting data. Data generally exists in one of three states. Data can be at rest, in transit, or in use. Protecting data in the first two states are generally achieved using encryption. Protecting data in the third state, data in use, is tricker. While data is being used it must be loaded up into RAM, where it may be wrongfully leaked by a compromised operating system.

In this talk I will discuss how we can use trusted execution environments to protect data in use, thus engaging in confidential computing. The techniques I will describe are promising, but also unecessarily complicated. The programming models for these techniques are complicated and give off boilerplate-vibes. I will present recent work by my collaborators and myself where we try to make confidential computing more accessible by removing burdens from the developers shoulders.

HasTEE is a Haskell framework where you write a single application, describing both the sensitive and non-sensitive computations, and where the compiler partitions the application automatically for you into one trusted component and an untrusted one. The trusted component executes inside an Intel SGX enclave, and the untrusted component executes normally. The partitioning is very light-weight and requires no modifications of the Haskell compiler.

Bio

Robert Krook is a PhD student in the functional programming unit at Chalmers University of Technology. He is a student in the Octopi project, whose aim is to research tools and techniques for developing safe and secure IoT applications.

His research has revolved around writing and executing functional programming languages on exotic platforms, such as IoT devices and hardware-enforced trusted execution environments. More specifically, he has researched topics such as Real-Time programming on IoT-devices, Confidential Computing on Trusted Execution Environments, and Property-Based Testing for Testing Compilers. His interests mainly concern property-based testing, compiler development, programming-language design, and cybersecurity.

DEFENSE IN DEPTH USING SECURE BY DESIGN

Daniel Deogun

Even a seemingly innocent piece of code can contain several vulnerabilities that might take down an entire system. We all know how to deal with SQL-injection and cross-site scripting, but why is that not enough? On the latest OWASP Top 10 list, insecure design has emerged on fourth place - a strong indication that we need a new approach.

I believe, as developers we need to learn how to apply defense in depth in code. We need to find out how to create a multilayer defense that is stronger than its parts.

So, in this session, I will explore how to create such as defense by looking at a seemingly innocent piece of code, walk through its vulnerabilities, and mitigate them using interlocking patterns from Secure by Design.

Bio

Daniel Deogun is the author of the book Secure by Design and has been in the industry for 20+ years. He strongly believes security is a quality aspect and is passionate about how craftsmanship can drive security in software. Throughout his career, Daniel has worked with everything from patient critical software to enterprise applications in the cloud to high performance software in various industries. Combining this with his passion for tech has made him a frequent speaker at conferences all over the world. Daniel is currently Chief Academy Officer at Omegapoint Group.

A picture collage.