Full Program »
Case Studies II
Thursday, 10 December 2015
15:30 - 17:00
Chair: Art Friedman, NSA
Republic Of Korea's Efforts for Enhanced Software Assurance, Lee Sang Geol, KISA (Korea Internet & Security Agency)
This presentation will introduce the Republic of Korea Government's Secure Coding Policy. It will cover the current state of the Republic of Korea Government Web Site's and Government Mobile Application’s present condition, standard and method of security validation. Once the current state is presented, the current direction of the Republic of Korea Government to protect their software will then be described.
Secure Identity Management for Future Networks, Hassane Aissaoui-Mehrez, IMT-TELECOM-ParisTech
Today, the Internet is radically changing our habits, especially with the massive influx of the nomadic techniques, the Internet of objects and the emergence of new approaches in recent years. In particular, the virtualization of the computing infrastructures, which allowed defining a new model called Cloud Computing.
The implementation of these approaches allows, in a different way, mutualization and organization of the computer system. Therefore, the global architecture of the Internet should be evolved. It will rely strongly on these new approaches and in particular, Cloud Computing and virtualization. However, no system is infallible especially if resources are distributed and mutualized. The traditional Internet architecture cannot provide the adequate solutions to the challenges raised by these new approaches: mobility, flexibility, security requirements, reliability and robustness. Thus, a research project (SecFuNet: Security for Future Networks) was validated by the European Commission, to provide some answers. The ambition of the SecFuNet project is to propose a new general secure framework for communication of user information on the Internet. The scope of the project has defined in several strategic research areas, and in particular, the following two areas: Secure identity management to preserve the confidentiality properties, availability, integrity, traceability and protection of privacy, and identification and the mutual authentication of resources in virtual environments.
The main objective is to design and develop new consistent security architecture for secure identification of users and protect their privacy in virtual networks. Our proposed architecture will make possible the communication security management for all machines connected to a virtual public Cloud. Our contributions take into account three dimensions: organizational, architectural and protocol. From an organizational perspective, we are interested in orchestration and segmentation of the virtual environments layers to define the security domain for each service provider and flexible management of these assets. This new organizational architecture allows definition at every level of visibility, actors and roles that each plays to manage and control access to resources in a heterogeneous virtual environment.
Lessons Learned from Applying Continuous Diagnostics and Mitigation Tools in an Information Technology R&D Laboratory, Joe Veoni, MITRE's Center for Advanced Aviation System Development
The MITRE Corporation is helping many of its government customers implement Continuous Diagnostics and Mitigation (CDM) technology to enable effective security management of their information technology (IT) assets. CDM is a large Department of Homeland Security (DHS) program with tremendous potential to change the way the federal agencies secure their infrastructure. We decided to implement selected security tools that are part of CDM as an operational capability in our security lab to understand the technology better. We used the technology for a year learning much about its strengths, weaknesses, and ways to tailor it to fit a dynamic lab environment. This presentation will cover lessons learned in applying CDM for vulnerability management, patch management, configuration management, and asset discovery.