veyepar: Security Topics in Open Cloud: Advanced Threats, 2015's Vulnerabilities ...

Hi user

Admin Login:

Name: Security Topics in Open Cloud: Advanced Threats, 2015's Vulnerabilities ...
--client lca --show lca2016 --room r1mix 10838 --force
Next: 12 Managing Infrastructure as Code

show more... Marks

Author(s):	Jason Cohen
Location	Costa Hall
Date	feb Mon 01	Days Raw Files
Start	13:20	First Raw Start	13:17
Duration	0:45:00	Offset	0:02:37
End	14:05	Last Raw End	14:05
Chapters	00:00
Total cuts_time	44 min.

https://linux.conf.au/schedule/30298/view_talk
raw-playlist raw-mp4-playlist encoded-files-playlist host tweet mp4 svg png

final audio

assets release.pdf Security_Topics_in_Open_Cloud_Advanced_Threats_2015s_Vulnerabilities_Advancements_in_OpenStack_Trusted_Computing_and_Hadoop_Encryption.json
logs
Admin: episode episode list cut list raw files day marks day marks day image_files

State:
Locked:	clear this to unlock
Locked by:	user/process that locked.
Start:	initially scheduled time from master, adjusted to match reality
Duration:	length in hh:mm:ss
Name:	Video Title (shows in video search results)
Emails:	email(s) of the presenter(s)
Released:	has someone authorised pubication
Normalise:
Channelcopy:	m=mono, 01=copy left to right, 10=right to left, 00=ignore.
Thumbnail:	filename.png
Description:	This talk will present an assortment of security topics related to Open Source Cloud Computing technologies. Topics will include an overview of the most significant security flaws discovered over the last year in popular cloud platforms, the generic foundations of advance persistent threats, and some of the recent countermeasures of encryption, key management, and platform validation being introduced into OpenStack and Hadoop. A demo of Trusted Compute Pools will also be given and an explanation of what types of advanced threats it protects against will be provided. It would seem that, despite the exponential growth in security products, security services, security companies, security certifications, and general interest in the security topic; we are still bombarded with a constant parade of security vulnerability disclosures on a seemingly daily basis. Knowing that complete protection from threats and vulnerabilities at the front end of the infrastructure is impossible and that advanced threats will find their way past our defenses, efforts to protect the data and the ‘keys to the castle’ being the last line of defense are even more critical. The hardware enabling ‘trusted computing’ is referred to as a Trusted Platform Module (TPM), and is designed as a commodity chip that is integrated into motherboards, as well as appliances such as network switches, firewalls, and embedded devices. The TPM provides features that are useful in providing assurances about the state of a platform and protecting sensitive information. Essentially, the chip can be used to generate, store, and protect encryption keys. It also provides a mechanism to store information about the state of a platform through a traceable, cryptographic mechanism, which can be securely attested to a remote verifier. TPMs have been around for a while but have had a slow uptake in actual use until recently due to initial privacy concerns that have been mostly overcome. Many cloud deployments include hardware with a TPM, but it is rarely used. Championed by Intel and others, support for using the TPM and related Intel TXT to provide remote attestation has been included in OpenStack in the form of Trusted Compute Pools. This feature can detect systems within the cloud that have booted untrusted code and block guests from executing on them. This will be demo’ed on a live system. Of course, this boot time detection of untrusted code is beneficial, there are other ways a TPM could be utilized to better protect user or application data via strong and cheap protection of keys. Work being done in OpenStack to utilize the TPM for key protection will also be discussed. In addition, when configuring bare metal systems, there are many other ways to use the TPM such as with the IMA/EVM subsystem or by using the TPM to protect keys used in disk encryption, applications, or user data. Some of the common tools for using TPMs on bare metal systems will be enumerated. Lastly, although not necessarily a ‘cloud’ platform, Hadoop is a mainstay in the related field of big data. Until recently, the lack of block level encryption has been an issue for organizations looking to protect Hadoop data. We will discuss the architecture of the Hadoop encryption framework and considerations for key protection. markdown
Comment:	production notes

2016-02-01/13_17_23.dv Apply: 13:17:23 - 13:20:32 ( 00:03:09 ) S: 13:17:23 - E: 13:20:32 D: 00:03:09 show more...

vlc ~/Videos/veyepar/lca/lca2016/dv/r1mix/2016-02-01/13_17_23.dv :start-time=00.0 --audio-desync=0

	Raw File	Cut List
	13:17:23		seconds: 0.0 Wall: 13:17:23
Duration	00:03:09
	13:20:32		seconds: 0.0 Wall: 13:17:23
Comments:
mp4 mp4.m3u	dv.m3u	Split: Sequence:: delete

audio viz

2016-02-01/13_20_32.dv Apply: 13:20:41 - 14:05:06 ( 00:44:24 ) S: 13:20:32 - E: 14:05:06 D: 00:44:34 (Start: 9.060094) show more...

vlc ~/Videos/veyepar/lca/lca2016/dv/r1mix/2016-02-01/13_20_32.dv :start-time=09.060094 --audio-desync=0

	Raw File	Cut List
	13:20:32		seconds: 9.060094 Wall: 13:20:41
Duration	00:44:34
	14:05:06		seconds: 0.0 Wall: 13:20:32
Comments:
mp4 mp4.m3u	dv.m3u	Split: Sequence:: delete

audio viz

Rf filename:	root is .../show/dv/location/, example: 2013-03-13/13:13:30.dv
Sequence:
get this:	check and save to add this

2016-02-01/13_17_23.dv
audio viz

audio viz

2016-02-01/13_20_32.dv
audio viz

audio viz

Veyepar Video Eyeball Processor and Review