SlideShare une entreprise Scribd logo

US Patriot Act OSCON2012 David Mertz

OSCON Byrum
OSCON Byrum

supplemental slides from https://www.slideshare.net/OReillyOSCON/us-patriot-act-and-implications-for-cloud-computing-data-privacy session

TechnologieBusiness
1  sur  10
Télécharger pour lire hors ligne
OSCon 2012: Cloud Computing & Data Privacy David Mertz Let's take this as our starting point: “No matter how paranoid you are, what they're actually doing is worse than you can possibly imagine.” - Ralph J. Gleason (1917-75)
OSCon 2012: Cloud Computing & Data Privacy David Mertz Or to be specific: While misuse and abuse of the NSL power has been widely documented, the Obama administration [is seeking to allow] the FBI to demand even more records without court approval. [T]he administration proposed to expand the statute to allow the FBI to get American's internet activity records without court approval or even suspicion of wrongdoing. http://www.aclu.org/national-security/doe-v-holder
OSCon 2012: Cloud Computing & Data Privacy David Mertz Let's take an illustration from ActiveState:
OSCon 2012: Cloud Computing & Data Privacy David Mertz What security guarantee does this give us? It does verify that the bytes that make up the VM received by the Cloud Host are those you intended.
OSCon 2012: Cloud Computing & Data Privacy David Mertz If Cloud Host receives a National Security Letter they might be compelled to inject code into your VM (and have a gag order against revealing they did so).
OSCon 2012: Cloud Computing & Data Privacy David Mertz It would be nice if clever cryptography can let a process self-verify against code injection. But is it possible in the face of a bad actor or a hostile law?
OSCon 2012: Cloud Computing & Data Privacy David Mertz If the “Scanner” can vouch for itself, and it can poke at the bytes inside other containers, this is sufficient to guarantee against injection attacks. How might it do this? ● Public key authentication against secured machine? ● Response to random queries of its own memory image? ● Response to random timing challenges to demonstrate known behavior? ● OS authentication of scanner? (but VM could inject into OS)
OSCon 2012: Cloud Computing & Data Privacy David Mertz As can the audience, I can quickly poke holes in each of the methods in the last slide. On the other hand, I am not certain this quest is quixotic. Inspirations: ● GPG/PGP: RSA lets me to send messages over insecure SMTP with assurance that only the intended recipient has access. ● Freenet: I can participate in a peer-to-peer data network without having even the capability of revealing or determining which content my node helps share.
OSCon 2012: Cloud Computing & Data Privacy David Mertz Even if a “Scanner” is possible with the desired properties, it does nothing whatsoever to protect against attacks on applications within containers. App-level security is a distinct issue. ● If code running in a container is the binary intended (i.e. no injection), it may still needs to encrypt connections/stored data/etc. per app requirements. ● App-level software has known and unknown attacks. The best we are hoping for is “no worse than” hosting an application on privately controlled hardware.
OSCon 2012: Cloud Computing & Data Privacy David Mertz “No matter how paranoid you are, what they're actually doing is worse than you can possibly imagine.” - Ralph J. Gleason (1917-75) Ideas?

Recommandé

Gdpr encryption and tokenization
Gdpr encryption and tokenizationGdpr encryption and tokenization
Gdpr encryption and tokenizationUlf Mattsson
 
PKI for the People - a Beame.io Research Initiative
PKI for the People - a Beame.io Research InitiativePKI for the People - a Beame.io Research Initiative
PKI for the People - a Beame.io Research InitiativeSophia Tupolev
 
Cryptoandnetworksecuritylitreview
CryptoandnetworksecuritylitreviewCryptoandnetworksecuritylitreview
CryptoandnetworksecuritylitreviewFaith Nweke
 
Hackers Hit Web Host
Hackers Hit Web HostHackers Hit Web Host
Hackers Hit Web Hostwebhostingguy
 
cryptography
cryptographycryptography
cryptographyBalaji Ravi
 
The ultimate privacy guide
The ultimate privacy guideThe ultimate privacy guide
The ultimate privacy guideJD Liners
 
Ijaiem 2014-11-30-122
Ijaiem 2014-11-30-122Ijaiem 2014-11-30-122
Ijaiem 2014-11-30-122Sathya Madhesh
 
Ocra 2012
Ocra 2012Ocra 2012
Ocra 2012Margaret Mellinger
 

Recommandé

Gdpr encryption and tokenization
Gdpr encryption and tokenizationGdpr encryption and tokenization
Gdpr encryption and tokenizationUlf Mattsson
 
PKI for the People - a Beame.io Research Initiative
PKI for the People - a Beame.io Research InitiativePKI for the People - a Beame.io Research Initiative
PKI for the People - a Beame.io Research InitiativeSophia Tupolev
 
Cryptoandnetworksecuritylitreview
CryptoandnetworksecuritylitreviewCryptoandnetworksecuritylitreview
CryptoandnetworksecuritylitreviewFaith Nweke
 
Hackers Hit Web Host
Hackers Hit Web HostHackers Hit Web Host
Hackers Hit Web Hostwebhostingguy
 
cryptography
cryptographycryptography
cryptographyBalaji Ravi
 
The ultimate privacy guide
The ultimate privacy guideThe ultimate privacy guide
The ultimate privacy guideJD Liners
 
Ijaiem 2014-11-30-122
Ijaiem 2014-11-30-122Ijaiem 2014-11-30-122
Ijaiem 2014-11-30-122Sathya Madhesh
 
Ocra 2012
Ocra 2012Ocra 2012
Ocra 2012Margaret Mellinger
 
NCSO
NCSONCSO
NCSOAvraham Lerner
 
IoT Malware Detection through Threshold Random Walks
IoT Malware Detection through Threshold Random WalksIoT Malware Detection through Threshold Random Walks
IoT Malware Detection through Threshold Random WalksBiagio Botticelli
 
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A SurveyTowards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A SurveyIRJET Journal
 
Enhancing the Techniques to Secure Grid Computing
Enhancing the Techniques to Secure Grid ComputingEnhancing the Techniques to Secure Grid Computing
Enhancing the Techniques to Secure Grid Computingijtsrd
 
Secure data sharing in cloud computing using revocable storage identity-based...
Secure data sharing in cloud computing using revocable storage identity-based...Secure data sharing in cloud computing using revocable storage identity-based...
Secure data sharing in cloud computing using revocable storage identity-based...Shakas Technologies
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)irjes
 
603535ransomware
603535ransomware603535ransomware
603535ransomwareAlexander Constantinou
 
Lesson2.9 n u2l6 public keys
Lesson2.9 n u2l6 public keysLesson2.9 n u2l6 public keys
Lesson2.9 n u2l6 public keysLexume1
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
How To Secure Online Activities
How To Secure Online ActivitiesHow To Secure Online Activities
How To Secure Online Activities- Mark - Fullbright
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryptionijcisjournal
 
Open stack security emea launch
Open stack security emea launchOpen stack security emea launch
Open stack security emea launchJoshua McKenty
 
Privacy Techniques in Fourth Generation Heterogeneous Networks
Privacy Techniques in Fourth Generation Heterogeneous NetworksPrivacy Techniques in Fourth Generation Heterogeneous Networks
Privacy Techniques in Fourth Generation Heterogeneous Networksdimgkik
 
Mca5042 cryptography and network security (1)
Mca5042 cryptography and network security (1)Mca5042 cryptography and network security (1)
Mca5042 cryptography and network security (1)smumbahelp
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksMighty Guides, Inc.
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
In search of unique behaviour
In search of unique behaviourIn search of unique behaviour
In search of unique behaviourDefCamp
 
How is linux fixing issues of open ssl security
How is linux fixing issues of open ssl security How is linux fixing issues of open ssl security
How is linux fixing issues of open ssl security venturesity
 
Government 2.0
Government 2.0Government 2.0
Government 2.0Tim O'Reilly
 
Some Lessons for Startups (ppt)
Some Lessons for Startups (ppt)Some Lessons for Startups (ppt)
Some Lessons for Startups (ppt)Tim O'Reilly
 

Contenu connexe

Tendances

IoT Malware Detection through Threshold Random Walks
IoT Malware Detection through Threshold Random WalksIoT Malware Detection through Threshold Random Walks
IoT Malware Detection through Threshold Random WalksBiagio Botticelli
 
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A SurveyTowards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A SurveyIRJET Journal
 
Enhancing the Techniques to Secure Grid Computing
Enhancing the Techniques to Secure Grid ComputingEnhancing the Techniques to Secure Grid Computing
Enhancing the Techniques to Secure Grid Computingijtsrd
 
Secure data sharing in cloud computing using revocable storage identity-based...
Secure data sharing in cloud computing using revocable storage identity-based...Secure data sharing in cloud computing using revocable storage identity-based...
Secure data sharing in cloud computing using revocable storage identity-based...Shakas Technologies
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)irjes
 
Lesson2.9 n u2l6 public keys
Lesson2.9 n u2l6 public keysLesson2.9 n u2l6 public keys
Lesson2.9 n u2l6 public keysLexume1
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryptionijcisjournal
 
Open stack security emea launch
Open stack security emea launchOpen stack security emea launch
Open stack security emea launchJoshua McKenty
 
Privacy Techniques in Fourth Generation Heterogeneous Networks
Privacy Techniques in Fourth Generation Heterogeneous NetworksPrivacy Techniques in Fourth Generation Heterogeneous Networks
Privacy Techniques in Fourth Generation Heterogeneous Networksdimgkik
 
Mca5042 cryptography and network security (1)
Mca5042 cryptography and network security (1)Mca5042 cryptography and network security (1)
Mca5042 cryptography and network security (1)smumbahelp
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksMighty Guides, Inc.
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
In search of unique behaviour
In search of unique behaviourIn search of unique behaviour
In search of unique behaviourDefCamp
 
How is linux fixing issues of open ssl security
How is linux fixing issues of open ssl security How is linux fixing issues of open ssl security
How is linux fixing issues of open ssl security venturesity
 

Tendances (20)

NCSO
NCSONCSO
NCSO
 
IoT Malware Detection through Threshold Random Walks
IoT Malware Detection through Threshold Random WalksIoT Malware Detection through Threshold Random Walks
IoT Malware Detection through Threshold Random Walks
 
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A SurveyTowards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
 
Enhancing the Techniques to Secure Grid Computing
Enhancing the Techniques to Secure Grid ComputingEnhancing the Techniques to Secure Grid Computing
Enhancing the Techniques to Secure Grid Computing
 
Secure data sharing in cloud computing using revocable storage identity-based...
Secure data sharing in cloud computing using revocable storage identity-based...Secure data sharing in cloud computing using revocable storage identity-based...
Secure data sharing in cloud computing using revocable storage identity-based...
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
 
603535ransomware
603535ransomware603535ransomware
603535ransomware
 
Lesson2.9 n u2l6 public keys
Lesson2.9 n u2l6 public keysLesson2.9 n u2l6 public keys
Lesson2.9 n u2l6 public keys
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
 
How To Secure Online Activities
How To Secure Online ActivitiesHow To Secure Online Activities
How To Secure Online Activities
 
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic EncryptionThreat Modeling of Cloud based Implementation of Homomorphic Encryption
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
 
Open stack security emea launch
Open stack security emea launchOpen stack security emea launch
Open stack security emea launch
 
Privacy Techniques in Fourth Generation Heterogeneous Networks
Privacy Techniques in Fourth Generation Heterogeneous NetworksPrivacy Techniques in Fourth Generation Heterogeneous Networks
Privacy Techniques in Fourth Generation Heterogeneous Networks
 
Mca5042 cryptography and network security (1)
Mca5042 cryptography and network security (1)Mca5042 cryptography and network security (1)
Mca5042 cryptography and network security (1)
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of Ransomware
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down Attacks
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictions
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
 
In search of unique behaviour
In search of unique behaviourIn search of unique behaviour
In search of unique behaviour
 
How is linux fixing issues of open ssl security
How is linux fixing issues of open ssl security How is linux fixing issues of open ssl security
How is linux fixing issues of open ssl security
 

En vedette

Some Lessons for Startups (ppt)
Some Lessons for Startups (ppt)Some Lessons for Startups (ppt)
Some Lessons for Startups (ppt)Tim O'Reilly
 
BodyTrack: Open Source Tools for Health Empowerment through Self-Tracking
BodyTrack: Open Source Tools for Health Empowerment through Self-Tracking BodyTrack: Open Source Tools for Health Empowerment through Self-Tracking
BodyTrack: Open Source Tools for Health Empowerment through Self-Tracking OSCON Byrum
 
Innovation sociale et politiques publiques : l'expérience de la Grande Bretagne
Innovation sociale et politiques publiques : l'expérience de la Grande BretagneInnovation sociale et politiques publiques : l'expérience de la Grande Bretagne
Innovation sociale et politiques publiques : l'expérience de la Grande BretagneLoïc Haÿ
 
The DiSo Project and the Open Web
The DiSo Project and the Open WebThe DiSo Project and the Open Web
The DiSo Project and the Open WebChris Messina
 
Zero Waste à Gipuzkoa (Pays basque espagnol)
Zero Waste à Gipuzkoa (Pays basque espagnol)Zero Waste à Gipuzkoa (Pays basque espagnol)
Zero Waste à Gipuzkoa (Pays basque espagnol)Zero Waste France, Cniid
 
Traffic Signal Movie Preview
Traffic Signal Movie PreviewTraffic Signal Movie Preview
Traffic Signal Movie PreviewKapil Mohan
 
Deploying a #CRM solution in Latin America (Or the Rest of the World). #sugarcon
Deploying a #CRM solution in Latin America (Or the Rest of the World). #sugarconDeploying a #CRM solution in Latin America (Or the Rest of the World). #sugarcon
Deploying a #CRM solution in Latin America (Or the Rest of the World). #sugarconJesus Hoyos
 
The Ultimate Guide to Content Marketing & Influencer Strategy
The Ultimate Guide to Content Marketing & Influencer StrategyThe Ultimate Guide to Content Marketing & Influencer Strategy
The Ultimate Guide to Content Marketing & Influencer StrategyAllan V. Braverman
 
Technical Debt and Selling Rearchitecture
Technical Debt and Selling RearchitectureTechnical Debt and Selling Rearchitecture
Technical Debt and Selling RearchitectureSergey Sundukovskiy
 
What Android Can Learn from Steve Jobs
What Android Can Learn from Steve JobsWhat Android Can Learn from Steve Jobs
What Android Can Learn from Steve JobsTim O'Reilly
 
How we built our community using Github - Uri Cohen
How we built our community using Github - Uri CohenHow we built our community using Github - Uri Cohen
How we built our community using Github - Uri CohenOSCON Byrum
 
Panorama de l'utilisation des médias sociaux dans les collectivités locales
Panorama de l'utilisation des médias sociaux dans les collectivités localesPanorama de l'utilisation des médias sociaux dans les collectivités locales
Panorama de l'utilisation des médias sociaux dans les collectivités localesEmilie Marquois
 
Insight from CloverPoint - 3D Asset and Facilities Management
Insight from CloverPoint - 3D Asset and Facilities ManagementInsight from CloverPoint - 3D Asset and Facilities Management
Insight from CloverPoint - 3D Asset and Facilities ManagementCloverpoint
 
Mobilité partagée, un enjeu d'innovation dans un système global de transport
Mobilité partagée, un enjeu d'innovation dans un système global de transportMobilité partagée, un enjeu d'innovation dans un système global de transport
Mobilité partagée, un enjeu d'innovation dans un système global de transportPierre-Olivier Desmurs
 
Solving the Wanamaker Problem for Healthcare (keynote file)
Solving the Wanamaker Problem for Healthcare (keynote file)Solving the Wanamaker Problem for Healthcare (keynote file)
Solving the Wanamaker Problem for Healthcare (keynote file)Tim O'Reilly
 

En vedette (20)

Government 2.0
Government 2.0Government 2.0
Government 2.0
 
Some Lessons for Startups (ppt)
Some Lessons for Startups (ppt)Some Lessons for Startups (ppt)
Some Lessons for Startups (ppt)
 
BodyTrack: Open Source Tools for Health Empowerment through Self-Tracking
BodyTrack: Open Source Tools for Health Empowerment through Self-Tracking BodyTrack: Open Source Tools for Health Empowerment through Self-Tracking
BodyTrack: Open Source Tools for Health Empowerment through Self-Tracking
 
Innovation sociale et politiques publiques : l'expérience de la Grande Bretagne
Innovation sociale et politiques publiques : l'expérience de la Grande BretagneInnovation sociale et politiques publiques : l'expérience de la Grande Bretagne
Innovation sociale et politiques publiques : l'expérience de la Grande Bretagne
 
The DiSo Project and the Open Web
The DiSo Project and the Open WebThe DiSo Project and the Open Web
The DiSo Project and the Open Web
 
Zero Waste à Gipuzkoa (Pays basque espagnol)
Zero Waste à Gipuzkoa (Pays basque espagnol)Zero Waste à Gipuzkoa (Pays basque espagnol)
Zero Waste à Gipuzkoa (Pays basque espagnol)
 
Traffic Signal Movie Preview
Traffic Signal Movie PreviewTraffic Signal Movie Preview
Traffic Signal Movie Preview
 
Deploying a #CRM solution in Latin America (Or the Rest of the World). #sugarcon
Deploying a #CRM solution in Latin America (Or the Rest of the World). #sugarconDeploying a #CRM solution in Latin America (Or the Rest of the World). #sugarcon
Deploying a #CRM solution in Latin America (Or the Rest of the World). #sugarcon
 
The Ultimate Guide to Content Marketing & Influencer Strategy
The Ultimate Guide to Content Marketing & Influencer StrategyThe Ultimate Guide to Content Marketing & Influencer Strategy
The Ultimate Guide to Content Marketing & Influencer Strategy
 
Velocity2010
Velocity2010Velocity2010
Velocity2010
 
Copy Cultures
Copy CulturesCopy Cultures
Copy Cultures
 
Publishers “in” Libraries: New Agents, New Roles, New Challenges
Publishers “in” Libraries: New Agents, New Roles, New ChallengesPublishers “in” Libraries: New Agents, New Roles, New Challenges
Publishers “in” Libraries: New Agents, New Roles, New Challenges
 
Technical Debt and Selling Rearchitecture
Technical Debt and Selling RearchitectureTechnical Debt and Selling Rearchitecture
Technical Debt and Selling Rearchitecture
 
What Android Can Learn from Steve Jobs
What Android Can Learn from Steve JobsWhat Android Can Learn from Steve Jobs
What Android Can Learn from Steve Jobs
 
How we built our community using Github - Uri Cohen
How we built our community using Github - Uri CohenHow we built our community using Github - Uri Cohen
How we built our community using Github - Uri Cohen
 
Panorama de l'utilisation des médias sociaux dans les collectivités locales
Panorama de l'utilisation des médias sociaux dans les collectivités localesPanorama de l'utilisation des médias sociaux dans les collectivités locales
Panorama de l'utilisation des médias sociaux dans les collectivités locales
 
Insight from CloverPoint - 3D Asset and Facilities Management
Insight from CloverPoint - 3D Asset and Facilities ManagementInsight from CloverPoint - 3D Asset and Facilities Management
Insight from CloverPoint - 3D Asset and Facilities Management
 
Mobilité partagée, un enjeu d'innovation dans un système global de transport
Mobilité partagée, un enjeu d'innovation dans un système global de transportMobilité partagée, un enjeu d'innovation dans un système global de transport
Mobilité partagée, un enjeu d'innovation dans un système global de transport
 
Oracle social crm technology
Oracle social crm technologyOracle social crm technology
Oracle social crm technology
 
Solving the Wanamaker Problem for Healthcare (keynote file)
Solving the Wanamaker Problem for Healthcare (keynote file)Solving the Wanamaker Problem for Healthcare (keynote file)
Solving the Wanamaker Problem for Healthcare (keynote file)
 

Similaire à US Patriot Act OSCON2012 David Mertz

Mongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons LearnedMongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons LearnedStanford University
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataProcore Technologies
 
Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe Priyanka Aash
 
CyberSecurity Meetup - Zero Trust Architecture and Electric Vehicle Cyberrisks
CyberSecurity Meetup - Zero Trust Architecture and Electric Vehicle CyberrisksCyberSecurity Meetup - Zero Trust Architecture and Electric Vehicle Cyberrisks
CyberSecurity Meetup - Zero Trust Architecture and Electric Vehicle CyberrisksRoger Qiu
 
Internet of things (IoT) Architecture Security Analysis
Internet of things (IoT) Architecture Security AnalysisInternet of things (IoT) Architecture Security Analysis
Internet of things (IoT) Architecture Security AnalysisDaksh Raj Chopra
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 
Domain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network HackingDomain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network HackingShivamSharma909
 
Hands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill ChainHands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill ChainSplunk
 
Websense security prediction 2014
Websense security prediction 2014Websense security prediction 2014
Websense security prediction 2014Bee_Ware
 
Dark Web What it is & How Does it Work
Dark Web What it is & How Does it WorkDark Web What it is & How Does it Work
Dark Web What it is & How Does it WorkOnsite Helper
 
NetworkWorld-SafeBreach
NetworkWorld-SafeBreachNetworkWorld-SafeBreach
NetworkWorld-SafeBreachDan Kunkel
 
Exploring Cloud Encryption
Exploring Cloud EncryptionExploring Cloud Encryption
Exploring Cloud EncryptionSamuel Borthwick
 
Should we fear the cloud?
Should we fear the cloud?Should we fear the cloud?
Should we fear the cloud?Gabe Akisanmi
 

Similaire à US Patriot Act OSCON2012 David Mertz (20)

Mongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons LearnedMongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons Learned
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
 
Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe Notorious 9 ciso platform moshe
Notorious 9 ciso platform moshe
 
CyberSecurity Meetup - Zero Trust Architecture and Electric Vehicle Cyberrisks
CyberSecurity Meetup - Zero Trust Architecture and Electric Vehicle CyberrisksCyberSecurity Meetup - Zero Trust Architecture and Electric Vehicle Cyberrisks
CyberSecurity Meetup - Zero Trust Architecture and Electric Vehicle Cyberrisks
 
Internet of things (IoT) Architecture Security Analysis
Internet of things (IoT) Architecture Security AnalysisInternet of things (IoT) Architecture Security Analysis
Internet of things (IoT) Architecture Security Analysis
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 
Security
SecuritySecurity
Security
 
CEH Domain 6.pdf
CEH Domain 6.pdfCEH Domain 6.pdf
CEH Domain 6.pdf
 
Domain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network HackingDomain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network Hacking
 
project 11
project 11project 11
project 11
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
 
Hands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill ChainHands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill Chain
 
Iot Security
Iot SecurityIot Security
Iot Security
 
Websense security prediction 2014
Websense security prediction 2014Websense security prediction 2014
Websense security prediction 2014
 
itmsday2.pptx
itmsday2.pptxitmsday2.pptx
itmsday2.pptx
 
Dark Web What it is & How Does it Work
Dark Web What it is & How Does it WorkDark Web What it is & How Does it Work
Dark Web What it is & How Does it Work
 
NetworkWorld-SafeBreach
NetworkWorld-SafeBreachNetworkWorld-SafeBreach
NetworkWorld-SafeBreach
 
Exploring Cloud Encryption
Exploring Cloud EncryptionExploring Cloud Encryption
Exploring Cloud Encryption
 
Should we fear the cloud?
Should we fear the cloud?Should we fear the cloud?
Should we fear the cloud?
 

Plus de OSCON Byrum

OSCON 2013 - Planning an OpenStack Cloud - Tom Fifield
OSCON 2013 - Planning an OpenStack Cloud - Tom FifieldOSCON 2013 - Planning an OpenStack Cloud - Tom Fifield
OSCON 2013 - Planning an OpenStack Cloud - Tom FifieldOSCON Byrum
 
Protecting Open Innovation with the Defensive Patent License
Protecting Open Innovation with the Defensive Patent LicenseProtecting Open Innovation with the Defensive Patent License
Protecting Open Innovation with the Defensive Patent LicenseOSCON Byrum
 
Using Cascalog to build an app with City of Palo Alto Open Data
Using Cascalog to build an app with City of Palo Alto Open DataUsing Cascalog to build an app with City of Palo Alto Open Data
Using Cascalog to build an app with City of Palo Alto Open DataOSCON Byrum
 
Finite State Machines - Why the fear?
Finite State Machines - Why the fear?Finite State Machines - Why the fear?
Finite State Machines - Why the fear?OSCON Byrum
 
Open Source Automotive Development
Open Source Automotive DevelopmentOpen Source Automotive Development
Open Source Automotive DevelopmentOSCON Byrum
 
The Vanishing Pattern: from iterators to generators in Python
The Vanishing Pattern: from iterators to generators in PythonThe Vanishing Pattern: from iterators to generators in Python
The Vanishing Pattern: from iterators to generators in PythonOSCON Byrum
 
Distributed Coordination with Python
Distributed Coordination with PythonDistributed Coordination with Python
Distributed Coordination with PythonOSCON Byrum
 
An overview of open source in East Asia (China, Japan, Korea)
An overview of open source in East Asia (China, Japan, Korea)An overview of open source in East Asia (China, Japan, Korea)
An overview of open source in East Asia (China, Japan, Korea)OSCON Byrum
 
Oscon 2013 Jesse Anderson
Oscon 2013 Jesse AndersonOscon 2013 Jesse Anderson
Oscon 2013 Jesse AndersonOSCON Byrum
 
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, A...
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, A...OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, A...
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, A...OSCON Byrum
 
Big Data for each one of us
Big Data for each one of usBig Data for each one of us
Big Data for each one of usOSCON Byrum
 
Declarative web data visualization using ClojureScript
Declarative web data visualization using ClojureScriptDeclarative web data visualization using ClojureScript
Declarative web data visualization using ClojureScriptOSCON Byrum
 
Using and Building Open Source in Google Corporate Engineering - Justin McWil...
Using and Building Open Source in Google Corporate Engineering - Justin McWil...Using and Building Open Source in Google Corporate Engineering - Justin McWil...
Using and Building Open Source in Google Corporate Engineering - Justin McWil...OSCON Byrum
 
A Look at the Network: Searching for Truth in Distributed Applications
A Look at the Network: Searching for Truth in Distributed ApplicationsA Look at the Network: Searching for Truth in Distributed Applications
A Look at the Network: Searching for Truth in Distributed ApplicationsOSCON Byrum
 
Life After Sharding: Monitoring and Management of a Complex Data Cloud
Life After Sharding: Monitoring and Management of a Complex Data CloudLife After Sharding: Monitoring and Management of a Complex Data Cloud
Life After Sharding: Monitoring and Management of a Complex Data CloudOSCON Byrum
 
Faster! Faster! Accelerate your business with blazing prototypes
Faster! Faster! Accelerate your business with blazing prototypesFaster! Faster! Accelerate your business with blazing prototypes
Faster! Faster! Accelerate your business with blazing prototypesOSCON Byrum
 
Comparing open source private cloud platforms
Comparing open source private cloud platformsComparing open source private cloud platforms
Comparing open source private cloud platformsOSCON Byrum
 
State of the Art Web Mapping with Open Source
State of the Art Web Mapping with Open SourceState of the Art Web Mapping with Open Source
State of the Art Web Mapping with Open SourceOSCON Byrum
 
Building an Ecosystem of FLOSS to Educate Students with Disabilities
Building an Ecosystem of FLOSS to Educate Students with DisabilitiesBuilding an Ecosystem of FLOSS to Educate Students with Disabilities
Building an Ecosystem of FLOSS to Educate Students with DisabilitiesOSCON Byrum
 
Android Security Essentials
Android Security EssentialsAndroid Security Essentials
Android Security EssentialsOSCON Byrum
 

Plus de OSCON Byrum (20)

OSCON 2013 - Planning an OpenStack Cloud - Tom Fifield
OSCON 2013 - Planning an OpenStack Cloud - Tom FifieldOSCON 2013 - Planning an OpenStack Cloud - Tom Fifield
OSCON 2013 - Planning an OpenStack Cloud - Tom Fifield
 
Protecting Open Innovation with the Defensive Patent License
Protecting Open Innovation with the Defensive Patent LicenseProtecting Open Innovation with the Defensive Patent License
Protecting Open Innovation with the Defensive Patent License
 
Using Cascalog to build an app with City of Palo Alto Open Data
Using Cascalog to build an app with City of Palo Alto Open DataUsing Cascalog to build an app with City of Palo Alto Open Data
Using Cascalog to build an app with City of Palo Alto Open Data
 
Finite State Machines - Why the fear?
Finite State Machines - Why the fear?Finite State Machines - Why the fear?
Finite State Machines - Why the fear?
 
Open Source Automotive Development
Open Source Automotive DevelopmentOpen Source Automotive Development
Open Source Automotive Development
 
The Vanishing Pattern: from iterators to generators in Python
The Vanishing Pattern: from iterators to generators in PythonThe Vanishing Pattern: from iterators to generators in Python
The Vanishing Pattern: from iterators to generators in Python
 
Distributed Coordination with Python
Distributed Coordination with PythonDistributed Coordination with Python
Distributed Coordination with Python
 
An overview of open source in East Asia (China, Japan, Korea)
An overview of open source in East Asia (China, Japan, Korea)An overview of open source in East Asia (China, Japan, Korea)
An overview of open source in East Asia (China, Japan, Korea)
 
Oscon 2013 Jesse Anderson
Oscon 2013 Jesse AndersonOscon 2013 Jesse Anderson
Oscon 2013 Jesse Anderson
 
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, A...
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, A...OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, A...
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, A...
 
Big Data for each one of us
Big Data for each one of usBig Data for each one of us
Big Data for each one of us
 
Declarative web data visualization using ClojureScript
Declarative web data visualization using ClojureScriptDeclarative web data visualization using ClojureScript
Declarative web data visualization using ClojureScript
 
Using and Building Open Source in Google Corporate Engineering - Justin McWil...
Using and Building Open Source in Google Corporate Engineering - Justin McWil...Using and Building Open Source in Google Corporate Engineering - Justin McWil...
Using and Building Open Source in Google Corporate Engineering - Justin McWil...
 
A Look at the Network: Searching for Truth in Distributed Applications
A Look at the Network: Searching for Truth in Distributed ApplicationsA Look at the Network: Searching for Truth in Distributed Applications
A Look at the Network: Searching for Truth in Distributed Applications
 
Life After Sharding: Monitoring and Management of a Complex Data Cloud
Life After Sharding: Monitoring and Management of a Complex Data CloudLife After Sharding: Monitoring and Management of a Complex Data Cloud
Life After Sharding: Monitoring and Management of a Complex Data Cloud
 
Faster! Faster! Accelerate your business with blazing prototypes
Faster! Faster! Accelerate your business with blazing prototypesFaster! Faster! Accelerate your business with blazing prototypes
Faster! Faster! Accelerate your business with blazing prototypes
 
Comparing open source private cloud platforms
Comparing open source private cloud platformsComparing open source private cloud platforms
Comparing open source private cloud platforms
 
State of the Art Web Mapping with Open Source
State of the Art Web Mapping with Open SourceState of the Art Web Mapping with Open Source
State of the Art Web Mapping with Open Source
 
Building an Ecosystem of FLOSS to Educate Students with Disabilities
Building an Ecosystem of FLOSS to Educate Students with DisabilitiesBuilding an Ecosystem of FLOSS to Educate Students with Disabilities
Building an Ecosystem of FLOSS to Educate Students with Disabilities
 
Android Security Essentials
Android Security EssentialsAndroid Security Essentials
Android Security Essentials
 

Dernier

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 

Dernier (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

US Patriot Act OSCON2012 David Mertz

  • 1. OSCon 2012: Cloud Computing & Data Privacy David Mertz Let's take this as our starting point: “No matter how paranoid you are, what they're actually doing is worse than you can possibly imagine.” - Ralph J. Gleason (1917-75)
  • 2. OSCon 2012: Cloud Computing & Data Privacy David Mertz Or to be specific: While misuse and abuse of the NSL power has been widely documented, the Obama administration [is seeking to allow] the FBI to demand even more records without court approval. [T]he administration proposed to expand the statute to allow the FBI to get American's internet activity records without court approval or even suspicion of wrongdoing. http://www.aclu.org/national-security/doe-v-holder
  • 3. OSCon 2012: Cloud Computing & Data Privacy David Mertz Let's take an illustration from ActiveState:
  • 4. OSCon 2012: Cloud Computing & Data Privacy David Mertz What security guarantee does this give us? It does verify that the bytes that make up the VM received by the Cloud Host are those you intended.
  • 5. OSCon 2012: Cloud Computing & Data Privacy David Mertz If Cloud Host receives a National Security Letter they might be compelled to inject code into your VM (and have a gag order against revealing they did so).
  • 6. OSCon 2012: Cloud Computing & Data Privacy David Mertz It would be nice if clever cryptography can let a process self-verify against code injection. But is it possible in the face of a bad actor or a hostile law?
  • 7. OSCon 2012: Cloud Computing & Data Privacy David Mertz If the “Scanner” can vouch for itself, and it can poke at the bytes inside other containers, this is sufficient to guarantee against injection attacks. How might it do this? ● Public key authentication against secured machine? ● Response to random queries of its own memory image? ● Response to random timing challenges to demonstrate known behavior? ● OS authentication of scanner? (but VM could inject into OS)
  • 8. OSCon 2012: Cloud Computing & Data Privacy David Mertz As can the audience, I can quickly poke holes in each of the methods in the last slide. On the other hand, I am not certain this quest is quixotic. Inspirations: ● GPG/PGP: RSA lets me to send messages over insecure SMTP with assurance that only the intended recipient has access. ● Freenet: I can participate in a peer-to-peer data network without having even the capability of revealing or determining which content my node helps share.
  • 9. OSCon 2012: Cloud Computing & Data Privacy David Mertz Even if a “Scanner” is possible with the desired properties, it does nothing whatsoever to protect against attacks on applications within containers. App-level security is a distinct issue. ● If code running in a container is the binary intended (i.e. no injection), it may still needs to encrypt connections/stored data/etc. per app requirements. ● App-level software has known and unknown attacks. The best we are hoping for is “no worse than” hosting an application on privately controlled hardware.
  • 10. OSCon 2012: Cloud Computing & Data Privacy David Mertz “No matter how paranoid you are, what they're actually doing is worse than you can possibly imagine.” - Ralph J. Gleason (1917-75) Ideas?