SlideShare une entreprise Scribd logo

Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft

KTN
KTN

Following the Collaborators' Workshop held on 26th Sept (presentations available on KTN's SlideShare account), EPSRC/ESRC are running a Collaboration Development workshop on 22nd November 2019 in London to facilitate academia-industry and academia-academia collaboration ahead of the closing dates for the EPSRC and ESRC ISCF Digital Security by Design calls. The calls need to be led by academic institutions. Industrial involvement, while not mandatory, is highly desirable and will be required for future competitions. Hence this workshop aims to have a mix of academic and industrial participants. The Digital Security by Design challenge was announced in July. This challenge, amounting to £70 million of government funding over 5 years, will be delivered by UK Research and Innovation (UKRI) through the Industrial Strategy Challenge Fund (ISCF). Find out more: https://ktn-uk.co.uk/news/iscf-digital-security-by-design-collaboration-development-workshop

Design
1  sur  30
Télécharger pour lire hors ligne
Security and Legacy at Microsoft MATTHEW PARKINSON PRINCIPAL RESEARCHER, CONFIDENTIAL COMPUTING, MICROSOFT RESEARCH
Motivation Microsoft cares about security Microsoft cares about legacy
Fixing individual bugs not scaling 130 109 141 163 234 224 155 305 317 474 417 603 600 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 #ofCVEs Patch Year # of CVEs by patch year
Microsoft cares about security slide courtesy of Matt Miller, Partner Security Engineer, MSRC 32 24 21 22 26 13 4 11 4 1 3 7 8 36 35 43 45 64 30 36 35 28 61 71 104 79 12 16 18 22 44 57 39 113 186 183 87 81 99 4 4 13 30 21 14 7 15 25 25 36 71 81 6 4 8 8 11 6 5 6 9 22 19 82 61 1 1 2 4 9 5 7 13 17 39 76 88 55 44 30 44 41 59 103 61 120 59 159 139 197 221 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Root cause of CVEs by patch year Stack Corruption Heap Corruption Use After Free Type Confusion Uninitialized Use Heap OOB Read Other Top root causes since 2016:
What is Microsoft doing? Remove classes of vulnerabilities ◦ Probabilistic prevention not considered suitable - servicing a vulnerability still required ◦ MemGC - https://msrc-blog.microsoft.com/2016/01/12/triaging-the-exploitability-of-ieedge-crashes/ ◦ Killing Uninitialized Memory: Protecting the OS Without Destroying Performance - https://cppcon2019.sched.com/event/SfYc/killing-uninitialized-memory-protecting-the-os-without-destroying- performance Investing in safe(r) systems programming languages: ◦ Rust investigations, https://msrc-blog.microsoft.com/2019/07/18/we-need-a-safer-systems-programming-language/ ◦ Project Verona, research project ◦ Cannot simply throw away old code!
Our research in Cambridge Mitigations Language design Compartmentalisation
Project Verona A new language for safe infrastructure programming With David Chisnall, Sylvan Clebsch, Manuel Costa, Sophia Drossopoulou, Juliana Franco, Mads Torgersen, …
The application spectrum C# C/C++ Asm Today Boot loader/HAL Core OS components Schedulers/Memory management Exchange/ ASP.NET Azure Storage/ Cosmos/ Data lake Azure functions Desktop Apps Device drivers Systems Programming
The space • Fine grained control • Resource management • Latency sensitive • Close to machine • No abstraction over memory • No type safety Systems Programming
The application spectrum C# C/C++ Asm Today Boot loader/HAL Core OS components Schedulers/Memory management Exchange/ ASP.NET Azure Storage/ Cosmos/ Data lake Azure functions Desktop Apps Device drivers Infrastructure Programming
The space • Fine grained control • Resource management • Latency sensitive • Close to machine • No abstraction over memory • No type safety Inherently unsafe Possible for safe by construction
Core ideas • Give up concurrent mutation, to enable scalable memory management. Data-race freedom • New concurrency model that provides lightweight asynchronous coordination. Concurrent Owners • passing groups of objects • memory management strategies per region (reference counting, tracing, arenas, …) • Compartmentalisation for legacy components Linear Regions
Shared immutable region Linear mutable region Single entry pointRegions are only accessed by one computation at a time
Pervasive sandboxing Verona program C++ runtime library C library C / Assembly library C++ library C/C++ library C++ library TCB, needs careful auditing Sandboxed, scope of vulnerabilities limited
Libraries are special untrusted regions
Project Verona status Production quality runtime Prototype interpreter and type checker Compiler not started Open-sourcing to github soon to enable collaborations Ask me for a demo!
CHERI
CHERI for mitigations Which exploit chains does CHERI break? What gadgets can exist on CHERI? Can temporal safety be achieved? Microsoft Red team (attack) internship analysed security of CHERI – 12 weeks not long enough to be conclusive Need a thorough security analysis before it can be adopted as a mitigation.
CHERI for legacy Lightweight compartmentalisation • Contain existing libraries • Single address space • How can we build application that have hundreds of sandboxed libraries? Low-cost containers • Density important for the cloud • Can CHERI improve density in Cloud applications?
Conclusions Microsoft needs security for legacy! Can we capitalise on CHERI to use existing assets? Can we architect software to integrate safe new code with old unsafe legacy code? Project Verona for compartmentalisation research collaborations
Backup slides
Memory Safety Scalability Global GC Malloc/Free
Regions open up new possibilities • Compartmentalisation • Different regions can be compiled with different trust. • Distributed and heterogenous hardware • Moving collections of objects between devices – can be part of the programming model • Dynamic update of running code • Each object accessed by at most one thread, updates can exploit this in the running system
Memory Safety Scalability Concurrent Mutation Global GC Malloc/Free
Memory Safety Scalability Concurrent Mutation Global GC Malloc/Free Ownership Single mutator
Memory Safety Scalability Concurrent Mutation Global GC Malloc/Free Ownership
Memory Safety Scalability Concurrent Mutation Global GC Malloc/Free Ownership
The Sea of Objects
Region access is single-threaded C#/C++ Region-based ownership Only one thread operating on a region at a time
Region ownership is hierarchical C#/C++ Region-based ownership Regions have a single entry point

Recommandé

UKOUG - 25 years of hints and tips
UKOUG - 25 years of hints and tipsUKOUG - 25 years of hints and tips
UKOUG - 25 years of hints and tipsConnor McDonald
 
How to Use EXAchk Effectively to Manage Exadata Environments
How to Use EXAchk Effectively to Manage Exadata EnvironmentsHow to Use EXAchk Effectively to Manage Exadata Environments
How to Use EXAchk Effectively to Manage Exadata EnvironmentsSandesh Rao
 
Advanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkAdvanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkRiyaj Shamsudeen
 
Oracle RAC Virtualized - In VMs, in Containers, On-premises, and in the Cloud
Oracle RAC Virtualized - In VMs, in Containers, On-premises, and in the CloudOracle RAC Virtualized - In VMs, in Containers, On-premises, and in the Cloud
Oracle RAC Virtualized - In VMs, in Containers, On-premises, and in the CloudMarkus Michalewicz
 
Oracle RAC features on Exadata
Oracle RAC features on ExadataOracle RAC features on Exadata
Oracle RAC features on ExadataAnil Nair
 
Dell emc back up solution in azure cloud
Dell emc back up solution in azure cloud Dell emc back up solution in azure cloud
Dell emc back up solution in azure cloud vipinvips
 
The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)Simon Haslam
 
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIESORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIESLudovico Caldara
 

Recommandé

UKOUG - 25 years of hints and tips
UKOUG - 25 years of hints and tipsUKOUG - 25 years of hints and tips
UKOUG - 25 years of hints and tipsConnor McDonald
 
How to Use EXAchk Effectively to Manage Exadata Environments
How to Use EXAchk Effectively to Manage Exadata EnvironmentsHow to Use EXAchk Effectively to Manage Exadata Environments
How to Use EXAchk Effectively to Manage Exadata EnvironmentsSandesh Rao
 
Advanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkAdvanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkRiyaj Shamsudeen
 
Oracle RAC Virtualized - In VMs, in Containers, On-premises, and in the Cloud
Oracle RAC Virtualized - In VMs, in Containers, On-premises, and in the CloudOracle RAC Virtualized - In VMs, in Containers, On-premises, and in the Cloud
Oracle RAC Virtualized - In VMs, in Containers, On-premises, and in the CloudMarkus Michalewicz
 
Oracle RAC features on Exadata
Oracle RAC features on ExadataOracle RAC features on Exadata
Oracle RAC features on ExadataAnil Nair
 
Dell emc back up solution in azure cloud
Dell emc back up solution in azure cloud Dell emc back up solution in azure cloud
Dell emc back up solution in azure cloud vipinvips
 
The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)Simon Haslam
 
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIESORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIESLudovico Caldara
 
NetApp & Storage fundamentals
NetApp & Storage fundamentalsNetApp & Storage fundamentals
NetApp & Storage fundamentalsShashidhar Basavaraju
 
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャ
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャZero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャ
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャオラクルエンジニア通信
 
Oracle Database in-Memory Overivew
Oracle Database in-Memory OverivewOracle Database in-Memory Overivew
Oracle Database in-Memory OverivewMaria Colgan
 
Extreme Replication - Performance Tuning Oracle GoldenGate
Extreme Replication - Performance Tuning Oracle GoldenGateExtreme Replication - Performance Tuning Oracle GoldenGate
Extreme Replication - Performance Tuning Oracle GoldenGateBobby Curtis
 
Seastore: Next Generation Backing Store for Ceph
Seastore: Next Generation Backing Store for CephSeastore: Next Generation Backing Store for Ceph
Seastore: Next Generation Backing Store for CephScyllaDB
 
Build Low-Latency Applications in Rust on ScyllaDB
Build Low-Latency Applications in Rust on ScyllaDBBuild Low-Latency Applications in Rust on ScyllaDB
Build Low-Latency Applications in Rust on ScyllaDBScyllaDB
 
Exadata master series_asm_2020
Exadata master series_asm_2020Exadata master series_asm_2020
Exadata master series_asm_2020Anil Nair
 
SQL Transactions - What they are good for and how they work
SQL Transactions - What they are good for and how they workSQL Transactions - What they are good for and how they work
SQL Transactions - What they are good for and how they workMarkus Winand
 
Linux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performanceLinux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performancePostgreSQL-Consulting
 
Oracle 12c PDB insights
Oracle 12c PDB insightsOracle 12c PDB insights
Oracle 12c PDB insightsKirill Loifman
 
Oracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesOracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesBobby Curtis
 
Oracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous DatabaseOracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous DatabaseMarkus Michalewicz
 
Enterprise manager 13c
Enterprise manager 13cEnterprise manager 13c
Enterprise manager 13cMarketingArrowECS_CZ
 
153 Oracle dba interview questions
153 Oracle dba interview questions153 Oracle dba interview questions
153 Oracle dba interview questionsSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Why oracle data guard new features in oracle 18c, 19c
Why oracle data guard new features in oracle 18c, 19cWhy oracle data guard new features in oracle 18c, 19c
Why oracle data guard new features in oracle 18c, 19cSatishbabu Gunukula
 
Deep Dive on Amazon Aurora
Deep Dive on Amazon AuroraDeep Dive on Amazon Aurora
Deep Dive on Amazon AuroraAmazon Web Services
 
Extreme replication at IOUG Collaborate 15
Extreme replication at IOUG Collaborate 15Extreme replication at IOUG Collaborate 15
Extreme replication at IOUG Collaborate 15Bobby Curtis
 
Flink history, roadmap and vision
Flink history, roadmap and visionFlink history, roadmap and vision
Flink history, roadmap and visionStephan Ewen
 
RBD: What will the future bring? - Jason Dillaman
RBD: What will the future bring? - Jason DillamanRBD: What will the future bring? - Jason Dillaman
RBD: What will the future bring? - Jason DillamanCeph Community
 
Vertica Analytics Database general overview
Vertica Analytics Database general overviewVertica Analytics Database general overview
Vertica Analytics Database general overviewStratebi
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on CloudTu Pham
 
Starting Azure mobile services
Starting Azure mobile servicesStarting Azure mobile services
Starting Azure mobile servicesAmr Abulnaga
 

Contenu connexe

Tendances

Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャ
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャZero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャ
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャオラクルエンジニア通信
 
Oracle Database in-Memory Overivew
Oracle Database in-Memory OverivewOracle Database in-Memory Overivew
Oracle Database in-Memory OverivewMaria Colgan
 
Extreme Replication - Performance Tuning Oracle GoldenGate
Extreme Replication - Performance Tuning Oracle GoldenGateExtreme Replication - Performance Tuning Oracle GoldenGate
Extreme Replication - Performance Tuning Oracle GoldenGateBobby Curtis
 
Seastore: Next Generation Backing Store for Ceph
Seastore: Next Generation Backing Store for CephSeastore: Next Generation Backing Store for Ceph
Seastore: Next Generation Backing Store for CephScyllaDB
 
Build Low-Latency Applications in Rust on ScyllaDB
Build Low-Latency Applications in Rust on ScyllaDBBuild Low-Latency Applications in Rust on ScyllaDB
Build Low-Latency Applications in Rust on ScyllaDBScyllaDB
 
Exadata master series_asm_2020
Exadata master series_asm_2020Exadata master series_asm_2020
Exadata master series_asm_2020Anil Nair
 
SQL Transactions - What they are good for and how they work
SQL Transactions - What they are good for and how they workSQL Transactions - What they are good for and how they work
SQL Transactions - What they are good for and how they workMarkus Winand
 
Linux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performanceLinux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performancePostgreSQL-Consulting
 
Oracle 12c PDB insights
Oracle 12c PDB insightsOracle 12c PDB insights
Oracle 12c PDB insightsKirill Loifman
 
Oracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesOracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesBobby Curtis
 
Oracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous DatabaseOracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous DatabaseMarkus Michalewicz
 
Why oracle data guard new features in oracle 18c, 19c
Why oracle data guard new features in oracle 18c, 19cWhy oracle data guard new features in oracle 18c, 19c
Why oracle data guard new features in oracle 18c, 19cSatishbabu Gunukula
 
Extreme replication at IOUG Collaborate 15
Extreme replication at IOUG Collaborate 15Extreme replication at IOUG Collaborate 15
Extreme replication at IOUG Collaborate 15Bobby Curtis
 
Flink history, roadmap and vision
Flink history, roadmap and visionFlink history, roadmap and vision
Flink history, roadmap and visionStephan Ewen
 
RBD: What will the future bring? - Jason Dillaman
RBD: What will the future bring? - Jason DillamanRBD: What will the future bring? - Jason Dillaman
RBD: What will the future bring? - Jason DillamanCeph Community
 
Vertica Analytics Database general overview
Vertica Analytics Database general overviewVertica Analytics Database general overview
Vertica Analytics Database general overviewStratebi
 

Tendances (20)

NetApp & Storage fundamentals
NetApp & Storage fundamentalsNetApp & Storage fundamentals
NetApp & Storage fundamentals
 
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャ
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャZero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャ
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャ
 
Oracle Database in-Memory Overivew
Oracle Database in-Memory OverivewOracle Database in-Memory Overivew
Oracle Database in-Memory Overivew
 
Extreme Replication - Performance Tuning Oracle GoldenGate
Extreme Replication - Performance Tuning Oracle GoldenGateExtreme Replication - Performance Tuning Oracle GoldenGate
Extreme Replication - Performance Tuning Oracle GoldenGate
 
Seastore: Next Generation Backing Store for Ceph
Seastore: Next Generation Backing Store for CephSeastore: Next Generation Backing Store for Ceph
Seastore: Next Generation Backing Store for Ceph
 
Build Low-Latency Applications in Rust on ScyllaDB
Build Low-Latency Applications in Rust on ScyllaDBBuild Low-Latency Applications in Rust on ScyllaDB
Build Low-Latency Applications in Rust on ScyllaDB
 
Exadata master series_asm_2020
Exadata master series_asm_2020Exadata master series_asm_2020
Exadata master series_asm_2020
 
SQL Transactions - What they are good for and how they work
SQL Transactions - What they are good for and how they workSQL Transactions - What they are good for and how they work
SQL Transactions - What they are good for and how they work
 
Linux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performanceLinux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performance
 
Oracle 12c PDB insights
Oracle 12c PDB insightsOracle 12c PDB insights
Oracle 12c PDB insights
 
Oracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesOracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best Practices
 
Oracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous DatabaseOracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous Database
 
Enterprise manager 13c
Enterprise manager 13cEnterprise manager 13c
Enterprise manager 13c
 
153 Oracle dba interview questions
153 Oracle dba interview questions153 Oracle dba interview questions
153 Oracle dba interview questions
 
Why oracle data guard new features in oracle 18c, 19c
Why oracle data guard new features in oracle 18c, 19cWhy oracle data guard new features in oracle 18c, 19c
Why oracle data guard new features in oracle 18c, 19c
 
Deep Dive on Amazon Aurora
Deep Dive on Amazon AuroraDeep Dive on Amazon Aurora
Deep Dive on Amazon Aurora
 
Extreme replication at IOUG Collaborate 15
Extreme replication at IOUG Collaborate 15Extreme replication at IOUG Collaborate 15
Extreme replication at IOUG Collaborate 15
 
Flink history, roadmap and vision
Flink history, roadmap and visionFlink history, roadmap and vision
Flink history, roadmap and vision
 
RBD: What will the future bring? - Jason Dillaman
RBD: What will the future bring? - Jason DillamanRBD: What will the future bring? - Jason Dillaman
RBD: What will the future bring? - Jason Dillaman
 
Vertica Analytics Database general overview
Vertica Analytics Database general overviewVertica Analytics Database general overview
Vertica Analytics Database general overview
 

Similaire à Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft

System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on CloudTu Pham
 
Starting Azure mobile services
Starting Azure mobile servicesStarting Azure mobile services
Starting Azure mobile servicesAmr Abulnaga
 
infrastructure management at digital ages
infrastructure management at digital agesinfrastructure management at digital ages
infrastructure management at digital agesBernard Paques
 
Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)Tao Xie
 
stackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeestackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeeGaurav "GP" Pal
 
Immutable Infrastructure Security
Immutable Infrastructure SecurityImmutable Infrastructure Security
Immutable Infrastructure SecurityRicky Sanders
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Amazon Web Services
 
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016Shannon Lietz
 
Cloud Native Summit 2019 Summary
Cloud Native Summit 2019 SummaryCloud Native Summit 2019 Summary
Cloud Native Summit 2019 SummaryEverett Toews
 
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...Paris Open Source Summit
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier
 
ThatConference 2016 - Highly Available Node.js
ThatConference 2016 - Highly Available Node.jsThatConference 2016 - Highly Available Node.js
ThatConference 2016 - Highly Available Node.jsBrad Williams
 
Why modern cloud infrastructure require automation
Why modern cloud infrastructure require automationWhy modern cloud infrastructure require automation
Why modern cloud infrastructure require automationGerald Crescione
 
Norway VMUG Tour - The Architecture Behind Policy-Driven Data Protection - A ...
Norway VMUG Tour - The Architecture Behind Policy-Driven Data Protection - A ...Norway VMUG Tour - The Architecture Behind Policy-Driven Data Protection - A ...
Norway VMUG Tour - The Architecture Behind Policy-Driven Data Protection - A ...Chris Wahl
 
Technology radar-may-2013
Technology radar-may-2013Technology radar-may-2013
Technology radar-may-2013Carol Bruno
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataMirantis
 

Similaire à Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft (20)

System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on Cloud
 
Starting Azure mobile services
Starting Azure mobile servicesStarting Azure mobile services
Starting Azure mobile services
 
infrastructure management at digital ages
infrastructure management at digital agesinfrastructure management at digital ages
infrastructure management at digital ages
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)
 
stackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeestackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfee
 
Immutable Infrastructure Security
Immutable Infrastructure SecurityImmutable Infrastructure Security
Immutable Infrastructure Security
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
 
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
A Throwaway Deck for Cloud Security Essentials 2.0 delivered at RSA 2016
 
Cloud Native Summit 2019 Summary
Cloud Native Summit 2019 SummaryCloud Native Summit 2019 Summary
Cloud Native Summit 2019 Summary
 
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
 
ThatConference 2016 - Highly Available Node.js
ThatConference 2016 - Highly Available Node.jsThatConference 2016 - Highly Available Node.js
ThatConference 2016 - Highly Available Node.js
 
Why modern cloud infrastructure require automation
Why modern cloud infrastructure require automationWhy modern cloud infrastructure require automation
Why modern cloud infrastructure require automation
 
Norway VMUG Tour - The Architecture Behind Policy-Driven Data Protection - A ...
Norway VMUG Tour - The Architecture Behind Policy-Driven Data Protection - A ...Norway VMUG Tour - The Architecture Behind Policy-Driven Data Protection - A ...
Norway VMUG Tour - The Architecture Behind Policy-Driven Data Protection - A ...
 
Technology radar-may-2013
Technology radar-may-2013Technology radar-may-2013
Technology radar-may-2013
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container Data
 
Five years of Persistent Threats
Five years of Persistent ThreatsFive years of Persistent Threats
Five years of Persistent Threats
 

Plus de KTN

Competition Briefing - Open Digital Solutions for Net Zero Energy
Competition Briefing - Open Digital Solutions for Net Zero Energy Competition Briefing - Open Digital Solutions for Net Zero Energy
Competition Briefing - Open Digital Solutions for Net Zero Energy KTN
 
An Introduction to Eurostars - an Opportunity for SMEs to Collaborate Interna...
An Introduction to Eurostars - an Opportunity for SMEs to Collaborate Interna...An Introduction to Eurostars - an Opportunity for SMEs to Collaborate Interna...
An Introduction to Eurostars - an Opportunity for SMEs to Collaborate Interna...KTN
 
Prospering from the Energy Revolution: Six in Sixty - Technology and Infrastr...
Prospering from the Energy Revolution: Six in Sixty - Technology and Infrastr...Prospering from the Energy Revolution: Six in Sixty - Technology and Infrastr...
Prospering from the Energy Revolution: Six in Sixty - Technology and Infrastr...KTN
 
UK Catalysis: Innovation opportunities for an enabling technology
UK Catalysis: Innovation opportunities for an enabling technologyUK Catalysis: Innovation opportunities for an enabling technology
UK Catalysis: Innovation opportunities for an enabling technologyKTN
 
Industrial Energy Transformational Fund Phase 2 Spring 2022 - Competition Bri...
Industrial Energy Transformational Fund Phase 2 Spring 2022 - Competition Bri...Industrial Energy Transformational Fund Phase 2 Spring 2022 - Competition Bri...
Industrial Energy Transformational Fund Phase 2 Spring 2022 - Competition Bri...KTN
 
Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...
Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...
Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...KTN
 
Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...
Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...
Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...KTN
 
Smart Networks and Services Joint Undertaking (SNS JU) Call Topics
Smart Networks and Services Joint Undertaking (SNS JU) Call TopicsSmart Networks and Services Joint Undertaking (SNS JU) Call Topics
Smart Networks and Services Joint Undertaking (SNS JU) Call TopicsKTN
 
Building Talent for the Future 2 – Expression of Interest Briefing
Building Talent for the Future 2 – Expression of Interest BriefingBuilding Talent for the Future 2 – Expression of Interest Briefing
Building Talent for the Future 2 – Expression of Interest BriefingKTN
 
Connected and Autonomous Vehicles Cohort Workshop
Connected and Autonomous Vehicles Cohort WorkshopConnected and Autonomous Vehicles Cohort Workshop
Connected and Autonomous Vehicles Cohort WorkshopKTN
 
Biodiversity and Food Production: The Future of the British Landscape
Biodiversity and Food Production: The Future of the British LandscapeBiodiversity and Food Production: The Future of the British Landscape
Biodiversity and Food Production: The Future of the British LandscapeKTN
 
Engage with...Performance Projects
Engage with...Performance ProjectsEngage with...Performance Projects
Engage with...Performance ProjectsKTN
 
How to Create a Good Horizon Europe Proposal Webinar
How to Create a Good Horizon Europe Proposal WebinarHow to Create a Good Horizon Europe Proposal Webinar
How to Create a Good Horizon Europe Proposal WebinarKTN
 
Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...
Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...
Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...KTN
 
Engage with...Custom Interconnect
Engage with...Custom InterconnectEngage with...Custom Interconnect
Engage with...Custom InterconnectKTN
 
Engage with...ZF
Engage with...ZFEngage with...ZF
Engage with...ZFKTN
 
Engage with...FluxSys
Engage with...FluxSysEngage with...FluxSys
Engage with...FluxSysKTN
 
Made Smarter Innovation: Sustainable Smart Factory Competition Briefing
Made Smarter Innovation: Sustainable Smart Factory Competition BriefingMade Smarter Innovation: Sustainable Smart Factory Competition Briefing
Made Smarter Innovation: Sustainable Smart Factory Competition BriefingKTN
 
Driving the Electric Revolution – PEMD Skills Hub
Driving the Electric Revolution – PEMD Skills HubDriving the Electric Revolution – PEMD Skills Hub
Driving the Electric Revolution – PEMD Skills HubKTN
 
Medicines Manufacturing Challenge EDI Survey Briefing Webinar
Medicines Manufacturing Challenge EDI Survey Briefing WebinarMedicines Manufacturing Challenge EDI Survey Briefing Webinar
Medicines Manufacturing Challenge EDI Survey Briefing WebinarKTN
 

Plus de KTN (20)

Competition Briefing - Open Digital Solutions for Net Zero Energy
Competition Briefing - Open Digital Solutions for Net Zero Energy Competition Briefing - Open Digital Solutions for Net Zero Energy
Competition Briefing - Open Digital Solutions for Net Zero Energy
 
An Introduction to Eurostars - an Opportunity for SMEs to Collaborate Interna...
An Introduction to Eurostars - an Opportunity for SMEs to Collaborate Interna...An Introduction to Eurostars - an Opportunity for SMEs to Collaborate Interna...
An Introduction to Eurostars - an Opportunity for SMEs to Collaborate Interna...
 
Prospering from the Energy Revolution: Six in Sixty - Technology and Infrastr...
Prospering from the Energy Revolution: Six in Sixty - Technology and Infrastr...Prospering from the Energy Revolution: Six in Sixty - Technology and Infrastr...
Prospering from the Energy Revolution: Six in Sixty - Technology and Infrastr...
 
UK Catalysis: Innovation opportunities for an enabling technology
UK Catalysis: Innovation opportunities for an enabling technologyUK Catalysis: Innovation opportunities for an enabling technology
UK Catalysis: Innovation opportunities for an enabling technology
 
Industrial Energy Transformational Fund Phase 2 Spring 2022 - Competition Bri...
Industrial Energy Transformational Fund Phase 2 Spring 2022 - Competition Bri...Industrial Energy Transformational Fund Phase 2 Spring 2022 - Competition Bri...
Industrial Energy Transformational Fund Phase 2 Spring 2022 - Competition Bri...
 
Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...
Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...
Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...
 
Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...
Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...
Horizon Europe ‘Culture, Creativity and Inclusive Society’ Consortia Building...
 
Smart Networks and Services Joint Undertaking (SNS JU) Call Topics
Smart Networks and Services Joint Undertaking (SNS JU) Call TopicsSmart Networks and Services Joint Undertaking (SNS JU) Call Topics
Smart Networks and Services Joint Undertaking (SNS JU) Call Topics
 
Building Talent for the Future 2 – Expression of Interest Briefing
Building Talent for the Future 2 – Expression of Interest BriefingBuilding Talent for the Future 2 – Expression of Interest Briefing
Building Talent for the Future 2 – Expression of Interest Briefing
 
Connected and Autonomous Vehicles Cohort Workshop
Connected and Autonomous Vehicles Cohort WorkshopConnected and Autonomous Vehicles Cohort Workshop
Connected and Autonomous Vehicles Cohort Workshop
 
Biodiversity and Food Production: The Future of the British Landscape
Biodiversity and Food Production: The Future of the British LandscapeBiodiversity and Food Production: The Future of the British Landscape
Biodiversity and Food Production: The Future of the British Landscape
 
Engage with...Performance Projects
Engage with...Performance ProjectsEngage with...Performance Projects
Engage with...Performance Projects
 
How to Create a Good Horizon Europe Proposal Webinar
How to Create a Good Horizon Europe Proposal WebinarHow to Create a Good Horizon Europe Proposal Webinar
How to Create a Good Horizon Europe Proposal Webinar
 
Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...
Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...
Horizon Europe Tackling Diseases and Antimicrobial Resistance (AMR) Webinar a...
 
Engage with...Custom Interconnect
Engage with...Custom InterconnectEngage with...Custom Interconnect
Engage with...Custom Interconnect
 
Engage with...ZF
Engage with...ZFEngage with...ZF
Engage with...ZF
 
Engage with...FluxSys
Engage with...FluxSysEngage with...FluxSys
Engage with...FluxSys
 
Made Smarter Innovation: Sustainable Smart Factory Competition Briefing
Made Smarter Innovation: Sustainable Smart Factory Competition BriefingMade Smarter Innovation: Sustainable Smart Factory Competition Briefing
Made Smarter Innovation: Sustainable Smart Factory Competition Briefing
 
Driving the Electric Revolution – PEMD Skills Hub
Driving the Electric Revolution – PEMD Skills HubDriving the Electric Revolution – PEMD Skills Hub
Driving the Electric Revolution – PEMD Skills Hub
 
Medicines Manufacturing Challenge EDI Survey Briefing Webinar
Medicines Manufacturing Challenge EDI Survey Briefing WebinarMedicines Manufacturing Challenge EDI Survey Briefing Webinar
Medicines Manufacturing Challenge EDI Survey Briefing Webinar
 

Dernier

VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...
VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...
VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...Suhani Kapoor
 
Booking open Available Pune Call Girls Nanded City 6297143586 Call Hot India...
Booking open Available Pune Call Girls Nanded City 6297143586 Call Hot India...Booking open Available Pune Call Girls Nanded City 6297143586 Call Hot India...
Booking open Available Pune Call Girls Nanded City 6297143586 Call Hot India...Call Girls in Nagpur High Profile
 
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779Best VIP Call Girls Noida Sector 44 Call Me: 8448380779
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779Delhi Call girls
 
VVIP Pune Call Girls Hadapsar (7001035870) Pune Escorts Nearby with Complete ...
VVIP Pune Call Girls Hadapsar (7001035870) Pune Escorts Nearby with Complete ...VVIP Pune Call Girls Hadapsar (7001035870) Pune Escorts Nearby with Complete ...
VVIP Pune Call Girls Hadapsar (7001035870) Pune Escorts Nearby with Complete ...Call Girls in Nagpur High Profile
 
Presentation.pptx about blender what is blender
Presentation.pptx about blender what is blenderPresentation.pptx about blender what is blender
Presentation.pptx about blender what is blenderUbaidurrehman997675
 
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk GurgaonCheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk GurgaonDelhi Call girls
 
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵anilsa9823
 
Cheap Rate Call girls Malviya Nagar 9205541914 shot 1500 night
Cheap Rate Call girls Malviya Nagar 9205541914 shot 1500 nightCheap Rate Call girls Malviya Nagar 9205541914 shot 1500 night
Cheap Rate Call girls Malviya Nagar 9205541914 shot 1500 nightDelhi Call girls
 
SCRIP Lua HTTP PROGRACMACION PLC WECON CA
SCRIP Lua HTTP PROGRACMACION PLC WECON CASCRIP Lua HTTP PROGRACMACION PLC WECON CA
SCRIP Lua HTTP PROGRACMACION PLC WECON CANestorGamez6
 
Peaches App development presentation deck
Peaches App development presentation deckPeaches App development presentation deck
Peaches App development presentation decktbatkhuu1
 
VIP Call Girls Service Bhagyanagar Hyderabad Call +91-8250192130
VIP Call Girls Service Bhagyanagar Hyderabad Call +91-8250192130VIP Call Girls Service Bhagyanagar Hyderabad Call +91-8250192130
VIP Call Girls Service Bhagyanagar Hyderabad Call +91-8250192130Suhani Kapoor
 
The_Canvas_of_Creative_Mastery_Newsletter_April_2024_Version.pdf
The_Canvas_of_Creative_Mastery_Newsletter_April_2024_Version.pdfThe_Canvas_of_Creative_Mastery_Newsletter_April_2024_Version.pdf
The_Canvas_of_Creative_Mastery_Newsletter_April_2024_Version.pdfAmirYakdi
 
VIP Call Girls Service Mehdipatnam Hyderabad Call +91-8250192130
VIP Call Girls Service Mehdipatnam Hyderabad Call +91-8250192130VIP Call Girls Service Mehdipatnam Hyderabad Call +91-8250192130
VIP Call Girls Service Mehdipatnam Hyderabad Call +91-8250192130Suhani Kapoor
 
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...home
 
WAEC Carpentry and Joinery Past Questions
WAEC Carpentry and Joinery Past QuestionsWAEC Carpentry and Joinery Past Questions
WAEC Carpentry and Joinery Past QuestionsCharles Obaleagbon
 
VIP Russian Call Girls in Gorakhpur Deepika 8250192130 Independent Escort Ser...
VIP Russian Call Girls in Gorakhpur Deepika 8250192130 Independent Escort Ser...VIP Russian Call Girls in Gorakhpur Deepika 8250192130 Independent Escort Ser...
VIP Russian Call Girls in Gorakhpur Deepika 8250192130 Independent Escort Ser...Suhani Kapoor
 
CALL ON ➥8923113531 🔝Call Girls Aminabad Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Aminabad Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Aminabad Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Aminabad Lucknow best Night Fun serviceanilsa9823
 
VIP Kolkata Call Girl Gariahat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Gariahat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Gariahat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Gariahat 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP College Call Girls Gorakhpur Bhavna 8250192130 Independent Escort Service...
VIP College Call Girls Gorakhpur Bhavna 8250192130 Independent Escort Service...VIP College Call Girls Gorakhpur Bhavna 8250192130 Independent Escort Service...
VIP College Call Girls Gorakhpur Bhavna 8250192130 Independent Escort Service...Suhani Kapoor
 

Dernier (20)

VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...
VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...
VIP Russian Call Girls in Saharanpur Deepika 8250192130 Independent Escort Se...
 
Booking open Available Pune Call Girls Nanded City 6297143586 Call Hot India...
Booking open Available Pune Call Girls Nanded City 6297143586 Call Hot India...Booking open Available Pune Call Girls Nanded City 6297143586 Call Hot India...
Booking open Available Pune Call Girls Nanded City 6297143586 Call Hot India...
 
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779Best VIP Call Girls Noida Sector 44 Call Me: 8448380779
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779
 
VVIP Pune Call Girls Hadapsar (7001035870) Pune Escorts Nearby with Complete ...
VVIP Pune Call Girls Hadapsar (7001035870) Pune Escorts Nearby with Complete ...VVIP Pune Call Girls Hadapsar (7001035870) Pune Escorts Nearby with Complete ...
VVIP Pune Call Girls Hadapsar (7001035870) Pune Escorts Nearby with Complete ...
 
Presentation.pptx about blender what is blender
Presentation.pptx about blender what is blenderPresentation.pptx about blender what is blender
Presentation.pptx about blender what is blender
 
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk GurgaonCheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
 
B. Smith. (Architectural Portfolio.).pdf
B. Smith. (Architectural Portfolio.).pdfB. Smith. (Architectural Portfolio.).pdf
B. Smith. (Architectural Portfolio.).pdf
 
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵
CALL ON ➥8923113531 🔝Call Girls Kalyanpur Lucknow best Female service 🧵
 
Cheap Rate Call girls Malviya Nagar 9205541914 shot 1500 night
Cheap Rate Call girls Malviya Nagar 9205541914 shot 1500 nightCheap Rate Call girls Malviya Nagar 9205541914 shot 1500 night
Cheap Rate Call girls Malviya Nagar 9205541914 shot 1500 night
 
SCRIP Lua HTTP PROGRACMACION PLC WECON CA
SCRIP Lua HTTP PROGRACMACION PLC WECON CASCRIP Lua HTTP PROGRACMACION PLC WECON CA
SCRIP Lua HTTP PROGRACMACION PLC WECON CA
 
Peaches App development presentation deck
Peaches App development presentation deckPeaches App development presentation deck
Peaches App development presentation deck
 
VIP Call Girls Service Bhagyanagar Hyderabad Call +91-8250192130
VIP Call Girls Service Bhagyanagar Hyderabad Call +91-8250192130VIP Call Girls Service Bhagyanagar Hyderabad Call +91-8250192130
VIP Call Girls Service Bhagyanagar Hyderabad Call +91-8250192130
 
The_Canvas_of_Creative_Mastery_Newsletter_April_2024_Version.pdf
The_Canvas_of_Creative_Mastery_Newsletter_April_2024_Version.pdfThe_Canvas_of_Creative_Mastery_Newsletter_April_2024_Version.pdf
The_Canvas_of_Creative_Mastery_Newsletter_April_2024_Version.pdf
 
VIP Call Girls Service Mehdipatnam Hyderabad Call +91-8250192130
VIP Call Girls Service Mehdipatnam Hyderabad Call +91-8250192130VIP Call Girls Service Mehdipatnam Hyderabad Call +91-8250192130
VIP Call Girls Service Mehdipatnam Hyderabad Call +91-8250192130
 
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...
 
WAEC Carpentry and Joinery Past Questions
WAEC Carpentry and Joinery Past QuestionsWAEC Carpentry and Joinery Past Questions
WAEC Carpentry and Joinery Past Questions
 
VIP Russian Call Girls in Gorakhpur Deepika 8250192130 Independent Escort Ser...
VIP Russian Call Girls in Gorakhpur Deepika 8250192130 Independent Escort Ser...VIP Russian Call Girls in Gorakhpur Deepika 8250192130 Independent Escort Ser...
VIP Russian Call Girls in Gorakhpur Deepika 8250192130 Independent Escort Ser...
 
CALL ON ➥8923113531 🔝Call Girls Aminabad Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Aminabad Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Aminabad Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Aminabad Lucknow best Night Fun service
 
VIP Kolkata Call Girl Gariahat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Gariahat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Gariahat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Gariahat 👉 8250192130 Available With Room
 
VIP College Call Girls Gorakhpur Bhavna 8250192130 Independent Escort Service...
VIP College Call Girls Gorakhpur Bhavna 8250192130 Independent Escort Service...VIP College Call Girls Gorakhpur Bhavna 8250192130 Independent Escort Service...
VIP College Call Girls Gorakhpur Bhavna 8250192130 Independent Escort Service...
 

Digital Security by Design: Security and Legacy at Microsoft - Matthew Parkinson, Microsoft

  • 1. Security and Legacy at Microsoft MATTHEW PARKINSON PRINCIPAL RESEARCHER, CONFIDENTIAL COMPUTING, MICROSOFT RESEARCH
  • 2. Motivation Microsoft cares about security Microsoft cares about legacy
  • 3. Fixing individual bugs not scaling 130 109 141 163 234 224 155 305 317 474 417 603 600 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 #ofCVEs Patch Year # of CVEs by patch year
  • 4. Microsoft cares about security slide courtesy of Matt Miller, Partner Security Engineer, MSRC 32 24 21 22 26 13 4 11 4 1 3 7 8 36 35 43 45 64 30 36 35 28 61 71 104 79 12 16 18 22 44 57 39 113 186 183 87 81 99 4 4 13 30 21 14 7 15 25 25 36 71 81 6 4 8 8 11 6 5 6 9 22 19 82 61 1 1 2 4 9 5 7 13 17 39 76 88 55 44 30 44 41 59 103 61 120 59 159 139 197 221 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Root cause of CVEs by patch year Stack Corruption Heap Corruption Use After Free Type Confusion Uninitialized Use Heap OOB Read Other Top root causes since 2016:
  • 5. What is Microsoft doing? Remove classes of vulnerabilities ◦ Probabilistic prevention not considered suitable - servicing a vulnerability still required ◦ MemGC - https://msrc-blog.microsoft.com/2016/01/12/triaging-the-exploitability-of-ieedge-crashes/ ◦ Killing Uninitialized Memory: Protecting the OS Without Destroying Performance - https://cppcon2019.sched.com/event/SfYc/killing-uninitialized-memory-protecting-the-os-without-destroying- performance Investing in safe(r) systems programming languages: ◦ Rust investigations, https://msrc-blog.microsoft.com/2019/07/18/we-need-a-safer-systems-programming-language/ ◦ Project Verona, research project ◦ Cannot simply throw away old code!
  • 6. Our research in Cambridge Mitigations Language design Compartmentalisation
  • 7. Project Verona A new language for safe infrastructure programming With David Chisnall, Sylvan Clebsch, Manuel Costa, Sophia Drossopoulou, Juliana Franco, Mads Torgersen, …
  • 8. The application spectrum C# C/C++ Asm Today Boot loader/HAL Core OS components Schedulers/Memory management Exchange/ ASP.NET Azure Storage/ Cosmos/ Data lake Azure functions Desktop Apps Device drivers Systems Programming
  • 9. The space • Fine grained control • Resource management • Latency sensitive • Close to machine • No abstraction over memory • No type safety Systems Programming
  • 10. The application spectrum C# C/C++ Asm Today Boot loader/HAL Core OS components Schedulers/Memory management Exchange/ ASP.NET Azure Storage/ Cosmos/ Data lake Azure functions Desktop Apps Device drivers Infrastructure Programming
  • 11. The space • Fine grained control • Resource management • Latency sensitive • Close to machine • No abstraction over memory • No type safety Inherently unsafe Possible for safe by construction
  • 12. Core ideas • Give up concurrent mutation, to enable scalable memory management. Data-race freedom • New concurrency model that provides lightweight asynchronous coordination. Concurrent Owners • passing groups of objects • memory management strategies per region (reference counting, tracing, arenas, …) • Compartmentalisation for legacy components Linear Regions
  • 13. Shared immutable region Linear mutable region Single entry pointRegions are only accessed by one computation at a time
  • 14. Pervasive sandboxing Verona program C++ runtime library C library C / Assembly library C++ library C/C++ library C++ library TCB, needs careful auditing Sandboxed, scope of vulnerabilities limited
  • 16. Project Verona status Production quality runtime Prototype interpreter and type checker Compiler not started Open-sourcing to github soon to enable collaborations Ask me for a demo!
  • 17. CHERI
  • 18. CHERI for mitigations Which exploit chains does CHERI break? What gadgets can exist on CHERI? Can temporal safety be achieved? Microsoft Red team (attack) internship analysed security of CHERI – 12 weeks not long enough to be conclusive Need a thorough security analysis before it can be adopted as a mitigation.
  • 19. CHERI for legacy Lightweight compartmentalisation • Contain existing libraries • Single address space • How can we build application that have hundreds of sandboxed libraries? Low-cost containers • Density important for the cloud • Can CHERI improve density in Cloud applications?
  • 20. Conclusions Microsoft needs security for legacy! Can we capitalise on CHERI to use existing assets? Can we architect software to integrate safe new code with old unsafe legacy code? Project Verona for compartmentalisation research collaborations
  • 23. Regions open up new possibilities • Compartmentalisation • Different regions can be compiled with different trust. • Distributed and heterogenous hardware • Moving collections of objects between devices – can be part of the programming model • Dynamic update of running code • Each object accessed by at most one thread, updates can exploit this in the running system
  • 29. Region access is single-threaded C#/C++ Region-based ownership Only one thread operating on a region at a time
  • 30. Region ownership is hierarchical C#/C++ Region-based ownership Regions have a single entry point