Ginseng: keeping secrets in registers when you distrust the operating system

Ginseng: keeping secrets in registers when you distrust the operating system Yun & Zhong et al., NDSS’19

Suppose you did go to the extreme length of establishing an unconditional root of trust for your system, even then, unless every subsequent piece of code you load is also fully trusted (e.g., formally verified) then you’re open to post-boot attacks. This is especially true in a context where lots of third-party application code (e.g. apps on a mobile phone) gets loaded.

Many mobile and IoT apps nowadays contain sensitive data, or secrets, such as passwords, learned models, and health information. Such secrets are often protected by encryption in the storage. However, to use a secret, an app must decrypt it and usually store it as cleartext in memory. In doing so, the app assumes that the operating system (OS) is trustworthy. OSes are complex software and have a large attack surface… Increasingly abundant evidence suggests that prudent apps should not trust the OS with their secrets.

Instead of trying to protect absolutely everything, Ginseng assumes that some data matters more than others. It arranges things such that this sensitive data is only ever in the clear in registers Continue reading

Why blockchain (might be) coming to an IoT implementation near you

Companies have found that IoT partners well with a host of other popular enterprise computing technologies of late, and blockchain – the innovative system of distributed trust most famous for underpinning cryptocurrencies – is no exception. Yet while the two phenomena can be complementary in certain circumstances, those expecting an explosion of blockchain-enabled IoT technologies probably shouldn’t hold their breath.Blockchain technology can be counter-intuitive to understand at a basic level, but it’s probably best thought of as a sort of distributed ledger keeping track of various transactions. Every “block” on the chain contains transactional records or other data to be secured against tampering, and is linked to the previous one by a cryptographic hash, which means that any tampering with the block will invalidate that connection. The nodes – which can be largely anything with a CPU in it – communicate via a decentralized, peer-to-peer network to share data and ensure the validity of the data in the chain.To read this article in full, please click here

Your Kubernetes Agenda at DockerCon

Kubernetes has seen a rapid rise over the last few years and is becoming one of the most sought after skills. DockerCon is a great opportunity to get hands-on training from industry experts and hear from real customers who have deployed Kubernetes in production.

You’ll also have a chance to learn how Docker is the easiest way to get started with Kubernetes and attend sessions that describe how the Docker platform manages and secures applications on Kubernetes in multi-Linux, multi-OS and multi-cloud customer environments.

.

Download your Kubernetes agenda and register now for DockerCon!

 

Expert-Led Workshops

Register soon as space is running out in these hands-on workshops!

  • Kubernetes 101: Getting up and running with Kubernetes – Led by Nigel Poulton, Docker Captain and Pluralsight author and writer of several popular Docker and Kubernetes books
  • Security Best Practices for Kubernetes – Led by Scott Coulton, Docker Captain and Principal Software Engineer at Microsoft

Customer Case Studies

Hear from Docker customers who are running Kubernetes in production.

Technical Sessions

Learn about the inner workings of Kubernetes and the Continue reading

RIP Up Your Dynamic Routing With OSPF

What is dynamic routing? Why is Routing Information Protocol (RIP) horrible, and Open Shortest Path First (OSPF) ever so slightly less horrible? How does Linux handle OSPF, and what advantages does it bring over traditional networking gear in complex, intent-based, infrastructure-as-code environments?

RIP and OSPF are Interior Gateway Protocols (IGPs). IGPs are protocols designed to allow network routers and switches within an organization’s internal network to dynamically reconfigure the network to respond to changes. These changes may include the addition or removal of network equipment or network links between network devices.

The purpose of IGPs is to tell networking equipment which devices live where. While devices that are part of the same subnet can find one another, they require a router to communicate with devices on other subnets. Routers and switches keep routing tables of which devices are on which physical interface, and VLAN. These routing tables allow each device to know where to send a packet to reach a given system, and whether or not that packet needs to be encapsulated or tagged.

IGPs allow routers and switches to exchange some or all of their routing tables so that other devices within the network fabric know where to send Continue reading

BrandPost: Edge Computing is Key to Meeting Digital Transformation Demands – and Partnerships Can Help Deliver Them

Organizations in virtually every vertical industry are undergoing a digital transformation in an attempt to take advantage of edge computing technology to make their businesses more efficient, innovative and profitable. In the process, they’re coming face to face with challenges ranging from time to market to reliability of IT infrastructure.It’s a complex problem, especially when you consider the scope of what digital transformation entails. “Digital transformation is not simply a list of IT projects, it involves completely rethinking how an organization uses technology to pursue new revenue streams, products, services, and business models,” as the research firm IDC says.To read this article in full, please click here

IPv6 Buzz 023: How State Task Forces Drive IPv6 Adoption

State and regional IPv6 task forces advocate for IPv6 adoption by state governments and the private sector, and educate engineers. In today's episode we chat with George Usi, the Co-Chair of the California IPv6 Task Force to learn more about the task force's goals and what it's achieved to date.

The post IPv6 Buzz 023: How State Task Forces Drive IPv6 Adoption appeared first on Packet Pushers.

Intel formally launches Optane for data center memory caching

As part of its massive data center event on Tuesday, Intel formally launched the Optane persistent memory product line. It had been out for a while, but the current generation of Xeon server processors could not fully utilize it. The new Xeon 8200 and 9200 lines take full advantage of it.And since Optane is an Intel product (co-developed with Micron), that means AMD and Arm server processors are out of luck.As I have stated in the past, Optane DC Persistent Memory uses 3D Xpoint memory technology that Intel developed with Micron Technology. 3D Xpoint is a non-volatile memory type that is much faster than solid-state drives (SSD), almost at the speed of DRAM, but it has the persistence of NAND flash.To read this article in full, please click here

1 1,261 1,262 1,263 1,264 1,265 3,835