This past week I’ve been reading the specifications for Trusted Platform Modules (TPM) published by the Trusted Computing Group of companies. It seems to me they’ve done a lot of things right, but a TPM is […]
We’ve started creating short, succinct videos on YouTube to help explain key concepts and issues around protecting keys, code and data associated with embedded systems. One series is Stacy Janes “Old-School Car Guy” which explains […]
Software Protection: Integrity, Diversity, Entanglement and Renewability (SPIDER) We’ve spent a lot of time finding a suitable analogy to explain the more subtle aspects of defense in depth and the multi-layered approach to cybersecurity that […]
As someone who works with cloud solutions for a security company, I am very aware of the stories in various media about security breaches in cloud accounts. Usually these are along the lines of “Company […]
Ofttimes it has been difficult to explain the role of software protection in hardware-protected secure systems, but recently security researchers have helped us out by providing many examples of zero-day exploits where flaws that are baked into hardware or firmware lead to exploitable vulnerabilities in systems. In this article we are having a look at Spectre & Meltdown and explore how these attacks could have been avoided using application protection technology.
Some of you will remember the Target and Home Depot cyberattacks in 2013 & 2014, which resulted in $202 million (Sruthi Ramakrishnan, 2017) and $134.5 million USD (Roberts, 2017) of damages respectively. In this blog article, let’s examine these and other infamous hacks in detail to glean important lessons about system and application security.
Following on from previous posts (part 1, part 2) I wanted to drill down a bit more into the components from the container cluster node in the reference architecture as is shown on the image below. […]
Introduction While investigating new solutions I was spinning up POC’s and decided that instead of either making a new jumphost every time or adding manually the access to my existing jumphost I just wanted the […]
In part 1 of this series of blog posts, we talked about how the choice between NoSQL and SQL databases is bound to the core design of the application and I promised to get deeper into what this means. We started by looking into how support for a flexible schema is both advantageous and challenging. In this post, I will discuss CAP theorem and explain how it affects both the choice of the database technology and the application logic. Understanding CAP theorem and its implications is very important in designing a distributed system.
In my previous post I advocated reducing the security perimeter to the smallest possible size – because perimeter based security is often not enough, the slightest ‘hole’ in the perimeter allows attackers to get in. […]