Conference:  Black Hat Asia 2023

Authors: Xiaosheng Tan

2023-05-11

Data has been regarded as the fifth factor of production, and data security is ranked a high priority by governments across the world. In China, data security-related legislation such as the "Data Security Law" and "Personal Information Protection Law" have been promulgated and have were put into effect in 2022. The number of data security projects also increased rapidly. The government, finance, telecommunications, energy, education, healthcare, and other industries have different regulatory requirements for data security and their strategies for data security are quite different.The biggest challenge facing data security is that data security technologies, products, solutions, and service capabilities are far behind regulatory and customer requirements. Some companies have made meaningful explorations in data security products and solutions, such as privacy enhanced computing, transparent encrypt/decrypt, zero trust in data security, etc.

Conference:  Global AppSec Dublin 2023

Authors: Kim Wuyts

2023-02-15

The presentation discusses the importance of threat modeling in ensuring privacy and security in software development. It highlights the different approaches and resources available for successful threat modeling.

• Threat modeling is crucial for ensuring privacy and security in software development
• There are different approaches and resources available for successful threat modeling, such as the Threat Modeling Manifesto, Linden, and Stride
• Threat modeling should be done early in the development cycle, but it's never too late to do it
• Threat modeling should be a continuous process and the output should be used as input for subsequent steps
• Threat modeling can be easy and fun, as illustrated by the example of analyzing a doll's privacy risks

Conference:  Cloud Native SecurityCon North America 2022

Authors: Tobin Feldman-FItzthum, Mikko Ylinen

2022-10-25

Typical data protection ensures data is encrypted while in transit and at rest. Confidential computing (CC) adds data protection while data is in use, in memory, enabling end-to-end protection. Highly regulated industries such as finance and health care are driving the market for CC. Cloud service providers are adding CC capabilities in their offerings. In parallel the open-source cloud native ecosystem is seeing more new projects and start-ups building upon CC. For instance, the CNCF recently accepted the sandbox project Confidential Containers with active participation from different hardware and software vendors and CSPs. In this workshop we will talk about CC in cloud native. We will start by giving an overview of CC and a detailed introduction to the Confidential Containers project and its building blocks. Next, we walk the audience through detailed steps to get the Confidential Containers environment set up. Finally, we want to leave some time for interactive discussion with the audience about cloud native use cases and CC.