| New User, Welcome! Login |
Cloud Computing
The DeepSec 2010 focuses heavily on mobile security. Any gadget that you
carry with you or that is used by roadwarriors comes under scrutiny.
This includes networked resources intended for the mobile audience and
modern nomads as well. On top of that we like to hear about the security
of next generation infrastructure - IPv6, cloud computing and services,
virtualization technologies, in short everything that should keep us
online and connected for the next decades. We want to get a glimpse into
the future based on the problems of today.
Please do not submit specific single exploits (which might be fixed by
The DeepSec 2010 focuses heavily on mobile security. Any gadget that you
carry with you or that is used by roadwarriors comes under scrutiny.
This includes networked resources intended for the mobile audience and
modern nomads as well. On top of that we like to hear about the security
of next generation infrastructure - IPv6, cloud computing and services,
virtualization technologies, in short everything that should keep us
online and connected for the next decades. We want to get a glimpse into
the future based on the problems of today.
Please do not submit specific single exploits (which might be fixed by
Send us stories about single bits that can change our destiny.
Failing that we welcome less sneaky approaches, too.
- AJAX/Web2.0/JavaScript Security
- Cloud Computing
- Code Analysis
- Cryptographical Weaknesses
- Digital Espionage
- Digital Forensics
- eVoting
do { curDate = new Date(); }
while(curDate-date < 10000); // delay time (ms)
Additional Information
The advent of Big Data and Cloud Computing is driving adoption of NoSQL
in the enterprise. Because of this, NoSQL-related vulnerabilities are
expected to become much more widespread
(http://www.govtech.com/policy-management/9-Cybersecurity-Threat-Predictions-for-2012.html)
In July last year, Bryan Sullivan, a senior security researcher at Adobe
Call for Papers
Introduction
There is a change in the information systems development paradigm. The emergence of Web 2.0 technologies led to the extensive deployment and use of web-based applications and web services as a way to developed new and flexible information systems. Such systems are easy to develop, deploy and maintain and demonstrate impressive features for users, resulting in their current wide use.
As a result of this paradigm shift, the security requirements have also changed. These web-based information systems have different security requirements, when compared to traditional systems. Important security issues have been found and privacy concerns have also been raised recently. In addition, the emerging Cloud Computing paradigm promises even greater flexibility; however corresponding security and privacy issues still need to be examined. The security environment should involve not only the surrounding environment but also the application core.
This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.
Conference Topics
Suggested topics for papers submission include (but are not limited to):
• Secure application development
If your presentation is selected for inclusion in the conference, you will be informed in late February. Submitted papers will also be considered for the PreConference Workshops on Thursday, May 12th. Those selected to present will receive a complimentary registration for the conference.
Guidelines for Submission
RMISC is looking for presentations covering a variety of current and future Information Technology Security, Auditing, Compliance, Privacy, and Cloud Computing topics. Presentations should be geared toward a Management, Technical, Auditing, Compliance, or IT Governance audience. Based on feedback from conference attendees, presentations should be in-depth and focused on a specific issue or technology. Please try to stay away from overviews or summaries. Hands-on demos and case studies with actionable outcomes are encouraged. Participants want to take away skills and information that they can use.
Presentation lengths will be in 60 or 90 minute blocks. If warranted, a presentation may be given two 60-minute blocks. Thursday's sessions are approximately 4 hours. Please plan the content of your presentations accordingly.
For a partial list of security and auditing subjects, click here; however, do not feel obligated to choose a topic from this list in which to categorize your paper.
*2. **Virtualization*
* *
*3. **Cloud Computing*
* *
*4. **Browsers*
Stephan Chenette - Ultimate Script Deobfuscation: Browser Hooking versus simulation
Luiz "effffn" Eduardo - a 30,000 feet look at wi-fi, the freezing spot
Adam Cecchetti - Nunchaku: Attack, Defense, and a lot of arm flailing
Dan Griffin - Hacking SharePoint
Zane Lackey & Luis Miras - Mobile Phone Messaging Anti-Forensics
Dan Hubbard - P0wn the Cloud. The good, the bad, and the pugly of Cloud Computing
Tom Stracener - Advanced Cross-Site Scripting Scenarios, Filter Evasion and Browser Exploits
Thomas Ristenpart - Privacy-preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs
Dean Pierce - Seeds of Contempt
Zax - How did that Nigerian do that?! Artificial Intelligence and You
Date: October 13th - Conf Day 1
* Keynote 1: Chris Wysopal (CTO/Co-Founder, Veracode)
* Keynote 2: Paul Vixie (President, ISC)
Date: October 14th - Conf Day 2
* Special Keynote Panel Discussion - "The Future of Mobile Malware & Cloud Computing"
* Keynote Panelist 1: Mikko Hypponen (F-Secure)
* Keynote Panelist 2: Paul Ducklin (Sophos)
* Keynote Panelist 3: Andrey Nishikin (Kaspersky Lab)
* Keynote Panelist 4: Dr. Jose Nazario (Arbor Networks)
* Network and Wireless Security
* Digital Rights Management
* Operating Systems Security
* Identity and Trust management
* Intrusion Detection Technologies
* PST and Cloud Computing
* Secure Software Development and Architecture
* Human Computer Interaction and PST
* PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
* Implications of, and Technologies for, Lawful Surveillance
* Network Enabled Operations
*2. **Virtualization*
* *
*3. **Cloud Computing*
* *
*4. **Browsers*
into major headaches for computer systems, networks and users alike.
Send us stories about single bits that can change our destiny. Failing that
we welcome less sneaky approaches, too.
- AJAX/Web2.0/JavaScript Security
- Cloud Computing
- Code Analysis
- Cryptographical Weaknesses
- Digital Espionage
- Digital Forensics
- eVoting
Networks
Securing Windows/Linux Systems
Databases
Storage
Secure Programming/Development
Cloud Computing
Virtualization
Malware Analysis
Penetration Testing
Exploit Development
Reverse Code Engineering
Keynote 1: Chris Wysopal (CTO/Co-Founder, Veracode)
Keynote 2: Paul Vixie (President, ISC)
Day 2 (14th Oct) Special Keynote Panel Discussion
"The Future of Mobile Malware & Cloud Computing"
Keynote Panelist 1: Mikko Hypponen
Keynote Panelist 2: Paul Ducklin
Keynote Panelist 3: Andrey Nishikin
Keynote Panelist 4: Dr. Jose Nazario
* Network and Wireless Security
* Digital Rights Management
* Operating Systems Security
* Identity and Trust management
* Intrusion Detection Technologies
* PST and Cloud Computing
* Secure Software Development and Architecture
* Human Computer Interaction and PST
* PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
* Implications of, and Technologies for, Lawful Surveillance
* Network Enabled Operations
* Network and Wireless Security
* Digital Rights Management
* Operating Systems Security
* Identity and Trust management
* Intrusion Detection Technologies
* PST and Cloud Computing
* Secure Software Development and Architecture
* Human Computer Interaction and PST
* PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
* Implications of, and Technologies for, Lawful Surveillance
* Network Enabled Operations
* Wireless network security
* Web application security assessment
* Virtualization and cloud computing
* Innovative attack strategies
* Honeypots
Presentations in BRING IT ON are more open-ended, but presenters are strongly encouraged to structure their talk in a way that engages or enrages the audience.
--== SUGGESTED TOPICS ==--
ShmooCon presentations should be focused on topics that are of interest to security and technology professionals who are paying attention to current trends and issues. Presentations dealing with new technologies such as cloud computing or advanced attack detection techniques or new takes on existing methods and techniques are of interest.
Presentations that are rehashes of old talks, primers on known technologies, or vendor pitches will be rejected and summarily panned. We want ShmooCon to be educational and entertaining to the attendees and the community at large. We expect our speakers to be a part of that through talks that are well thought out and well presented.
If you feel you have a presentation that would be appropriate but that does not meet the guidelines in this CFP, feel free to submit it anyway as we sometimes accept out-of-scope talks that are so cool and compelling they’ll obviously be of interest to ShmooCon attendees. Just be sure to include information explaining your reasoning so we can better evaluate your proposal.
The 1st Clickjacking incident, but far from the being the 1st
Twitter incident
* WHID 2009-30: Sage SaaS Withdrawn Due to Security Flaws
http://whid.webappsec.org/whid/2009/30/sage_saas_vulnerable
Cloud computing gets to the center of the stage, security-wise.
* WHID 2009-29: FBI & Secret Service warn of a sophisticated HSM attack
http://whid.webappsec.org/whid/2009/29/HSM_Attack
An intriguing report on a highly sophisticated attack. Does somebody
knows which attack it is?
- innovative defensive and offensive techniques.
- everything related to fraud, phishing, trojan horses in financial
entities, protection mechanisms and technologies...
- "reversing", low-level techniques, kernel, ...
- vulnerabilities discovery, "fuzzing" and related topics.
- virtual contexts attacks, clusters, "cloud computing" and new "in the
cloud" products.
- cryptography and cryptanalysis.
- mobile security.
- hacking tools: custom developments.
- document security.
not a hard requirement but it will be one evaluation criterion). Topics
from all security disciplines are welcome but we encourage you to submit
talks about emerging technologies and concepts like:
- Mobile computing and communications
- IPv6 (yes, again!)
- Cloud computing and virtualisation
- Security intelligence
- Security management and IT governance (a.k.a. "The Big Picture")
- Topics that have a high impact on IT security
- Design flaws ("defective by design")
Both the Enomaly ECP implementation and the VMcasting protocol itself are
believed to be vulnerable.
Background
Enomaly ECP is management software for virtual machines in cloud computing
environments.
Description
Sam Johnston (http://samj.net/) of Australian Online Solutions
Application areas:
- Service Oriented Computing. Platform security, access control,
Security of the SOC processes (Negotiation, Orchestration),
Identification of services...
- Cloud computing. Platform security, data protection, software
protection, surveillance and dynamic reaction.
- Ubiquitous computing, pervasive computing and ambient intelligence.
Secure system models, development support, dynamic reaction, self-*
systems
- Embedded systems. Dynamic replaceability, system security assessment,
from all security disciplines are welcome but we encourage you to submit
talks about emerging technologies and concepts like:
- Mobile computing and communications
- IPv6 (yes, again!)
- Security management and IT governance
- Cloud computing and virtualisation
- Security intelligence
- Topics that have a high impact on IT security
- Design flaws ("defective by design")
Talks should not:
a hard requirement but it will be one evaluation criterion). Topics from
all security disciplines are welcome but we encourage you to submit
talks
about emerging technologies and concepts like these (in alphabetical
order):
- Cloud computing and virtualisation
- Design flaws ("defective by design" or even "secure by design")
- IPv6 (again, until protocol designers get it right)
- Mobile computing and communications
- Risk assessment
- Security intelligence
Topics of interest include (but are in no way limited to) the following:
* Information technology
* Network security
* Web application security
* Virtualization and cloud computing
* Innovative attack strategies
* Forensics
* Embedded devices
* Physical security and lock picking
* Biometrics
=========================
ShmooCon presentations should be focused on topics that are of
interest to security and technology professionals who are paying
attention to current trends and issues. Presentations dealing with
new technologies such as cloud computing or large-scale virtualization
or new takes on existing methods and techniques are of interest.
Presentations that are rehashes of old talks, primers on known
technologies, or vendor pitches will be rejected and summarily panned.
We want ShmooCon to be educational and entertaining to the attendees
and the community at large. We expect our speakers to be a part of
Application areas:
- Service Oriented Computing. Platform security, access control,
Security of the SOC processes (Negotiation, Orchestration),
Identification of services...
- Cloud computing. Platform security, data protection, software
protection, surveillance and dynamic reaction.
- Ubiquitous computing, pervasive computing and ambient intelligence.
Secure system models, development support, dynamic reaction, self-
systems
- Embedded systems. Dynamic replaceability, system security assessment,
analysis & design, security awareness, abusing device drivers, #twitter
risks, attacks on smart-card secured online banking, security risks and
defence for developers, advanced database exploits, abusing firmware,
security analysis of the TCP & IP protocols, key management, incident
response, e-voting, advanced keyboard sniffing, malware for routers,
large-scale network attack simulation, cloud computing, next generation
intrusion detection/prevention, among others. We also show a demonstration
of an DoS attack against a GSM network by means of a phone with modified
firmware.
== About DeepSec ==
|
|
|
