Security is arguably one of the most critical and controversial aspects of any
software project. Most software is designed and implemented with the main focus
on Time-To-Market (TTM) and its required features. As a result, the majority of
software solutions lack the security features necessary to protect against
attacks. This phenomenon is not limited to applications; many operating
systems, protocols, application frameworks, and programming languages alike all
suffer from this deficiency. The traditional methods of dealing with such
shortcomings, such as system hardening, are reactive and tend to only patch the
security holes in an ad-hoc manner; they hardly address the root-cause of the
problem.
This session gives an overview of the "Preemptive Security" concept as a means to address the above-mentioned fundamental problem. Concrete Methods to establish a verifiable trust with the computing environment will be proposed. The use of modern computer science concepts such as secure programming languages, secure protocols, and strong authentication frameworks to assist in implementing "Preemptive Security" will also be discussed. |
Hadi Nahari is a software security professional with over 17 years of
experience in all aspects of software development lifecycle, including
extensive work in design and architecture, verification, proof-of-concept, and
implementation of software systems. Hadi has worked on large scale, high-end
enterprise solutions, as well as resource-constrained embedded systems, with
primary focus on Security, Cryptography, Complex Systems Design, and
Vulnerability Assessment & Threat Analysis. Hadi has led and contributed to
various security projects for Netscape Communications, Sun Microsystems, United
States Government, Motorola, etc. Hadi is currently working for MontaVista
Software, Inc. as Chief Security Architect, leading security efforts for MontaVista Embedded Linux product lines. |
Last modified: Sat, 23 Feb 2008 17:13:44 +0100