|
PRESENTATION:
|
Cloud Security – Zero-day protection with memory integrity based on white lists (aka. Total Cloud Patch Management)
|
|
PRESENTER(S):
|
Shane Macaulay, Director of Cloud Security for IOActive
|
|
CONFERENCE:
|
|
|
LOCATION:
|
Seattle, WA
|
|
DATE & TIME:
|
October 12, 2016 at 11:40AM PT
|
Patch management is often looked down upon due to its simplicity and relatively short shelf life. However, this talk will demonstrate how if we identify patch management as a way to categorize all known and unknown code in our infrastructure (given clouds can be more uniform in deployments), we can utilize it effectively to accomplish a number of important goals.
Memory white listing has become more common in a variety of scenarios, such as game consoles, some cloud, and current Windows versions. We’ll release some memory analysis tools based on memory integrity checking that work for 64 bit versions of Windows (all versions), Linux and *BSD. This will be somewhat of a “tripwire” for volatile memory designed to ensure no hidden, targeted, APT or zero-day threat ransom-ware is present.
Additionally in this talk, Shane will discuss many of the technical challenges abound in ensuring good performance and high integrity to resist unknown attacks/backdoors, including:
- White-List/Database Management
- Multi-Core/Thread State Issues
- Physical Memory to Virtual Memory Extraction
- Process Detection
- Relocations
- Nested/Hypervisors
Changing the status quo for the attest ability of timelines created during an incident without having validated the integrity of all code resident leaves significant risk and known unknowns. A shift towards routine integrity checking of cloud or other systems’ volatile memory can by design eliminate sophisticated threats to such an extent, the only backdoors remaining will be dark infrastructure/configuration-based.
About Shane Macaulay (aka K2)
Shane Macaulay is the Director of Cloud Security at IOActive where he enjoys a diverse and challenging role analyzing complex technology and software systems. He’s written and contributed to numerous security books, papers, and is a regular featured speaker at some of the world’s preeminent security conferences. Shane enjoys poking around in all things cyber security and writing sophisticated tools and exploits to gain a better understanding of the security and vulnerabilities inherent to different technologies.
About SOURCE Seattle 2016
At SOURCE, we pride ourselves on having some of the best speakers in the world speak at our conferences. But we’re about so much more than just great talks.
We are one of the only conferences that brings business, technology and security professionals together under one roof to focus on real-world, practical security solutions for some of today’s toughest security issues. For more information, please visit http://www.sourceconference.com/.
About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.
###