Mobile platforms (phones, tablets, etc.) are ubiquitous. They are
entrusted with our most precious information, and can sense, record and
transmit almost every moment of our lives. With great capabilities come
great security risks, and current platforms have indeed been found
susceptible to numerous attacks, resulting in privacy violations,
financial damage and spying. This talk will survey the challenges and
some emerging approaches to improving the platforms.
09:35
דר' גדעון גרזון, אינטל
IntelR Trusted Execution Technology (TXT) - Foundation for a Trusted Platform
The talk will cover an introduction to the Trusted Computing including:
Trusted Platform Module; a general overview of IntelR TXT;
Will discuss use cases of these technologies. It will cover the basics of a
Trusted Platform; how IntelR TXT adds value to a Trusted Platform; and how
these concepts can be applied to secured
storage and secure identification. Use cases in various market segments
will be explored
Dr. Gideon Gerzon is a senior architect for Security and virtualization
for IntelR CoreT Processor Products family.
He has been with Intel for over 20 years. Gideon has work on the development
of IntelR Virtualization Technology (VT) and IntelR Trusted Execution
Technology (TXT) and other Security technologies.
Gideon Received bachelor's degree (cum laude) in Electrical Engineering from
Ben Grunion University and his master's and Ph.D. degrees from Imperial
College in London (1992).
10:20
מר ירון שפר, Porticor
Data Encryption and Key Management in the Cloud: Making the Public Cloud Private
Data encryption in compute clouds: sounds like an an oxymoron? I will
demonstrate why there are some very good reasons to do it, and how a
combination of system security and novel cryptographic protocols enables
practitioners to achieve a high level of security in several cloud
environments.
Yaron Sheffer is co-founder and CTO of Porticor, the cloud security company.
Previously, Yaron was technology manager in Check Point's VPN Area. Even
earlier, Yaron led a virtualization effort at Intel, way before the term
"virtualization" (let alone, the Cloud) became popular. Yaron is co-chair of
the IETF IPsec standards working group.
Machine virtualization -- running multiple virtual machines
on a single physical host -- is a powerful technology that underlies
the world's computing clouds and enterprise data-centers. But with
great power comes great responsibility: to use virtualization for
good, not evil, and to make virtualized systems efficient even in the
face of untrusted virtual machines. I will begin my talk by covering
the fundamentals of architectural support for machine
virtualization. I will then show how malware can use this support to
evade detection and, conversely, how hypervisors can contain malware
within a virtual machine to observe and study it. I will conclude by
showing how hypervisors can provide "bare metal" (non-virtual)
performance even to untrusted, possibly malicious virtual machines.
Muli Ben-Yehuda is a systems researcher and an expert in the area of
machine and I/O virtualization. He holds a B.A. (cum laude) in
Computer Science from the Open University of Israel and is currently
pursuing a Ph.D. in Computer Science at the Technion -- Israel
Institute of Technology. From 2002 until 2012 he held senior
research and managerial positions at IBM Research, where he was also
an IBM Master Inventor. Muli has co-authored over thirty academic
publications and holds over twenty US patents in such areas as
machine and I/O virtualization, cloud computing, and operating
system and hypervisor design and implementation. His code and ideas
are included in many operating systems and hypervisors, including
the Linux kernel and the Xen and KVM hypervisors. His work on The
Turtles Project: Design and Implementation of Nested Virtualization
has won the prestigious OSDI Jay Lepreau Best Paper Award and the
IBM Research Pat Goldberg Memorial Best Paper Award. When not
rethinking how we build system software for his Ph.D. or spending
time with his family, Muli provides selected clients with consulting
services through Hypervisor Technologies and Consulting Ltd.
12:20
גב' עפרה בכור, Green Hills Software
INTEGRITY Real Time Operating System for High Reliability Software
Device manufactures are faced with a daunting challenge: they must balance
customer demand for new features like advanced graphics, wireless
communications and secure management of information, whilst ensuring
device reliability, safety, security and approvals with a swift time to
market. In this session we will examine an architecture that leverages
software separation to safely manage the increasing complexity of software
in today's market.
Ofra works at Green Hills Software as a Field Application Engineer providing
technical pre-sales support to the Israeli sales office, product
introduction, training, and post-sales support to EMEA Customers. She is
Focused on helping customers apply Green Hills technologies to applications
ranging from infotainment to airborne systems. In the past Ofra worked as a
software engineer and a software team leader developing safety critical
embedded applications in the Israeli defense industry.
Ms. Bechor Graduated the Hebrew University with a MSc in Applied Science.
14:05
מר עמית קליין, Trusteer
Evolution of Cybercrime Techniques
Cybercrime has evolved in great strides over the last decade. In this
presentation, I will focus on cybercrime against web based applications
(particularly online banking) and demonstrate how the security industry and
online service vendors engage in a cat-and-mouse game against cyber
criminals. Each time cyber-criminals introduced an attack technique, online
service provides countered with a defense, and each time such new security
measure was introduced, fraudsters figured out a way to bypass it. In many
cases, the cybercriminals' tactics demonstrate innovation and
resourcefulness, combining technology and social engineering to efficiently
accomplish their financial goals. I will show many examples of how security
measures are circumvented and will discuss some fundamental issues with some
classes of security measures, including those deemed today as "state of the
art".
14:50
מר גיא מזרחי, Cyberia
חימוש ומודיעין בסייבר
Intelligence is a necessity that every government agency invest in. It is clear that intelligence is needed in order to protect needs and also needed in order to attack.
Civilian organizations today are having hard time to protect themselves. They have tools to fight infosec problems but the attackers are using cyber offensive methods with military standards.
Cyber intelligence is one of the tools that can fight the attackers before they get into the organization and provide a true active protection.
On August 15th Saudi Arabia's national oil company said an attack had led to its own network being taken offline. Later on, Defense Secretary Leon E. Panetta warned that the United States was facing the possibility of a “Cyber-Pearl Harbor” and was increasingly vulnerable to foreign computer hackers who could dismantle the nation’s power grid, transportation system, financial networks and government. What can we learn about those attacks? How are they built? What actions governments and local organization can take to prevent them from happening? McAfee Research Scientist will present the case study and discuss today’s and future solutions.
16:20
ההרצאות תתקיימנה בעברית - The lectures will be given in Hebrew