- Make System Security Work for You
- Registration
- Venue
- Keynote Speaker: Bill Cheswick (Ches) from AT&T
- Live Twitter Stream ( Hash Tag #sec09)
- Schedule
- Technical Track Descriptions
- Kerberos Authentication for Web Security
- Solaris Security Overview
- Protecting Services with Built-In Solaris Security Features
- Trusted Extensions & Demo
- ZFS Crypto: Data encryption for local, NAS and SAN
- Speakers
Make System Security Work for You
A Security Summit will be held on Tuesday November 3rd, 2009 in Baltimore, Maryland. It is scheduled to run during LISA '09 which runs from November 1-6. Please join us to hear about security in large system installations with speakers from CTO, technical leaders, customers and community members.
Registration
Registration is now closed.
For Government Customers
Sun believes that the more you know about System Security, the better you can manage and protect secure government information, so you will find the information presented at this event to be of significant importance to your Agency. Persons with a diverse viewpoints on security will be in attendance, including System Administrators, OpenSource Developers, Academic and Security Professionals. If your Agency Ethics Official requires additional information on this event, or if it is determined that you need to pay for your attendance at the event, please contact Jennifer Bauer Scarpino.
Venue
Baltimore Marriott Waterfront
700 Aliceanna Street
Baltimore, Maryland 21202
 | Where is it? The venue on Google Maps. |
Keynote Speaker: Bill Cheswick (Ches) from AT&T
William Cheswick, Lead Member of the Technical Staff at AT&T labs
Live Twitter Stream ( Hash Tag #sec09)
Here.
Schedule
| Tuesday, November 3 | Grand Ballroom A&B | ||
|---|---|---|---|
| Time | Topic | Speaker | Slides |
| 08:30 - 09:00 | Registration | ||
| 09.00 - 09.05 | Welcome - video |
Kathy Jenks | |
| 09.05 - 10.30 | Morning Key Note Rethinking Passwords - video rough cut |
Bill Cheswick | |
| 10:10 - 10:30 | Break | ||
| 10:30 - 11:00 | Presentation: Kerberos Authentication for Web Security | Thomas Hardjono | |
| 11:00 - 12:00 | Presentation: Solaris Security Overview | Darren Moffat | |
| 12:00 - 12:30 | Presentation: Thin Client Delivery for the Enterprise | Dennis Maher | |
| 12:30 - 01:15 | Lunch catered by Solaris Security | ||
| 01:15 - 01:45 | Presentation: Protecting Services with Built-In Solaris Security Features - video preview ! |
Christoph Schuba | |
| 01:45 - 02:30 | Presentation: Trusted Extensions & Demo - video rough cut |
Glenn Faden | |
| 02:30 - 02:45 | Presentation: Multilevel Cluster - video rough cut |
Ellard Roush | |
| 02:45 - 03:15 | Presentation: H/W based isolation and security for Virtual Machine Network - video rough cut |
Sunay Tripathi | |
| 03:15 - 03:30 | Break | ||
| 03:30 - 04:15 | Presentation: ZFS Crypto: Data encryption for local, NAS and SAN | Darren Moffat | |
| 04:20 - 05:00 | Presentation: User Groups | Harry Foxwell | |
| 05:00 - 06:00 | Technical Demos | Solaris Engineers | |
| 06:00 - 10:00 | Refreshments/ Technical BOFs | Engineers |
| Live Video Streaming Link |
Technical Track Descriptions
Kerberos Authentication for Web Security
Kerberos is arguably one of the most successful authentication protocols in the industry today. Kerberos protocol implementations are deployed extensively currently within the Enterprise sector, and the MIT Kerberos code base also currently ships within the majority of open source operating systems. We believe Kerberos can provide significant security improvements to web-based authentication and web-services security. Currently the de facto authentication method for the web is that of username/passwords over forms (over SSL/TLS), which may not afford sufficient security for high-value transactions. This presentation provides a background to the Kerberos (v5) protocol and discusses some issues and possible solutions for deploying the Kerberos protocol for web security.
Solaris Security Overview
A high level overview of Solaris security from Solaris 8 through current OpenSolaris features and work in development.
Protecting Services with Built-In Solaris Security Features
This talk presents the leading Solaris operating system security technologies that are an integrated part of deploying secure business services. Application software can take advantage of Solaris process rights management, audit, and mandatory access control features to implement the principle of least privilege and data separation. Fine-grained process rights management is integrated into role-based access control and the Solaris Service Management Facility (SMF). By default, SMF minimizes the risk of attack by limiting its network exposure to the minimal number of services that need to run for the software it is hosting.
Trusted Extensions & Demo
Trusted Extensions is a feature of Solaris that implements a mandatory access policy based on label relationships. It enforces constraints on the access and release of sensitive information. This talk describes how labels are associated with standard Solaris features like containers, network endpoints, ZFS datasets, and the GNOME desktop. An administrative facility called the Trusted Path is used to demonstrate how the policy is configured and enforced. Finally, the talk describes how labels are applied to commercial applications.
ZFS Crypto: Data encryption for local, NAS and SAN
Protecting your data at rest with encryption in ZFS. Not just for local storage but NFS, CIFS and iSCSI and FCoE targets. This will focus on the administrators view of the encryption feature coming to in ZFS and how key management is performed and how it interacts with ZFS snapshots and clones. A live demo will be used to demonstrate the need for ZFS crypto as well has how simple it is to use.
Speakers
 |
Kathy Jenks Kathy is the Director of Solaris Security Technologies at Sun Microsystems and is responsible for making Solaris the most secure operating system available and the preferred platform for development, commercial applications, and high assurance computing. Her organization delivers security features and functionality including cryptographic infrastructure, authentication functionality, network security, operating system hardening features, and multilevel security. The Security Technologies group partners with other Sun organizations to provide secure solutions to customers. Kathy has over 25 years of industry experience. She joined Sun in 1985 as a software engineer and has held a variety of engineering, program management, and management positions, spending the last seven years focused on Solaris security. |
| William Cheswick William Cheswick is an early innovator in Internet security. He is known for his work in firewalls, proxies, and Internet mapping at Bell Labs and Lumeta Corp. He is best known for the book he co-authored with Steve Bellovin and now Avi Rubin, Firewalls and Internet Security; Repelling the Wily Hacker. Ches is now a member of the technical staff at AT&T Labs - Research in Florham Park, NJ, where he is working on security, visualization, user interfaces, and a variety of other things. |
|
| Thomas Hardjono Thomas Hardjono is Lead Technologist at the MIT Kerberos Consortium. Previous to this role he was Principal Scientist within the CTO Office at Wave Systems, where he worked on bringing trusted computing technologies, such as the TPM and FDE drives, into mainstream computing systems. Prior to this he was CTO at SignaCert, which is a startup company also focusing on trusted computing products. Throughout his 17 year career in the computer and IP network security industry Thomas has primarily been engaged in advanced technologies and engineering. This includes 5 years as Principal Scientist and Director within the CTO Office of VeriSign, and several years in Bay Networks (Nortel) and NTT/ATR in Japan. His area of interest includes network security, cryptography, multicast security, PKI, wireless security, digital rights management and trusted computing. Over the years Thomas has published over fifty technical papers in journals and conferences, and three books on security. Thomas holds 19 patents covering various security and networking technologies. Thomas is active in a number of technical communities and standards organizations, including the IETF, IEEE, TCG and Oasis. In the IETF Thomas was chair of the Multicast Security (MSEC) working group and the Group Security Research Group. He is an author of RFC 3740 and RFC 3547. Thomas was co-chair of the TCG Infrastructure Working Group (2004-2008) and authored a number of core TCG infrastructure specifications. Currently he is co-chair of the Oasis SAML (SSTC) working group. He is an active speaker at various security forums, panels and events. |
|
 |
Darren Moffat Darren is a Senior Staff Engineer at Sun Microsystems in the Solaris Security Technologies Group. Darren is the architect for the Solaris Cryptographic Framework and Solaris encrypted storage projects. He is also involved in various other OpenSolaris security related technologies/features. He is one of the OpenSolaris Security Community leaders. His previous roles in Sun before joining Solaris engineering were in SunService doing Trusted Solaris and general OS security support and in Solaris sustaining engineering supporting the NFS, Name services and Kerberos features. Before Joining Sun he worked as an analyst/programmer for the UK Ministry of Defence. He is a graduate of the Computing Science Department of Glasgow University. |
 |
Christoph Schuba Christoph Schuba has studied mathematics and management information systems at the University of Heidelberg and the University of Mannheim in Germany. As a Fulbright scholar, he earned his M.S. and Ph.D. degrees in Computer Science from Purdue University in 1993 and 1997, performing his dissertation research in the Computer Science Laboratory at the Xerox Palo Alto Research Center (PARC). Christoph has taught undergraduate and graduate courses in computer and network security,cryptography, operating systems, and distributed systems at San Jose State University, USA, at the Universtitaet Heidelberg,Germany, at the International University in Bruchsal, Germany, at Linkopings universitet in Linkoping, Sweden where he held the chair in information security. Christoph has been working since 1997 at Sun Labs and most recently in the Solaris Software Security Organization at Sun Microsystems, Inc. He holds thirteen patents and is author and co-author of numerous scientific articles in computer and network security. |
 |
Glenn Faden Glenn Faden is a Distinguished Engineer in the Solaris Security Technologies Group, and has worked at Sun for 20 years. He is the architect for Solaris Trusted Extensions, and was one of the architects for Trusted Solaris and Role-Based Access Control. He designed Sun's multilevel desktops based on Open Look, CDE, and GNOME; he holds a patent for the the underlying X11 security policy. Glenn has made extensive contributions to the Solaris security foundation, including Access Control Lists, Auditing, Device Allocation, and OS Virtualization. He also developed the RBAC and Process Rights Management tools for the Solaris Management Console. He earned an MS degree in Computer Science from Florida Institute of Technology. |
 |
Sunay Tripathi Sunay is a Sun Distinguished Engineer in Solaris Core OS group and has been with Solaris group for 12 years. He has led Solaris networking in technical capacity for last 4 years and has undertaken key initiatives for Sun related to networking and network virtualization. He has designed, developed and led projects in SUN Solaris kernel/network/virtualization environment to provide leading edge functionality, performance, and scalability. He is currently driving the network and network virtualization initiative for Sun to create new business opportunities. This requires industry leading research in the form of Crossbow initiative which adds Network Virtualization and resource control capabilities to Solaris Core OS. Crossbow allows creation of Virtual NICs, switches and routers by partitioning the NIC and kernel resources. It also allows the stack to scale across large numbers of CPU without any S/W overheads. The NICs and VNICs have no performance overheads and can share the underlying networking without any interference from each other. Before Crossbow, Sunay Architected the New FireEngine Stack and GLDv3 - High Performance Device Driver framework in Solaris 10. Both projects helped transition the Solaris STREAMs based stack to a new architecture which significantly reduces the overheads of synchronization and cross communication between CPUs and created a vertical perimeter from the driver to top of the stack. Sunay was one of the key people for Network Cache and Accelerator (NCA), which provides alternate path from sockets layer all the way down to device driver and gave almost 2 times better performance for web type workloads over the pre FireEngine Solaris stack. Before coming to SUN, Sunay was a researcher at Stanford where he was involved with Center of Design Research creating smart agents and part of MosquitoNet group experimenting with mobility in IP networks. |
Sign up or Log in to add a comment or watch this page.