SlideShare a Scribd company logo

Stanford Cybersecurity January 2009

Download as PPS, PDF
Jason Shen
Jason Shen

A presentation given by Peter Levin, Consulting Professor at Stanford University.

Technology
1 of 34
Cybersecurity Peter L. Levin Consulting Professor January 2009
Evolution of GPS Service ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Problem Statement ,[object Object],[object Object],[object Object],[object Object]
“It is a battle we are loosing”
The Black Swan Effect ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Public Awareness Has Changed
“ several Georgian state computers [were] under external control” So they moved websites to Google:
P2P uses as much as 60% of Internet Bandwidth P2P networks offer an easy way to disguise illegitimate payloads using sophisticated protocols, and can divert network traffic to arbitrary ports From Spector 360
Machine Readable Travel Documents
Cracked in ten seconds for $10,000
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Security is a Subset of Reliability * *from the article of that name by Geer and Conway, IEEE Security and Privacy, Dec 08
The (Cyber)Security Marketplace
Hardware Sabotage “The most monumental non-nuclear explosion ever seen from space” was reportedly caused by the US in a Soviet commercial gas pipeline. An Israeli bombing raid on a suspected Syrian nuclear facility was (allegedly!) due to a “kill switch” that turned off surveillance radar.
Hardware’s Axis of Evil
Counterfeits are Expensive and Dangerous ,[object Object],[object Object],[object Object],Source: Unclassified FBI Report, January 2008
Chip-Making in Four Easy Steps RTL & Layout Design Mask Creation Logic Circuit Design Function Specification Thanks to Grace and Sherman for this slide
Chip-Level Hardware Assurance Graphic from Sally Adee, IEEE Spectrum authenticity and provenance mechanical compromise add extra wires add extra transistors
“ Your Hands Can’t Hit What Your Eyes Can’t See” DAFCA provides on-chip, at-speed, in-system visibility
Integrate Verification and Validation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Why At-Speed Observability Matters ,[object Object],[object Object],[object Object],[object Object],[object Object]
Two Examples ,[object Object],[object Object],[object Object],[object Object]
Detect Malfunction ,[object Object],[object Object],[object Object],[object Object],[object Object]
An Instrumented GPS Chip Trace RAM (1k x 128) Transaction Engine PTE TRACER LCD_MUX CB1_MUX aligner 4-fifo grp_lcd_out grp_lcd_fifo_rd2 grp_lcd_fifo_rd1 grp_lcd_fifo_rd3 grp_lcd_rgb grp_arm_i grp_arm_r_0 grp_usb_slv grp_usb_mstr 125 125 125 FINAL_SPN 125 CB2_MUX 125 CB3_MUX 125 125 GP_IN 2 valid bit valid bit Observation Bus = 125 (probe grp) + 2 Valid + 1 Time Stamp = 128 bit 1 valid for domain crossing of 10Mhz to 166MHz 1 valid for domain crossing of 83KHz to 166MHz SPN NETWORK 166MHz 10MHz 1 valid bit 1 valid bit 125 CDC_LCD 166MHz 166MHz CAPSTIM aligner Trace RAM (1k x 128)
The Road Ahead abstraction Detected Violation Software objects, pointers, calls, register writes Bus cycles, arbitration policies, event sequencing On-Chip cycle protocols and timing T T T T T T T T T T T T T T T T T T T Bus Protocol Assertions Static Mode Selects Exception Generators Memory Checkers Performance Monitors Traffic Generators Event Sequencing Boot-up System Software Application Software O c D observe characterize detect observe characterize detect
Device Authenticity/Anti-Counterfeit ,[object Object],[object Object],[object Object],[object Object],[object Object],Our customers need an inexpensive and reliable way to detect counterfeit devices in the field
An Anti-Counterfeit Architecture ,[object Object],[object Object],[object Object],[object Object]
On-Chip, At-Speed, In-System Instrumentation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Step One: “Talk to me ”
Establish An Encrypted Channel ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Step Two: “Talk securely to me ”
Embed A Secret ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Step Three: “Tell me a secret ”
Use GPS to Ensure Authenticity ,[object Object],[object Object],[object Object],[object Object],Set an extremely high bar for hackers
Secure Channel, Secret Message ,[object Object],[object Object],[object Object],[object Object]
Location Security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Next Generation Cybersecurity ,[object Object],[object Object],[object Object],[object Object]
Conclusion ,[object Object],[object Object],[object Object],[object Object]

Recommended

RSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackRSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackDan Gunter
 
Defcon 23 - Chris Sistrunk - nsm 101 for ics
Defcon 23 - Chris Sistrunk - nsm 101 for ics Defcon 23 - Chris Sistrunk - nsm 101 for ics
Defcon 23 - Chris Sistrunk - nsm 101 for ics Felipe Prado
 
Webinar on identifying, preventing and securing against the unidentifiable at...
Webinar on identifying, preventing and securing against the unidentifiable at...Webinar on identifying, preventing and securing against the unidentifiable at...
Webinar on identifying, preventing and securing against the unidentifiable at...Intergence Ltd.
 
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul ComerfordPROFIBUS and PROFINET InternationaI - PI UK
 
Infrastructure Attacks - The Next generation, ESET LLC
Infrastructure Attacks - The Next generation, ESET LLCInfrastructure Attacks - The Next generation, ESET LLC
Infrastructure Attacks - The Next generation, ESET LLCInfosec Europe
 
Securing future connected vehicles and infrastructure
Securing future connected vehicles and infrastructureSecuring future connected vehicles and infrastructure
Securing future connected vehicles and infrastructureAlan Tatourian
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen MillerAVEVA
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesIşınsu Akçetin
 

Recommended

RSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackRSAC 2021 Spelunking Through the Steps of a Control System Hack
RSAC 2021 Spelunking Through the Steps of a Control System HackDan Gunter
 
Defcon 23 - Chris Sistrunk - nsm 101 for ics
Defcon 23 - Chris Sistrunk - nsm 101 for ics Defcon 23 - Chris Sistrunk - nsm 101 for ics
Defcon 23 - Chris Sistrunk - nsm 101 for ics Felipe Prado
 
Webinar on identifying, preventing and securing against the unidentifiable at...
Webinar on identifying, preventing and securing against the unidentifiable at...Webinar on identifying, preventing and securing against the unidentifiable at...
Webinar on identifying, preventing and securing against the unidentifiable at...Intergence Ltd.
 
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul ComerfordPROFIBUS and PROFINET InternationaI - PI UK
 
Infrastructure Attacks - The Next generation, ESET LLC
Infrastructure Attacks - The Next generation, ESET LLCInfrastructure Attacks - The Next generation, ESET LLC
Infrastructure Attacks - The Next generation, ESET LLCInfosec Europe
 
Securing future connected vehicles and infrastructure
Securing future connected vehicles and infrastructureSecuring future connected vehicles and infrastructure
Securing future connected vehicles and infrastructureAlan Tatourian
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen MillerAVEVA
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesIşınsu Akçetin
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】Hacks in Taiwan (HITCON)
 
Cyber Deception After Detection: Safe Observation Environment Using Software ...
Cyber Deception After Detection: Safe Observation Environment Using Software ...Cyber Deception After Detection: Safe Observation Environment Using Software ...
Cyber Deception After Detection: Safe Observation Environment Using Software ...Shimanaka Tohru
 
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...Shimanaka Tohru
 
How PUF Technology is Securing Io
How PUF Technology is Securing IoHow PUF Technology is Securing Io
How PUF Technology is Securing IoAbacus Technologies
 
Security in embedded systems
Security in embedded systemsSecurity in embedded systems
Security in embedded systemsRaghav S
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA SecurityNarinrit Prem-apiwathanokul
 
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...Marina Krotofil
 
SoleraNetworks
SoleraNetworksSoleraNetworks
SoleraNetworksJoe Levy
 
Secure Embedded Systems
Secure Embedded SystemsSecure Embedded Systems
Secure Embedded SystemsInformatik-Forum Stuttgart e.V.
 
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюNFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюPositive Hack Days
 
CS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsevCS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsevMarina Krotofil
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System SecurityAdel Barkam
 
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Positive Hack Days
 
Using Genetic algorithm for Network Intrusion Detection
Using Genetic algorithm for Network Intrusion DetectionUsing Genetic algorithm for Network Intrusion Detection
Using Genetic algorithm for Network Intrusion DetectionSagar Uday Kumar
 
Core security utcpresentation962012
Core security utcpresentation962012Core security utcpresentation962012
Core security utcpresentation962012Seema Sheth-Voss
 
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...Marina Krotofil
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systemsAlan Tatourian
 
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)sequi_inc
 
Day1
Day1Day1
Day1Jai4uk
 
Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive softwareAlan Tatourian
 
Starting up at Stanford
Starting up at StanfordStarting up at Stanford
Starting up at StanfordJason Shen
 
Sf pub presentation
Sf pub presentationSf pub presentation
Sf pub presentationJason Shen
 

More Related Content

What's hot

【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】Hacks in Taiwan (HITCON)
 
Cyber Deception After Detection: Safe Observation Environment Using Software ...
Cyber Deception After Detection: Safe Observation Environment Using Software ...Cyber Deception After Detection: Safe Observation Environment Using Software ...
Cyber Deception After Detection: Safe Observation Environment Using Software ...Shimanaka Tohru
 
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...Shimanaka Tohru
 
Security in embedded systems
Security in embedded systemsSecurity in embedded systems
Security in embedded systemsRaghav S
 
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...Marina Krotofil
 
SoleraNetworks
SoleraNetworksSoleraNetworks
SoleraNetworksJoe Levy
 
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюNFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюPositive Hack Days
 
CS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsevCS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsevMarina Krotofil
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System SecurityAdel Barkam
 
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Positive Hack Days
 
Using Genetic algorithm for Network Intrusion Detection
Using Genetic algorithm for Network Intrusion DetectionUsing Genetic algorithm for Network Intrusion Detection
Using Genetic algorithm for Network Intrusion DetectionSagar Uday Kumar
 
Core security utcpresentation962012
Core security utcpresentation962012Core security utcpresentation962012
Core security utcpresentation962012Seema Sheth-Voss
 
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...Marina Krotofil
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systemsAlan Tatourian
 
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)sequi_inc
 
Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive softwareAlan Tatourian
 

What's hot (20)

【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
 
Cyber Deception After Detection: Safe Observation Environment Using Software ...
Cyber Deception After Detection: Safe Observation Environment Using Software ...Cyber Deception After Detection: Safe Observation Environment Using Software ...
Cyber Deception After Detection: Safe Observation Environment Using Software ...
 
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...
 
How PUF Technology is Securing Io
How PUF Technology is Securing IoHow PUF Technology is Securing Io
How PUF Technology is Securing Io
 
Security in embedded systems
Security in embedded systemsSecurity in embedded systems
Security in embedded systems
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA Security
 
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
If I Were MITRE ATT&CK Developer: Challenges to Consider when Developing ICS ...
 
SoleraNetworks
SoleraNetworksSoleraNetworks
SoleraNetworks
 
Secure Embedded Systems
Secure Embedded SystemsSecure Embedded Systems
Secure Embedded Systems
 
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюNFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
 
CS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsevCS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsev
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System Security
 
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
 
Using Genetic algorithm for Network Intrusion Detection
Using Genetic algorithm for Network Intrusion DetectionUsing Genetic algorithm for Network Intrusion Detection
Using Genetic algorithm for Network Intrusion Detection
 
Core security utcpresentation962012
Core security utcpresentation962012Core security utcpresentation962012
Core security utcpresentation962012
 
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
 
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)
 
Day1
Day1Day1
Day1
 
Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive software
 

Viewers also liked

Starting up at Stanford
Starting up at StanfordStarting up at Stanford
Starting up at StanfordJason Shen
 
Sf pub presentation
Sf pub presentationSf pub presentation
Sf pub presentationJason Shen
 
Emptying the Cup : Remake Media Talk
Emptying the Cup : Remake Media TalkEmptying the Cup : Remake Media Talk
Emptying the Cup : Remake Media TalkJason Shen
 
Manbadges: A 2010 Startup Weekend Project
Manbadges: A 2010 Startup Weekend ProjectManbadges: A 2010 Startup Weekend Project
Manbadges: A 2010 Startup Weekend ProjectJason Shen
 
Gumball Capital's SD Forum Presentation: Microfinance and Technology
Gumball Capital's SD Forum Presentation: Microfinance and TechnologyGumball Capital's SD Forum Presentation: Microfinance and Technology
Gumball Capital's SD Forum Presentation: Microfinance and TechnologyJason Shen
 
I've Heard Great Things About You: A nondouchey guide to personal branding an...
I've Heard Great Things About You: A nondouchey guide to personal branding an...I've Heard Great Things About You: A nondouchey guide to personal branding an...
I've Heard Great Things About You: A nondouchey guide to personal branding an...Jason Shen
 
How to be a Better Student Leader
How to be a Better Student LeaderHow to be a Better Student Leader
How to be a Better Student LeaderJason Shen
 

Viewers also liked (8)

Starting up at Stanford
Starting up at StanfordStarting up at Stanford
Starting up at Stanford
 
Sf pub presentation
Sf pub presentationSf pub presentation
Sf pub presentation
 
Emptying the Cup : Remake Media Talk
Emptying the Cup : Remake Media TalkEmptying the Cup : Remake Media Talk
Emptying the Cup : Remake Media Talk
 
Manbadges: A 2010 Startup Weekend Project
Manbadges: A 2010 Startup Weekend ProjectManbadges: A 2010 Startup Weekend Project
Manbadges: A 2010 Startup Weekend Project
 
Gumball Capital's SD Forum Presentation: Microfinance and Technology
Gumball Capital's SD Forum Presentation: Microfinance and TechnologyGumball Capital's SD Forum Presentation: Microfinance and Technology
Gumball Capital's SD Forum Presentation: Microfinance and Technology
 
PITCH UP don't pickup
PITCH UP don't pickupPITCH UP don't pickup
PITCH UP don't pickup
 
I've Heard Great Things About You: A nondouchey guide to personal branding an...
I've Heard Great Things About You: A nondouchey guide to personal branding an...I've Heard Great Things About You: A nondouchey guide to personal branding an...
I've Heard Great Things About You: A nondouchey guide to personal branding an...
 
How to be a Better Student Leader
How to be a Better Student LeaderHow to be a Better Student Leader
How to be a Better Student Leader
 

Similar to Stanford Cybersecurity January 2009

Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckSecurity Innovation
 
Automotive security (cvta)
Automotive security (cvta)Automotive security (cvta)
Automotive security (cvta)Alan Tatourian
 
IoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsIoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsEric Larcheveque
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)mike parks
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
A modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systemsA modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systemsAlane Moran
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solutionmatthew.maisel
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cCharles Li
 
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaEvolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaAngeloluca Barba
 
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...Mark Underwood
 
[GITSN] wireless data security system
[GITSN] wireless data security system[GITSN] wireless data security system
[GITSN] wireless data security system운상 조
 
Vishwanath rakesh ece 561
Vishwanath rakesh ece 561Vishwanath rakesh ece 561
Vishwanath rakesh ece 561RAKESH_CSU
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Ahmed Mohamed Mahmoud
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 
Proving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsProving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsAshley Zupkus
 

Similar to Stanford Cybersecurity January 2009 (20)

Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality Check
 
Cybersecurity - Jim Butterworth
Cybersecurity - Jim ButterworthCybersecurity - Jim Butterworth
Cybersecurity - Jim Butterworth
 
Automotive security (cvta)
Automotive security (cvta)Automotive security (cvta)
Automotive security (cvta)
 
IoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsIoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutions
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
 
A modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systemsA modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systems
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solution
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
Cyber tooth briefing
Cyber tooth briefingCyber tooth briefing
Cyber tooth briefing
 
Io t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425cIo t security defense in depth charles li v1 20180425c
Io t security defense in depth charles li v1 20180425c
 
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaEvolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
 
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
 
[GITSN] wireless data security system
[GITSN] wireless data security system[GITSN] wireless data security system
[GITSN] wireless data security system
 
Vishwanath rakesh ece 561
Vishwanath rakesh ece 561Vishwanath rakesh ece 561
Vishwanath rakesh ece 561
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles
 
Proving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsProving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEs
 

Recently uploaded

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 

Recently uploaded (20)

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 

Stanford Cybersecurity January 2009

  • 1. Cybersecurity Peter L. Levin Consulting Professor January 2009
  • 2.
  • 3.
  • 4. “It is a battle we are loosing”
  • 5.
  • 7. “ several Georgian state computers [were] under external control” So they moved websites to Google:
  • 8. P2P uses as much as 60% of Internet Bandwidth P2P networks offer an easy way to disguise illegitimate payloads using sophisticated protocols, and can divert network traffic to arbitrary ports From Spector 360
  • 10. Cracked in ten seconds for $10,000
  • 11.
  • 13. Hardware Sabotage “The most monumental non-nuclear explosion ever seen from space” was reportedly caused by the US in a Soviet commercial gas pipeline. An Israeli bombing raid on a suspected Syrian nuclear facility was (allegedly!) due to a “kill switch” that turned off surveillance radar.
  • 15.
  • 16. Chip-Making in Four Easy Steps RTL & Layout Design Mask Creation Logic Circuit Design Function Specification Thanks to Grace and Sherman for this slide
  • 17. Chip-Level Hardware Assurance Graphic from Sally Adee, IEEE Spectrum authenticity and provenance mechanical compromise add extra wires add extra transistors
  • 18. “ Your Hands Can’t Hit What Your Eyes Can’t See” DAFCA provides on-chip, at-speed, in-system visibility
  • 19.
  • 20.
  • 21.
  • 22.
  • 23. An Instrumented GPS Chip Trace RAM (1k x 128) Transaction Engine PTE TRACER LCD_MUX CB1_MUX aligner 4-fifo grp_lcd_out grp_lcd_fifo_rd2 grp_lcd_fifo_rd1 grp_lcd_fifo_rd3 grp_lcd_rgb grp_arm_i grp_arm_r_0 grp_usb_slv grp_usb_mstr 125 125 125 FINAL_SPN 125 CB2_MUX 125 CB3_MUX 125 125 GP_IN 2 valid bit valid bit Observation Bus = 125 (probe grp) + 2 Valid + 1 Time Stamp = 128 bit 1 valid for domain crossing of 10Mhz to 166MHz 1 valid for domain crossing of 83KHz to 166MHz SPN NETWORK 166MHz 10MHz 1 valid bit 1 valid bit 125 CDC_LCD 166MHz 166MHz CAPSTIM aligner Trace RAM (1k x 128)
  • 24. The Road Ahead abstraction Detected Violation Software objects, pointers, calls, register writes Bus cycles, arbitration policies, event sequencing On-Chip cycle protocols and timing T T T T T T T T T T T T T T T T T T T Bus Protocol Assertions Static Mode Selects Exception Generators Memory Checkers Performance Monitors Traffic Generators Event Sequencing Boot-up System Software Application Software O c D observe characterize detect observe characterize detect
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.