Security in the Real World
Java was built with security in mind and is now the engine powering a huge number of business-critical systems. With this visibility and opportunity come attacks, and this session goes through the current state of security in Java and discusses some of the attack vectors. It also talks about the real-world challenges in getting security fixes out quickly. Finally, it touches on hardware cryptography. Come learn more about the reality of security today and take away a better awareness of exactly how Java helps protect you.
Target Audience: architects, developers, operations
Prerequisites: Java basics, Systems architecture basics
You will learn:
Review the current state of security in Java
Learn recent Java attack vectors of concern
Become aware of the processes followed to address Java security vulnerabilities in a timely manner
Usable Security is the conjunction of computer security and human-computer interaction. The idea is to address the human factor, often called the "weakest link" in the security of any system. Throughout the last decade, much work has been done to improve the human factors across a broad range of security topics. Some work addresses end-user issues, but now work is addressing enterprise security management. In this session, the principles will be introduced, and research results outlined. Finally, practical guidelines will be identified.
Target Audience: Requirements Analysts, Managers, Designers, Developers
Prerequisites: Basic knowlege of enterprise systems
You will learn:
Identify opportunities for usable security improvement
Understand how human-factors design can improve security
Usable Security is the conjunction of computer security and human-computer interaction. The idea is to address the human factor, often called the "weakest link" in the security of any system. Throughout the last decade, much work has been done to improve the human factors across a broad range of security topics. Some work addresses end-user issues such as passwords, making strong passwords easier to remember. End-user issues can also go deeper, for example making email encryption easier. Other work addresses enterprise issues such as access control. Some work is starting to address operations management issues, such as security visualization, and operating centre management. Also, there are efforts to improve security human-factors for developers, helping avoid coding that may lead to security problems. In this session, the basic principles will be introduced, and the broad range of research efforts will be outlined. Some case studies will be explored in more depth. Finally, some guidelines will be identified, along with an agenda for progress.