Security and Trust

Absolute security is a myth. You can always strive for it, but nobody will ever get there. Any time a new security mechanism is added, a new way to break it is not very far behind. Ask yourself how well 'security' has worked in the industry so far. You have to assume that your device, your network and your data has already been breached or will be soon. In the security world, this is the best position to take. In such a scenario, what you need is the ability to establish, measure, validate and report on Integrity and Trust. How do you build a model and create methods to establish trust in a device and, by extension, your entire network? Can you trust that your device, and your network, have not been tampered with and how do you detect when it has been? In this talk we will look at some recent attacks, what we can do to make it harder for the attackers, and ways to establish Trust in and verify Integrity of a device and the network. We will also look at specific technologies that can be used to practically measure and report on trust status.