A few days ago my book titled “The IoT Architect’s Guide to Attainable Security & Privacy” was released. I had the pleasure of writing it with my friends, David M. Wheeler and JC Wheeler. In the book, we describe how to architect and design IoT (Internet of Things) systems that preserve security and uphold privacy. I’d like to give a brief overview of what we share in the book and what a reader can learn, but before we go into …
Category: Information Security
*This article was first published by Edward Dixon, Alex Ott, and Damilare Fagbemi on Medium. Machine Learning As A Service (MLaaS) is the latest variation in the trend of offering software services via the cloud. From the software vendor’s perspective, a significant advantage of the cloud model of software delivery, is the prevention of software piracy. Software delivery via the cloud eliminates the need to deliver software binaries or code directly to end users. This usually means that vendors need …
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Importantly, the GDPR also …
I recently came across the Cloud Security Alliance (CSA) and their comprehensive guide for securing cloud computing. CSA is a non-profit with about 80,000 members, that’s been in existence for almost a decade and has chapters across the world. NIST (the US National Institute for Science and Technology) defines Cloud computing thus: Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that …
It has been a while since I’ve had a chance to blog, and I have missed it. However, a good chunk of my writing cycles have been spent chugging away at a book! It’s titled, you guessed it… Designing Secure IoT Systems. The promise of the Internet of Things (IoT) is that computers combined with sensors can help us to effectively analyze, understand, and respond to a variety of situations in our daily lives and work. IoT, with its network of powerful …
A few days ago, news broke concerning the unintended exposure of US Military around the world, due to a fitness tracker which allows it’s users to share their exercises and exercise locations. Perhaps even more disconcerting is that in this case, the fitness tracker or wearable (which is paired with the user’s smartphone) seems to have default settings that enable such sharing. Privacy problems introduced by location aware technology is not new. Research into mobile applications have revealed privacy concerns …
On Wednesday, January 3, 2018, security researchers announced a series of security vulnerabilities that affect most of the world’s microprocessors (CPUs), going back about 20 years. Unsurprisingly, it’s caused a major firestorm in the media, and although I’m a little tongue-tied on this one – as some might have guessed – it’s well worth it to provide a high level overview and link repository. Summarily, the vulnerability means that due to the way modern microprocessors schedule and execute instructions, it …
As 2017 draws to a close, I find myself reminiscing about major application security risks today. Unsurprisingly, I recall the OWASP Top 10, which has become a de facto standard for web application security. In the Information Security industry, it is well known that once a web application or service is hosted, it is likely to be automatically probed for security flaws – and perhaps compromised – within hours. This year, the OWASP Top Ten was revamped to cater to …
Neural networks are a set of algorithms, modeled loosely after the human brain, that are designed to recognize patterns. They interpret sensory data through a kind of machine perception, labeling or clustering raw input. The patterns they recognize are numerical, contained in vectors, into which all real-world data, be it images, sound, text or time series, must be translated. deeplearning4j.org… a great resource for concepts, architectures, and tools. Neural networks (also referred to as deep neural networks or deep learning) …
Most software projects, especially those that are considered to be particularly valuable to attackers should go through the Threat Modeling and Security Architecture Review activities of the Secure Development Life cycle. Threat Modeling is a process by which potential threats can be identified, enumerated, and prioritized – all from a hypothetical attacker’s point of view. Security architecture review involves the analysis of the architectural and design solutions that mitigate threats identifies in the Threat Model. Good architecture diagrams are vital to effective …
