How the FreeBSD Project Works
Google engEDU
51 min – Jun 20, 2007

Google Tech Talks
June 20, 2007

ABSTRACT

The FreeBSD Project is one of the oldest and most successful open source operating system projects, seeing wide deployment across the IT industry. From the root name servers, to top tier ISPs, to core router operating systems, to firewalls, to embedded appliances, you can’t use a networked computer for ten minutes without using FreeBSD dozens of times. Part of FreeBSD’s reputation for quality and reliability comes from the nature of its development organization–driven by a hundreds of highly skilled volunteers, from high school students to university professors. And unlike most open source projects, the FreeBSD Project has developers who have been working on the same source base for over twenty years. But how does this organization work? Who pays the bandwidth bills, runs the web servers, writes the documentation, writes the code, and calls the shots? And how can developers in a dozen time zones reach agreement on the time of day, let alone a kernel architecture? This presentation will attempt to provide, in 45 minutes, a brief if entertaining snapshot into what makes FreeBSD run.

Speaker: Robert Watson
Robert Watson is a researcher at the University of Cambridge Computer Laboratory investinging operating system and network security. Prior to joining the Computer Laboratory to work on a PhD, he was a Senior Principal Scientist at McAfee Research, now SPARTA ISSO, a leading security research and development organization, where he directed government and commercial research contracts for customers that include DARPA, the US Navy, and Apple Computer. His research interests include operating system security, network stack structure and performance, and windowing system structure. He is also a member of the FreeBSD Core Team and president of the FreeBSD Foundation. Read the rest of this entry »

The Virus Safe Computing Initiative at HP Labs
Google engEDU
59 min – Jul 5, 2006

Google TechTalks
July 5, 2006

Alan Karp

Principle Scientist Hewlett-Packard Laboratories Dr. Karp has been leading the Virus Safe Computing Initiative at HP Labs since 2003. He served as Chief Scientist of HP’s E-speak Operation from June 1999 until April 2000, at which time he returned to HP Laboratories to work on automated negotiation. Before working on E-speak, Dr. Karp participated in developing the EPIC chip architecture, the basis of Intel’s Itanium line.

ABSTRACT
HP Labs encourages activities considered to be outside the mainstream. Our group, the Virus Safe Computing Initiative, takes a view of security that is quite different from that of the official HP and HP Labs security teams. This talk will explore the concept of Authorization Based Access Control (ABAC) and demonstrate a number of novel technologies that emerge from this school of thought.

Our primary project is Polaris, a virus safe computing environment for Windows. Derived from the ABAC-based CapDesk system described in a later talk in this series, Polaris limits the potential damage of many common attacks. The result is a computing system with far less damage from malicious code you may happen to run, fewer security dialog boxes to interfere with your work, and more functionality, such as the freedom to launch executable attachments from email without risking your machine. Read the rest of this entry »

What Every Engineer Needs to Know About Security and Where to Learn It
Google engEDU
49 min – Jul 10, 2007

Google Tech Talks
July 10, 2007

ABSTRACT

This talk discusses recent trends in security, and what every engineer needs to know to prevent the most significant emerging threats such as cross-site scripting and SQL injection attacks. Just as every engineer might use object-oriented design principles to achieve extensibility and re-usability, every engineer needs to employ principles such as the principle of least privilege, fail-safe stance, and protecting against the weakest link to achieve security. Instead of focusing on "tips" and "tricks" that allow you to "band-aid" the security of your systems, we discuss how to derive defenses based on the application of security principles, such that you can determine how to deal with new threats as they come along or application-specific threats that might be relevant to your domain. Finally, we present some statistics on the current state of software security vulnerabilities, and discuss existing and upcoming challenges in the field of software security.

Speaker: Neil Daswani Read the rest of this entry »

Web Services Middleware: All Grown Up!
Google engEDU
47 min – Nov 8, 2006

Google Tech Talks
November 8, 2006

ABSTRACT
The term Web services carries the connotation of (slowly) doing RPC over SOAP. While many original SOAP toolkits supported and promoted that model (including Apache SOAP which I created), that is not at all what Web services are about. Apache’s history with Web services has seen three generations of efforts: Apache SOAP, Apache Axis and now Apache Axis2.

Axis2 is fundamentally different: instead of treating XML as a hot potato that must be replaced with a language structure immediately, it treats XML lovingly and offers a very clean processing model for XML. Of course it does support data binding for those that want to look a the XML as objects but the core of Axis2 is a pure XML processing architecture.

Axis2 is the basis of a new kind of enterprise middleware. Building on that core stack we have built support for the entire security protocol (Apache Rampart and Rahas) set as well as for reliability (Apache Sandesha) and transactions (Apache Kandula). Apache Synapse is providing ESB like message and service mediation capabilities on top of Axis2.

Axis2 supports both WS-* style services as well as XML-over-HTTP (POX) style services. We’re also working on JSON support and a host of other cool stuff. We support HTTP, SMTP and JMS with other transports on the way (including XMPP).

The Axis2 architecture is being implemented in both Java and C, with the C version bound to PHP and other scripting languages as well as Firefox, IE and other hosts.

In this talk we will introduce the new generation of Apache Web services middleware. Read the rest of this entry »

Searching For Evil
Google engEDU
1 hr – Aug 23, 2007

Google Tech Talks
August 23, 2007

ABSTRACT

Computer security has recently imported a lot of ideas from economics, psychology and sociology, leading to fresh insights and new tools. I will describe one thread of research that draws together techniques from fields as diverse as signals intelligence and sociology to search for artificial communities.

Evildoers online divide roughly into two categories – those who don’t want their websites to be found, such as phishermen, and those who do. The latter category runs from fake escrow sites through dodgy stores to postmodern Ponzi schemes. A few of them buy ads, but many set up fake communities in the hope of having victims driven to their sites for free. How can these reputation thieves be detected?

Some of our work in security economics and social networking may give an insight into the practical effects of network topology. These tie up in various ways with traffic analysis, long used by the signals intelligence agencies which trawl the airwaves and networks looking for interesting targets. I’ll describe a number of dubious business enterprises we’ve unearthed. Recent advances in algorithms, such as Newman’s modularity matrix, have increased the robustness of covert community detection. But much scope remains for wrongdoers to hide themselves better as they become topologically aware; we can expect attack and defence to go through several rounds of coevolution. I’ll therefore end up by talking about some strategic issues, such as the extent to which search engines and other service providers could, or should, share information in the interests of wickedness detection.

Speaker: Ross Anderson
Ross Anderson is one of the top security researchers in the world. Read the rest of this entry »