Difference between revisions of "AFSecurity Seminar"

From mn/ifi/AFSecurity
Jump to: navigation, search
Line 1: Line 1:
== Virtual-Machine Security ==
+
== Security Evaluation ==
  
'''DATE:''' Tuesday 5 April 2016. 14:00h
+
'''DATE:''' Thursday 26 May 2016. 14:00h
  
 
'''LOCATION:''' Kristen Nygaards sal (room 5370), Ole Johan Dahl's House.
 
'''LOCATION:''' Kristen Nygaards sal (room 5370), Ole Johan Dahl's House.
Line 9: Line 9:
 
14:00h Welcome at IFI
 
14:00h Welcome at IFI
  
14:15h Talk: ''IncludeOS and unikernels: Minimal, resource efficient virtual machines - Are they secure?''
+
14:15h Talk: ''Assured IT Security through Evaluation and Certification''
  
 
15:00h Discussion
 
15:00h Discussion
  
'''SPEAKER:''' Alfred Bratterud (HiOA)  
+
'''SPEAKER:''' Helge Furuset (NSM)  
  
 
'''ABSTRACT:'''
 
'''ABSTRACT:'''
Unikernels are getting known as single address space machine images, created using library operating systems. In practice they are used to wrap a single service inside a virtual machine without the significant overhead of a general purpose operating system such as Linux or Windows. IncludeOS is a recent addition to the unikernel family developed at HiOA and written from scratch in C++ . While the most well known unikernel projects target Xen paravirtualization, IncludeOS is developed for x86 hardware virtualization. In this talk we give an overview of the IncludeOS architecture compared with other unikernel projects, with an emphasis on identifying potential security benefits.
+
The talk will give an introduction to the Norwegian Certification Authority for IT Security (SERTIT), how evaluation and certification of IT security are done, and how authorities, certification bodies, evaluation labs and industry work together through the Common Criteria Recognition Arrangement (CCRA) to develop security requirements, evaluate security functionality and provide recognition of security certificates across national borders. The talk will be relevant for procurers requiring secure products, vendors who needs a competitive advantage by getting security functionality certified and developers who want to know how to get assurance that adequate security requirements are met.
  
 
'''SPEAKER BIO:'''
 
'''SPEAKER BIO:'''
Alfred Bratterud has a Master's degree in mathematical logic from the Informatics Department at the University of Oslo.  Since 2011 he has been employed as assistant professor at Oslo and Akershus University College of Applied science, the largest institution for engineering education in Norway, where he teaches C++. Currently, Alfred is doing a PhD project in the area of cloud computing under the working title "Resource efficient Cloud Computing using minimal virtual machines", which has led to the creation of IncludeOS. Alfred has recently received a grant from the Norwegian research council to further develop IncludeOS, and his main focus is currently to lead this work.
+
Helge R. Furuseth is Head of Section for Security Accreditation and Certification in the Norwegian National Security Authority (NSM) where he has worked for the last five years. He has previous experience in ICT and information security from the Norwegian central government administration office. Helge holds a Master's degree in Computer Science from the Norwegian University of Science and Technology and a MPhil degree in e-Government Studies from the University of Oslo.

Revision as of 20:13, 9 May 2016

Security Evaluation

DATE: Thursday 26 May 2016. 14:00h

LOCATION: Kristen Nygaards sal (room 5370), Ole Johan Dahl's House.

AGENDA:

14:00h Welcome at IFI

14:15h Talk: Assured IT Security through Evaluation and Certification

15:00h Discussion

SPEAKER: Helge Furuset (NSM)

ABSTRACT: The talk will give an introduction to the Norwegian Certification Authority for IT Security (SERTIT), how evaluation and certification of IT security are done, and how authorities, certification bodies, evaluation labs and industry work together through the Common Criteria Recognition Arrangement (CCRA) to develop security requirements, evaluate security functionality and provide recognition of security certificates across national borders. The talk will be relevant for procurers requiring secure products, vendors who needs a competitive advantage by getting security functionality certified and developers who want to know how to get assurance that adequate security requirements are met.

SPEAKER BIO: Helge R. Furuseth is Head of Section for Security Accreditation and Certification in the Norwegian National Security Authority (NSM) where he has worked for the last five years. He has previous experience in ICT and information security from the Norwegian central government administration office. Helge holds a Master's degree in Computer Science from the Norwegian University of Science and Technology and a MPhil degree in e-Government Studies from the University of Oslo.