Loading…
Shanghai, China
June 24–26, 2019
Click here for more information and registration

Simultaneous translation will be provided for all keynote and breakout sessions.
我们将为所有主题演讲和分组会议提供同声传译服务。

To view the Chinese version of this schedule please go here.
请点击此处查看中文版本。

Venue + Sponsor Showcase Map
场馆 + 赞助商展示区地图

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

OSS - Security + Safety [clear filter]
Tuesday, June 25
 

13:35

Exploiting Buffer Overflows on RISC-V - Christina Quast, Independent
Almost 10 years ago, work on the RISC-V ISA specification began. Since around a year, we had the first hardware showing up, and since this year, this hardware is even affordable. With this development, the first products and also the first exploits will show up.

This talk will give an introduction to the RISC-V architecture and how exploitation differs from Intel and ARM. Afterward, examples of how to overflow a buffer, create shellcode in assembler language, and finally, how to perform ret2libc are shown. Basic understanding of assembly and C is a plus. 

Speakers
avatar for Christina Quast

Christina Quast

Embedded Linux Engineer, NULL
Christina has recently finished her Master's Degree in Electrical Engineering at TU Berlin and is since working as an Embedded Systems Engineer. She has been attending IT Security Conferences and playing IT Security CTFs for several years, and is currently working as an Embedded Systems... Read More →



Tuesday June 25, 2019 13:35 - 14:10
0.99506172839506

18:15

OpenSSL Hardware Offload Enhancement - Ping Yu, Intel
TLS traffic in Internet grows fast, and web gateway nowadays has the increasing demand to accelerate the cryptography operation in TLS. OpenSSL is widely deployed in industry as a de facto SSL/TLS implementation. In latest OpenSSL, an asynchronous acceleration framework is designed and implemented, which consists of a new ASYNC library, enhanced TLS stack and engines. In this talk, we will recap our practical experience to utilize and enhance this framework to enable a high performance and low CPU utilization acceleration TLS engine in Nginx and Fd.io/VPP. We will share how we resolve the challenge in enterprise-grade deployment such as CPU/memory consumption, user private key protection, and finally present the enhancement we recently made for a more efficient and high-performance kernel bypass asynchronous communication mechanism which is now merged to OpenSSL 3.0.0 master branch.

Speakers
avatar for Ping Yu

Ping Yu

Sr. Software Engineer, Intel
Ping Yu is a senior software engineer of Network Platform Group at Intel Data Center Group. He is now working on fd.io/VPP projects as TLS maintainers. He is mainly engaged in research work in DPDK, Packet processing, openssl, VPP Crypto, and he also has several years’ experience... Read More →


Tuesday June 25, 2019 18:15 - 18:50
617
 
Wednesday, June 26
 

09:45

The Challenge and Solutions to Implement DevSecOps into Large Banks - Jihai Zhou & Weiqiang Yang, HSBC
As one of the largest banks in the world, we have run a few years DevOps program in HSBC Technology to establish DevOps culture and mindset between teams. Since 2018, we starts to integrate Cyber Security into DevOps culture by running DevSecOps program. We aim to shift left the Cyber security mindset to the development teams through promoting DevSecOps tools combined with the relevant training.

In this presentation, we will share how to integrate DevSecOps tools, such as Checkmarx, Contrast and Sonatype IQ into development CICD pipeline to produce vulnerability dashboard

In addition, we will demonstrate three different ways to provide cyber security training to help development teams gradually grow their knowledge to have the capability to fix the vulnerability reported by DevSecOps tools, as well as establishing the brand new mindset over the time

Speakers
JZ

JIHAI ZHOU

Head of DevOps HSBC China GBM, HSBC
Jihai graduated from Imperial College London as a PhD. After that, he have ever worked in different global large banks, such as RBS, UBS, Barclays and HSBC. He started to work on DevOps since 2012 as the DevOps Lead/Champion in Barclays bank in the UK. Jihai has much experience on... Read More →
WY

Weiqiang Yang

Head of Application Security China
A Technical information / Cyber Security Professional with 15 + years experience in a large global bank, to stop the bad guys. Mainly focusing on risk assessment and security assurance function., and with wider focus on driving the assurance services framework adoption throughout... Read More →



Wednesday June 26, 2019 09:45 - 10:20
610-611

11:20

A New Secure Container Solution on Arm Platform: gVisor - Bin Lu, Arm
Google has released gVisor in 2018, a new kind of sandbox that can be used to provide secure
isolation for containers that is less resource intensive than running a full virtual machine (VM).

At its core, gVisor is an open source user-space kernel, written in Go,
that implements a substantial portion of the Linux system surface.
It includes an Open Container Initiative (OCI) runtime called runsc that provides an isolation boundary between the application and the host kernel.
The runsc runtime integrates with Docker and Kubernetes, making it simple to run sandboxed container.

Now, we have enabled gVisor on Arm64 platform. In this presentation, we will introduce and show our progress.
Also, we will show a demo of gVisor on Arm64 platform (ptrace & kvm).

Speakers
avatar for Bin Lu

Bin Lu

staff software engineer, ARM
Currently, Bin Lu is working for Arm. His previous employer is IBM. In Arm & IBM, Bin Lu is focus on the area of container platform. His job includes the following: system architecture design, development and optimization for open-source community. Also, he has a deep background in... Read More →


Wednesday June 26, 2019 11:20 - 11:55
431

12:05

Developing Open Source for Safety and Security - Kate Stewart, Linux Foundation
Open source projects thrive when they can accept great ideas and developers are able to extend the code to “scratch their itch”. Developing safety critical applications, on the other hand, requires rigorous processes to make sure they won’t fail in critical ways and there’s a high threshold before change is accepted. Linux and Zephyr are both working towards achieving Safety Certifications with different approaches. Zephyr is designed for devices where Linux is too big to fit, or have long battery life needs. This talk will summarize the current state of Zephyr and the project’s plans for going after Functional Safety certifications in 2019 while still handling any potential security issues. This will be contrasted with the ELISA project and how the team on ELISA is working towards new processes and tools to help Linux become certified for use in functional safety applications.

Speakers
avatar for Kate Stewart

Kate Stewart

Senior Director of Strategic Programs, Linux Foundation
Kate Stewart is a Senior Director of Strategic Programs, responsible for Embedded and Open Compliance programs. Since joining The Linux Foundation, she has launched Real-Time Linux, Zephyr Project, CHAOSS, and ELISA.



Wednesday June 26, 2019 12:05 - 12:40
431