[Owasp-SFL] South Florida OWASP July Meeting - July 17, 2013, Nova Southeastern University, 5 pm

South Florida OWASP sfl.owasp at gmail.com
Mon Jul 8 01:59:08 UTC 2013

Join us for our July meeting where we will have a great talk from local
Information Security researchers breaking new ground in cloud security.
Please note that the scheduled talk is for 60 minutes. We will have a
networking event after as usual.

Talk 1: A Security Reference Architecture for Cloud Systems*

Reference architectures (RAs) are becoming useful tools to understand and
build complex systems and many cloud providers and software product vendors
have developed versions of them. However, until now few security reference
architectures have appeared. Almost all of them use rather imprecise models
and this appears to be the first attempt to define them more precisely. We
propose here a Security Reference Architecture (SRA) defined using UML models
and incorporating our approach to build secure systems. By SRA we mean a RA
where security services have been added in appropriate places to provide
some degree of security for the complete cloud environment. We use as
starting point our own cloud reference architecture and we combine security
patterns and misuse patterns to build a secure reference architecture. By
checking if a threat, expressed as a misuse pattern, can be stopped or
mitigated in the secure reference architecture, we can evaluate its level
of security. We have done a systematic enumeration of cloud threats and
have started building a catalog of cloud misuse patterns; with a complete
catalog we can apply them systematically and use the reference architecture
to find where we should add corresponding security patterns to stop them.
We are also building a catalog of cloud security patterns; security
patterns join the extensive knowledge accumulated about security with the
structure provided by patterns to provide guidelines for secure system design
and evaluation.


Eduardo B. Fernandez is a professor in the Department of Computer Science
and Engineering at Florida Atlantic University, Boca Raton, Florida. He is
now a Visiting Professor at Universidad Tecnica Federico Santa María,
Valparaiso, Chile. He has published numerous papers on security models, and
object-oriented analysis/design, including two books on security patterns.
He has lectured all over the world at both academic and industrial
meetings. His current interests include software architecture, cloud
computing, and security patterns. He holds a MS degree in Electrical
Engineering from Purdue University and a Ph.D. in Computer Science from
UCLA. He is a Senior Member of the IEEE, and a Member of ACM. He is an
active consultant for industry. More details: http://www.cse.fau.edu/~ed

*Facility Location: *

Carl DeSantis Building, Main Davie Campus
Room 1124 Knight Lecture Hall Auditorium
3301 College Ave Fort Lauderdale,
FL 33314-7796

Phone: 800-541-NOVA (6682)

FREE CPE CREDITS! Did you know you earn 2 CPE credits for attending an
OWASP Meeting? It's true! Join us to feed your certs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-florida/attachments/20130707/db2b0c2b/attachment.html>

More information about the Owasp-florida mailing list