Tutorial at OSCON 2003
I will be presenting a tutorial session at OSCON 2003 with EFF Senior Staff Attorney Lee Tien
Details on the tutorial are below:
Who Watches the Watchers: Developing "Translucent" Applications that Protect Sensitive Data
Applications that collect, store, and manage sensitive data often rely on combinations of application-level security mechanisms and role-based access controls to protect the data. This strategy does not fully address the real issues surrounding the storage of sensitive data–the issue of protecting the data, rather than just restricting access to it. By focusing on protecting the data, instead of the application, we can reduce or eliminate the damage done when the application is compromised or access to it is abused.
In this tutorial, Greant introduces the concept of "translucent"* information protection methods, teaching the attendee how to create applications that use combinations of cryptographic mechanisms, lossy data storage, quantization, denormalization, and good-old-fashioned misdirection to protect the security and privacy of their users.
The approach described also works to reduce the liability, application administration and data management concerns of the application's developers, managers and providers.
Link Summary
Related posts
Posted on Tuesday, June 3rd, 2003 at 23:00
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.