1) The document discusses securing IoT devices and infrastructure through X.509 certificate-based identity and attestation, TLS-based encryption, and secure provisioning and management.
2) It describes securing the cloud infrastructure with Azure Security Center, Azure Active Directory, Key Vault, and policy-based access controls.
3) The document promotes building security into devices and infrastructure from the start through standards-based and custom secure hardware modules.
Build end-to-end solutions with BlueMix, Avi Vizel & Ziv Dai, IBMCodemotion Tel Aviv
The document discusses IBM's cloud platform Bluemix. It provides an overview of Bluemix, describing it as an open platform for developing and hosting applications that simplifies tasks associated with managing infrastructure at internet scale. Bluemix is built on IBM's Cloud Operating Environment architecture using Cloud Foundry as an open source PaaS. It enables developers to rapidly build, deploy, and manage cloud applications while tapping into available services and runtimes provided by IBM and other ecosystem partners. The document outlines some key Bluemix concepts and components such as applications, services, organizations/spaces, and buildpacks.
This document discusses implementing a smart buildings solution using IoT sensors, Azure cloud services, and open source technologies. The solution aims to increase building usage satisfaction and utilization while reducing energy and cleaning costs. It generates insights from sensor data to trigger actions like notifications. It considers using Mendix for a digital twin and visualizations, InfluxDB as a high performance time series database, and the Azure IoT platform or open source TICK stack for ingesting and analyzing IoT data. The document evaluates these options and shows a demo implementation of a smart building monitoring dashboard.
Here we go! Our Experts take on Legacy Application Modernization with Microsoft Azure.
With Microsoft Azure gaining ground in the Cloud infrastructure race, this article aims to discuss the cutting-edge features and advantages of Legacy App Modernization using Microsoft Azure and the Key things to consider when your application takes on the Azure outfit. Article below derived from the White Paper presented by our MS Azure team. Read on to explore the top ways how Application Modernization using Microsoft Azure helps you gain the competitive edge.
Read more, please visit here: https://www.optisolbusiness.com/insight/legacy-application-modernization-with-microsoft-azure
My presentation to the Cloud Foundry Foundation IoT SIG on Eclipse IoT, with particular focus on the Eclipse IoT cloud server platform.
Thanks to Benjamin Cabe (@kartben) for the materials.
The document discusses Microsoft's Azure multi-cloud and hybrid solutions. It describes how organizations' IT environments are becoming more complex with diverse infrastructure across locations, datacenters, edge devices, and public clouds. It introduces Azure Arc which allows organizations to connect and manage hybrid infrastructure as well as run Azure services across platforms. It provides an overview of Azure's capabilities for multi-cloud, hybrid, and edge computing including Azure Stack, Azure Arc, and security and management solutions for hybrid environments.
The document discusses Microsoft Azure's Internet of Things (IoT) platform and services. It describes Azure IoT Hub for reliable device connectivity and communication with the cloud. It also outlines how Azure Stream Analytics can be used to process and analyze IoT data streams from devices in real-time. Additionally, it mentions using Power BI for visualizing IoT data and gaining insights from rich dashboards.
InfoSec: Evolve Thyself to Keep Pace in the Age of DevOpsVMware Tanzu
Companies going through digital transformation initiatives need their IT organizations to support an increased business tempo. While DevOps practices have helped IT increase their pace to keep up with market dynamics, security teams still need to follow suit.
InfoSec practitioners must modernize their practices to realize efficiencies in some of their most burdensome processes, like patching, credential management, and compliance.
By embracing a ‘secure by default’ posture security teams can position themselves as enabling innovation rather than hindering it.
Join Pivotal’s Justin Smith and guest speaker, Fernando Montenegro from 451 Research, in a conversation about how security can enable innovation while maintaining best security practices. They will examine best practices and cultural shifts that are required to be secure by default, as well as the role processes and platforms play in this transition.
SPEAKERS:
Guest Speaker: Fernando Montenegro, Senior Analyst, Information Security, 451 Research
Justin Smith, Chief Security Officer for Product, Pivotal
Jared Ruckle, Product Marketing Manager, Pivotal
Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)Callon Campbell
Windows IoT is a family of products that enables rich edge devices and applications that can take full advantage of Azure IoT capabilities. We’ll explore the latest capabilities for Windows IoT, and then show how you can use all of your existing Windows development skills to create solutions ranging from fun hobby projects all the way through to critical Intelligent Edge solutions.
Architecting io t solutions with microisoft azure ignite tour versionAlon Fliess
As a cloud architect one must be familiar with the pets vs cattle metaphor (Randy Bias & Bill Baker) – in the cloud, a VM is just another expandable resource! However, an IoT system may have to manage a huge number of devices, each one of them has a unique identity and a unique role. This is where the Pets vs Cattle metaphor fails – we need to handle pets in a cloud scale.
This lecture explains the complexity of the IoT problem domain and shows Azure SaaS and PaaS solution approaches: The Azure IoT Central and Azure IoT solution accelerators. We will be introduced to the Azure Device Provisioning Service (DPS) and see how it provides a scale approach to secure provisioning new IoT devices. We will explore the Azure IoT Hub and see its functional features and non-functional quality attributes such as security, scale, high-availability and health monitoring.
We will conclude the lecture with the future of IoT: "Smart Cloud and Intelligent edge" by presenting the Azure IoT Edge and Azure IoT Digital Twin.
With the advent of virtualization, infrastructure has become software, introducing new possibilities for managing “infrastructure as code.” Today, techniques such as containerization and automation are hallmarks of programmable infrastructure, and a primary aspect of the DevOps revolution in IT operations. But what do these radical changes mean for security?
In this presentation, Scott Crawford of 451 Research and Dave Meltzer of Tripwire discuss:
-What these changes mean for the tools and expertise required to manage security and their impact on security readiness
-Where security can be applied to new environments such as containerized IT
-How to verify that the security measures you’ve applied are effective
Application modernization involves transitioning existing applications to new approaches on the cloud to achieve business outcomes like speed to market, rapid innovation, flexibility and cost savings. It accelerates digital transformations by improving developer productivity through adoption of cloud native architectures and containerization, and increases operational efficiency through automation and DevOps practices. IBM's application modernization approach provides prescriptive guidance, increased agility, reduced risk, and turnkey benefits through tools, accelerators and expertise to help modernize applications quickly and safely.
Mendix Maker Meetup - London (2019-10-17)Iain Lindsay
Automating the boring stuff
Using the Mendix Platform and Model SDK to automate repetitive tasks. Presented by Alistair Crawford and Iain Lindsay at the Mendix Maker Meetup in London on 17th October 2019
This document discusses modernizing applications for the cloud. It outlines different paths like rehosting, refactoring, or rearchitecting applications using containers, microservices, and serverless architectures. It also discusses the importance of DevOps practices and using Azure services to assess applications, create migration roadmaps, and continuously deliver updates. Migrating applications to Azure IaaS can reduce costs while refactoring or rearchitecting can enable new capabilities and improve scalability.
Using Modern Tools and Technologies to Improve Your Software ArchitectureEran Stiller
This document discusses modern software architecture approaches and tools. It provides examples of how CodeValue has used microservices, serverless computing, and containers to architect solutions for clients. Specific technologies highlighted include Azure Functions, Docker, Kubernetes, and Service Fabric. The talks cover topics like breaking monoliths into microservices, mobile/web architecture, and using cloud-native approaches to future-proof applications.
The recently launched Microsoft IoT Central is a fully managed IoT SaaS solution that makes it easy to connect, monitor and manage your IoT assets at scale. It dramatically lowers the barriers of entry for companies looking to revolutionize their business with IoT.
We know there’s more than one approach when building an IoT Solution with the Microsoft Azure platform. With the recent arrival of Microsoft IoT Central, it’s important to determine whether you need a PaaS or SaaS offering.
In this presentation, Glenn Colpaert, Codit Azure/IoT Domain Lead and Microsoft Azure MVP, will guide you through the different offerings of the Azure platform and show you the capabilities of this new solution.
This document introduces PagerDuty Process Automation using Rundeck. It discusses how Rundeck is a service orchestration and automation platform that PagerDuty acquired in 2020. It provides an overview of Rundeck's capabilities including 120+ plugins, event-driven workflows, auditing, and self-service access. The document discusses how Rundeck can be used to automate incident response, remediation, and other tasks to improve MTTR, support efficiency, and reduce manual work. Customer examples show how Rundeck standardizes workflows and allows non-experts to complete tasks previously requiring specialized knowledge.
Cap2194 migration from weblogic to v fabric - cloud application platformRamarao Kanneganti
The document summarizes a case study of migrating Java applications from Weblogic to vFabric Cloud Application Platform. It discusses the rationale for migration, including addressing issues with the previous platform around agility, reliability and costs. The key steps taken are defined, including defining scope, the new target platform, development processes, porting the applications through pattern translations, testing, and creating standardized deployments. The new deployment architecture consolidated applications across fewer VMs for improved scalability and manageability. Lessons learned focused on properly defining and limiting scope as well as performance testing.
This document provides information about Azure DevOps and DevOps practices. It discusses how DevOps brings together people, processes, and technology to automate software delivery and provide continuous value to users. It also outlines some key DevOps technologies like continuous integration, continuous delivery, and continuous monitoring. Additionally, the document shares how Azure DevOps can help teams deliver software faster and more reliably through tools for planning, source control, building, testing, and deploying.
Infrastructure less development with Azure Service FabricSaba Jamalian
The document discusses infrastructure-less development with Azure Service Fabric. It provides an introduction to microservices and explores how Azure Service Fabric allows for "infrastructure-less development". Key points covered include: definitions of microservices and their advantages like scalability and resiliency compared to traditional architectures; an overview of Azure Service Fabric and how it provides an abstraction for developing microservices; and a demonstration of Service Fabric's capabilities.
Secure-by-Design Using Hardware and Software Protection for FDA ComplianceICS
This webinar explores the “secure-by-design” approach to medical device software development. During this important session, we will outline which security measures should be considered for compliance, identify technical solutions available on various hardware platforms, summarize hardware protection methods you should consider when building in security and review security software such as Trusted Execution Environments for secure storage of keys and data, and Intrusion Detection Protection Systems to monitor for threats.
ICC's unified IP data networking solution also layers into its solution security features with a range of capabilities for the customer to select from. Inclusive of WDS, VLANs, DoS attack prevention, and a host of other capabilities, ICC's icXchange networking solutions are full features without additional licensing for enterprise features.
ICC's security philosophy is based on creating multiple layers of security to make hacking financially unwise. This includes edge devices with built-in firewalls and intrusion detection, controller-based aggregation layers with authentication, encryption, and advanced routing options, and broadband connectivity using military-grade encryption. The solution helps customers maintain PCI compliance by providing wireless scanning, rogue access point detection and mitigation, wireless usage enforcement, and network segmentation.
Research talk I gave at Semiconductor Research Corporation workshop in September 2017. Here I set research goals to create a new type of security technology to protect autonomous systems.
Proving the Security of Low-Level Software Components & TEEsAshley Zupkus
Learn how it is possible to prove low-level software component and TEE security, as well as the Goodix driver example demoed in the webinar.
Check out the webinar replay here: https://www.youtube.com/watch?v=nG3DlejBd3k
Visit our website trust-in-soft.com for more information!
Workshop software licensing, protection & security. Including a few video's. How to license and protect your application? How to create recurring business with pay-per-use and temporary licenses?
Next Generation Embedded Security for IOT - Powered by Kaspersky Secure OS. This presentation examines our "Secure by Design" alternative to legacy Microsoft / Linux OS - together with an end-to-end IOT security strategy. This presentation was originally given publicly at the CEBIT 2017 Event in Hannover, Germany.
Next Generation Embedded Systems Security for IOT: Powered by KasperskyL. Duke Golden
In an increasingly connected world full of new IOT technologies, the security risks are becoming the single biggest challenge as we advance toward a fully tech-enabled society. Kaspersky's security strategy is always - SECURE BY DESIGN.
The document discusses hardware-based security solutions from multiple companies. It describes Infineon's OPTIGATM family of security chips which provide authentication, confidentiality, and integrity for IoT applications. It also discusses Maxim's DeepCover secure authenticators and microcontrollers which incorporate techniques like secure authentication, boot, and encryption to ensure device trustworthiness and protect against threats like counterfeiting or firmware attacks. Finally, it outlines NXP's security offerings including secure elements, microcontrollers, and processors that provide solutions from the network edge to the cloud.
Are you ready for Microsoft Azure Sphere?Mirco Vanini
Azure Sphere is Microsoft's solution for highly securing IoT devices. It includes Azure Sphere certified chips, the Azure Sphere operating system, and the Azure Sphere Security Service. Together, these provide devices with 10 years of ongoing security updates directly from Microsoft. Azure Sphere aims to empower organizations to securely connect devices and build new IoT solutions with built-in security through its end-to-end platform. The current Azure Sphere development kit uses the MT3620 chip and provides tools to simplify and streamline IoT development.
This document provides an overview of Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS), including fundamentals, evolution over time, vulnerabilities, security frameworks, good practices, and resources. It defines SCADA/ICS, describes how they have become more interconnected, lists vulnerabilities like outdated systems and remote access, outlines security standards like NIST and NERC, recommends practices like segmentation and patching, and provides example frameworks and resources.
The fascinating world of Internet of Things is so huge that it cannot be fully described in one session. But you can start your adventure. Presentation of IoT Hub, reference architecture, fast review of a few ready solutions and interaction with MXChip IoT DevKit.
A joint presentation of Gary Williams of Schneider Electric and Michael Coden of NextNine at the 10th Annual Conference of the American Petroleum institute. The presentation discusses benefits, disadvantages, and architectures for allowing 3rd party access.
Sfa community of practice a natural way of buildingChuck Speicher
A community of practice is natural way of building something through intuitive learning exercises ( lean development methodology) that people lack the knowledge to accomplish on their own.
These barriers to enabling new markets have always existed from ancient times to present day. The "community of practice" bridges technology processes and people to naturally solve what people need to know and learn quickly.
Mobile Devices & BYOD Security – Deployment & Best PracticesCisco Canada
Subjects covered will include mobile devices OS security, state of malware on mobile devices, data loss prevention, VPN and remote access, 802.1x and certificate deployment, profiling, posture, web security, MDMs and others. For more information please visit our website: http://www.cisco.com/web/CA/index.html
GlobalPlatform provides standards for trusted execution environments (TEEs) that are deployed across billions of devices. The standards define hardware and software specifications for TEEs to securely deliver digital services. GlobalPlatform is working with RISC-V to define TEE configurations for lightweight IoT devices and leverage RISC-V's secure hardware enclave capabilities. The organization's protection profiles and security certification help service providers assess risks when using TEE technologies.
Learn what makes SCADAguardian (the Nozomi Networks flagship technology) so unique and powerful. From enterprise IT, to OT, we enable scalable security strategies for ICS.
Azure Sphere provides a secure platform for IoT devices. It uses a hardware root of trust and small trusted computing base to protect device identity and system integrity. Azure Sphere devices support certificate-based authentication and compartmentalization for security. They also allow for renewable security through hardware-protected defense in depth and failure reporting to Azure. Developers can get started with Azure Sphere by ordering a development kit, using the Azure Sphere SDK in Visual Studio, and connecting devices to IoT Hub.
- Azure provides a unified platform for modern business with compute, data, storage, networking and application services across global Azure regions and a consistent hybrid cloud.
- Azure focuses on security and privacy with an emphasis on detection, response, and protection across infrastructure, platforms and applications.
- Security is a shared responsibility between Microsoft and customers, with Microsoft providing security controls and capabilities to help protect customer data and applications.
Similar to Removing Security Roadblocks to IoT Deployment Success (20)
The document provides 100 different ways that Yammer can be used within an organization. These include using Yammer to ask questions, share information and updates, coordinate meetings and events, get feedback, welcome new employees, plan trainings, and celebrate accomplishments. The broad range of suggestions show how Yammer can facilitate internal communication and collaboration across departments.
This document provides suggestions for 10 core groups that could be created on a company's Yammer network: CEO Connection, Heritage, Diversity & Inclusion, Emerging Technologies, New Hires, Innovation, Social Groups, Department/Region/Offices, Safety Moments, and Parent Community. For each group, a sample description and potential uses are outlined to provide ideas for how the group could be utilized.
Visual Studio and Xamarin enable developers to create native Android and iOS apps with world-class tools in a fast, familiar, and flexible way. Join this tour of how you can use your existing C# and .NET skills to create fully native apps on every platform.
Best practices with Microsoft Graph: Making your applications more performant...Microsoft Tech Community
Learn how to take advantage of APIs, platform capabilities and intelligence from Microsoft Graph to make your app more performant, more resilient and more reliable
Build interactive emails for Outlook with Actionable Messages using Adaptive Cards. In this session, you will learn how to code a simple and great looking Actionable Message end-to-end.
The document describes a simple workflow that calls an activity function called "SayHello" and passes the parameter "Amsterdam". The activity function returns the string "Hello Amsterdam!". The orchestrator function schedules the activity, waits for it to complete, collects the output, and returns it.
The document describes the process of automatically scaling Azure Container Instances for a game server. It shows how ACIAutoScaler can monitor container usage and dynamically add or remove instances as needed to handle fluctuations in active sessions. When sessions drop below a threshold, ACISetState marks an instance for deletion. Once sessions stop on that instance, ACIGC deletes it to maintain optimal resource usage.
This document discusses NoSQL databases and Azure Cosmos DB. It notes that Cosmos DB supports key-value, column, document and graph data models. It guarantees high availability and throughput while offering customizable pricing based on throughput. Cosmos DB uses the Atom-Record-Sequence data model and provides SQL and table APIs to access and query data. The document provides an example of how 12 relational tables could be collapsed into 3 document collections in Cosmos DB.
This document provides information about building streaming applications. It refers the reader to a website, aka.ms/build-streaming, that explains how to configure input and output bindings as well as triggers to develop streaming applications. The Twitter handle @codemillmatt is mentioned, suggesting this person may provide additional help or resources on the topic.
Real-World Solutions with PowerApps: Tips & tricks to manage your app complexityMicrosoft Tech Community
This document contains PowerApps code that filters a Projects table based on the current user's email and a text search, then sorts the results by City in either ascending or descending order depending on a SortDescending1 variable. It first filters and sorts using the current user email directly from the Office365Users.MyProfile function, then assigns that email to a variable currentUserEmail and uses that for the second filtering and sorting.
This document provides information about various Microsoft products and services including Office 365, Microsoft Graph, Azure, and more. It lists different applications and capabilities available through these services such as Outlook, OneDrive, Teams, SharePoint, Identity Management. It also provides details of several breakout sessions at a conference including titles, dates, start times and descriptions related to building apps using Microsoft services and platforms.
Ingestion in data pipelines with Managed Kafka Clusters in Azure HDInsightMicrosoft Tech Community
This document provides an overview of Apache Kafka on Azure HDInsight, including its key features such as 99.9% availability, support for various development tools, enterprise security features, integration with other Azure services, and examples of how it is used by customers for real-time analytics and streaming workloads. It also includes diagrams illustrating how Kafka works and call-outs about Kafka's scalability, fault tolerance, and pub-sub model.
The document describes the features and capabilities of Visual Studio Tools for AI, an AI developer tool for training models and integrating AI into applications. It can create deep learning projects with frameworks like TensorFlow and CNTK, debug and iterate quickly in Visual Studio. It is integrated with Azure Machine Learning for management of experiments and models, and can scale out training with Azure Batch AI. The tool allows monitoring of training, visualization with TensorBoard, and generation of code from trained models.
This document describes the key features of Azure ML Experimentation which allows users to conduct machine learning experiments by running distributed TensorFlow or CNTK training jobs, perform hyperparameter searches, capture run metrics and models, and compare runs through leaderboards. It also enables using popular IDEs, editors, notebooks and frameworks while running experiments on the cloud.
The document discusses Bing Maps and its features such as high performance rendering of data, developer friendliness with less code needed, and rich features aligned to developer feedback. It also provides information on Bing Maps APIs for routing, distance matrix calculations, isochrones, snapping points to roads, and an open source vehicle tracking solution. Coverage is listed for 60 countries and examples are given of using the APIs for routing optimization and delivery planning.
This document discusses the importance of tracking key business metrics like revenue over time to monitor for patterns and anomalies that could impact business health. It also recommends that developers track service health by monitoring operational metrics of their services to identify anomalies or changes in patterns that may indicate issues.
The document discusses the Microsoft Speech Devices SDK which allows developers to integrate speech recognition and other Microsoft Speech services into hardware devices. The SDK works with various dev kits that have microphone arrays and handles wake word detection and communication with cloud-based speech services. It provides tools to customize the wake word and experience. The document outlines the process a developer would go through to evaluate, try out, and integrate the SDK and speech services into their own application and ambient device.
This document discusses Adobe's Document Cloud solutions and partnership with Microsoft. It highlights that Adobe and Microsoft provide world-class productivity solutions through CRM platforms, robust cloud infrastructure, and expansive ecosystems. It promotes using Adobe Document Cloud to digitize manual paper processes through desktop and mobile apps as well as APIs. Key solutions within Document Cloud mentioned are PDF, Acrobat, and Adobe Sign for electronic signatures.
In this follow-up session on knowledge and prompt engineering, we will explore structured prompting, chain of thought prompting, iterative prompting, prompt optimization, emotional language prompts, and the inclusion of user signals and industry-specific data to enhance LLM performance.
Join EIS Founder & CEO Seth Earley and special guest Nick Usborne, Copywriter, Trainer, and Speaker, as they delve into these methodologies to improve AI-driven knowledge processes for employees and customers alike.
Are you interested in learning about creating an attractive website? Here it is! Take part in the challenge that will broaden your knowledge about creating cool websites! Don't miss this opportunity, only in "Redesign Challenge"!
MYIR Product Brochure - A Global Provider of Embedded SOMs & SolutionsLinda Zhang
This brochure gives introduction of MYIR Electronics company and MYIR's products and services.
MYIR Electronics Limited (MYIR for short), established in 2011, is a global provider of embedded System-On-Modules (SOMs) and
comprehensive solutions based on various architectures such as ARM, FPGA, RISC-V, and AI. We cater to customers' needs for large-scale production, offering customized design, industry-specific application solutions, and one-stop OEM services.
MYIR, recognized as a national high-tech enterprise, is also listed among the "Specialized
and Special new" Enterprises in Shenzhen, China. Our core belief is that "Our success stems from our customers' success" and embraces the philosophy
of "Make Your Idea Real, then My Idea Realizing!"
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Chris Swan
Have you noticed the OpenSSF Scorecard badges on the official Dart and Flutter repos? It's Google's way of showing that they care about security. Practices such as pinning dependencies, branch protection, required reviews, continuous integration tests etc. are measured to provide a score and accompanying badge.
You can do the same for your projects, and this presentation will show you how, with an emphasis on the unique challenges that come up when working with Dart and Flutter.
The session will provide a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across an organization with multiple repos. It will also look at the ongoing maintenance involved once scorecards have been implemented, and how aspects of that maintenance can be better automated to minimize toil.
AI_dev Europe 2024 - From OpenAI to Opensource AIRaphaël Semeteys
Navigating Between Commercial Ownership and Collaborative Openness
This presentation explores the evolution of generative AI, highlighting the trajectories of various models such as GPT-4, and examining the dynamics between commercial interests and the ethics of open collaboration. We offer an in-depth analysis of the levels of openness of different language models, assessing various components and aspects, and exploring how the (de)centralization of computing power and technology could shape the future of AI research and development. Additionally, we explore concrete examples like LLaMA and its descendants, as well as other open and collaborative projects, which illustrate the diversity and creativity in the field, while navigating the complex waters of intellectual property and licensing.
What Not to Document and Why_ (North Bay Python 2024)Margaret Fero
We’re hopefully all on board with writing documentation for our projects. However, especially with the rise of supply-chain attacks, there are some aspects of our projects that we really shouldn’t document, and should instead remediate as vulnerabilities. If we do document these aspects of a project, it may help someone compromise the project itself or our users. In this talk, you will learn why some aspects of documentation may help attackers more than users, how to recognize those aspects in your own projects, and what to do when you encounter such an issue.
These are slides as presented at North Bay Python 2024, with one minor modification to add the URL of a tweet screenshotted in the presentation.
Sustainability requires ingenuity and stewardship. Did you know Pigging Solutions pigging systems help you achieve your sustainable manufacturing goals AND provide rapid return on investment.
How? Our systems recover over 99% of product in transfer piping. Recovering trapped product from transfer lines that would otherwise become flush-waste, means you can increase batch yields and eliminate flush waste. From raw materials to finished product, if you can pump it, we can pig it.
Video traffic on the Internet is constantly growing; networked multimedia applications consume a predominant share of the available Internet bandwidth. A major technical breakthrough and enabler in multimedia systems research and of industrial networked multimedia services certainly was the HTTP Adaptive Streaming (HAS) technique. This resulted in the standardization of MPEG Dynamic Adaptive Streaming over HTTP (MPEG-DASH) which, together with HTTP Live Streaming (HLS), is widely used for multimedia delivery in today’s networks. Existing challenges in multimedia systems research deal with the trade-off between (i) the ever-increasing content complexity, (ii) various requirements with respect to time (most importantly, latency), and (iii) quality of experience (QoE). Optimizing towards one aspect usually negatively impacts at least one of the other two aspects if not both. This situation sets the stage for our research work in the ATHENA Christian Doppler (CD) Laboratory (Adaptive Streaming over HTTP and Emerging Networked Multimedia Services; https://athena.itec.aau.at/), jointly funded by public sources and industry. In this talk, we will present selected novel approaches and research results of the first year of the ATHENA CD Lab’s operation. We will highlight HAS-related research on (i) multimedia content provisioning (machine learning for video encoding); (ii) multimedia content delivery (support of edge processing and virtualized network functions for video networking); (iii) multimedia content consumption and end-to-end aspects (player-triggered segment retransmissions to improve video playout quality); and (iv) novel QoE investigations (adaptive point cloud streaming). We will also put the work into the context of international multimedia systems research.
Performance Budgets for the Real World by Tammy EvertsScyllaDB
Performance budgets have been around for more than ten years. Over those years, we’ve learned a lot about what works, what doesn’t, and what we need to improve. In this session, Tammy revisits old assumptions about performance budgets and offers some new best practices. Topics include:
• Understanding performance budgets vs. performance goals
• Aligning budgets with user experience
• Pros and cons of Core Web Vitals
• How to stay on top of your budgets to fight regressions
How to Avoid Learning the Linux-Kernel Memory ModelScyllaDB
The Linux-kernel memory model (LKMM) is a powerful tool for developing highly concurrent Linux-kernel code, but it also has a steep learning curve. Wouldn't it be great to get most of LKMM's benefits without the learning curve?
This talk will describe how to do exactly that by using the standard Linux-kernel APIs (locking, reference counting, RCU) along with a simple rules of thumb, thus gaining most of LKMM's power with less learning. And the full LKMM is always there when you need it!
Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data.
The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs.
Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution!
Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.
Interaction Latency: Square's User-Centric Mobile Performance MetricScyllaDB
Mobile performance metrics often take inspiration from the backend world and measure resource usage (CPU usage, memory usage, etc) and workload durations (how long a piece of code takes to run).
However, mobile apps are used by humans and the app performance directly impacts their experience, so we should primarily track user-centric mobile performance metrics. Following the lead of tech giants, the mobile industry at large is now adopting the tracking of app launch time and smoothness (jank during motion).
At Square, our customers spend most of their time in the app long after it's launched, and they don't scroll much, so app launch time and smoothness aren't critical metrics. What should we track instead?
This talk will introduce you to Interaction Latency, a user-centric mobile performance metric inspired from the Web Vital metric Interaction to Next Paint"" (web.dev/inp). We'll go over why apps need to track this, how to properly implement its tracking (it's tricky!), how to aggregate this metric and what thresholds you should target.
How Netflix Builds High Performance Applications at Global ScaleScyllaDB
We all want to build applications that are blazingly fast. We also want to scale them to users all over the world. Can the two happen together? Can users in the slowest of environments also get a fast experience? Learn how we do this at Netflix: how we understand every user's needs and preferences and build high performance applications that work for every user, every time.
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsMydbops
This presentation, delivered at the Postgres Bangalore (PGBLR) Meetup-2 on June 29th, 2024, dives deep into connection pooling for PostgreSQL databases. Aakash M, a PostgreSQL Tech Lead at Mydbops, explores the challenges of managing numerous connections and explains how connection pooling optimizes performance and resource utilization.
Key Takeaways:
* Understand why connection pooling is essential for high-traffic applications
* Explore various connection poolers available for PostgreSQL, including pgbouncer
* Learn the configuration options and functionalities of pgbouncer
* Discover best practices for monitoring and troubleshooting connection pooling setups
* Gain insights into real-world use cases and considerations for production environments
This presentation is ideal for:
* Database administrators (DBAs)
* Developers working with PostgreSQL
* DevOps engineers
* Anyone interested in optimizing PostgreSQL performance
Contact info@mydbops.com for PostgreSQL Managed, Consulting and Remote DBA Services
How RPA Help in the Transportation and Logistics Industry.pptxSynapseIndia
Revolutionize your transportation processes with our cutting-edge RPA software. Automate repetitive tasks, reduce costs, and enhance efficiency in the logistics sector with our advanced solutions.
How RPA Help in the Transportation and Logistics Industry.pptx
Removing Security Roadblocks to IoT Deployment Success
3. Connection Security
X.509/TLS-Based Handshake and Encryption
Device Security
X.509 Certificate Based Identity and Attestation
Device Provisioning, Authorization & Management
Support for Diverse Hardware Secure Modules
Securely connect millions of devices… …over a secure internet connection…
…to Microsoft Azure – built with security
from the ground up
Cloud Security
Azure Security Center | Azure Active Directory
Key Vault | Policy-Based Access Control
4. GLOBA
L
INDUSTR
Y
REGIONA
L
HIPAA /
HITECHAct
FERPAGxP
21 CFR Part11
ISO 27001 SOC 1 Type 2ISO 27018
CSA STAR
Self-Assessment
FISC Japan
CDSA
Shared
Assessments
FACT UK
GLBA
PCI DSS
Level 1
MARS-E FFIEC
SOC 2 Type 2 SOC 3
MPAA
ISO 22301
Japan My ENISA Japan CS Spain Spain India Canada Privacy GermanyIT
Number Act IAF Mark Gold ENS DPA MeitY Privacy Laws Shield Grundschutz
workbook
CSA STAR
Certification
CSA STAR
Attestation
HITRUST IG ToolkitUK
Argentina EU UK China China China Singapore Australia New Zealand
PDPA Model Clauses G-Cloud DJCP GB 18030 TRUCS MTCS IRAP/CCSL GCIO
ISO 27017
6. Key
Questions
Does the device
have a unique,
unforgeable
identity that is
inseparablefrom
the hardware?
Is most of the
device’s software
outside thedevice’s
trusted computing
base?
Is the devicestill
protected if the
security of one
layer of device
software is
breached?
Does a failure in
one component of
the device requirea
reboot of theentire
device to return to
operation?
Does thedevice
use certificates
instead of
passwords for
authentication?
Is the device’s
softwareupdated
automatically?
Property Hardware-based Small Trusted Defense Compartmentalization Certificate- Renewable Failure
Root of Trust Computing Base in Depth based Authentication Security Reporting
Does the device
report failures toits
manufacturer?
7. high integrity
software
operations
Choice of Secure Hardware
- Many secure silicon providers
including
- Standards based and custom
secure silicon
- TPM
- DICE
https://aka.ms/RightSecureIoTHardware
8. Authentication Attestation Access Controls
1 Share Access Secrets (SAS) Tokens Shared Access Key
- Permission based
- Role based
- Action based
- Per device
granularity
2 Certificate Based Mutual Authentication Certificate Thumbprint
3 Certificate Based Mutual Authentication Certificate Authority
IoT Hub
Device
Connection Security
X.509/TLS-Based Handshake and Encryption
10. Device Provisioning Service
Automate device provisioning at scale and eliminate security threats from manual handling
X X X XIoT Solution US IoT Solution Germany IoT Solution China
14. https://azure.microsoft.com/en-us/blog/securing-the-intelligent-edge/
Threats
Readily
available tools
and experience
Rich
development
environment
Heterogeneous
hardware
Physical
accessibility
Subject to physical analysis like on
power and timing, and attacks
based on micro-probing, fault
injections, and environmental
tampering.
Non-standard
security
protocols
Expands threat surface
across architecture, vendor,
and capabilities unlike a
relatively more uniform
datacenter hardware.
The necessary mixture of scripted and
compiled software using many
technologies to enrich user experience
also increases the probability for
vulnerabilities.
Proprietary hardware procedures
for common security needs like
secure hardware enforcements
for secure boot and firmware
updates precludes public
scrutiny.
The same tools and experience
from other disciplines like failure
analysis and patent research are
easily repurposed for attacks.
Requires assertive defense
Requires uniformity
16. A Framework for Ecosystem Managed Security
Hardware Root of Trust
Secure Boot/Updates
Secure Execution Environment
Protected General Computing
Application execution
with runtime integrity
checking
Privileged executions
and systems resource
access control
Bootstrapping and
recovery
Trust anchor and
tamper resistance
Azure IoT Edge Device
IoT Hub
Principles Realization
18. Communicate diligence in
security
Administered by 3rd Party
Labs for transparency
(coming soon)
Open standards procedures
Certificate based signed
device promise attestations
(coming soon)
Promise Standard Secure Element Secure Enclave
Secure silicon None
Standalone security processor
e.g. TPM
Integrated security processor
Maximum protection to be
expected in malicious custody
None Secrets like cryptographic keys
Secrets and the trusted
computing base
Typical transactions
All with adequate risk
mitigation
Authentication, session key
generation, certificates
processing.
All secure element transactions
plus the trusted computing
base for transactions such as
metering, billing, secure I/O,
secure logging.
Maximum grade possible Level 2 Level 4 Level 4
Grade Level 1 Level 2 Level 3 Level 4
Requirements
Custom
implementations in
lieu of using Azure
IoT Device SDK
Azure IoT Device SDK
- Azure IoT Device SDK
- FIPS 140-2 Level 2
- Common Criteria EAL 3+
(PP coming soon)
- Azure IoT Device SDK
- FIPS 140-2 Level 3
- Common Criteria EAL 4+
(PP coming soon)
19. IoT Role Example Scenario
OEM
Investment optimal decision. Decide which market to play in.
- Manufacture and certify for secure element devices for solutions with simple needs line authentication
- Manufacture and certify for secure enclave devices for solutions with complex needs like monetization
SI
Cost optimal decisions. Balance device cost with deployments risk assessment
- Secure element devices for endpoint identity
- Secure enclave devices for endpoint identity and execution integrity
Operator
Optimal risk management. Balance between device security and personnel access controls
- Less elaborate personnel access controls with secure element/enclave promise devices
- More elaborate access controls with standard promise devices
IoT Edge
Module Developer
Empowerment. Use signed attestations to programmatically detect and deploy accordingly
- Detect and deploy to secure element devices for node count control
- Detect and deploy to secure enclave devices for IP protection or metered usage
22. “hackers have infiltrated the critical safety systems for industrial control units
used in nuclear, oil and gas plants, halting operations at at least one facility”
“The hackers used sophisticated malware, dubbed ‘Triton’, to take
remote control of a safety control workstation”
“Some controllers entered a failsafe mode as the hackers
attempted to reprogram them”
23. Properties of TCPS
Separation of critical execution
Help protect critical infrastructure from malware threats by separating non-critical from critical operations and
concentrating on using hardware isolation to protect control of physical systems.
Inspectability of execution process
Ensure that any code that handles critical operations must be auditable by operators through source code review.
Attestability of processing environment
During operation, each component must be able to verify that data is received and sent only from trustworthy sources. A
component also needs to attest its trustworthiness to other components.
Minimizing number of entities that need to be trusted
Reducing the number of trusted entities significantly reduces the attack surface for critical infrastructure. In the ideal TCPS
solution, the operator will maintain the only root of trust for critical code execution.
The device owner/operator is in
complete control of critical systems
24. SCADA system
Factory Line Automation
Attack to
SCADA System
SCADA System
Attack vectors on factoryline
Attacker
Attack to Factory
Line Automation
Factory Line
ControllerController
25. SCADA System
OPC UA
message
SCADA application
SCADA/HMI System
OPC UA
message
SCADA Application
TEE
Message
Authorization
Policy Decision
Engine
Attacker will simulate user input or directly
issue control messages (e.g. OPC UA) using
the SCADA system’s message authentication
Attacker
OPC UA message
authenticated
by TEE
TEE
Trusted UI terminal to
approve messages
Trusted UI (TEE)
Protecting the SCADA/HMI system
Policy Decision
Engine
26. i.MX6 + Windows IoT Core
Transport stack
(TCP/IP)
i.MX6 + Windows IoT Core
Transport Stack
(TCP/IP)
TrustZone
(OP-TEE)
OPC UA
L AN Port
i.MX6
Security
Layer
SPI Port
i.MX6
SPI-LAN
Adapter with
TCP/IP
Legacy OPC UA
Device
Attacker
OPC UA
Protecting factory line automation
OPC UA Gateway
Controller
Factory Line
Policy Decision Engine
27. Host Operating System
Edge Client
Transport stack
Trusted
Execution
Environment
Security
Layer
Trusted I/O
Cloud services
Message Gateway
Controller
Factory Line
Azure
Policy Decision Engine
Azure
Confidential
Computing
Tamper-
resistant
logging
Configuration
and Provisioning
Service
Factory Line
Control
28. Additional information about TCPS
TCPS Overview http://aka.ms/TCPS_TwoPager_HMI2018
Blog post http://aka.ms/TCPS_HMI2018
Whitepaper http://aka.ms/TCPS_Whitepaper
Preview coming soon
30. Windows IoT securitypromise
Windows IoT provides the best endpoint security to protect your
data at rest, in motion and during execution.
Windows IoT devices are build with security in mind.
Security is not in the way of your development, deployment and
operation.
34. Is my IoT infrastructure developed, deployed
and operated securely?
By deploying IoT what security risks am I
taking for the rest of my business?
Who can evaluate my IoT infrastructure and give
me a threat assessment?
35. Consider the threats
most relevant to your
IoT infrastructure
Identify the
consequences that are
most important to your
business
Select evaluation
strategies that provide
the most value
http://aka.ms/IoTSecurityEval
38. Microsoft’s Security Program for
Azure IoT connects customers with
partners who are experts at evaluating
an IoT infrastructure end-to-end.
Not all partners may be listed; check internetofyourthings.com for latest status
40. Standards for IoT Security
None holistic in existence
No end-to-end IoT Security standard
Existing standards retrofitting IT security to IoT
No scope for physical attacks such as tampering
Microsoft actively engaged in 25+ standards
organizations and consortia to help address IoT
security challenges
41. Microsoft champions and
chairs the IoT Security
Maturity Model development
at the Industrial Internet
Consortium (IIC)
SMM assists with:
• Security target definition
• Current security maturity assessment
• Security gap analysis
• Security maturity enhancement planning
45. Secure and power the intelligent edge with
Azure Sphere
1:00pm-2:15pm, WSCC: Rooms 612
Azure IoT Solutions - Get your IoTproject
started in minutes with SaaS and
preconfigured solutions