Login

EGI Community Forum 2014 - Helsinki

19–23 May 2014
Helsinki University, Main Building
Europe/Helsinki timezone

Software Vulnerability Handling and practical incident recognition.

20 May 2014, 11:00
1h 30m
Room 13 (Helsinki University, Main Building)

Room 13

Helsinki University, Main Building

Speaker

Dr Sven Gabriel (FOM)

Description

This session will focus on two topics. Software Vulnerability handling and practical incident recognition. The first part will review the Software Vulnerability Group (SVG) activities and the changes needed to take this activity to the Cloud. The main focus of SVG continues as ever to be to "eliminate existing software vulnerabilities from the deployed infrastructure and prevent the introduction of new ones, thus reducing the likelihood of security incidents". This will include what anyone (including a user) should do if they spot a potential software vulnerability. In the second part we will look at a scenario when it all went wrong and you suddenly have a VM that does more than the things you expect when starting it up. As a hands-on exercise we will provide you with a Cloud-VM, that has several settings/installed software that you probably don't really want there. You have to find them.

Wider impact and conclusions

As the scope of the EGI federated cloud grows awareness of the EGI Federated Cloud increases it is likely to come to the attention of attackers.
Improving the security of the deployed EGI Federated Cloud will reduce the likelihood of security incidents and keep the cloud operating.
These activities contribute to this aim.

Description of work

This session will include a presentation on how the SVG issue handling may evolve to handle with software vulnerabilities in the EGI Federated cloud.
A presentation on 'Vulnerability assessment' the detailed assessment of software in order to find any existing vulnerabilities is also expected to be included.
This session will also include a presentation on the "security threat risk assessment - cloud focus" as a detailed assessment is being planned at present which should highlight any security problems which may need to be addressed.

Primary author

Linda Cornwall (STFC)

Presentation materials

Powered by Indico v3.2.7